Privacy & Cookies

Our Privacy Statement describes how we process your personal information. Please take the time to read it carefully.

15/09/2021 (Revision:01)


At ENFER, we take your privacy seriously. It is important that you know exactly what we do with personal information that you and others provide to us, why we gather it and what it means to you. This document is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR) and Data Protection Act 2018.

Enfer is committed to protecting all personal, special, and criminal categories of data held on you.

As such, we want you, the ‘data subject’, to understand how we collect, use, store, and share your personal data as a Data Controller. We also want you to understand what rights you can invoke to help you to protect your privacy. In this regard, it is important that you read this Privacy Notice and understand how we use your personal data. If you are under 16 years of age, please read this summary with a parent or guardian and ensure you understand it. Please note that we reserve the right to update this Privacy Notice as required.
1.1 Enfer Medical Information

Enfer Medical Ltd, a member of the Enfer Group, is a clinical diagnostic laboratory with the goal to continuously provide an exceptional level of service to our colleagues in the health services, on behalf of their patients.  We subscribe to both ISO15189:2012 international standard of accreditation and the highest standards of continuous professional development to maintain excellence in all our undertakings.

Enfer Medical Ltd is committed to protecting the rights and privacy of individuals in accordance with European and Irish data protection legislation. Enfer Medical Ltd shall lawfully and fairly process personal data about employees, patients, clients, and other stakeholders to achieve its mission and functions.

Throughout this document, ‘we’, ‘us’, ‘our’ and ‘ours’ refer to Enfer Medical Ltd (ENFER).


1.2 Data Protection Legislation

All personal data processed by Enfer is done so in accordance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act (DPA) 2018.


1.3 Queries and Complaints

If you are unhappy with the way we handle your personal data and wish to complain, or if you simply want further information about the way your personal data will be used, please contact us at the below:

Data Protection Officer


Unit T, M7 Business Park, Newhall, Naas

Co Kildare

Telephone: 045 819 000



You have the right to lodge a complaint with the Data Protection Commission. To contact the Data Protection Commission, please use the following details:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28


Telephone: +353 (0)761 104 800

Telephone: +353 (0)57 868 4800



1.4 Personal Data Breaches

Enfer will take all appropriate technical and organisational steps to safeguard and protect your personal data. In the unlikely event of a data breach, we will contact you in line with our legal obligations.



We may collect and process the following personal data about you:

  • Full name.
  • Date of birth.
  • Address.
  • Eircode.
  • Phone/Mobile number.
  • Email address.
  • Your financial details.
  • Your marital status.
  • Health data.
  • Your passport/ID information.
  • Online identifiers, e.g. Cookies
  • other personal information such as: criminal conviction data; telephone recordings; CCTV images at locations and information provided when exercising your rights under Section 10 below.

We collect information (i) you give us; (ii) information from your use of our services or our website AND (iii) information provided to us by third parties.

For further details on information collected from our website, please refer to section What are cookies.



We may use your personal data where necessary for the following purposes:

  • To conduct clinical tests for personnel who require this service.
  • To process clinical tests for and on behalf of Enfer Clients.

Under data protection law, Enfer must ensure that it has an appropriate lawful basis for the processing of your personal data and let you know what that basis is.  We will be processing your personal data based on the following lawful basis:

  • you have agreed or explicitly consented to the using of your data in a specific way (you may withdraw your consent at any time).
  • the use is necessary in relation to a service or a contract that you have entered into or will enter into (e.g., to provide you with laboratory services or because you have asked for something to be done so you can enter into a contract with us, or because you are applying for an open vacancy).
  • the use is necessary because we have to comply with a legal obligation, regulatory authorities, and law enforcement
  • the use is necessary to protect your “vital interests” in exceptional circumstances; and
  • the use for our legitimate interests (which you may object to) such as managing our business including credit risk management, providing service information, conducting marketing activities, training and quality assurance, and strategic planning and the purchase or sale of assets.

Where the personal data includes special category personal data, Enfer may seek to rely on:

  • Explicit consent from the data subject.
  • processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent
  • processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy; and
  • processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.



We will only use personal data for the purpose of our processing activities mentioned in the previous paragraph (3. Purpose of Processing and Legal Basis).

