Lightfoot Podiatry
Lightfoot Podiatry
Lightfoot Podiatry

Podiatrist:
Michael White
DPodM MChS

  • Lightfoot Podiatry Ltd
  • 210 Victoria Road
  • Ruislip Manor
  • HA4 0AP
  • 01895 622663

Last Modified: May 25, 2018

1. INTRODUCTION

At Lightfoot Podiatry Limited, we take our data protection responsibilities very seriously. We have taken various steps to comply with the EU General Data Protection Regulation (GDPR). We are registered with the ICO Certificate of registration No: ZA138064

On 25th May 2018 the General Data Protection Regulations (GDPR) replace the current Data Protection Act 1998.

In compliance with the above regulation we need to advise what personal information we hold on record for you and how we process that data.

Lightfoot Podiatry Limited, is already regulated on every aspect of the business operation and our current Data Protection Policy is being updated to comply with the new GDPR and the data you provide to us will continue to be stored securely.

This Privacy Notice provides up to date information about how we use personal information and will update any previous information we have published about using personal information. This is based on the fact that we make our own independent decisions as to what personal information we need in order to deliver these services, and we decide what happens to this information.

To comply with the new GDPR regulations, there must be a lawful basis for us to collect, process and store the personal data that you provide to us.

For us, this lawful basis is:

  • Your visit to our Website
  • Phone Enquiry
  • Appointment
  • Credit or Debit Card payment
  • Advice and reassurance
  • Job Applicants

2. ABOUT LIGHTFOOT PODIATRY LIMITED

We are what is known as the "controller" over the personal information that we use for providing a full range of podiatry services.

When we say "we" or "us" in this Privacy Notice, we mean Lightfoot Podiatry Limited.

3. IS GDPR CONSENT AND TREATMENT CONSENT THE SAME?

No, consent to treat a patient is separate from GDPR consent.

In fact as a podiatrist we do not need to gain consent from patients to use their data as we have a legitimate interest to have it which is explained in this document. The only times we need GDPR consent is if we are writing to another person i.e. healthcare professional, about the patient in which case we need to record the patients verbal consent in our patient notes.

We currently do not send patients any marketing material, but should we do this in the future patients will need to “opt in” for us to be able to do this.

We use a variety of personal information depending on the circumstances under which personal information is made available to us.

We may use personal information in the following circumstances:

Patients and Suppliers the personal information we hold is as follows:

  • Your title.
  • Your name
  • Your date of birth
  • Telephone numbers, including mobiles.
  • Email
  • Address.
  • Invoice Address.

Job Applicants Where you apply for a role with us, we will process the personal information you provide to us as part of your application and any interview selection process. The personal information we hold initially is as follows:

  • Your name.
  • Address.
  • Telephone numbers, including mobiles.
  • Email.
  • Your Gender.
  • Date of birth.
  • Personal contact details.
  • Professional history.
  • Education and qualifications.
  • Employment history, including start and end dates.
  • Information about your remuneration, and benefits such as pensions or insurance cover.
  • Marital status.
  • Information about your nationality and entitlement to work in the UK.
  • Information from criminal records checks permitted by law.

We seek information from third parties with your consent only.

For employees we have an Employee Privacy Notice, which is freely available.

We only use personal information which we have obtained directly for the purposes described in this Privacy Notice.

Patients and Suppliers (Customers and Suppliers)

Personal information is gathered in the following ways:

  • By Telephone.
  • By Email.
  • By Mail.
  • In Person
  • Business-as-usual correspondence with business contacts.

Job Applicants

Where you apply for a role with us, personal information is gathered in the following ways:

  • Your CV
  • Personal information you provide to us as part of your application.
  • Personal information you provide to us as part of your interview selection process.
  • Personal information will be gathered directly from you or from your third party references.
  • Passport.

6. WHY WE USE PERSONAL INFORMATION

We will use personal information for the following purposes:

Patients and Suppliers

We process the personal information of our Patients and Suppliers as necessary for the legitimate interests of managing the day-to-day operation of our business, including:

  • Treatments.
  • Correspondence.
  • Engaging suppliers.

Job Applicants

We process the personal information of job applicants for the legitimate interests of determining whether or not to employ a particular individual for a role in our organisation.

Where we decide to employ a job applicant, we process their personal information for the purposes of entering into and performing our employment contract with the applicant. We process racial and ethnic origin and health information of job applicants for the purposes of meeting our legal obligations under employment and similar laws.

