Privacy Policy - MLG Medicolegal
​
MLG is committed to protecting any private data which is processed to allow us to fulfil our business obligations and functions.
​
This privacy policy will explain how MLG uses & protects the personal data we process in order to provide the best service possible to our clients and respective stakeholders, including (but not limited to) patients and medical experts.
​
Data protection principles
All processing of personal data must be conducted in accordance with the data protection principles set out in relevant legislation. MLG's policies and procedures are designed to ensure compliance with the following principles:
Personal data must be processed lawfully, fairly and transparently
Our responsibilities under GDPR
​
We have the following responsibilities under GDPR
Personal data can only be collected for specific, explicit and legitimate purposes
We will collect and process personal data only for the purposes for which it is collected. We will clearly state the purposes for which we collect and process your information.
Personal data must be adequate, relevant and limited to what is necessary for processing
We will ensure that in designing new and current methods of data collection, whether online, forms or offline, that only the personal data required to establish your identity and provide the service will be processed.
Personal data must be accurate and kept up to date with every effort to erase or rectify without delay
We will ensure that your data is accurate and complete. We need accurate and up-to-date data in order to ensure that the correct services are provided to the correct recipients. Where we have shared your data with a third party, we will update them as to any changes to your data, unless this is impossible or requires disproportionate effort.
Personal data must be kept in a form such that the data subject can be identified only as long as is necessary for processing
We will implement appropriate policies and procedures to ensure that personal data is retained only for the minimum period required to provide the services in question. Once this period has passed, we may destroy the personal data, anonymise it or use any other appropriate method. For further detail on how long your data will be retained please read our Data Retention Policy.
Personal data must be processed in a manner that ensures appropriate security
We will implement appropriate technical and organisation measures to ensure that appropriate security of the processing of personal data is implemented. This includes encryption, restricted access to files and physically securing the data.
Accountability for demonstrating compliance
We will ensure that we maintain adequate records of its processing and evidence that we have complied with this policy and related policies and procedures.
​
Topics:
-
What data do we collect?
-
How do we collect your data?
-
How will we use your data?
-
How do we store your data?
-
Sharing and transferring your personal data
-
Retention policy: how long we keep your data:
-
Marketing
-
What are your data protection rights?
-
Changes to our privacy policy
-
How to contact us
-
Data Protection Officer
-
How to contact the appropriate authorities
What data do we collect?
Our Company collects the following data:
Personal data
Name, Address, Date of birth, Contact phone and/or email
Medical data
Medical reports, prior medical history, & any other relevant medical information
Your GP details
Name and contact information of your treating GP
Personal information regarding physical and mental health data is considered to be “Special Categories of personal data” under GDPR. We process this data when you have given consent for this data to be shared with us.
MLG will need to provide this data to our medical experts for the purposes of providing assessments and treatment.
​
How do we collect your data?
Your data is provided to MLG directly by yourself, or via your legal representative.
In some cases, MLG may be requested to obtain additional data, in the form of supplementary medical reports & other medical documentation. This will be done with your explicit consent.
How will we use your data?
MLG collects your data in order to arrange medical appointments with the appropriate medical specialist.
MLG will never use your data to contact you in relation to anything other than matters that you have been referred to MLG for.
How we use your data
Why we process your data
Legal justification
Personal data (name, address, contact information, legal representative information)
To ensure your medical appointment is with an appropriate medical expert, and in an appropriate location
Physical & Mental health information
This is provided to the medical expert to ensure that they have the appropriate details of the medical history
It is in our legitimate interest to ensure that our medical expert has as much relevant information as possible to allow them to proceed with providing a medicolegal report.
​
How do we store your data?
MLG stores your data on our online cloud based systems.
​
Sharing and transferring your personal data
RuMu Psychiatry appoints a medical expert from our qualified panel of medical experts in order to provide review and assessment. These medical experts act as sub-processers of your data, and are held to standards of GDPR compliance in line with MLG's.
All transfer of medical data is within territories which are subject to GDPR Ireland or the UK (covered by Adequacy Notice), and MLG prioritises the security of your data in any data transaction.
Retention policy: how long we keep your data:
In line with GDPR principles, MLG will only keep your data for as long as is required in order to fulfil our function.
Marketing
MLG will never send information about products or services to any party for whom we have obtained their personal data for the purposes of providing medical treatment.
You have the right at any time to stop MLG from contacting you for marketing purposes.
If you no longer wish to be contacted for marketing purposes, please contact MLG.
​
What are your data protection rights?
MLG would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
​
The right to access – You have the right to request MLG for copies of your personal data. We may charge you a small fee for this service.
​
The right to rectification – You have the right to request that MLG correct any information you believe is inaccurate. You also have the right to request MLG to complete the information you believe is incomplete.
​
The right to erasure – You have the right to request that MLG erase your personal data, under certain conditions.
​
The right to restrict processing – You have the right to request that MLG restrict the processing of your personal data, under certain conditions.
​
The right to object to processing – You have the right to object to MLG's processing of your personal data, under certain conditions.
​
The right to data portability – You have the right to request that MLG transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
​
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us via email at dpo@rumu.ie
Changes to our privacy policy
MLG keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 24 November 2024.
​
How to contact us
If you have any questions about Our Company’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
Email us at: dpo@mlgroup.ie
​
Data Protection Officer
​
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. In addition, you always have the right to make a complaint at any time to a supervisory authority. The Irish Data Protection Commission is the lead data protection supervisory authority for MLG, so please be aware that your complaint may be transferred to the Irish Data Protection Commission.
How to contact the appropriate authority
Should you wish to report a complaint or if you feel that MLG has not addressed your concern in a satisfactory manner, you may contact the Data Protection Commission