This notice describes the privacy policy (“Privacy Policy” or “Policy”) of https://finchleyfootcare.co.uk/ (hereinafter referred to as the “website” or “site”) which is operated by:
COMPANY NAME: Finchley Foot Clinic
ADDRESS: 66 Nether St, London N12 7NG
CONTACT NUMBER: 020 8445 8528
(hereinafter referred to the “Company” or “Finchley Foot Clinic” or “us” or “our” or “we”). In this Policy, you shall be referred as “you” or “your” or “user” or “patient”.
This Privacy Policy explains what information of yours will be collected by us when you register on or access the Site, or book appointments, how the information will be used, and how you can control the collection, correction, and/or deletion of the information. We will not knowingly use or share your information with anyone, except as described in this Privacy Policy. The use of information collected through our Platform shall be limited to the purposes described under this Privacy Policy and our Terms & Conditions.
By providing your personal information to us or by using other features and functionalities of the Site, you are accepting and consenting to the practices described in this policy. Please note that this includes consenting to the processing of any personal information that you provide, as described below.
IF YOU DO NOT AGREE WITH THESE PRACTICES, PLEASE DO NOT USE THE SERVICES OR THE WEBSITE OR PROVIDE US WITH ANY OF YOUR PERSONAL INFORMATION.
TABLE OF CONTENT
Sr. No. Particular
1. What information about the Patients do we collect?
2. Lawful basis for processing personal information
3. How do we use this information?
4. Deleting your information
5. Cookie Policy
6. Sharing of information
7. 1 Storage and Security of Information
8. Links to third party Apps
9. Rights under UK GDPR
10. How do we respond to legal requests?
11. How do I withdraw my consent?
12. Governing law and Dispute Resolution
13. Do you have any questions or concerns about this privacy policy?
14. Welcoming of suggestions
1. What information about patients do we collect?
- a) Information that we collect when you use our Site and our Services or are referred to us: We collect the information you provide when you use our Site and our services. This data may also be collected when you have been referred to us from a third party (e.g. General Practitioner, Insurance Company, other health care professionals). This can include Health Information, Personally Identifiable Information (PII) as well as non-PII information. The examples include i) Name, ii) Contact information including email address and mobile number, iii) Date of birth, iv) Postal address, v) Medical history and medications, vi) Payment information, and vii) General Practitioner details.
- b) Appointment: When you arrive for an appointment, our staff will check your details to ensure that our records are accurate. You may also be asked to read an information sheet and to sign a consent form which will be attached to your electronic record and you will also be given a paper copy. To assist with this, it is important that you notify us of any changes to your personal details (e.g. address, contact number) and arrive early for your appointment where possible so we can expedite this information prior to your appointment.
- c) Information that we collect when you use the Site: We also collect information while you access, browse, view or otherwise use the Site. In other words, when you access the Site, we are aware of your usage of the Site, and gather, collect and record the information relating to such usage, including geo-location information, operating system, make & ID, IP address, device ID and type, identifiers associated with cookies or other technologies that may uniquely identify a device. This helps Finchley Foot Clinic in providing our services to the users and making improvements in the Site and our services, fixing errors and bugs.
- d) Payments: When you make the payment on Finchley Foot Clinic website for the appointment, then you provide our third-party payment service provider with your credit or debit card information. We don’t collect your payment card details. For payments, we redirect you to our third-party payment service provider, namely, Stripe, which collects and processes your payment request.
- e) Customer Care: If you contact our customer support via emails, in those cases, we collect all your interactions with our customer support.
- f) Mode of Collection: This information collected may be recorded in writing (e.g. on an assessment form or letter), or electronically on a computer, or a mixture of both.
2. What is the lawful basis for which we use your personal information?
You hereby acknowledge that all processing of your personal information will be justified by a “lawful ground” for processing. In the majority of cases, processing will be justified on the basis that:
● Consent: You have given your consent for processing personal data for one or more specific purposes.
● Performance of a contract: Provision of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
● Legal obligations: Processing personal data is necessary for compliance with a legal obligation to which we are subject.
● Vital interests: Processing personal data is necessary in order to protect your vital interests or of another natural person.
● Public interests: Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
● Legitimate interests: Processing personal data is necessary for the purposes of the legitimate interests pursued by the Company.
In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract. Feel free to contact us for this purpose at finchleyfootcare@gmail.com.
