Eilish Farrell is a private practice physiotherapist, based in Co. Cork. She is a member of the Irish
Society of Chartered Physiotherapists (“ISCP”) and registered with CORU, Ireland’s multi-profession
Eilish Farrell, with a registered address at Butlerstown, Co. Cork is the Data Controller, which means
that we are responsible for the processing of your personal data. Any references to “we”, “us” and
“our” refers to Eilish Farrell.
provides you with details of how we collect and process your personal data, as well information
about how we comply with the General Data Protection Regulation (“GDPR”) and the Data
Protection Act 2018. This Policy applies when you enquire about or sign-up to any of our pilates
classes, physiotherapy treatments (online or in person), or other services (together “Services”).
What personal data do we collect?
In general, we obtain personal data through you directly, however, in some circumstances it may
also be obtained through other sources including (but not limited to) your parents or legal guardian
(e.g. if you are a minor or are incapacitated), your legal representative or others acting on your
behalf (e.g. friends, family or caregivers), referrals from other health or medical professionals and
The personal data we process about you varies according to the Services requested but broadly falls
into four main categories: (i) Contact information / Demographics; (ii) Financial Details; (iii) Health
Information and Pilates History; and (iv) Preferences.
Category Type of personal data
Contact Information /
• Email & telephone number
• Next of kin or emergency contact details
• Date of birth
• Contact information (see above)
• Billing & payment information
• Banking details
Health Information / Pilates
• Contact information (see above)
• Level of pilates experience
• Information necessary for your treatment, such as individual
identifiers, medical status, clinical notes, details of examinations,
medical images, test results, prescribing information, dietary
information, and correspondence from other health or medical
Note: Some of this personal data may be considered special category personal data. There are
additional requirements to process this type of personal data due to their sensitivity.
Preferences (Text / Email
Notifications) • Contact information (see above)
Publication Date: 12th September, 2020
Page 2 of 3
What do we do with your personal data and why?
We process your personal data for the purpose of providing the Services to you. In particular, to
book classes and appointments, provide treatment, respond to queries, facilitate payments and to
keep accurate records.
We must always have a “lawful basis” (i.e. a reason or justification, prescribed by law) for processing
your personal data. In the context of our Services, this may be processed pursuant to:
- Article 6(1)(a) GDPR, i.e. where you have provided your consent.
- Article 6(1)(b) GDPR, i.e. where it is necessary for the performance of a contract or in order
to take steps at your request prior to entering into a contract.
- Article 6(1)(c) GDPR, i.e. where your necessary for compliance with a legal obligation to
which we are subject.
- Article 6(1)(f) GDPR, i.e. where the processing of your personal data is within our legitimate
Where special categories of personal data are processed (e.g. information regarding your medical
history, pregnancy, etc), this will be done in accordance with the requirements of Article 9 GDPR, in
addition to the above. In particular, Article 9(2)(h) GDPR and Section 52 of the Data Protection Act
Who do we share your personal data with and where is it transferred to?
We limit the recipients of your personal data to those who specifically need to receive it. In order to
provide the Services to you, this may include third parties such as service providers (e.g. Facebook,
Zoom, Feepay Ltd and Vimeo), authorities, regulatory or professional bodies (where it is necessary to
do so), professional advisors or anyone else with your permission (e.g. GPs, caregivers, occupational
Please be aware that these third parties may be Data Controllers in their own right so you should
also familiarise yourself with any relevant terms and conditions they provide.
We limit the sharing of your personal data ex-EEA in so far as is possible. Nevertheless, certain
service providers and third-party platforms may use servers which are outside of the EEA. You
should be aware that the level of protection may not be the same as within the EEA. Where these
third parties act on our behalf, we will ensure that appropriate safeguards are put in place and that
all transfers of your personal data comply with applicable data protection laws.
How is your personal data secured?
We take our security responsibilities seriously, taking all reasonable steps, including appropriate
technical and organisational measures to protect your personal data.
How long do we keep personal data for?
We only process personal data for as long as necessary to provide Services to you, as well as any
legal obligations we may have. As soon as it is no longer required, we will ensure personal data is