How we handle your information.

Dr. Torun’s Clinic is the data controller for personal information collected through this website and during your care at the clinic. You can contact us at:

• info@drtorunsclinic.ie
• (01) 960 2244
• 59A Old Bawn Way, Tallaght, Dublin, D24 RY77

We collect different categories of information depending on how you interact with us.

Information you give us

• Identity and contact details: name, date of birth, gender, postal address, email address, phone number.
• Health and clinical information: medical history, symptoms, medications, allergies, examination findings, test results, treatment notes, prescriptions and referrals. This is special category data under Article 9 of the GDPR.
• Booking information: the service you booked, preferred doctor, scheduled time, your reason for visit, any special requests.
• Payment information: deposit and balance amounts. Card numbers are handled by our payment processor (Stripe) and never stored by us.
• Messages you send us via the contact form, WhatsApp, email or by phone.

Information collected automatically

• Website analytics: pages visited, approximate location (country/city level), device and browser type. Used in aggregate to improve the site.
• Essential cookies needed for the booking flow and the reception portal to function (e.g. session cookies).

We process your personal data on the following lawful bases:

• To provide medical care(Article 9(2)(h) GDPR — processing necessary for the provision of healthcare): consultations, diagnosis, treatment, follow-up, referrals.
• To manage your appointment (contract / Article 6(1)(b)): taking bookings, confirming times, sending reminders, taking deposits and processing refunds.
• To comply with legal and regulatory obligations (Article 6(1)(c)): medical record-keeping, tax invoicing, mandatory public health reporting where required.
• To respond to enquiries (legitimate interest / Article 6(1)(f)): replying to messages sent through the contact form, email, WhatsApp or phone.
• To improve the website (legitimate interest): aggregated analytics to understand what content is useful.

We do not sell your personal data, and we do not use it for behavioural advertising.

Your information is only shared where necessary to deliver your care or run the clinic, and only with parties who are themselves bound by confidentiality and data protection law.

• Other cliniciansinvolved in your care — for example a consultant, hospital or pharmacy receiving a referral or prescription — with your consent.
• Our IT and infrastructure providersacting as data processors on our written instructions: Strapi-hosted CMS on Microsoft Azure (EU region), email delivery providers, and Stripe (payment processing — PCI-DSS Level 1).
• Public bodies only where required by law (for example, certain notifiable diseases or court orders).

Where personal data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission to protect it.

Medical recordsare kept for the periods required by the Medical Council and HSE guidance — typically a minimum of eight years from the date of last treatment, and longer for children’s and obstetric records.

Booking enquiries that do not lead to an appointment (talk-first, contact form messages, unattended bookings) are retained for up to 90 days and then deleted.

Website analytics are retained in aggregate for up to 14 months.

Under the GDPR you have the right to:

• Request a copy of the personal data we hold about you (right of access).
• Ask us to correct information that is wrong or out of date.
• Ask us to delete information we no longer need to keep (right to erasure).
• Restrict or object to how we process your information.
• Receive your data in a portable format.
• Withdraw any consent you previously gave us.

To exercise any of these rights, email info@drtorunsclinic.ie. We will respond within one calendar month.

If you are not happy with how we have handled your data, you can complain to the Data Protection Commission at dataprotection.ie or 21 Fitzwilliam Square South, Dublin 2, D02 RD28.

Clinical records are stored in a secure, access-controlled system. Website and booking data is hosted in EU-region cloud infrastructure with encryption in transit (TLS) and at rest. Access is restricted to authorised staff on a need-to-know basis. We use short-lived authentication tokens, two-factor authentication where available, and regular software updates.

We never ask for passwords or full card numbers by email or text. If something looks suspicious, please call us on (01) 960 2244 to check.

We use the minimum set of cookies needed to operate the site:

• Session cookies for the reception portal and your booking flow. These expire when you close the browser, or after eight hours of inactivity in the case of the portal session.
• Stripe’s payment cookies when you reach the secure checkout page. These are set and controlled by Stripe under their own privacy notice.

We do not currently use third-party tracking or advertising cookies. If that changes, we will update this notice and ask for your consent.

We may update this notice from time to time. The “last updated” date at the top of the page reflects the most recent change. Material changes will be highlighted on the website.