3. How do we use this information?
We use all of the information we have to help us provide, support and improve our services. We use the information collected from you for one or more of the following purposes:
a) To enable us to provide you with the appropriate care and treatment that you need.
b) For sending insoles to biomechanics labs for manufacturing.
c) To inform General Practitioner’s, or healthcare professionals involved in your care that need accurate information about you to assess your health and deliver the health care you need.
d) To ensure accurate information is available if you need to be referred to another health professional or a third party.
e) To assess the type and quality of care you have received and may require in the future.
f) To support clinic and treatment appointments by sending you appointment reminders.
g) To support clinic and treatment appointments by sending you encrypted electronic clinical notes.
h) To ensure your concerns can be properly investigated if you are unhappy with the care you have received.
i) To enable you to use the features and functionalities of our Site.
j) To assess queries, requirements, and process requests for various services.
k) To process your payments and refunds (if applicable).
l) To cancel or modify your bookings.
m) To improve our Site and services.
n) To collect clinical audit information.
o) To conduct health research and development.
p) To teach and train healthcare professionals (where your personal information will be anonymised).
q) To be able to deliver our services, personalize content, and make suggestions for you by using this information to understand how you use and interact with our services and the people or things you’re connected to and interested in on and off our services.
r) We use your information to send you marketing communications, newsletter, communicate with you about our services and let you know about our policies and terms. We also use your information to respond to you
when you contact us.
s) To respond to summons, court orders, directions or other judicial processes.
t) To provide information to law enforcement agencies or in connection with an investigation on matters related to public safety or safety of your health.
4. Deleting your information
The account that you create, and the information that you provide us is yours. You can at any time delete the same. However, you acknowledge that we may also retain some of the information so deleted for a reasonable period of time in order to comply with legal requests. You can request us to delete your information by writing to us at finchleyfootcare@gmail.com.
5. Cookies and Similar Technologies
Cookies are bits of electronic information that a website may transfer to a visitor’s computer to identify specific information about the visitor’s visits to other websites. We may use automated technologies including the use of web server logs to collect IP addresses, device details, cookies and web beacons. The Website uses a browser feature known as a cookie, which assigns a unique identification to your computer. However, in case you do not wish for us to collect such information, simply change the cookie settings on your web browser. For more details, please read our Cookie Policy posted on our Site.
6. Sharing of Information
a) When you make the payment on Finchley Foot Clinic website for the appointment, then you provide our third-party payment service provider with your credit or debit card information. We don’t collect your payment card details. For payments, we redirect you to our third-party payment service provider, namely, Stripe, which collects and processes your payment request.
b) We will share your health as well as personal information with i) General Practitioners or other health care professionals involved in your care, ii) Health Authorities, iii) The National Health Service, iv) The Department of Health, iv) The Care Quality Commission, and v) Private Insurance Schemes (if you are registered with them). The information will only be shared, either with your prior consent, or if needed for treatment purposes or under applicable law.
c) We will share your personal and health information with your relatives, friends and carers with your consent.
d) We may share some of your personal as well as non-personal information with our third-party hosting service providers, namely, eUKhost.
e) We may disclose your information to third parties without your permission under exceptional circumstances such as the risk of health and safety of another person or where the law requires information to be passed on. Occasions when we must pass on information include: i) reporting some infectious diseases, ii) to help prevent serious crime, iii) when ordered by the court LPC Privacy Notice, v1 04.2018 / Review: 04.2019 3, iv) when you have expressly agreed for us to pass on information, and v) when notifying the CQC of a serious incident. In such cases only as little of your personal information will be shared as strictly required. Moreover, anyone who receives information from us under this Section also has a legal duty to keep it confidential.
f) We keep your information safe and do not share your information with any other third party. However, if we merge with or are acquired by another company or we sell our Website or business unit, or if all or a substantial portion of our assets are acquired by another company, in those cases, your information will likely be one of the assets that would be transferred.
g) We may also share your information in response to legal requests. Please refer to Section 10.
7. Storage and Security of Information
a) Storage: Your data is stored through our third-party hosting service provider’s (eUKhost) data storage, databases and servers. We also store some of the information collected by us on our servers and do not share
it with any third party, except for the limited purposes as mentioned in the Section 6. The servers and databases in which information may be stored will be located locally within the United Kingdom.
b) Retention: Personal information that we collect, access or process will be retained only so long as necessary for the fulfillment of the purposes for which it was collected, as necessary for our legitimate business purposes, or as required or authorized by law. Personal information that is no longer required to fulfill the identified purposes will be destroyed, erased or made de-identified or anonymous.
c) Steps taken by us to protect your data: We regularly take the following steps to protect the integrity of your information:
● We protect the security of your information while it is being transmitted by using secure connection;
● We use computer safeguards such as firewalls to keep this data safe;
● We only authorize access to employees and trusted partners who need it to carry out their responsibilities;
● We regularly monitor our systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security; and
● We will ask for proof of identity before we share your personal data with you.
d) Security: We employ reasonable security practices to ensure that the information is safe and secure with us. However, no information on the internet is 100% safe, and you accept and acknowledge such risk. Also, we will disclose the information so collected for limited purposes as mentioned in this Privacy Policy.
