Privacy Policy

Last revised: January 30, 2023

At myPatientSpace, we understand that the privacy and security of your information is important to you. To this end, we endeavour to safeguard the privacy of all information you entrust us with in order to protect and respect your privacy.

myPatientSpace provides services to our customers (various types of healthcare providers and pharmaceuticals). In turn, they invite their staff and patients to use myPatientSpace during their care journeys. Patients and staff may also invite extended care takers (e.g. family members). In these circumstances in respect of your personal data provided by your healthcare provider to the myPatientSpace application, the healthcare provider is the data controller, and myPatientSpace is the data processor.

myPatientSpace is the data controller when we administer and manage our customer and vendor relationships and for any recruitment data we may process.

Our privacy policy describes which personal data we collect and how we use and share this data. We recommend that you read our privacy policy. If you have any questions regarding the way in which we protect your personal data, please contact us by writing to or

Any reference to “I”, “we”, or “our” is a reference to myPatientSpace.

Any reference to “HC” or “HCP” is a reference to the healthcare provider who has given you access to myPatientSpace and is the data controller.



It is not our intention to transfer your data outside of the EEA, however where we are required to do so, we will ensure the recipients are in full compliance with the requirements of the GDPR.

1. About myPatientSpace

We are myPatientSpace Limited (“myPatientSpace”). We deliver a mobile application-based service in the form of the app: myPatientSpace, or myStaffSpace and associated digital platform (web and server).

2. Personal Data

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. We may also process certain special category data which may include health information. The personal data we collect is outlined in section 4 below.

3. Your Rights

Where we act as a data processor, you should contact your HC in the event that you wish to exercise these rights.

You have several rights in relation to how we use your information as a data controller.

  • The right to be informed: through this policy
  • The right to access your information and receive copies of the information held about you, have inaccurate information corrected and incomplete information updated or have your information deleted.
  • The right to object to particular uses of your personal data where we process on the basis of our legitimate interest – however, doing so may have an impact on the services and products we can / are willing to provide.
  • The right to object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes. However, we do not currently engage in any direct marketing or advertising using any personal data.
  • The right to have your data deleted or its use restricted under certain circumstances. For example, where you withdraw consent to the processing.
  • To obtain a transferable copy of certain data which can be transferred to another provider, known as “the right to data portability”.
  • The right to withdraw consent at any time, where any processing is based on consent

If you have a cause for complaint, you can contact the Irish Data Protection Commission or other relevant supervisory authority.

To access your personal data, please contact myPatientSpace at Subject to applicable law, we may charge for this service and will comply with reasonable requests as soon as possible and in any case within the deadlines prescribed by law.

You may also contact your HC to request access to, or request modifications to your personal data.

4. Data Collection

myPatientSpace collects data to conduct business and provide you with our services. We collect both personal data and other information for these purposes.

(a) Personal and sensitive personal data – “Personal data” is data that can be used directly or indirectly, alone or with other information, to identify you as an individual user of myPatientSpace. This is first and foremost data about your contact information, your health and information concerning your treatment journey. Some of the information collected will depend on what your HC has configured.

The following are examples of personal data that you or your healthcare provider may submit when you create a user account and when you use myPatientSpace:

  • Information about your name, phone number, email address and password.
  • Information about height, weight, body measurements, age, gender and other health data as configured by HC.
  • Patient Data such as PROMs (Patient Reported Outcome Measures) e.g: Oxford knee and hip scores, spirometry or Sleep Data
  • Information about doctor diagnosis and specific information about the condition and procedures
  • Data concerning the number of completed daily tasks and how you rated symptoms such your pain levels.
  • Your permanent physical address (location is NOT continuously tracked).
  • Your biometric data (fingerprint or facial image) should you choose to use these with our services. We do not store this data but use the devices’ in-built capabilities to assist login.