7. HOW LONG WE KEEP PERSONAL INFORMATION

We will never retain personal information for any longer than is necessary for the purposes we need to use it for.

  • In respect of personal information gathered in the context of a contract, we will retain personal information for the amount of time as required by legislation.
  • We may also retain personal information for as long as required by law or regulation or instruction of a relevant accreditation body.
  • Unsuccessful job applicant information is retained for a period of 12 months after the position has been filled.

8. SHARING PERSONAL INFORMATION WITH THIRD PARTIES

We share personal information you provide with third parties; however the information we hold is only ever used in administering and providing our services to you and not for marketing purposes.

  • To the extent necessary for fulfilling the purposes outlined in section 5, including where necessary for the provision of services;
  • Where we are under a legal or contractual obligation to do so; or where is it fair and reasonable for us to do so in the circumstances.

We may share personal information with the following third parties:

Suppliers

We use a number of different suppliers, with whom we share personal information so that these suppliers can process personal information on our behalf. In these circumstances, we take steps required by data protection laws to ensure that these suppliers protect the personal information we share with them.

Payment Service Provider (PSP)

If you pay by Credit or Debit Card, we pass this information securely via a gateway to a company called Lloyds Cardnet who process the transactions. We do not retain and card details electronically, but securely retain paper receipts for a mandatory 6 month period. These receipts are securely destroyed after that period.

Government Bodies

We may be required by law to share personal information with government bodies and regulators (such as HMRC).

Healthcare Professionals

  • Your General Practitioner (GP)
  • Consultants
  • Schools

Insurers

You may require us to write to your insurance company, in connection with a claim.

SENDING PERSONAL INFORMATION OVERSEAS

We may need to transfer personal information outside the UK and the European Economic Area (EEA) to our suppliers based in countries where data protection laws may not provide the same level of protection as those in the EEA.

We will only transfer your personal information outside the EEA where either:

  • The transfer is to a country which the EU Commission has decided ensures an adequate level of protection of personal information.
  • We have put in place our own measures to ensure adequate security as required by data protection laws. These measures include ensuring that personal information is kept safe by carrying out security checks on our overseas partners.

Individuals are entitled to exercise any of the following privacy rights in respect of our processing of personal information:

Access

Individuals can request access to a copy of their personal information held by us, along with details of what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision-making.

Rectification

Individuals can ask us to change or complete any inaccurate or incomplete personal information held about them.

Erasure

Individuals can ask us to delete their personal information where it is no longer necessary for us to use it, or where we have no legal basis for keeping it.

Restriction

Individuals can ask us to restrict the personal information we use about them where we are not able to erase their personal information or where an individual has objected to our use of their personal information.

Object

Individuals can object to our processing of their personal information.

Portability

Individuals can ask us to provide them or a third party with some of the personal information we hold about them in a structured, commonly used, electronic format so it can be easily transferred.

Withdraw Consent

Generally, we do not require consent to process personal information and so we do not ordinarily ask for consent to process personal information. However, where we do ask for consent to process personal information, individuals have the right to withdraw their consent at any time.

Please make all requests to exercise privacy rights in writing to:

  • The DPO
  • Lightfoot Podiatry Ltd
  • 210 Victoria Road
  • Ruislip Manor
  • HA4 0AP

We are required to verify the identity of anyone requesting to exercise their privacy rights and we may ask individuals to provide valid identification documents when making a request to allow us to do this.

We will not make any charge for responding to any request from an individual exercising their privacy rights, and we will respond to any requests in accordance with our obligations under data protection laws.

Individuals can make a complaint about how we have used their personal information to us by contacting us on +44 (0) 1895 622663, or to the ICO.

10. ONLINE ACTIVITIES

The Lightfoot Podiatry Ltd website does not currently use cookies directly. The only cookie that Lightfoot Podiatry Ltd will place on your device currently is whether you accept the use of cookies or not. This cookie will remember you choice so you do not see the message again.

It is possible that a 3rd party cookie maybe set on your device when viewing our Location page as this includes a map generated by Google maps and embedded into our site. For further details see

11. FURTHER QUESTIONS

If you have any further questions, about the information Lightfoot Limited holds or you wish to request access or changes to your data please contact us on +44 (0) 1895 622663

12. CHANGES TO LIGHTFOOT PODIATRY LTD GDPR STATEMENT

If we decide to change the Lightfoot Podiatry Ltd GDPR policy statement, we will post those changes here.