top of page

DPO & Privacy Statement

Privacy & Data Protection Statement

This Privacy & Data Protection Statement explains how PALS collects, uses, stores, and protects personal information in line with the General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018, and professional guidance issued by the Psychological Society of Ireland (PSI).

Our aim is to be clear, transparent, and reassuring. If anything in this statement is unclear, you are welcome to contact us.

 

1. Who We Are

PALS provides psychological and educational assessment services in Ireland.

Data Controller:
PALS (Clinton Greenford)

As Data Controller, we are responsible for deciding how and why personal data is processed.

 

2. What Personal Data We Collect

We collect only the information necessary to respond to enquiries and to provide psychological assessment services. This may include:

  • Names and contact details

  • Information provided on referral or enquiry forms

  • Questionnaire responses completed by parents, teachers, or clients

  • Assessment notes and test results

  • Reports generated as part of an assessment

  • Limited technical data (e.g. email correspondence)

We do not collect unnecessary information.

 

3. How Personal Data Is Collected

Personal data may be collected in the following ways:

  • When you contact us by email

  • When you complete a referral or enquiry form

  • When questionnaires are completed as part of an assessment

  • During the assessment and reporting process

Some questionnaires are completed using secure third-party assessment platforms operated by recognised test publishers (see Section 6).

 

4. Why We Use Personal Data

Personal data is used only for legitimate and necessary purposes, including:

  • Responding to enquiries

  • Assessing suitability for services

  • Conducting psychological or educational assessments

  • Interpreting assessment results

  • Preparing professional reports

  • Meeting legal, ethical, and professional obligations

We do not use personal data for unrelated marketing purposes.

 

5. Legal Basis for Processing

Under GDPR, we process personal data on the following lawful bases:

  • Contract: where processing is necessary to provide a requested service

  • Legal and professional obligations: including record-keeping requirements

  • Explicit consent: where required, particularly for sensitive personal data

 

6. Use of Third-Party Services

Standardised Assessment Platforms

Some standardised questionnaires are administered using secure platforms provided by recognised test publishers, including:

  • WPS (Western Psychological Services)

  • MHS (Multi-Health Systems)

These platforms collect responses directly from clients, parents, or teachers and make results available to the clinician for professional interpretation. Each platform operates under its own privacy policies and data protection obligations.

AI-Assisted Processing Tools

We may use secure, regulated AI-based tools to assist with aspects of professional work (for example, drafting or organising material). These tools:

  • Operate under formal Data Processing Agreements

  • Process data only on the clinician’s instructions

  • Do not use identifiable client data for training or unrelated purposes

The clinician remains fully responsible for all professional decisions and outputs.

7. Data Storage and Security

All personal data is stored using secure systems appropriate for sensitive psychological information. Measures include:

  • Access controls

  • Encryption where appropriate

  • Restricted access to authorised users only

Email correspondence is stored securely and accessed only by the clinician.

8. Data Retention

Personal data is retained only for as long as necessary and in line with professional guidance.

  • Paper records are retained for 1 year and then securely destroyed.

  • Digital records are archived securely for 7 years after the file is closed.

During an active assessment, data may be retained for a period of weeks while the assessment and report are being completed. Once the assessment is completed and the file is formally closed, records are either deleted or archived in line with the retention periods above.

9. Sharing of Personal Data

Personal data is shared only where necessary to provide assessment services and only with professionals involved in the assessment.

This may include sharing relevant information with external clinicians where their professional input forms part of the assessment process. For example, where a Speech and Language Therapy perspective is required, relevant information may be shared with Frances O’Brien, Speech and Language Therapist, for the purposes of consultation or collaborative assessment.

Any information shared is limited to what is necessary, shared securely, and handled in accordance with professional confidentiality and data protection obligations. Personal data is not sold or shared for unrelated purposes.

10. Your Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure of data (where applicable)

  • Restrict or object to certain processing

  • Lodge a complaint with the Data Protection Commission

These rights apply to your personal data. They do not override professional, ethical, or legal obligations relating to the protection of standardised psychological test materials.

Certain assessment materials (for example, test questions, items, or stimuli from standardised assessments such as the SB5 or Conners) are protected by copyright and publisher restrictions. As a result, it is not always possible to share individual test questions or full test content with clients or parents, even where a data access request is made. Where this applies, findings and results will instead be explained in an appropriate professional format.

11. Contact Details

If you have any questions about this statement or how your data is handled, please contact:

Data Protection Officer / Data Controller:
Clinton Greenford
Email: pals.enquiries@gmail.com

12. Updates to This Statement

This Privacy & Data Protection Statement may be updated from time to time to reflect changes in law, guidance, or practice. The most current version will always be available on our website.

bottom of page