Absolute Podiatry Privacy Notice
ABSOLUTE PODIATRY PATIENT PRIVACY NOTICE.
About us
We, Absolute Podiatry (also referred to as “we”, “us”, or “our”), are a Domiciliary Podiatry service offering Podiatry treatments to patients within their own homes.
The Purpose of this Notice
This Notice is designed to help you understand what kind of information we collect in connection with our service and how we will process and use this information. In the course of providing you with services we will collect and process information that is commonly known as personal data.
This Notice describes how we collect, use, share, retain and safeguard personal data.
This Notice sets out your individual rights; we explain these later in the Notice but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
What is personal data?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details. Personal data may contain information which is known as special categories of personal data. This may be information relating to an individual’s health.
Personal data we collect
In order for us to provide a health care service for you, we will collect and process personal data about you. We will also collect your personal data where you request information about our services, or customer events.
We may also share personal data with authorised third parties, this is necessary where we are required to do so by law, where it is appropriate to support your health care, and where we need to administer our business. Some examples follow:
When using our website we do not collect your unique online electronic identifier; and whilst you may input personal data onto our online forms, this is not stored on the website, but is sent directly to us where it is transferred onto our health records system. We do not collect cookies when you visit our website. (Cookies are a small text file that are used to identify visitors, to simplify accessibility, and to monitor visitor behaviour when viewing website content).
We may make a record of your communications with us when contacting us.
Controlling and Processing your data
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data. A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller. “Processing”, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including— a) organisation, adaptation or alteration of the information or data, b) retrieval, consultation or use of the information or data, c) disclosure of the information or data by transmission, dissemination or otherwise making available, or Data controllers and data processors d) alignment, combination, blocking, erasure or destruction of the information or data. Where we collect data directly from you, we are considered to be the controller of that data i.e. we are the data controller. We process your data within the business so are also considered the processors of your personal data. Where we use third parties to process your data, these parties are known as processors of your personal data. Where third parties are involved in processing your data, access will be limited according to necessity and they are subject to confidentiality and proper management of data according to our contractual agreements and regulatory and other statutory requirements. Where there are other parties involved in administering your health care, they may also process your data in which circumstance we will be a joint data controller of your personal data
As a provider of health services, we will process the following categories of data:
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
If you require more information about our processes or how we collect personal data and with whom we share data with, please contact Dan Sumner [email protected]
Why do we need your personal data?
We will use your personal data to be able assess your health, needs and plan therapeutic intervention, to record and invoice for our treatment, to administer our business, to respond to any requests from you about services we provide, and to process complaints.
If you contact us for pricing information or request details on the services we provide, or if you are referred to our service, by yourself, your GP, or another clinician, we consider ourselves as having a legitimate business interest to provide you with further information about our services.
We will not transfer your data outside of the European Economic Area.
Data Retention
The retaining of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interests. As an organisation working in alignment with NHS principles we are required to retain the primary record of the illness and course of treatment of a patient for eight years from the date of last treatment for adult records, and for children eight years after their 18 birthday or until 25 years of age and for 8 years after a patient has died. At this point the information will be reviewed and if no longer needed, destroyed.
We do not use automated decision making (services/tools and techniques).
Your rights
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
- The right to be informed about the personal data being processed;
- The right of access to your personal data;
- The right to object to the processing of your personal data;
- The right to restrict the processing of your personal data;
- The right to rectification of your personal data;
- The right to erasure of your personal data;
- The right to data portability (to receive an electronic copy of your personal data);
- Rights relating to automated decision making including profiling.
Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee. In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for regulatory and other statutory purposes. You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
Protecting your data
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data with authorised third parties.
Data privacy representative
Within Absolute Podiatry, Dan Sumner is ultimately responsible for data protection, and can be contacted on [email protected]
Complaints
If you are dissatisfied with any aspect of the way in which we process your personal data please contact our Data Privacy Representative. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
How to contact us
If you have any questions regarding this Notice, the use of your data and your Individual Rights please contact our Data Privacy Representative
Dan Sumner, Absolute Podiatry, 103 Cliff Road, Hornsea, HU18 1JB, 078746543336
About us
We, Absolute Podiatry (also referred to as “we”, “us”, or “our”), are a Domiciliary Podiatry service offering Podiatry treatments to patients within their own homes.