(b) Other Information – “Other information” is anonymous, aggregated, de-identified, or other types of information that do not reveal your identity. Some examples are age, gender, browser, operating system, number of PROMS taken or the amount of time spent on our services. We collect and use this information to understand how you, and our users in general, use our services to continuously improve, innovate, and produce products and services that satisfy our users’ demands. We generally do not view other information as personal data. If we chain together other information in a way that makes you identifiable as an individual user, we will handle that information as personal data.

(c) Access to Contacts – this is requested by the mobile apps when used by patients ONLY when the patient intends to add ‘members’ (such as a family member, friend or care giver) into their space.  This is to enable patients to avail of support from family and friends, in situations where this may be useful to them.  This permission to access Contacts from the patient’s mobile device is explicitly asked and only used if the permission is granted by the user (patient).

(d) Access to Camera, Photos and Media – the mobile Apps explicitly ask for permission to access camera and photos on your mobile device ONLY when the patient or staff attempt to upload an image in the following cases:1. as part of a Task about to be submitted with an attachment, 2. to upload and save an image to the Documents folder in the app, 3. to upload an image of a medication or prescription for review by clinician.  4. to upload a personal image as a profile photo which will be shown on their profile to both clinicians and themselves.  Camera, photos and media are only used if such permission is granted explicitly by the user (patient or staff).

(e) Location – for Android users, Location services are requested for use with Bluetooth as well as with Photos & Media.  Bluetooth on Android requires Location precision.  myPatientSpace does not use location services, but it is requested by the device as a standard requirement by Android for these features.

5. How We Use Personal Data

myPatientSpace uses the data we collect to conduct our business, deliver our products and services, improve existing products and services, develop new products and services, to improve and personalise your user experience when you interact with us and for recruitment purposes. We DO NOT use your data for marketing. We DO NOT share your data with any 3rd party marketing services.

We can use this data as follows:

A. Customers / vendors


Source of the processed data: Customer/ prospective customer/ supplier/ vendor

Personal data processed: Personal details including name, address and information shared via our webform.

Purpose of processing: 

  • To communicate with you and respond to your requests;
  • If you join a telehealth consultation with your provider, the video call is encrypted end-to-end.
  • To communicate with you and respond to your requests;
  • To provide you with information, products or services that you request from us or that we feel may interest you, where you have consented to be contacted for such purposes.
  • To inform you about changes to the Service, our Agreement with you or website that we believe will be of interest to you.
  • As the myPatientSpace application is being actively developed we might contact you to get feedback on the service provided.

Legal basic for processingArticle 6 (1) (a): data subject’s consent In sharing this information with the company.


Source of the personal data: Customer/ prospective customer/ supplier/ vendor

Personal data processed:

  • Personal details including name, address, status within a relevant legal entity with whom we have a contractual relationship;
  • Bank/building society details;
  • Government or other official identification documents (e.g. tax reference number or permits);
  • Information obtained from other sources (for example, publicly available information from online services and other information resources, third party commercial information sources, and information from our business partners).

Purposes of processing :

To manage our business operations including those relating to regulatory matters, finance and accounting; IT systems operation; records management and auditing.

Legal basic for processing:

  • :Article 6 (1) (b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • Article 6 (1) c)
  • processing is necessary for compliance with a legal obligation to which the controller is subject;


Source of the personal data:  Customer

Personal data processed:

  • Personal details including name, address, status within a relevant legal entity with whom we have a contractual relationship;
  • Bank/building society details;
  • Government or other official identification documents (e.g. tax reference number or permits);
  • Information obtained from other sources (for example, publicly available information from online services and other information resources, third party commercial information sources, and information from our business partners).

