Privacy policy
Susanne Marshall Podiatry is committed to protecting and respecting your privacy.
This privacy policy describes how and when I collect, use and share information when you contact me, purchase a product from me, when I attend your home for an appointment, or you otherwise use my services.
Information I collect
I am legally required to collect and store certain information in order to aid your treatment, or as part of purchasing something from my business. To do this you will normally provide me with certain information such as personal contact details, physical and mental health information (including details of your GP and medication), and payment information.
I may also collect information on your social circumstances or lifestyle, and racial or ethnic origin where relevant.
You will be asked to provide this information at your first appointment, and it will be updated on each subsequent contact with you.
I am committed to ensuring that your information is secure. I take every precaution to prevent issue, or alteration of your personal information by putting in place suitable physical, electronic and managerial procedures, including restricted access to storage areas, and data encryption/password protection for information kept electronically. Information is stored either on paper or by electronic methods.
Why I need your information and how it is used
I rely on several legal bases to collect, use and share your information including,
- Where it is necessary for the purposes of the provision of health care as need to provide my services, such as when I use your information to fulfil your podiatry assessment and treatment, or to provide customer support.
- If necessary, to comply with a legal obligation or court order, or in connection with a legal claim, such as retaining information about your purchases if required by tax law.
Simply put, in order to provide you with the best care and service possible, and to satisfy my legal, tax and accounting obligations, I need to collect your information from you. In order to provide treatment, I must be able to collect and store your information. I can also send text reminders if you have registered your mobile number with me.
Data collected via Website and social media
When contacting me via my website and social media, your data will be used only to answer any queries. Any data shared will only be stored with me if you then become a patient/customer.
My website is secure, and does not utilise cookies, though I do track visitor numbers to the site. No data is stored on the website.
Information sharing and disclosure
Information about my patients/customers is important to my business. I share your personal information for very limited reasons and in limited circumstances, as follows:
- Medical professionals. With your consent I will share information with medical professionals such as your GP or consultant to allow continuity of care.
- Health insurance companies. If claiming cost of treatment back.
- Parent/Guardian. If you are a minor.
- Welfare guardian or carer (with your consent) If you require support when making appointments or having me in attendance at your home for an appointment.
When I do share your data, I am required to comply with the general data protection regulation (GDPR) and am registered with the information commissioner's office (ICO).
I will never sell or distribute your information to third parties for marketing purposes and will only contact you regarding appointments or your care, never for marketing.
Data retention
I retain your personal information only for as long as necessary to provide you with my services and as described in this policy.
However, I may also be required to retain this information to comply with my legal and regulatory obligations, to resolve disputes, and to enforce my agreements. The retention of Podiatry records is normally a minimum of 8 years after the last appointment, but varies for children, and adults with incapacity. For customers who are not patients, but may have bought products from my business, I will keep any data you may have provided for a minimum of 6 years in line with tax legislation.
After the retention period has lapsed, information is securely and appropriately destroyed.
Your rights
You have several rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. I describe these rights below:
- Access: You have the right to access and receive a copy of the personal information I hold about you by contacting me using the contact information below.
- Change: Restrict, delete. You may also have the rights to change, restrict my use of, or delete your personal information. In the case of health records these are normally exempt from change or deletion requests.
- Object: You can object to my processing of some of your information based on my legitimate interests after providing your express consent to use them. In such cases, I will delete your personal information unless I have compelling and legitimate ground to continue using that information or if it is needed for legal reasons.
- Complain: If you wish to raise a concern about my use of your information (and without prejudice to any other rights you may have) you have the right to do so with the information commissioner www.ico.co.uk.
How to contact me
For purposes of the GDPR, I Susanne Marshall, am the data controller of your personal information. If you have any questions or concerns, you can contact me either by phone:
0774... or email me: WILLNOTWORK@smpod co.uk.
Version 1.1 - Tuesday 31st March 2020