Privacy Policy for Irish Resilience Clinic
Introduction
Irish Resilience Clinic Limited
This is our Privacy Notice. Here we explain how we collect, use, share, and keep information relating to you. This information is known as personal data and is referred to as “information” in this Privacy Notice.
We must explain this to you under the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018 (together, “Data Protection Law”).
Data Protection Law protects your information, and tells us how we can use your information.
You can ask for more details about how we use your information by emailing us at [email protected] or by writing to us at the address below.
If you give us information relating to another person (for example, a child in your care, or a family member), you are responsible for telling them how to find this notice and ensuring they do not object to us using their information as described here.
Last updated: June 2026
1. Who we are
When we talk about “us”, “we” or “our”, we are talking about Irish Resilience Clinic Limited, a company registered in Ireland, with its registered office at Coliemore House, Coliemore Road, Dalkey, Dublin, Ireland.
Irish Resilience Clinic Limited is the controller of your information for the purposes of Data Protection Law. This means that we decide how and why your information is used.
If you have any questions about how we use your information, or wish to exercise any of your rights under Data Protection Law, you can contact us by:
- emailing us at [email protected], or
- writing to us at: Data Protection Queries, Irish Resilience Clinic Limited, Coliemore House, Coliemore Road, Dalkey, Dublin, Ireland.
2. What information do we process about you?
Personal data means any information relating to a living person. Processing means doing anything with your information, including collecting, recording, storing, sharing, and changing it.
Our services include autism and neurodevelopmental assessments, parental capacity assessments (PCA), psychotherapy, and related clinical and consultancy services. To provide these services, we collect and keep information about you and, where relevant, about your child or other family members.
In some cases, providing your information to us is necessary so that we can provide our services to you, or is required by law or by the professional standards that apply to us. Without certain information, we may not be able to provide our services to you.
The categories of information we may collect include:
- Personal details — name, date of birth, gender, contact details, and details of your child or family members where relevant.
- Referral and intake information — how you heard about us, the reason for your enquiry (for example, autism assessment, parental capacity assessment, psychotherapy, court case), and referral details from GPs, schools, solicitors, or other professionals.
- Health and assessment information — medical and developmental history, information from assessments and diagnostic tools, and clinical notes, reports, and recommendations.
- Court and legal information — information relevant to family law or court proceedings where we are instructed to prepare a report, and correspondence with solicitors, courts, or Tusla.
- Payment information — billing details and payment records. We do not store full card details — these are processed by our payment providers on our behalf.
- Communications — emails, messages, and call records between you and us, including via our website contact form or newsletter sign-up.
- Website and cookies information — information about your use of our website, collected through cookies and similar technologies. See our Cookies section below.
3. Special category data
Much of what we collect is “special category data” under Data Protection Law, including information about your or your child’s physical or mental health, diagnoses or developmental status, and in some cases family circumstances that may reveal sensitive information, such as in parental capacity assessments.
Special category data has extra protection under Data Protection Law. We will only process it where one of the following applies:
- Your explicit consent — where you (or your child’s parent or guardian) have given clear, informed consent to an assessment or service involving health or developmental information.
- Provision of health or social care — where processing is necessary for the provision of health care, social care, or treatment, by or under the responsibility of a healthcare professional.
- Legal claims or proceedings — where processing is necessary for the establishment, exercise, or defence of legal claims, for example where we are instructed to prepare a parental capacity assessment for family law proceedings.
- Substantial public interest — in limited circumstances, such as in connection with safeguarding or the Assisted Decision-Making (Capacity) Act 2015.
Where we rely on your consent, you may withdraw it at any time by contacting us. Withdrawing consent will not affect the lawfulness of anything we did before you withdrew it, and may affect our ability to continue providing the relevant service.
4. How we collect your information
Directly from you — when you contact us through our website, phone, or email, book or attend an appointment or assessment, complete intake forms or questionnaires, sign up to our newsletter, or otherwise communicate with us.
