Under the General Data Protection Regulations (GDPR), Plymouth Foot Care (as Data Controller) are required to inform all customers (the Data Subjects) of our contact details, all types and sources of customer data that we keep, the purpose and legal basis for keeping that data, how long we keep it, who it is shared with and whether it is transferred to another country.
The GDPR also gives customers (Data Subjects) certain rights including the right to be informed, have access, rectification, erasure, to restrict processing, data portability, the right to object, along with rights regarding automated profiling
Please note our website has SSL(Secure Sockets Layer) This is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
The Categories of Personal Data Obtained CUSTOMER DATA - Name, billing address, shipping address, telephone number, email address, appointment time and date When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, email address, and phone number. We do not collect credit or debit card details as we use PayPal. This will be covered by PayPal's Privacy Policy. We refer to this information as “Order Information.” We also supply a contact form for you to complete in order to contact us. When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information, Email information and Order Information.
The Purpose of Processing To enable delivery of purchases from the website To reply to emails or contact forms and provide information requested or make foot health bookings
We use the Order Information that we collect generally to fulfill any orders placed through the Site - including arranging for shipping, and providing you with invoices and/or order confirmations. Additionally, we use this Order Information to:
Communicate with you;
Screen our orders for potential risk or fraud;
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site
We use information you sent via our contact form or email to
Book or change Foot Health or holistic appointments or provide information as requested
The Lawful Basis of Processing 6(b)Contract-the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract
However, should you make an appointment through email or by completing the contact form the following legal basis will also be added once you attend your appointment. This is due to the fact that we need to take health information which is special category information. - Article 9(a) Consent: the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;
The Source of the Personal Data Data is provided by the data subject
Who the Data is Shared with Data is shared with admin personnel and shipping companies
The Details of Transfers of the Personal Data to any Third Countries or International Organisations Emails and other information may be kept on Google servers and Weebly (who host this website). These are located outside of the EU and UK are in accordance with the GDPR https://privacy.google.com/businesses/compliancehttps://www.weebly.com/uk/privacy
The Retention Periods for the Personal Data All personal data will be retained for 7 years after the customers last appointment or order.
Data Breaches The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. We must do this within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will also inform the individuals affected without undue delay. We will keep a record of any personal data breaches, regardless of whether we are required to notify.
YOUR RIGHTS If you are a European or UK resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information may be transferred outside of Europe, including to Canada and the United States. Please note this will be undertaken only if in doing so is compliant with the GDPR
Right of Access Individuals (data subjects) have the right to access their personal data and supplementary information. We are required to provide you a copy within one month. If you would like to access your personal data, please do so in writing or by email.
Right of Rectification Individuals have the right to request that inaccurate personal data is rectified or completed if it is incomplete. An individual can make a request for rectification verbally, in writing or by email.
Right of Erasure Individuals have the right to request erasure. However, we will be unable to perform any further treatments. Additionally, all personal data will be retained for 7 years after the customers last appointment or minimum to age 25 in the case of minors. This is for protection in case of the establishment, exercise or defence of legal claims. With regard to purchases through the shopping cart the data also needs to be kept for 7 years for accounts purposes. However, we may be able to erase minimal data such as phone number and email address. Please contact us in writing or by email
Right to Restrict Processing Individuals have the right to request the restriction or suppression of their personal data except when needed for protection in case of the establishment, exercise or defence of legal claims. Should you wish to request this please do so in writing by sending an email.
Right to Data Portability Individuals have the right to data portability. This allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one environment to another in a safe and secure way, without hindrance to usability. Should you wish to request this please do so in writing by sending an email. This will be provided within one month
Right to Object Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics. We do not process your data in any of these ways.
The Right to Withdraw Consent You have the right to withdraw consent for the processing of data. We use the Lawful Process of Contract on this website, however once you attend for an appointment we do ask for consent. All personal data where you have given consent to will be retained for 7 years after the customers last appointment – or to minimum age 25 in the case of minors. This is for protection in case of the establishment, exercise or defence of legal claims. Should you wish to request this please do so in writing or by sending an email. Please note that cookies come under consent and you can withdraw consent and remove cookies from your browser at any time.
The Right to Lodge a Complaint with a Supervisory Authority Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation. If you have a concern about the way we are handling your personal information you may contact the Information Commissioner’s Office and report your concerns. This can be done online at https://ico.org.uk/concerns/handling/ or by telephoning the ICO on 0303 123 1113
Name and Contact Details of our Organisation and Representative L Griffiths, Plymouth Foot Care, Sophie Gees, 128 Cornwall Street, Plymouth PL1 1NJ Tel: 07807 204631 Email: [email protected]
PLEASE NOTE THIS WEBSITE CONTAINS LINKS TO OTHER WEBSITES. ONCE YOU HAVE CLICKED ON THE LINK YOU WILL THEN BE GOVERNED BY THAT WEBSITES PRIVACY AND COOKIE POLICY AND YOU WILL HAVE TO PERFORM YOUR OWN DUE DILIGENCE IN DECIDING ON WHETHER TO BROWSE OR USE THAT WEBSITE
COOKIES are used on this website – please read our Cookies Policy