Doctor247 is an online doctor consultation service connecting patients in the Republic of Ireland with general practitioners registered with the Irish Medical Council. Because our work involves your health, we hold some of the most sensitive information a person can share, and protecting it is a duty we take seriously. This page explains how we meet our obligations under the General Data Protection Regulation (GDPR) and sets out the rights you have over your own data.
This page sits alongside our Privacy Policy, which describes our data handling in fuller detail. Where the two overlap, read them together.
An online medical practice is built on trust and confidentiality. To care for you safely, we need to collect and keep accurate records about you and your health. We handle that information lawfully, fairly and transparently, we collect only what is needed for your care, and we never use your data for purposes you would not reasonably expect.
The data controller responsible for your personal information is [REGISTERED COMPANY NAME] Ltd, trading as Doctor247, a company registered in Ireland under company number [COMPANY REGISTRATION NUMBER], with its registered office at [REGISTERED ADDRESS]. Our Data Protection Officer can be reached using the contact details at the end of this page.
Our data protection practices are aligned with:
The data we keep depends on the care you receive. It typically includes:
Under GDPR we must have a lawful basis for every use of your data. The main bases we rely on are set out below.
| What we do | Lawful basis under GDPR |
|---|---|
| Provide your consultation, prescriptions, certificates and referrals | Performance of a contract (Article 6(1)(b)); provision of healthcare (Article 9(2)(h)) |
| Keep accurate medical records and meet clinical duties | Legal obligation (Article 6(1)(c)); healthcare provision (Article 9(2)(h)) |
| Act in an urgent situation to protect life | Vital interests (Article 6(1)(d) and Article 9(2)(c)) |
| Send optional marketing or health updates | Your consent (Article 6(1)(a)), which you can withdraw at any time |
| Improve and secure the platform using anonymised analysis | Legitimate interests (Article 6(1)(f)), balanced against your rights |
Information about your health is treated as special category data and carries the strongest protection under GDPR. We process it under Article 9(2)(h), which permits processing for the provision of healthcare by, or under the responsibility of, a registered medical professional who is bound by a duty of confidentiality. Access is limited to the clinical and support staff who need it for your care, and every doctor is additionally bound by the confidentiality obligations of Irish Medical Council registration.
We do not sell your data, and we do not share identifiable information except where it is needed for your care or required by law.
Once information reaches a consultant, pharmacy or other third party, its further handling is governed by that party's own data protection policy.
Security is a priority for us. Video consultations run on encrypted infrastructure, records are stored under access controls that log who views them, and data is protected by technical and organisational measures appropriate to its sensitivity. Any provider we rely on is checked for GDPR compliance before we use them.
We keep your information only for as long as it is needed for your care, to meet legal and clinical guidelines, or to defend a legal claim. Medical records are held in line with recognised retention periods, for example a minimum of eight years after the last episode of care for adults, with longer periods for children, young people and maternity records. Please note that, for medico-legal reasons and to give you safe ongoing care, a medical record cannot simply be deleted on request, even where you ask us to erase other data.
GDPR gives you clear rights over your personal data. You have the right to:
We respond to valid requests within one month. There is normally no charge, although we may apply a reasonable fee or decline a request that is clearly unfounded or excessive, as GDPR allows.
We aim to keep your data within the European Economic Area. If any approved processor stores or handles data outside the EEA, we put appropriate safeguards in place, such as European Commission Standard Contractual Clauses, so that your data keeps an equivalent level of protection.
Standard personal email is not considered secure under GDPR. For that reason we do not send medical results or sensitive clinical details to ordinary email addresses, and we ask that you do not send sensitive information to us by standard email. Where you need to share clinical details, please use the secure options we provide. It is also your responsibility to keep your contact and pharmacy details up to date so that your records stay accurate.
To protect you, any request relating to your personal or medical data must be made in writing and include a copy of photo identification, such as a passport or driving licence. This confirms that your information is only released to, or amended by, you. Documents and records are released only to the named patient unless you have given prior written consent for someone else to act on your behalf.
If you have a concern about how we handle your data, please contact our Data Protection Officer first so we can put things right. You also have the right to complain to the Irish supervisory authority at any time:
Data Protection Commission
Website: www.dataprotection.ie
Post: Data Protection Commission, 6 Pembroke Row, Dublin 2, D02 X963, Ireland
Helpline: 1800 437 437 or (01) 765 0100
We may update this page as our practices or the law develop. When we do, we will revise the date shown at the top. Continuing to use the service after an update means you accept the revised version.
Important: Doctor247 is not for medical or surgical emergencies. If you need urgent help in Ireland, contact the emergency services on 999 or 112.