ResMed PEI Privacy Statement

We are ResMed-PEI Limited a company incorporated in Ireland (registered no. 405642) with registered office at M50 Business Park, Ballymount Road Upper, Ballymount, Dublin 12 (“ResMed PEI”, "us", "we", or "our"). We supply sleep and respiratory products to Irish patients (the “Products”).  

At ResMed PEI we are committed to protecting and respecting your privacy.

This Privacy Statement will let you know how we look after the personal data which we collect from you in connection with your use of the Products, and any related content, products and services.

This Privacy Statement also informs you as to our obligations and your rights under data protection law.
 
Click on the headings below to find out more about how we collect and process your personal data:

  1. Who is responsible for your personal data? 

    For the purposes of the EU General Data Protection Regulation (EU Regulation 679/2016) (the “GDPR”), ResMed PEI is the data controller with regard to the personal data described in this Privacy Statement.

    Data controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data.  

    In particular, we have appointed a Data Protection Officer within ResMed PEI to monitor compliance with our data protection obligations and with this Privacy Statement and related policies. If you have any questions about this policy or about our data protection compliance please contact us. 

  2. What personal data do we collect?

    Personal data” means any information relating to an identified or identifiable natural person. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and/or behaviour.

    Special categories of personal data” of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data. 
    When you register for and use our Products: 
    When you register to use our Products you will be asked to provide the following information: 

    Administrative:

    • Name
    • Date of Birth
    • Email address
    • Postal address
    • Contact number
    • Next of kin name & contact number
    • Financial details
    • Record of billable services provided
    • Billing and payment records


    Special categories of personal data: 

    • Details of your sleep/respiratory condition which you/physician/referring hospital provide at the time of registering for use of our Products
    • Hospital Number
    • GMS number (where relevant)
    • Information collected from the Products during your use of same


    Through our website:
    We have a contact portal on our website (www.pei.ie) through which you may elect to make the following information available to us: 

    • Name
    • Email address
    • Contact number
    • Comments which you submit which might occasionally contain personal data


    In addition to the above we may collect, use, store and transfer different kinds of personal data about people using our website which we have grouped together as follows:

    • Analytical Information:  includes information on how you interact with the website, such as IP address, date, time, information about your browser, operating system and computer or device, pages viewed and items clicked. We may also collect location information, including location information automatically provided by your computer or device.
  3. How do we collect your personal data?

    We collect the administrative and special categories of personal data directly from you, your physician, referring hospital and from the Products. On certain occasions we may receive personal data from your GP or medical provider. 
    We collect certain personal data via our website through use of contact forms and use of cookies. 

  4. For what purposes do we process your personal data and what is our legal basis?

    We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.

    Type of data
    Purposes of processing
    Lawful basis for processing

    Name, email, phone number, postal address

    • So that we can communicate with you with regard to the delivery and set up of the Products.
    • To send you any additional information or replacement parts you might need 

    Necessary for the purposes of performing our contract with you.

    Financial details: billing records, payment records etc

    • To process and deliver your order including:
      (a) Manage payments, fees and charges
      (b) Collect and recover money owed to us

    Necessary for the performance of a contract with you; andNecessary for our legitimate interests (to recover debts due to us)

    Details of your sleep/respiratory condition which you provide at the time of registering for use of our Products

    • To ensure that the Product which you are registering for is appropriate for your use.
    • To input the relevant details into the Product to tailor it to your use 

    Explicit consent and necessary for the purposes of performing a contract with you. 

    GMS number

    • To communicate with you GP or other health service provider where necessary 

    Explicit consent and for the purposes of performing our contract with you

    Information collected from the Products during your use of same 

    • To provide you with information collected in relation to your sleep/respiratory condition from the Products. This is one of the key parts of the services we provide.

    Explicit consent and for the purposes of performing our contract with you. 

    Name, email, phone number, comments

    To respond to you where you have provided comments to us or asked us questions via our website. 

    Consent

    Analytical information

    To make our website function more efficiently and effectively in order to improve your online experience with us

    Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security etc.)

    Consent

    Type of data

    Name, email, phone number, postal address

    Purposes of processing
    • So that we can communicate with you with regard to the delivery and set up of the Products.
    • To send you any additional information or replacement parts you might need
    Lawful basis for processing

    Necessary for the purposes of performing our contract with you.

    Type of data

    Financial details: billing records, payment records etc

    Purposes of processing
    • To process and deliver your order including:
      (a) Manage payments, fees and charges
      (b) Collect and recover money owed to us
    Lawful basis for processing

    Necessary for the performance of a contract with you; and Necessary for our legitimate interests (to recover debts due to us)

    Type of data

    Details of your sleep/respiratory condition which you provide at the time of registering for use of our Products

    Purposes of processing
    • To ensure that the Product which you are registering for is appropriate for your use.
    • To input the relevant details into the Product to tailor it to your use
    Lawful basis for processing

    Explicit consent and necessary for the purposes of performing a contract with you.