Purposes of processing:

To determine whether you are in compliance with our Agreement with you and to impose sanctions where necessary

Legal basis for processing:

Article 6 (1) (b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

B. Marketing & Sales

Source of the personal data:  Customer/Website visitor

Personal data processed: Email address, phone number and contact information

Purposes of processing: Marketing & Sales

Legal basis for processing: Article 6 (1) (a): data subject’s consent


C. Recruitment

Source of the personal data:  Customer/Website visitor

Personal data processed:

  • Personal details such as name, date of birth, address, email address, phone number, nationality;
  • Employment and education history in your CV; application form or as provided by you;
  • Other personal data supplied during the recruitment process

Purposes of processing: Recruitment

Legal basis for processing: Article 6 (1) (b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract


D.  Cookie Processing

Source of the personal data:  Customer/Website visitor

Personal data processed: 

  • This information is processed as it is necessary for the website to function and/or in response to a request by you for services.
  • In the case of cookies used where you have consented to that process, that information is processed to provide the service you have consented to, in accordance our cookie policy

Purposes of processing:

Site content personalization to provide relevant information and data to enhance user experience.

Legal basis for processing: 

  • The basis for any processing we may perform in the future are:
  • Under the strictly necessary basis which does not required consent  when the cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms; and your consent for all other cookies. We use a cookie management tool to obtain consent.
  • Changes in this regard will be clearly communicated on the website.

As a data processor, we will process any personal data that you provide to us for the following purposes and in line with the contract we have in place with your HC.

  • To provide you with the services you have ordered.
  • To carry out our obligations arising from any contracts entered into between you and HC.
  • To deliver and maintain a high-quality service and to improve and develop the service provided.
  • To allow you to access the myPatientSpace application and to participate in interactive features of our Service, when you choose to do so.
  • To respond to any communications you might send to us.
  • As proof of identity before we disclose personal information to you that we hold about you (in order to establish that we are disclosing the personal information to you and not to someone pretending to be you).
  • Compare information for accuracy and verify it with third parties.
  • For safety purposes, to provide you with customer support and to resolve technical or other problems; and
  • To determine whether you or other users are in compliance with this Agreement relating to the application, including the policies and terms and conditions of the application.


We can use your personal data to respond to your requests regarding technical support, online services, product information, or any other communication you wish to initiate with us. This may include access to your account to comply with requests for technical support. Please note that regardless of your email settings we can send you messages regarding the performance of services, such as our Terms of Service or this Privacy Policy, or other formal communications regarding our Products or Services that you have purchased or used. You may opt-out from receiving communications from myPatientSpace (other than necessary for myPatientSpace to provide the service for which you have subscribed) at any time by emailing us at This will mean your account is no longer active and you will need to set up a new account with us to avail of our service.


6. How we share your personal data

myPatientSpace will only disclose your personal data with your knowledge and as stated in this Privacy Policy, or as indicated at the time of collection. This includes information that enables us to fulfil our obligations to you and conduct our business. We only share your personal data with third parties in certain individual cases, specifically with your consent, or as necessary to complete a transaction or provide a product, service, or feature that you have requested. We may disclose your personal data as described in this Privacy Policy and as described in the following ways:

(6.1) Health professionals, independent consultants and hospitals that work with myPatientSpace and offer the use of this application as part of the provision of medical treatment.

(6.2) IT service providers that either host or have access to our data as part of their product offering.

(6.3) The company/controller (HC) who has provided this service to you.

(6.4) Regulatory bodies such as national registries if you have consented to participate.

(6.5) As we grow and develop – Business transactions and reorganisations. Should myPatientSpace ever merge with another company or if myPatientSpace should decide to buy, sell, or reorganise parts of or all its business(es), we may disclose or transfer to the extent permitted by law and in accordance with applicable requirements to notify you your personal data to prospective or actual buyers or the subsequent business entity in connection with any of these transactions or reorganisations.

(6.6) As required by law and special circumstances We may be forced to disclose your personal data if: (i) it is reasonably necessary to comply with legal proceedings (such as a court order, search warrant, etc.) or other legal requirements of any public authority, (ii) such a disclosure would potentially reduce our liability in a real or potential trial, (iii) it is necessary to protect our legal rights or property, or (iv) it is necessary to protect the legal rights, property, or other parties’ physical security or for the prevention or discovery of crime and such a disclosure is legitimate.

