FOOT SURE PODIATRY LTD
For the purpose of the GDPR and DPA Naomi Springthorpe is the The Data Controller for Foot Sure Podiatry Ltd. When Foot Sure Podiatry Ltd collect and use your personal data, we must comply with the requirements set out in the GDPR and DPA.
This policy also serves as a privacy notice under the GDPR.
1. Our commitment to data protection
We recognise that your privacy is important and that we have a responsibility to you when handling your personal data.
We take appropriate steps and put adequate technical measures in place to protect your personal data against misuse.
We will never provide your personal data to third parties for their marketing purposes.
If we plan to make substantial changes to the way we use personal data or the personal data we collect, we will undertake a Data Protection Impact Assessment in accordance with the ICO's guidance.
We will ensure your personal data is used according to the principles set out in the GDPR and the DPA unless an exemption applies.
2. Information the Company Collects
To aid your treatment or as part of purchasing something from Foot Sure Podiatry Ltd you will normally provide the company with certain information, such as your name, email address, postal address, medical information and payment information. The company will store your information on an electronic patient record and diary system which is fully password protected.
3. Why Foot Sure Podiatry Ltd Needs Your Information and How It Uses It
The company relies on a number of legal basis to collect, use, store and share your personal data, including:
• Where it is necessary for the purposes of the provision of health care as needed to provide the services of Foot Sure Podiatry Ltd, such as when the practitioner uses your information to fulfil your podiatry assessment and treatment, or to provide customer support;
• When you have provided your affirmative consent, which you may revoke at any time, such as by signing up to the company’s mailing list;
• If necessary, to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law.
From time to time Foot Sure Podiatry Ltd may wish to send you direct marketing material which may include product offers and newsletters. If you are happy for the company to do this, please complete the consent form and indicate in which forms you would like to receive this information.
5. Information Sharing and Disclosure
Information relating to patients is extremely important to the business. Foot Sure Podiatry Ltd shares your personal information for very limited reasons and in limited circumstances, as follows;
• Medical professionals: With your consent the practitioner will share your information with medical professionals such as your GP or consultant to allow continuity of care.
• Service providers: The company engages certain trusted third parties to perform functions and provide services to the business such as external orthotics services. The practitioner will share your personal information with these third parties, but only to the extent necessary to perform these services.
• Business transfer: If the company sells or merges the business, it may disclose your information as part of that transaction, only to the extent permitted by law and with your knowledge.
• Compliance with laws: The practitioner may collect, use, retain, and share your information if legally required to do so.
6. Data Retention
7. Transfer of Personal Information Outside the EU
Foot Sure Podiatry Ltd uses a patient notes system that may store and process your information through third party hosting services. Some of the external third parties are based outside of the European Economic Area (EEA) and conduct some of their processing outside of the EEA. As a result, the processing of your personal data may involve a transfer of data outside of the EEA. If the company is deemed to transfer information about you outside the EEA, it will ensure at least one of the following safeguards is implemented:
Personal data will only be transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Specific contracts approved by the European Commission which give personal data the same protection as it has in Europe may be used in some circumstances.
Where providers are based in the US, data transfer will be subject to Privacy Shield, which requires the company to provide similar protection to personal data shared between Europe and the US.
8. Your Rights
You have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. These rights are described below:
• Access: You have the right to access and receive a copy of the personal information held about you by contacting Foot Sure Podiatry Ltd using the contact information below.
• Change, restrict, delete: You may also have rights to change, restrict the use of, or delete your personal information. In the case of health records these are normally exempt from change and deletion requests.
• Object: You can object to (i) the processing of some of your information based on legitimate interests and (ii) receiving marketing messages from Foot Sure Podiatry Ltd after providing your express consent to receive them. In such cases, Foot Sure Podiatry Ltd will delete your personal information unless the company has compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
• Complain: If you wish to raise a concern about the company’s use of your information (and without prejudice to any other rights you may have), you have the right to do so with the Information Commissioner www.ico.org.uk
9. How to Contact
For purposes of the GDPR, Naomi Springthorpe is The Data Controller of your personal information. If you have any enquiries regarding the collection or processing of your data, please send them to:
Naomi Springthorpe MCPod BSc
Foot Sure Podiatry Ltd
8 Oak Drive
10. Third-Party links