    Type of data

    GMS number

    Purposes of processing
    • To communicate with you GP or other health service provider where necessary
    Lawful basis for processing

    Explicit consent and for the purposes of performing our contract with you

    Type of data

    Information collected from the products during your use of same

    Purposes of processing
    • To provide you with information collected in relation to your sleep/respiratory condition from the Products. This is one of the key parts of the services we provide.
    Lawful basis for processing

    Explicit consent and for the purposes of performing our contract with you explicit consent and for the purposes of performing our contract with you.

    Type of data

    Name, email, phone number, comments

    Purposes of processing

    To respond to you where you have provided comments to us or asked us questions via our website.

    Lawful basis for processing

    Consent

    Type of data

    Analytical information

    Purposes of processing

    To make our website function more efficiently and effectively in order to improve your online experience with us

    Lawful basis for processing

    Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security etc.)
    Consent

    Where we need to collect personal data under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the Products or associated services). In this case, we may have to cancel a Product or service you have with us, but we will notify you if this is the case at the time.

    Where we rely on consent as a legal basis, you may withdraw consent at any time by contacting us.  
    Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.
    We use cookies to facilitate the use of our website. For detailed information on the cookies we use and the purposes for which we use them, see our cookie policy here. 

  5. Do we share your personal data with anyone else? 

    With the online application “AirView”, your physician, hospital, sleep lab or ResMed PEI (“Service Provider”) can monitor your sleep diagnosis and / or therapy from a distance. You will separately be asked to explicitly consent to ResMed PEI sharing your personal data with Airview.

    We may also share your personal data with the following parties in connection with our processing of your personal data:

    • Third party service providers for the purpose of system support
    • Your doctor or other health care provider
    • myPatientSpace - a mobile application-based service. myPatientSpace privacy statement can be found at mypatientspace


    We require all third parties to enter into a data processing agreement/data sharing agreement with us which complies with our obligations under the GDPR. This agreement requires third parties to have appropriate security systems in place and only to use your personal data on our instructions and in accordance with data protection law.

    Under certain circumstances, ResMed PEI may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

  6. Links to third party websites

    Our website may contain links to and from websites operated by third parties unaffiliated with ResMed PEI. We do not control these third-party websites and we make no endorsements, warranties, or representations whatsoever regarding, nor do we assume any responsibility whatsoever in respect of, such third-party websites or the materials, information and content contained therein. We strongly advise that you carefully review the terms and conditions and privacy policies of all linked third-party websites. We also reserve our right to discontinue any and all links to our website from third party websites, at any time, at our sole and exclusive discretion.

  7. Keeping your personal data secure

    We take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We limit access to your personal data to those employees, agents and other third parties who are required to have access to your personal data and where they have agreed that they are subject to a duty of confidentiality. 

    We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.  We have procedures in place to deal with actual and suspected data breaches which include an obligation on us to notify the supervisory authority and/or you, the data subject, where legally required to do so.

  8. Transferring personal data out of the EEA

    We do not currently transfer any of your personal data out of the European Economic Area. 

    If circumstances arise in which we have to transfer your personal data out of the European Economic Area for the purposes of carrying out the services we provide to you, we will always ensure that there are appropriate safeguards in place to protect your personal data such as: 

    • the European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects' rights and freedoms; 
    • appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from us on request;
    • you have provided explicit consent to the proposed transfer after being informed of any potential risks; or
    • the personal data is being transferred to a company in the US which has self-certified its compliance with the EU-US Privacy Shield which has been found by the European Commission to provide an adequate level of protection to the personal data of EU citizens.
  9. For how long do we keep your personal data?

    Your personal data will be deleted when it is no longer reasonably required for the purposes described above or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. 

    In determining our retention period for categories of personal data we at all times will consider our obligations under the data protection legislation, guidance from the Data Protection Commission, any other specific legislative requirements as well as the amount and nature of the data itself.

  10. Your data protection rights

    Under certain circumstances, by law you have the right to:

    • Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it. 
    • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
    • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
    • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
    • Object to automated decision-making including profiling, that is not to be the subject of any automated decision-making by us using your personal information or profiling of you. We do not engage in any automated decision making.
    • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
    • Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.

    In the event that you wish to make a complaint about how your personal data is being processed by ResMed PEI, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority who can be contacted as follows: 

    Contact
    Data Protection Commission
    Telephone
    Email
    Post
    Data Protection Commission
    21 Fitzwilliam Square South
    Dublin 2
    D02 RD28
    Ireland
  11. Contact us

    You can contact us with any queries, complaints or requests to exercise your data protection rights using the details below: 

    Contact
    Data Protection Commission
    Telephone
    Email
    Post
    M50 Business Park, Ballymount Road Upper, Ballymount, Dublin 12
  12. Updates to this Privacy Statement

    Our Privacy Statement may change from time to time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.