PRIVACY POLICY
Date of last revision: 15th November 2018
Kings Hill Podiatry is committed to protecting the privacy and security of your personal information. We want to inform you how we collect and use personal information about you. This privacy policy describes to you:
who we are
what personal data we collect and store about you, and how we collect it
why we collect personal data and what we do with it
the categories of third parties with whom we share your personal data
how we retain your information and keep it secure
your rights and how to exercise them
how to contact us
1. Who are we?
For the purposes of data protection law, the “controller” is Kings Hill Podiatry, a private podiatric practice based in Kings Hill and the surrounding areas. If you have any questions, our contact details are:
E-mail
kingshillpodiatry@gmail.com
Telephone
07392 436009
2. What information do we collect from you?
In the course of our business, which is the provision of podiatric services and the sale of related medicaments, devices and accessories in our clinics, and when you enter a contract with us (or someone does so on your behalf) we collect the following personal data:
personal details, such as
– name and title
– date of birth
– health information relating to your medical history
– Clinical finding from appointments
– Treatment plan
contact data, such as
– address
– e-mail address
– telephone and mobile number(s)
transaction data, such as
– details about payments from you (limited to the amount of each transaction and date and method of payment i.e. card, cash or cheque)
– details of products and services you have purchased from us
Website Usage, such as
Cookies
– we may collect information about you and your use of our website via technical means such as cookies, webpage counters and other analytics tools.
– Analytical/performance cookies: They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
– Strictly necessary cookies: These are cookies that are required for the operation of our website.
– Functionality cookies: These are used to recognise you when you return to our website.
- We may also collect marketing data, such as your preferences in receiving marketing and communications.
3. How do we collect personal data?
We obtain personal data from sources as follows:
directly from you when you interact with us, for example when you
– register as a client with us
– buy our services or products in a clinic
– sign up to our mailing lists
– request information
– write to us
– over the phone
– give us feedback or post comments or reviews
from automated technologies such as cookies and tags when you use our website.
4. How do we use your personal data?
Introduction
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
when registering as a client and when booking appointments
provide podiatry treatment relevant to your needs and medical history.
it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.
where we need to comply with a legal obligation.
Lawful processing
In order to process personal data, we must have a lawful reason (sometimes called a lawful basis). We always ensure that this is the case, and we set out our lawful bases below – but please note that more than one may apply at any given time: for example, if we inform you of changes to our privacy notice, we may process your personal data on the ground of complying with law and on the ground of legitimate interests.
We will use your personal data only for the purposes for which we collected it, unless we fairly consider that we need it for another reason that is compatible with the original purpose.
Please contact us if you would like more information on this, and on situations in which more than one lawful basis applies.
Contractual Necessity
If you book an appointment with us and become a registered client we will process your personal data for the following purposes, on the legal basis that it is necessary for us to provide our products and services to you:
to enable us to carry out our services
to identify you
to respond to your inquiries
to allow you to register as a client
to the extent necessary to provide you with information you have requested in relation to our products and services before you decide to purchase them
to provide our products and services, including enabling them to be delivered to you and contacting you about your appointment or ordered products (for example, reminding you of an upcoming appointment, or informing you when bespoke orthotics are ready for collection)
to carry out billing and administration activities, including taking payment or making refunds and credits
sharing clinical findings with other health professionals as part of your ongoing treatment (this will only be with your explicit consent).
Of course, you are not obliged to provide us with any of this information, but if you chose not to, we may be unable to provide the product or service that you have requested.
Legitimate Business Interests
We process your personal information for our legitimate business purposes, which include the following:
to conduct and manage our business
to remind clients of upcoming appointments
to ensure our website and systems are secure (for example, by conducting security penetration tests on our website to ensure our security tools are effective)
to personalise your web experience and to analyse, improve and update our services for the benefit of our customers
to deal with complaints
. You can opt out of receiving this information by contacting us as set out in Section 1 above.
Whenever we process your personal data for these purposes, we ensure that your interests, rights and freedoms are carefully considered.
Compliance with laws
As a healthcare provider we may process your personal data in order to comply with applicable laws (for example, recording and storing health related data)
Consent
If you have never purchased a service or product from us or have not purchased from us for a long time but have given us your explicit consent to hear from us about our products and services that we consider may be of interest to you, we will contact you by post or email (according to the contact preference you have provided). You have the right to withdraw consent to marketing at any time.
5. Do we share your personal data?
We may share your information with third parties, including third-party service providers. Third parties are required to respect the security of our personal information and to treat in accordance with the law. We never sell your data to third parties.
We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you.
Third parties may be law enforcement agencies, government or public agencies or officials, regulators, and any other person or entity that has the appropriate legal authority where we are legally required or permitted to do so, to respond to claims, or to protect our rights, interests, privacy, property or safety.
We may provide your personal information to any other parties such as GP’s, where we have your specific consent to do so.
6. Do you have to provide personal data – and, if so, why?
To form a contract with you, we will need some or all of the personal data described above so that we can perform that contract or the steps that lead up to it: this is set out above in this notice. You have the right to refuse us this information, but failure to do so could mean we are unable to inform you of changes to your appointments or notify you when ordered products have arrived in stock. You will then be liable for the cost of these services or products.
If you sign up to our mailing list, you will have to provide certain personal data. Of course, you may decide to stop receiving our mailings at any time.
7. How long will your personal data will be kept for?
We carefully consider the personal data that we store, and we will not keep your information in a form that identifies you for longer than is necessary for the purposes set out in this notice or as required by applicable law. In some instances, we are required to hold data for minimum periods: for example, healthcare related data has to be kept for a minimum of seven years dependant on age and status.
8. Do we transfer personal data outside the EEA?
We do not share your data with anyone outside of the EEA.
9. How do we keep your personal data secure?
As well as measures set out above in relation to sharing of your information, Kings Hill Podiatry has put in place appropriate security measures to prevent your personal information from being accidently lost, used or accessed in an unauthorised way, altered or disclosed. Please contact us using the details in section 1 of this notice if you would like more information about this.
10. Your information rights
Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below. More information about your rights can be obtained from the Information Commissioner’s Office (ICO). Under certain circumstances, by law you have the right to:
Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.
right of access to your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information – you will be asked to provide proof of your identify and residential address, and we may ask you to provide further details to assist us in the provision of such information
right to have inaccurate personal data that we process about you rectified – we want to ensure that the personal information that we process and retain about you is accurate, so please do remember to tell us about any changes, for example if you have moved house or changed your contact details. It is your responsibility to ensure you submit true, accurate, and complete information to us; please also update us in the event this information changes.
right of erasure – in certain circumstances you have the right to have personal data that we process about you blocked, erased or destroyed where this does not conflict with our lawful obligations.
the right to object to, or restrict:
– processing of personal data concerning you for direct marketing
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Please contact us using the details in section 1 of this notice if you would like to exercise any of these rights or know more about them.
These rights are subject to certain limitations that exist in law. Further informationabout your information rights is available on the ICO’s website: https://ico.org.uk/.
11. Changes to this privacy notice
We may change this notice from time to time. You should check this notice on our website occasionally, in order to ensure you are aware of the most recent version.
12. What should you do if you have a complaint?
We hope that you will be satisfied with the way in which we approach and use your personal data.
Should you find it necessary, you have a right to raise a concern with the information regulator, the Information Commissioner’s Office: https://ico.org.uk/.
However, we do hope that if you have a complaint about the way we handle your personal data, you will contact us in the first instance using the contact details in section 1 above, so that we have an opportunity to resolve it.
END OF PRIVACY NOTICE