The Purpose of this Notice
This Notice is designed to help you understand what kind of information we collect in connection with our service and how we will process and use this information. In the course of providing you with services we will collect and process information that is commonly known as personal data.
This Notice describes how we collect, use, share, retain and safeguard personal data.
This Notice sets out your individual rights; we explain these later in the Notice but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
What is personal data?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details. Personal data may contain information which is known as special categories of personal data. This may be information relating to an individual’s health.
Personal data we collect
In order for us to provide a health care service for you, we will collect and process personal data about you. We will also collect your personal data where you request information about our services, or customer events.
We may also share personal data with authorised third parties, this is necessary where we are required to do so by law, where it is appropriate to support your health care, and where we need to administer our business. Some examples follow:
- Your GP
- Other health care professionals
When using our website we do not collect your unique online electronic identifier; and whilst you may input personal data onto our online forms, this is not stored on the website, but is sent directly to us where it is transferred onto our health records system. We do not collect cookies when you visit our website. (Cookies are a small text file that are used to identify visitors, to simplify accessibility, and to monitor visitor behaviour when viewing website content).
We may make a record of your communications with us when contacting us.
Controlling and Processing your data
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data. A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller. “Processing”, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including— a) organisation, adaptation or alteration of the information or data, b) retrieval, consultation or use of the information or data, c) disclosure of the information or data by transmission, dissemination or otherwise making available, or Data controllers and data processors d) alignment, combination, blocking, erasure or destruction of the information or data. Where we collect data directly from you, we are considered to be the controller of that data i.e. we are the data controller. We process your data within the business so are also considered the processors of your personal data. Where we use third parties to process your data, these parties are known as processors of your personal data. Where third parties are involved in processing your data, access will be limited according to necessity and they are subject to confidentiality and proper management of data according to our contractual agreements and regulatory and other statutory requirements. Where there are other parties involved in administering your health care, they may also process your data in which circumstance we will be a joint data controller of your personal data
As a provider of health services, we will process the following categories of data:
- Personal data such as an individual’s name, address, date of birth, gender, contact details
- Special categories of personal data such as health and health history
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
If you require more information about our processes or how we collect personal data and with whom we share data with, please contact Dan Sumner [email protected]
Why do we need your personal data?
We will use your personal data to be able assess your health, needs and plan therapeutic intervention, to record and invoice for our treatment, to administer our business, to respond to any requests from you about services we provide, and to process complaints.
If you contact us for pricing information or request details on the services we provide, or if you are referred to our service, by yourself, your GP, or another clinician, we consider ourselves as having a legitimate business interest to provide you with further information about our services.
We will not transfer your data outside of the European Economic Area.
Data Retention
The retaining of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interests. As an organisation working in alignment with NHS principles we are required to retain the primary record of the illness and course of treatment of a patient for eight years from the date of last treatment for adult records, and for children eight years after their 18 birthday or until 25 years of age and for 8 years after a patient has died. At this point the information will be reviewed and if no longer needed, destroyed.
We do not use automated decision making (services/tools and techniques).
Your rights
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
- The right to be informed about the personal data being processed;
- The right of access to your personal data;
- The right to object to the processing of your personal data;
- The right to restrict the processing of your personal data;
- The right to rectification of your personal data;
- The right to erasure of your personal data;
- The right to data portability (to receive an electronic copy of your personal data);
- Rights relating to automated decision making including profiling.
Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee. In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for regulatory and other statutory purposes. You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
Protecting your data
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data with authorised third parties.
Data privacy representative
Within Absolute Podiatry, Dan Sumner is ultimately responsible for data protection, and can be contacted on [email protected]
Complaints
If you are dissatisfied with any aspect of the way in which we process your personal data please contact our Data Privacy Representative. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
How to contact us
If you have any questions regarding this Notice, the use of your data and your Individual Rights please contact our Data Privacy Representative
Dan Sumner, Absolute Podiatry, 103 Cliff Road, Hornsea, HU18 1JB, 078746543336