Also, in certain circumstances we will process your information on behalf of other Third-Parties and under their instructions in order to provide our services.  In these specific situations, third parties act as Data Controller and Enfer as Data Processor. Third parties will provide us your personal data to  enable us to complete the provision of the service that data subjects directly agreed with them initially.



We will take all steps reasonably necessary to ensure that personal data is treated securely in accordance with this Privacy Notice and the relevant law.

In particular, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we manage, collect and store.



When providing our services to you, we may share your information with:

  • your authorised representatives.
  • third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and (ii) you ask us to share your information.
  • ENFER Group companies.
  • service providers who provide us with support services e.g. LIMs provider
  • statutory and regulatory bodies (including central and local government) and law enforcement authorities.
  • third parties in connection with a sale or purchase of assets by us: persons making an enquiry or complaint; debt collection agencies, budgeting and advice agencies, tracing agencies, receivers, liquidators, examiners, Official Assignee for Bankruptcy and equivalent in other jurisdictions.
  • trade associations and professional bodies, non-statutory bodies, and members of trade associations.
  • pension fund administrators, trustees of collective investment undertakings and pensions trustees, insurers/re-insurers, insurance bureaus.
  • healthcare professionals and medical consultants.
  • business or joint venture partners.

When we engage another organisation to perform services for us, we may provide them with information including personal data, in connection with their performance of those functions. We do not allow third parties to use personal data except for the purpose of providing these services.



A cookie is a small data file that is transferred to your device (e.g. your phone or your computer) which collects information, including personal information about you. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of websites. For example, a cookie could allow our website to recognise your browser, while another could store your preferences and other information and let you navigate the website effectively.

Cookies can also help to ensure that adverts you see online are more relevant to you and your interests.

Types of cookies used on this website

Managing and disabling cookies
Any cookie that is not Strictly Necessary is not active by default and does not send information to the resource it is called from. Accepting all cookies, makes all cookies active. You can modify your cookie preferences for the website at any time by clicking on the ‘Cookie Settings’ button below.



The retention periods for your data are subject to legislation and regulatory rules we must follow, set by authorities such as the HSE, Revenue Commissioners, Irish National Accreditation Board.  Please refer to:



In some cases, we may transfer information about you and your products and services with us to our service providers and other organisations outside the EEA. We will always take steps to ensure that any transfer of information outside of the EEA is carefully managed to protect your privacy rights.  All cross-border data transfers to countries outside the EEA will be done in accordance with guidelines laid down by the European Commission and the European Data Protection Board. Detailed Data Transfer Impact Assessments will be carried out prior to such data transfers and Standard Contractual Clauses (where applicable) will be put in place as appropriate safeguards.



You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:

  • The right to withdraw your consent to the processing of Personal Data at any time.
  • The right to access your personal data.
  • The right to request the rectification of your personal data.
  • The right to be forgotten (RTBF) or to erasure of your personal data (where appropriate).
  • The right to restrict the use of your personal data.
  • The right to object to the processing of your personal data.
  • The right to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format or to require us to transmit that data to another controller (where applicable); and
  • Information on the existence of automated decision-making, if any, as well as meaningful information about the logic involved, its significance and its envisaged consequences.

Vindication of your rights shall not affect any rights which we may have under Data Protection Law. You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law has taken place.

If you wish to exercise any of the rights set out above, please contact us at:

Data Protection Officer

Unit T, M7 Business Park, Newhall, Naas
Co Kildare
Telephone: 045 819 000

In certain circumstances we act under instructions given by third parties, and we may not be in condition to provide you with your personal data or fulfil your rights request. In these cases, you may need to contact the primary party in this process, or we can support you in redirecting your query to the relevant party in order to ensure the respect of your individual rights and freedoms.



We will post any changes on the website and when doing so will change the updated date at the top of this Privacy Notice. Please make sure to check the date when you use our services to see if there have been any changes since you last used those services. If you are not happy with any changes that we have made you should cease using our services.

In some cases, we may provide you with additional notice of changes to this Privacy Notice, such as via email. We will always provide you with such additional notice well in advance of the changes taking effect where we consider the changes to be material.