Last Modified: May 25, 2018
At Lightfoot Podiatry Limited, we take our data protection responsibilities very seriously. We have taken various steps to comply with the EU General Data Protection Regulation (GDPR). We are registered with the ICO Certificate of registration No: ZA138064
On 25th May 2018 the General Data Protection Regulations (GDPR) replace the current Data Protection Act 1998.
In compliance with the above regulation we need to advise what personal information we hold on record for you and how we process that data.
Lightfoot Podiatry Limited, is already regulated on every aspect of the business operation and our current Data Protection Policy is being updated to comply with the new GDPR and the data you provide to us will continue to be stored securely.
This Privacy Notice provides up to date information about how we use personal information and will update any previous information we have published about using personal information. This is based on the fact that we make our own independent decisions as to what personal information we need in order to deliver these services, and we decide what happens to this information.
To comply with the new GDPR regulations, there must be a lawful basis for us to collect, process and store the personal data that you provide to us.
For us, this lawful basis is:
We are what is known as the "controller" over the personal information that we use for providing a full range of podiatry services.
When we say "we" or "us" in this Privacy Notice, we mean Lightfoot Podiatry Limited.
No, consent to treat a patient is separate from GDPR consent.
In fact as a podiatrist we do not need to gain consent from patients to use their data as we have a legitimate interest to have it which is explained in this document. The only times we need GDPR consent is if we are writing to another person i.e. healthcare professional, about the patient in which case we need to record the patients verbal consent in our patient notes.
We currently do not send patients any marketing material, but should we do this in the future patients will need to “opt in” for us to be able to do this.
We may use personal information in the following circumstances:
Patients and Suppliers the personal information we hold is as follows:
Job Applicants Where you apply for a role with us, we will process the personal information you provide to us as part of your application and any interview selection process. The personal information we hold initially is as follows:
We seek information from third parties with your consent only.
For employees we have an Employee Privacy Notice, which is freely available.
Personal information is gathered in the following ways:
Where you apply for a role with us, personal information is gathered in the following ways:
We will use personal information for the following purposes:
We process the personal information of our Patients and Suppliers as necessary for the legitimate interests of managing the day-to-day operation of our business, including:
We process the personal information of job applicants for the legitimate interests of determining whether or not to employ a particular individual for a role in our organisation.
Where we decide to employ a job applicant, we process their personal information for the purposes of entering into and performing our employment contract with the applicant. We process racial and ethnic origin and health information of job applicants for the purposes of meeting our legal obligations under employment and similar laws.
We will never retain personal information for any longer than is necessary for the purposes we need to use it for.
We share personal information you provide with third parties; however the information we hold is only ever used in administering and providing our services to you and not for marketing purposes.
We may share personal information with the following third parties:
We use a number of different suppliers, with whom we share personal information so that these suppliers can process personal information on our behalf. In these circumstances, we take steps required by data protection laws to ensure that these suppliers protect the personal information we share with them.
If you pay by Credit or Debit Card, we pass this information securely via a gateway to a company called Lloyds Cardnet who process the transactions. We do not retain and card details electronically, but securely retain paper receipts for a mandatory 6 month period. These receipts are securely destroyed after that period.
We may be required by law to share personal information with government bodies and regulators (such as HMRC).
You may require us to write to your insurance company, in connection with a claim.
We may need to transfer personal information outside the UK and the European Economic Area (EEA) to our suppliers based in countries where data protection laws may not provide the same level of protection as those in the EEA.
We will only transfer your personal information outside the EEA where either:
Individuals can request access to a copy of their personal information held by us, along with details of what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision-making.
Individuals can ask us to change or complete any inaccurate or incomplete personal information held about them.
Individuals can ask us to delete their personal information where it is no longer necessary for us to use it, or where we have no legal basis for keeping it.
Individuals can ask us to restrict the personal information we use about them where we are not able to erase their personal information or where an individual has objected to our use of their personal information.
Individuals can object to our processing of their personal information.
Individuals can ask us to provide them or a third party with some of the personal information we hold about them in a structured, commonly used, electronic format so it can be easily transferred.
Generally, we do not require consent to process personal information and so we do not ordinarily ask for consent to process personal information. However, where we do ask for consent to process personal information, individuals have the right to withdraw their consent at any time.
Please make all requests to exercise privacy rights in writing to:
We are required to verify the identity of anyone requesting to exercise their privacy rights and we may ask individuals to provide valid identification documents when making a request to allow us to do this.
We will not make any charge for responding to any request from an individual exercising their privacy rights, and we will respond to any requests in accordance with our obligations under data protection laws.
Individuals can make a complaint about how we have used their personal information to us by contacting us on +44 (0) 1895 622663, or to the ICO.
If you have any further questions, about the information Lightfoot Limited holds or you wish to request access or changes to your data please contact us on +44 (0) 1895 622663
If we decide to change the Lightfoot Podiatry Ltd GDPR policy statement, we will post those changes here.