From others, with your knowledge — we may also collect information from GPs, schools, and other professionals involved in your or your child’s care; solicitors, courts, or Tusla, where we have been instructed to prepare a report for legal proceedings; other family members, where relevant to an assessment; and referral partners.
Where information is shared with us by a third party, we will let you know what we have received where appropriate and where it does not compromise the purpose of the assessment.
5. Why we use your information
Under Data Protection Law, we need a legal basis to use your information. Below we explain why we use it, our legal basis, and the type of information involved.
- Clinical services (assessments, diagnoses, psychotherapy) — legal basis: your explicit consent, provision of health or social care, and performance of our contract with you. Information used: personal details, referral and intake information, health and assessment information.
- Reports for family law or court proceedings (including parental capacity assessments) — legal basis: legal claims or proceedings, your explicit consent where applicable, and performance of our contract with the instructing party. Information used: personal details, health and assessment information, court and legal information, communications.
- Appointments, billing, and account administration — legal basis: performance of our contract with you, and legal obligation for accounting and tax records. Information used: personal details, payment information, communications.
- Responding to enquiries — legal basis: performance of our contract with you or steps prior to entering a contract, and our legitimate interest in responding to enquiries. Information used: personal details, referral and intake information, communications.
- Newsletter and marketing communications (where you have signed up) — legal basis: your consent. Information used: name and email address.
- Professional, legal, and regulatory compliance (for example, PSI or CORU record-keeping, safeguarding, tax law) — legal basis: legal obligation, and our legitimate interest in maintaining proper professional records. Information used: all categories above, as relevant.
- Safeguarding the welfare of a child or vulnerable adult (for example, concerns reported to Tusla or the Gardai) — legal basis: legal obligation, substantial public interest, and vital interests in urgent cases. Information used: health and assessment information, personal details, communications.
- Managing complaints, legal claims, or disputes — legal basis: legal obligation, our legitimate interest in managing and defending claims, and legal claims or proceedings where special category data is relevant. Information used: all categories above, as relevant.
- Cookies and similar technologies — legal basis: your consent for non-essential cookies, and our legitimate interest for strictly necessary cookies. Information used: website and cookies information.
- Responding to data protection rights requests — legal basis: legal obligation. Information used: personal details, communications, and any other relevant information.
Where we rely on “legitimate interests”, this means we have considered that our use of your information is reasonably necessary, would not be expected to override your rights and freedoms, and that there is no less intrusive way to achieve our purpose. You have the right to object — see Section 10 (Your rights).
6. How we share your information
We may share your information with the following categories of third party:
- Other professionals involved in your or your child’s care (for example, GPs, schools, other clinicians, or the HSE) — to provide coordinated care, with your explicit consent or under provision of health or social care.
- Solicitors, courts, and Tusla, where we have been instructed to prepare a report for legal proceedings — to fulfil the purpose of the instruction, under legal claims or proceedings, or legal obligation where disclosure is court-ordered.
- Companies who provide support services to us (appointment scheduling, secure messaging, cloud hosting and storage, IT support) — for our legitimate interest in operating efficiently and securely, and performance of our contract with you.
- Payment processors — to process payments, under performance of our contract with you.
- Our professional advisers (accountants, insurers, legal advisers) — for our legitimate interest in obtaining advice and protecting our position, and legal obligation where relevant.
- Our professional regulatory and membership bodies (such as PSI or CORU) — for legal obligation and our legitimate interest in maintaining professional standards.
- Tusla, the Gardai, or other statutory bodies — where we have a safeguarding concern, under legal obligation, substantial public interest, or vital interests in urgent cases.
- The Data Protection Commission, or other regulators — where required by law, or to assist with an investigation or complaint.
We do not sell your information to third parties, and we do not share your information with third parties for their own marketing purposes.
