Privacy Policy Statement

Introduction

This Privacy Policy describes how we (Deirdre Griffin) collect, use, process, and protect your personal data. As a practitioner based in Ireland, our data processing practices comply strictly with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

We are committed to ensuring that your privacy is protected and that your data is handled in a secure, confidential, and legally compliant manner.

1. Data Controller

For the purposes of the GDPR, the Data Controller is:

  • Name/Practice: Deirdre Griffin, Psychologist & Psychotherapist
  • Address: OneBody, 18 Priory Office Park, Treesdale, Stillorgan, Dublin, A94 R5P6
  • Email: deirdre.m.griffin@protonmail.com
  • Phone: +353 86 173 8828
  • Registration No: M1683C

Protonmail is GDPR compliant and very secure (https://proton.me/support/is-proton-mail-gdpr-compliant)

2. Legal Basis for Processing Data

Under the GDPR, we must have a lawful basis to process your personal data. We rely on the following bases:

  • Contractual Necessity: To provide psychological assessment, consultation, or therapeutic services that you have requested.
  • Legal Obligation: To comply with professional, legal, and tax obligations (e.g., retaining financial records, complying with court orders).
  • Special Category Data (Health Data): Under Article 9(2)(h) of the GDPR, we process health/psychological data for the purposes of providing health or social care treatment, assessments, and managing healthcare systems.

3. Types of Information We Collect

We collect and process personal data relating to clients (and, where applicable, their parents or legal guardians). This may include:

  • Basic Identity Data: Name, email address & phone number.
  • Background & Referral Info: Referral letters, school reports, previous medical or psychological histories, and developmental histories.
  • Special Category (Health) Data: Clinical notes, assessment results, psychometric test scores, diagnostic observations, and tracking logs of consultations.
  • Financial Data: Invoicing details, record of payments, and medical insurance information if applicable.

4. How We Collect Your Data

We collect data through various touchpoints:

  • Directly from you via contact forms on our website, email correspondence, or phone calls.
  • During initial intake interviews and subsequent consultation or assessment sessions.
  • From authorized third parties, such as schools, GPs, or other allied health professionals, only when explicit, written consent has been provided by you.

5. How We Use Your Information

Your data is used strictly to deliver safe, effective, and professional psychological services:

  • To conduct thorough psychological and educational assessments.
  • To formulate professional formulations, interventions, and comprehensive reports.
  • To communicate with you regarding appointments, billing, and service updates.
  • To maintain professional records in accordance with Irish psychological regulatory frameworks.

5a. Google Analytics

We use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited ("Google"), to understand how visitors engage with our website. This helps us optimize our site performance and improve our user experience.

  • What Data is Processed: Google Analytics uses first-party cookies to collect information such as your ANONYMISED IP address, device type, browser type, operating system, pages visited, time spent on the site, and the external link that referred you to us.
  • Privacy Protections: In GA4, IP addresses are ANONYMISED by default. Google does not log or store full IP addresses for EU-based users; they are used briefly to determine general geographic location (such as country or region) and are then immediately discarded.
  • Legal Basis for Processing: We only activate Google Analytics if you grant your explicit, affirmative Consent via our website’s cookie banner (pursuant to Article 6(1)(a) of the GDPR). No analytics tracking occurs prior to your consent.
  • Data Sharing & Transfers: Data collected by the tracking script is transmitted to and stored by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google acts as our data processor and is bound by strict Data Processing Agreements. However, data may occasionally be transferred to Google servers in the United States.
  • How to Opt-Out: You can withdraw your consent at any time by updating your preferences in our website's cookie settings. Alternatively, you can completely block Google Analytics across all websites by installing the official Google Analytics Opt-out Browser Add-on.

6. Data Sharing and Confidentiality

Confidentiality is a core pillar of psychological practice. Your personal info will never be sold or used for marketing purposes. It will only be shared under the following distinct circumstances:

  • With Your Explicit Consent: Sharing reports or findings with third parties (such as a child’s school, a GP, or an occupational therapist) only after you have signed a disclosure consent form.
  • Legal & Ethical Safeguards (Limits of Confidentiality): In line with Irish law and child protection guidelines (Children First Act 2015), confidentiality may be broken without consent if:
    1. There is a clear and immediate risk of serious harm to yourself or someone else.
    2. There is a safeguarding concern regarding a child or vulnerable adult.
    3. We are compelled by a valid legal subpoena or court order.
  • Data Processors: We may use secure third-party platforms to run our practice (e.g., GDPR-compliant practice management software, encrypted email, cloud storage, or invoicing tools). These processors are legally bound by strict Data Processing Agreements (DPAs) to protect your privacy.

7. Data Retention

We do not hold onto personal data longer than necessary. In Ireland, psychological and medical records must be retained for specific periods to comply with professional indemnity insurance and legal statutes of limitations:

  • Adult Records: Generally retained for a minimum of 7 years following the end of the professional relationship.
  • Children/Minor Records: Retained until the individual reaches the age of 25 (7 years after turning 18), or longer if contractually or legally required.
  • Once the retention period expires, data is permanently and securely destroyed (shredded for physical papers, permanently deleted for digital files).

8. Data Security

We implement robust technical and organizational security measures to protect your data from unauthorized access, loss, or alteration. This includes:

  • End-to-end encryption for electronic communications and cloud storage.
  • Multi-factor authentication (MFA) on all devices and software platforms.
  • Physical security safeguards (locked filing cabinets in secure premises) for any hard-copy documentation.

9. Your Data Protection Rights

Under the GDPR, you hold significant rights regarding your personal information. You have the right to:

  • Access: Request a copy of the personal data we hold about you (a Subject Access Request).
  • Rectification: Request that we correct any inaccurate or incomplete information.
  • Erasure ("Right to be Forgotten"): Request deletion of your data, subject to our overriding legal or insurance obligations to retain medical records.
  • Restriction: Request that we limit how we process your data under certain conditions.
  • Data Portability: Request a digital transfer of the data you provided to us to another service provider.

To exercise any of these rights, please contact us at [Insert Email Address]. We will respond to your request within 30 days.

10. Complaints

If you have any concerns about how your data is handled, we ask that you contact us directly so we can resolve it. However, you have the absolute right to lodge a formal complaint with the Irish Data Protection Commission (DPC):

  • Website: www.dataprotection.ie
  • Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28.

11. Updates to this Statement

This Privacy Policy may change from time to time to reflect shifts in legislation or practice management. The latest version will always be available on our website.

Last Updated: July, 2026]

Contact Form

Please include a detailed message of what you would like help with.

Thank you, I have received your message and will get back to you.
Oops! Something went wrong, try refreshing the page and send it again.