Your privacy is important to us
We hold certain information about you that comes under the lawful basis of “special category data”. It is held in order that we can uniquely identify you and provide you with the foot healthcare that you or a person you are legally responsible for requires. We also use your contact information so that we can confirm appointments made, send appointment reminders and annual check-up notices. We also occasionally use this data for marketing purposes such as advising you of our Christmas hours, informing you of new treatments available or any other changes at the practice which we feel may be of interest to you.
Holding this information on you has many responsibilities. In brief it must be; securely stored, used for purposes you agree to, amended when necessary if incorrect, copies of information we hold on you provided if requested, deleted if requested (this is subject to medico-legal guidelines). We must hold no more information necessary than is needed for us to safely and appropriately perform our service to you. You can control who we share this data with and complain about how we use your data. You can amend the preferences on how your data is used at any time.
This policy will be revised as and when requirements of the practice or legal requirements arise. The latest revision will always be available on the practice website; www.footfriend.co.uk or at reception.
Where does our data come from?
The data we hold in you records comes principally from you! At your first appointment, you will have given us your name, address date of birth, contact details etc. You will have given us your health details when we question you about your medical history and you may have given us supporting information such as a doctor’s letter.
Information from third parties
We may receive information from your doctor if you have asked them to forward any information. Your doctor will not share any information they have regarding you without you expressly requesting them to do so. We may have received information from a health insurer about you – this will only occur if you, the policy holder, are referred to us and consent to this.
Types of data held:
- Personal Details
- Date of Birth
These are held to help to uniquely identify patients on our record system. They are also needed when assessing patients and their problems as various problems may for example affect different subsets of the population for example, men commonly but not women or may affect young women but not older women etc. We also require DOB’s to consider issues of consent to treat minors (Under 18’s). There are also problems that do and do not generally affect different age groups.
- Street address
- Email address
- Landline phone number
- Mobile phone number
These are also held to help us to cross reference and therefore uniquely identify patients in our record system. They aid us in contacting you regarding appointments made (text messages & confirmation emails are sent when appointments are booked). They are also held for reminders, annual check-up notices, announcements re new staff, new treatments, and advance warning of any holiday closures.
Medical History Information
In order for us to assess our patients and provide the best advice and treatment in a safe and proper way it is necessary for us to collect health information. We update this on an annual basis for regularly attending patients as our medical history can change throughout our lives and therefore affect decision making in providing appropriate care for you.
These details include:
- Past treatments/surgery/hospitalisations.
- We also may hold copies of letters from doctors, hospitals, other practitioners regarding you and your problems. These will have been given to us by you at an appointment you have attended. We scan these documents and attach them to your patient record and then return the original to you. We can at your request shed the documents in a cross-cut shredder if you no longer require them.
- We may also take photos of your problem for future reference and hold these on your file (with your consent). If we take photos for you to see your problem these are generally deleted immediately after showing you.
- Which GP Practice you are registered at.
- We may also hold details of communications from your medical insurer if they contact us regarding you and your problem. This will only occur if you consent to your insurer contacting us. We will only supply information requested by them with your consent.
We hold a record of charges, invoices and payments for the goods and services we provide to our patients. We do NOT hold any credit / debit card or cvv numbers at all. Our payments are received at the practice in cash/cheques or via a stand-alone PDQ machine which produces receipts for the patient and us the Merchant. Our Merchant receipts have no identifiable data that can be used for fraud. They are kept for 1 month so as we can reconcile our merchant account. They are then securely destroyed. Payments we receive via online bookings are collected via a third party (PayPal) on a secure website. We are not privy to any payment details of our patients when they make a payment except for the date, amount and the contact details of the person booking the appointment.
Who do we share your data with?
From time to time we may need to contact another health professional or hospital regarding you and your condition. This is the only time we share any information about you and it will NEVER be shared without your prior consent. This information is usually in the form of a letter which we write and give to you to hand deliver to the relevant doctor, health professional etc so you have complete control of this situation.
Your rights about your data
The right to be informed
The types of data we hold about you and how we use it are described fully above. Essentially it is information we use to identify you in our record system (Name, Address, Email & phone numbers etc). It is also information about your health so as we can provide the best care and advice for you (eg, medication taken, allergies, medical complaints etc). We also keep track of charges, invoices and payments for our accounting requirements. We don’t share ANY information with any other parties without your permission.
The right to rectification
We always attempt to keep our data current and correct. Our software prompts us to ask you for any changes in your medical history once a year. If you have a change in your health, please notify us of it at the beginning of your next appointment and we will amend our records. This will ensure we continue to give you appropriate care and advice for your personal situation. Any changes to contact details can be made at reception or during an appointment at any time.
The right to erasure
We have statutory obligations for the minimum lengths of time that we retain the records we keep on individuals. These are; 8 years for adults, Persons under 18 years old until their 25th birthday and for deceased persons for 8 years after death. After these periods we can erase records on request. There may be other medico-legal requirements which may vary these periods.
The right to restrict processing
You have the right to restrict the way we use your data. You may only wish us to hold treatment records/supplied medical information only. Alternatively, in addition to this you may wish us to process your data by supplying you with appointment booking confirmation emails/texts, reminders, practice notices and marketing emails. You can alter your requirements at any time, both restricting or freeing up our limited data processing activities.
The right not to be subject to automated decision-making including profiling.
We do not use any automated decision making or profiling processes.
The right to object
If you have a complaint about the way any of your data is handled or used by the practice, we would ask you in the first instance to notify Damian Johns (Data Controller) to address your complaint. If you are still not satisfied after this you have the right to complain to the Information Commissioner’s Office (ICO) at: https://ico.org.uk/concerns/
The right of access
You can apply for access to view your data by making a “subject access request”. There are a limited set of circumstances where this may not be possible. If you do wish to make a “subject access request” please contact reception for the relevant form where you will need to detail which records you wish to see. We will respond with a timely manner (Generally much sooner than the maximum period of 1 month). There may be a fee of £50.00 applied to such requests. If we refuse your request, we will tell you why. If you are unhappy with this, you can complain to: https://ico.org.uk/concerns/ and you may have a right to a judicial review.
The right to data portability
If you wish to obtain your data for your own purposes across different services, in most cases we will provide this information to you in a CSV file. There is no administrative charge for this service. You will need to apply in writing to the Data Controller for this.
The information we hold on you comes under the lawful basis of “Special Category Data”.
The conditions we are using to process this data under this lawful basis come from Special Category Data Article 9, Paragraphs C,H & I as follows:
(c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;
(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;
Any requests for information about the types of data usage we make, our data security and any complaints raised in the first instance should be directed to Damian P. Johns who is the “Data Controller” for Footfriend Limited. Please address all requests / complaints to: Damian P. Johns, Footfriend Ltd, 15 Wednesday Market, Beverley, East Riding of Yorkshire, HU17 0DH.
Policy Revision Date
Date of last revision: 17th February 2018
Isn’t it time you treated your feet?
“I have been a client with Damian for a number of years. I am a Type 2 Diabetic and visit every eight weeks, Damian takes very good care of my feet, and keeps me up to date with information on the care of my feet, including ill fitting shoes. I would recommend him to all of my friends.”
K. Johnson, Hull