7. Sending your information outside the European Economic Area (EEA)
We aim to store and process your information within Ireland and the EEA wherever possible. However, some of the service providers we use may be based outside the EEA, or may transfer information outside the EEA as part of their service.
Where this happens, we will only send your information to a country outside the EEA where:
- the European Commission has decided the country has an adequate level of protection (an “adequacy decision”);
- appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses (SCCs); or
- an exception under Data Protection Law applies — for example, the transfer is necessary to provide our services to you, or with your explicit consent.
Where relevant, we may also rely on the EU–U.S. Data Privacy Framework where the recipient in the United States is certified under that framework. You can ask us for more information about the safeguards in place for any particular transfer.
8. How long we keep your information
We keep your information for as long as necessary for the purposes for which it was collected, and to comply with our legal and professional obligations. In particular:
- Clinical records (assessment reports, clinical notes, related correspondence) are retained in line with PSI and CORU guidance — generally a minimum of 7 years for adults, and until a child reaches 25 years of age, or longer where there are ongoing legal proceedings.
- Parental capacity assessments and other court reports, together with related correspondence, are retained for as long as necessary in connection with the relevant legal proceedings, and in line with professional record-keeping guidance.
- Financial and billing records are retained for at least 6 years, in line with Irish tax law.
- Website enquiry and newsletter sign-up information is retained for as long as you remain subscribed, or until you ask us to delete it. If you have made an enquiry but have not become a client, we retain your details for a reasonable period (normally no more than 24 months) before deletion.
Where we no longer need your information, we will securely delete or anonymise it.
9. Cookies
Our website uses cookies and similar technologies to help it function properly and to improve your experience. We use the following categories of cookies:
- Strictly necessary cookies — essential for our website to work, including features such as our contact form. These do not require your consent.
- Functionality cookies — remember choices you make to provide a more personalised experience.
- Performance and analytics cookies — help us understand how visitors use our website, so we can improve it. These are only set with your consent.
- Targeting cookies — we do not currently use targeting or advertising cookies. If this changes, we will update this notice and seek your consent.
Other than strictly necessary cookies, we will only set cookies on your device with your consent. You can manage or withdraw your consent at any time, and control or delete cookies through your browser settings. If you disable certain cookies, some parts of our website may not work as intended.
10. Your rights
Under Data Protection Law, you have the right to:
- Access — ask for a copy of the personal information we hold about you.
- Correction — ask us to correct inaccurate or incomplete information.
- Deletion — ask us to delete your information, subject to our legal and professional obligations (for example, clinical record retention).
- Restriction — ask us to restrict processing in certain circumstances.
- Objection — object to processing based on our legitimate interests, including direct marketing.
- Portability — ask to receive your information in a structured, commonly used, machine-readable format.
- Withdrawing consent — withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
Some rights may not apply, or may be limited, depending on the legal basis we rely on and our other obligations — for example, our obligation to retain clinical records or protect information relevant to legal proceedings.
To exercise any of these rights, please contact us using the details in Section 1. We will respond within one month (or up to three months for complex requests), and may need to verify your identity first.
11. If you want to make a complaint
If you are unhappy with how we have handled your information, please contact us first using the details in Section 1, so we can address your concerns directly.
If you remain unhappy, you have the right to lodge a complaint with the Data Protection Commission:
- by post: Data Protection Commission, 6 Pembroke Row, Dublin 2, D02 X963, Ireland
- online: www.dataprotection.ie
12. Changes to this notice
We may update this Privacy Notice from time to time, particularly when we change how we use your information, or when our services, technology, or legal obligations change. The “Last updated” date at the top of this notice shows when it was last revised. Where we make material changes, we will take reasonable steps to bring this to your attention, such as posting a notice on our website.
13. Contact us
Irish Resilience Clinic Limited
Coliemore House, Coliemore Road, Dalkey, Dublin, Ireland
Email: [email protected]
Website: irishresilience.ie