The purpose of our Privacy Policy is to outline how we deal with any personal and sensitive data we collect or process which may be provided to us by you and/or our service users. This arises where we carry out reviews of an employee or potential employee at the request of their employer, or where we are requested to provide occupational medical advice.


By Post : Data Access Applications, CMOs Office, 90 North King St, Smithfield, Dublin 7

By Email : access applications only)

By Phone: 01-6045341


The Civil Service Occupational Health Department (CSOHD)/ Chief Medical Officers Department (CMOs) respects your right to privacy and seeks to safeguard your personal data. Any personal data we collect will be retained securely.  All relevant legislation relating to GPDR / Data Protection/ Freedom of Information will be complied with.


Personal data is data that identifies you or can be used to identify or contact you and may include, for example, your name, address and occupation, date of birth, PPSN and employing department.  Sensitive personal data includes data concerning health including lifestyle information which may include medical information such as relevant medical history, diagnostic information, test results or imaging. In this policy, any reference to personal data includes sensitive data.

  1. Website

The CSOHD / CMO Office does not collect any personal data about you from our website. Like most websites, we gather statistical and analytical information collected on an aggregate basis of all visitors to our website. This non-personal data comprises information that cannot be used to identify or contact you. We do not use any personal data for the purpose of automated decision-making or profiling.

  1. Collection & Retention of Data 

Any personal or sensitive data collected about you arises where we carry out occupational medical assessment of an employee or potential employee at the request of their employer, or where we a conduct health surveillance such as audiogram hearing tests or vaccinations for example Hepatitis B vaccination.

We will retain your medical records on an ongoing basis, for as long as is considered necessary and in order for us to:

  • Comply with our legal records retention obligations
  • Inform a diagnosis of a latent condition / establish a medical baseline for future reference
  • Respond To Legal Claims
  • Address complaints regarding our services.

We will no longer retain your personal data once it is no longer required for these purposes.

The lawful basis for processing your data under GDPR is

  • Article 6 (1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • Article 9(2)(h) processing is necessary for the purposes of preventive or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services.
  1. Obtaining & Using Data

Most of your personal data is obtained from your employing department and used for the purposes of carrying out occupational health assessments.

This information will only be used by us for:

  • The purpose for which it was provided by you and any reasonably incidental purposes
  • Statistical analysis & research
  • Administration purposes e.g. activity reports
  1. Types of Data We Collect

Examples of the types of personal data which we process for occupational health purposes which are covered by the GDPR include:

  • Name
  • Residential address
  • Data concerning health
  • Medical information
  • Birth dates

We will safeguard your personal data to ensure it remains confidential and will only handle your personal data in accordance with the terms contained in our Privacy Policy and applicable data protection law.

  1. How Do We Keep Your Data Safe

We take steps through organisational and technical measures to ensure that the personal and sensitive information we hold about you is held securely and to protect against the loss or misuse of your information. Any breach of your personal or sensitive data is notified and managed in accordance with our Data Protection & Confidentiality Policy. We will retain your data for as long as is considered necessary. Where we refer your case to an outside health professional (e.g. Specialist Occupational Physician as part of an Ill Health Retirement Appeal), we will confidentially forward them any relevant submitted medical reports held on file.

  1. How to Access Your Personal Data

You have the right to be given a copy of information held by us about you. There is no charge for this. We will provide the requested information to you within 30 calendar days of the receipt of a valid request in writing.

You have the right to access your data and to have any factual inaccuracies in the details we hold amended/clarified. We will agree to any such valid requests within 30 calendar days of receipt of a valid data access request. Please send all requests in writing to Data Access Applications, Civil Service Occupational Health Department, 90 North King St, Smithfield, Dublin 7 or email Please provide your name, address, mobile number and specify what part of your medical records you are seeking to access.

We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.

If you wish to make a complaint about the use of your personal data you can contact the Data Protection Commission (DPC). Further details are available on