Skip to main content

Warning notification:Warning

Unfortunately, you are using an outdated browser. Please, upgrade your browser to improve your experience with HSE. The list of supported browsers:

  1. Chrome
  2. Edge
  3. FireFox
  4. Opera
  5. Safari

Privacy Statement for

The Health Service Executive (HSE) owns and runs this website.

You can access most of without giving your personal data. You will need to give some of your personal data when you request services on the website.

We are committed to protecting your privacy and take the security of your information very seriously. We aim to be clear and transparent about the information we collect about you and how we will use that information.

This statement covers:

  • the role of the data controller and the data protection officer (DPO)
  • what personal data we collect
  • what we use your personal data for
  • how long will we hold onto your personal data
  • who will have access to your personal data
  • cookies on the HSE website
  • the transfer of personal data
  • your rights
  • how to make a complaint

The data controller

The HSE is the data controller for all personal data that is collected and used by this website. A data controller is the legal entity that determines how and why personal data is collected and used.

Our headquarters is located at:

Dr. Steevens Hospital
Steevens Lane
Dublin 8
D08 W2A8

Data protection officer (DPO)

The DPO oversees the HSE’s compliance with data protection.

DPO contact details

What personal data we collect

Personal data is any information relating to you that lets us identify you. For example, your name, address, contact phone number and email address.

If you want to access HSE services, we will need to collect and process your personal data.

Examples of HSE services are:

  • applying for a medical card
  • booking a COVID-19 vaccine appointment
  • using the live chat service
  • making a complaint using ‘Your service, your say
  • signing up for a newsletter

You will be given more specific data processing information when you use our services.

HSE privacy notice for patients and service users (PDF, 650KB, 10 pages)

We may collect and use:

  • your name and address
  • your contact details
  • your individual health identifier (IHI)
  • your personal public service (PPS) number
  • your date of birth, gender, mother's full birth name
  • your IP address
  • details you give as part of signing up for a programme or newsletter
  • information about a complaint you made
  • information about your use of the website
  • information about your location - if you choose to, this may be shared with Google and you can find more information in the Google Terms of Use and Privacy Policy

We will handle any data you share with us in line with the General Data Protection Regulation (GDPR). Generally, we process your personal data as the provider of health services, carried out in the public interest. This applies to both general personal data and any special categories of personal data. Where other legal bases are used, you will be told about them when we request your personal data.

What we use your personal data for

Any personal data we collect from you on this website will only be used to:

  • give you a better user experience
  • keep our website secure
  • analyse visitor traffic and how people use our website
  • send you newsletters and information notices about health campaigns and promotions
  • get your feedback on the website
  • process a complaint

We will not use the data we collect about you for any other purposes without asking for your consent.

We may use anonymised data to analyse, plan and improve our services. We may track activity on the website, such as where visitors stop using the website.

We use your IP address for website security purposes and keep this separate. We do not collect IP addresses for analytics purposes. We collect website analytics data that is anonymised and aggregated.

You can withdraw your consent for analytical cookies at any time on the cookie preferences page.

How long will we hold onto your personal data

We will only keep your personal data for as long as it is necessary to fulfil the purpose it is being processed for. All personal data collected is retained in accordance with the HSE Record Retention Policy.

When the HSE no longer needs your personal data, we securely delete or destroy it.

Who will have access to your personal data

Only HSE staff, agents and suppliers who are directly involved with services you request on the HSE website will have access to your personal data.

All HSE staff, agents and suppliers who have access to personal data are bound to the HSE by confidentiality and data protection agreements. They must keep your personal data secure and to use it only for the purposes specified by the HSE.

Cookies on the HSE website

Cookies are small files that are created and saved on your phone, tablet or computer when you visit a website. They store information about how you use the website, such as the pages you visit and how you interact with the content. If you use the social media buttons on our website and allow the cookies from the companies that own these platforms, they will collect information about you.

Cookies are not viruses or computer programs. They are very small so do not take up much space.

Web chat services on use cookies to make the service work properly. These are anonymous cookies that cannot track you while you use other websites.

Read our cookies statement to find out more about cookies and how we use them

Transfer of data

We use analytics tools to collect information about your use of this website. Part of this information includes your IP address, which is considered personal data. We use anonymised IP addresses for this website. No individual can be identified by their IP address.

We do not transfer any other personal data about you outside the European Economic Area (EEA). If in the future, we need to transfer your personal data outside the EEA, we will comply with Chapter 5 of the General Data Protection Regulation (GDPR).

Your rights

Under certain circumstances, by law you have the:

  • right of access – you can request a copy of the information that we hold about you
  • right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete
  • right to be forgotten – you can ask for the data we hold about you to be erased from our records
  • right to restriction of processing – where certain conditions apply
  • right of portability – where certain conditions apply, you have the right to have the data we hold about you transferred to another organisation
  • right to object – you can object to certain types of processing such as direct marketing
  • right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling
  • right to review - in the event that we refuse your request under rights of access, we will tell you the reason
  • right to withdraw your consent – where you have consented to receiving emails or newsletters you may withdraw your consent at any time

If you want to exercise any of these rights:

When you send a request, we will need to confirm your identity. Once your identity has been confirmed, we will give you your information free of charge. We may charge a fee if we believe your request is clearly unfounded, excessive or repetitive.

Making a complaint

If you are not satisfied with how the HSE is processing your personal data, contact the HSE’s Data Protection Officer at

If we are unable to resolve your complaint, you have the right to lodge a complaint directly with our supervisory authority, the Data Protection Commission.