(6.7) We exchange anonymous information about the use of the myPatientSpace app and website with the following companies: [Oxford University, Aptible, AWS, Stripe, Google, Logentries] These companies help us monitor, evaluate and analyse our products’ performance, customer retention and reliability. We exchange your phone number with AWS, an SMS-messaging service. We exchange the number of questionnaires completed with Oxford but no specifics of your personal data. We may share the personal data described in this notice with service providers such as providers of cloud, IT infrastructure, emailing and website analytics services.

(6.8) Any member of our group of companies, which means our subsidiaries, our ultimate holding company and its subsidiaries.

7. How we protect your personal data

myPatientSpace is committed to protecting the security of your personal data. We use recognised secure data storage technologies – all data is stored encrypted-at-rest (i.e. in storage) and also during transit. Your data will be stored on Amazon AWS or Microsoft Azure in your region or an approved region (e.g. For European customers your data will be stored in Ireland and Germany. If you are in the Middle East your data will be stored in the UAE). We also allow you take additional measures to protect yourself such as supporting 2FA. You can also take measure to protect your information, such as installing antivirus software, closing browsers after use, keeping your login information and passwords secret, and making sure you regularly update software and apps you have downloaded to ensure that you have activated the latest security features on your devices.

8. Retention of data

Where we act as a processor, the duration of how long your data is stored will be specified by the HC who provides you access to our service. This means that myPatientSpace stores your personal data as long as you have an Account, or as long as it is necessary to deliver our Services to you in conjunction with your HC. We may also keep and use your personal data, as necessary, to comply with legal obligations, resolve conflicts, and enforce our agreements.

Where we process your data as a controller, we will retain your data for as long as is necessary for the purposes for which we collect it.  Where the Company holds Personal Data to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation.

9. Data Transfers outside the EEA

It is not the intention of myPatientSpace to transfer your data outside of the EEA however where we are required to do so, the transfer will be subject to appropriate safeguards in accordance with the requirements of the GDPR

10. Cookies

myPatientSpace currently does not use its own cookies but it may in the future use cookies to collect data that helps us to personalize your use of our Services in the future. If we do so, we will inform you at that time.  As of this revision, has links to external resources such as Vimeo, Twitter, LinkedIn, etc., which have their own cookie policies.

11. Children

We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data without parental consent, please contact us at or If we become aware that a child under 16 has provided us with personal data without the parents’ consent, we will remove the information and delete the child’s account.

12. Information Sharing

Residents of the European Economic Area

You may choose not to supply myPatientSpace with your personal data. To do this, please send an email to If you choose not to provide your personal data, the app’s personalised care journey program will be disabled.

Third parties not under our control

Please note that this Privacy Policy does not apply to practices for companies we do not own or manage or people we do not employ or manage. For example, if you download one of our applications on your smartphone, the manufacturer of your smartphone may have a policy that applies to its own practices for collecting information through that smartphone. We recommend that you read the privacy policies for each device, website, and service you are using.

13. How to contact us

If you have any questions, comments or concerns about the way we handle your personal data, please contact us by sending an email to or

14. Updates to Privacy Policy

We may update this Privacy Policy from time to time without notice. You can see when this Policy was last modified by checking the Effective Date. We advise you periodically to review this privacy policy to be sure you understand our privacy practices. If you have a registered account, we may notify you of changes to our privacy policy by email and we may ask you to confirm, acknowledge, and agree to the changes the next time you use our Services.

The support request will be routed to the controller, who will then decide if the account should be terminated.

15. Our Details

We are registered in Ireland under Company Registration Number 616748 and our registered office is at:

The View, Malahide, Co. Dublin, Ireland.

Our principal place of business is: Malahide, Ireland.

You can contact us:

(a) by post, to the postal address given above;

(b) using our website contact form;

(c) by telephone, on (+353) 1 267 6625; or

(d) by email, to