Website / Portal General Terms and Condition.

Development Status and Data Protection Notice This platform is currently in an active development and enhancement phase. We are continuously working to improve functionality, usability, and security to ensure alignment with best practices in healthcare data protection. We take the protection of personal and medical information seriously and implement appropriate technical and organisational measures to safeguard data, including secure access controls, encryption, and restricted system permissions. These measures are regularly reviewed and updated as part of our ongoing development process. By registering for and using this platform, you acknowledge that:

• The system is evolving, and features may be updated, modified, or refined over time
• We are committed to maintaining high standards of data protection in line with applicable data protection legislation, including the General Data Protection Regulation (GDPR)
• You may provide feedback or report any issues to help us improve the system further

We actively encourage responsible disclosure of any potential vulnerabilities. If you identify any issue, please report it to: [insert security email e.g. security@gpdoc.ie]. All reports will be handled appropriately and in accordance with applicable laws. Any unauthorised attempt to access, interfere with, or compromise this system or its data is strictly prohibited and may constitute a criminal offence. This notice does not affect your statutory rights under applicable data protection law.

Privacy Policy.

This Privacy Policy applies to our website, and its associated subdomains (collectively, our Services) alongside our application, gp4less.ie By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

Change to the Terms and Conditions.

By using the site, you agree to be bound by these Terms. We reserve the right, in our sole discretion, to change, modify, add or remove portions of these Terms at any time.

Patient Portal Terms of Use and Data Protection Consent

GDPR is an EU-wide privacy and data protection law that regulates how EU residents' data is protected by companies and enhances the control the EU residents have, over their personal data. The GDPR is relevant to any globally operating company and not just the EU-based businesses and EU residents. Our customers’ data is important irrespective of where they are located, which is why we have implemented GDPR controls as our baseline standard for all our operations worldwide.

Purpose of the Portal : This secure portal is provided by GPDOC Medical Centre to allow patients to:
• Access selected medical documents and test results and updates from hospitals and laboratories.
• Receive communications from the practice, such as appointment reminders and GP Message etc.
• Manage certain administrative details.
• Manage certain administrative details.
• This platform is intended to support, but not replace, direct clinical care.
Clinical Use and Limitations : This portal is not intended for urgent medical issues or emergencies. Patients should contact emergency services or their healthcare provider directly for urgent concerns.
• This portal does not provide emergency medical services.
• It must not be used for urgent or time-sensitive medical concerns.
• In an emergency, patients must contact 999 / 112 or attend the nearest Emergency Department
• Clinical advice is not routinely provided through this platform unless explicitly arranged.
Data Protection and GDPR Compliance: Your personal and medical data are processed in accordance with the General Data Protection Regulation (GDPR) and applicable Irish data protection law. We process your data for:
• Provision of medical care.
• Communication of results and clinical documents.
• Practice administration and legal obligations
• Special category health data is processed under GDPR Article 9(2)(h) (medical diagnosis and healthcare provision)

Security Measures: We implement appropriate safeguards including:

Secure login with two-factor authentication (2FA).

Encryption of data in transit and at rest.

Role-based access controls.

Audit logging of system access.

While we take all reasonable steps to protect your data, no system can be guaranteed to be completely secure.

Development Status:

This platform is continuously being improved and updated. Features and functionality may change over time as part of ongoing development.

We carry out regular risk assessments, including Data Protection Impact Assessments (DPIAs), and continuously enhance security measures in line with best practices.

Patient Responsibilities: By using this portal, you agree to

Keep your login details confidential.

Not share access with others.

Ensure your contact details are accurate.

Notify us promptly if you suspect unauthorised access.

Communication and Response Times :

This platform is not monitored continuously.

Messages may not receive immediate responses.

For urgent concerns, contact the clinic directly or seek appropriate medical care.

Data Retention and Access :

Your data will be retained in accordance with legal and medical record retention requirements.

You have the right to Access your data.

Request correction of inaccuracies.

Request restriction or objection where applicable.

Requests can be made via support@gp4less.ie

Data Sharing : Your data may be shared where necessary with

Laboratories and diagnostic providers.

Pharmacies.

Hospitals or specialists involved in your care.

Regulatory or legal authorities where required.

All third parties are required to handle your data securely and lawfully.

Responsible Disclosure : If you identify a potential security issue, please report it to support@gp4less.ie , gpdocmc@pm.me

We take all reports seriously and will investigate promptly.

We ask that you do not attempt to exploit any vulnerabilities or share them publicly before we have had a chance to address them.

We will work with you to resolve any issues and may offer recognition or rewards for valid reports, at our discretion.

We will not take legal action against individuals who report security issues in good faith.

Unauthorised attempts to access or interfere with the system are prohibited and may constitute a criminal offence..

Limitation of Use :

This platform is provided to support patient care and administration. It must not be misused, and access may be suspended if inappropriate use is identified.

Changes to These Terms :

These terms may be updated periodically. Continued use of the portal indicates acceptance of the latest version.

For Medical cert | Sick Note.

• This service is designed to be affordable while ensuring the safety and integrity of medical certification services.
• It is strictly for the issuance of medical certificates only.
• maximum of 5 days can be certified per application.
• A Extensions beyond 5 days are not provided.
• if your illness continues beyond this period, you must consult a doctor for further assessment or treatment.
• You confirm that your request is solely for minor ailments or illnesses that do not require medical advice, assessment, or treatment, and are suitable for self-certification and self-management with over-the-counter remedies. You also acknowledge that if your condition changes or worsens, it is your responsibility to promptly seek medical advice and care from your GP.

Exclusive jurisdiction of the Irish courts.

The Site has been created and is controlled by us in Ireland. These Terms will be governed by, and construed and enforced in accordance with, the laws of Ireland. You hereby unconditionally and irrevocably submit to the exclusive jurisdiction of the Irish courts.

Personal and medical data migration consent.

Your medical data will be migrated gradually from our local server to secure cloud servers. The migration process will comply fully with GDPR and all relevant data protection regulations. Access to your medical information will be limited to authorised staff of GPdoc Medical Centre. Two-factor authentication (2FA) is required for all staff logins, providing an additional layer of security. Local servers may be at risk in the event of fire, flooding, or other property damage. Cloud-based storage remains protected in such situations, ensuring long-term data security. Your data will continue to be used solely for the purpose of providing you with healthcare. Cloud storage offers enhanced protection against data loss, theft, or system failure. Cloud storage is provided via for development initially via Digital Ocean (EU-based Data Centre, Frankfurt, Germany) but will be migrating to AWS long term; subject to change if necessary/required but this will be posted and declared on the website.

Consent.

By reading this detail , you confirm that:

I have read and understood the Patient Portal Terms of Use and Data Protection Notice.

I understand that this system is not for emergency use.

I consent to the processing of my personal and health data for the purposes of my medical care and use of this portal.

I consent to my medical records being securely migrated from our local server to the cloud-based systems GP4less.ie and GPhub.ie, managed by GPdoc Medical Centre.

I understand that this migration improves the security and protection of your personal and medical information and is fully compliant with GDPR and data protection regulations.

I acknowledge that additional safeguards, including two-factor authentication, are in place to ensure secure access to your data.

I understand that cloud-based storage offers greater protection than local servers in the event of fire, flooding, or other property-related risks.