8. Links to other Sites
The Site may contain links to third-party websites and online services that are not owned or controlled by us. We have no control over, and assume no responsibility for such websites and online services. Be aware when you leave the Website; we suggest you read the terms and privacy policy of each third-party website, and online service that you visit.
9. Rights under UK GDPR
This section of the Policy supplements the other provisions of this Privacy Policy, and applies to you if you are in the UK. For the purposes of UK GDPR, your DATA CONTROLLER for the data collected by us to provide you with our services is:
COMPANY NAME: Finchley Foot Clinic
ADDRESS: 66 Nether St, London N12 7NG
CONTACT NUMBER: 020 8445 8528
ALL YOUR USER INFORMATION WILL BE COLLECTED, STORED, PROCESSED AND SHARED STRICTLY IN ACCORDANCE, IN LINE AND FULL COMPLIANCE WITH UK GDPR LAW (HEREINAFTER COLLECTIVELY REFERRED TO AS THE “UK GDPR”).
Under applicable UK GDPR, you have the following rights in respect of your personal information:
● Right to obtain information: to obtain information about how and on what basis your personal information is processed and to obtain a copy;
● Right to rectification: You have the right to have any incomplete or inaccurate information we hold about you rectified and corrected.
● Right of Erasure: to erase your personal information in limited circumstances where (a) you believe that it is no longer necessary for us to hold your personal information; (b) we are processing your personal
information on the basis of legitimate interests and you object to such processing, and we cannot demonstrate an overriding legitimate ground for the processing; (c) where you have provided your personal information
to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal information; and (d) where you believe the personal information we hold about you is being unlawfully processed by us;
● Right of restriction: to restrict processing of your personal information where: (a) the accuracy of the personal information is contested; (b) the processing is unlawful but you object to the erasure of the personal
information; (c) we no longer require the personal information for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim or (d) you have objected to us processing your personal information based on our legitimate interests and we are considering your objection;
● Right to object: to object to decisions which are based solely on automated processing or profiling;
● Right to ask for a copy: where you have provided your personal information to us with your consent, to ask us for a copy of this data in a structured, machine-readable format and to ask us to share (port) this data to another data controller; or to obtain a copy of or access to safeguards under which your personal information is transferred outside of the EEA.
● Right to withdraw your consent. You have the right to withdraw your consent on using your personal data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of our services.
● Request the transfer of your Personal Data. We will provide to you, or to a third-party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, to the processing of your personal data by us and we may be required to no longer process your personal data. Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us.
In addition to the above, you have the right to lodge a complaint with a supervisory authority for data protection. Please note that the right of access and the right to erasure do not constitute absolute rights and the interests of other individuals may restrict your right of access or erase in accordance with local laws. We will ask you for additional data to confirm your identity and for security purposes, before disclosing data requested by you. We reserve the right to charge a fee where permitted by law. We will decline to process requests that jeopardize the privacy of others, are extremely impractical, or would cause us to take any action that is not permissible under applicable laws. Additionally, as permitted by applicable laws, we will retain where necessary certain personal information for a limited period of time for record-keeping, accounting and fraud prevention purposes.
Our Data Protection Officer (DPO) is Sophia Taglia. To make any requests under this Section, please contact her at sophia.g.taglia@gmail.com.
10. How do we respond to legal requests?
We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from law enforcement agencies, courts, tribunals and government authorities. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; or to prevent death or imminent
bodily harm. We also may retain information from accounts disabled for violations of our terms for at least a year to prevent repeat abuse or other violations of our terms.
11. How can I withdraw my consent? (OPT-OUT)
If you sign-up, you will automatically start receiving promotional emails and direct mail from us. If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at finchleyfootcare@gmail.com.
12. Governing law and Dispute Resolution
Unless provided by the relevant statute, rules or directives applicable to the jurisdiction in which you reside, in case of any disputes, issues, claims or controversies arising out of or in relation to your use of the Site or our services, the governing law and dispute resolution mechanism as provided in the Terms & Conditions shall apply to this Privacy Policy as well.
13. Do you have questions or concerns about this Privacy Policy?
In the event you have any grievance regarding anything related to this Privacy Policy, Terms & Conditions, or with any content or service of Company, in that case you may freely write your concerns through your registered email to Grievance Officer/Designated Representative to below:
● Name: Sophia Taglia
● Email: sophia.g.taglia@gmail.com
● Postal: 66 Nether St, London N12 7NG
14. Welcoming of Suggestions
We welcome your comments regarding this Privacy Policy. Please write to us at finchleyfootcare@gmail.com.
Last updated August 30, 2022.