Get in touch

Fill in your details to begin the process of making your appointment with Firefly Foot & Ankle Clinics. Our staff will be in touch with you to complete your appointment booking or to answer your query.

Enquiry form

Firefly Foot and Ankle Clinics Privacy Policy

Firefly Foot and Ankle Clinics gather and process personal information in accordance with our privacy policy and in compliance with the relevant data protection regulation and law. This notice provides the necessary information regarding rights and obligations, and explains how, why and when we collect and process personal data.

Privacy Policy


Who We Are

Firefly Foot and Ankle Clinic (‘we’ or ‘us’ or ‘our’) gather and process personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and law. This notice provides the necessary information regarding rights and obligations, and explains how, why and when we collect and process personal data.


Firefly Foot and Ankle Clinic registered office is at Firefly Foot and Ankle Clinic, Markievicz Road, Sligo, Ireland. Our designated Data Protection Compliance Officer for the organisation is Andrea Sheridan, and we can be contacted at Firefly Foot and Ankle Clinic, Markievicz Road, Sligo, Ireland.  Phone: 00353 71 91 494 94.  Email: [email protected]


Purpose of this policy

This policy is a statement of Firefly Foot and Ankle Clinic’s commitment to protect the rights and privacy of individuals.  It sets out how we use and protect the information you supply when using our services.  We are committed to ensuring that individuals privacy is protected.

Our Privacy Policy explains:

  • What information we collect
  • How we collect it
  • How we use that information
  • What information we share
  • How we safeguard any data that is supplied to us

Please make sure that you have read and understood our Privacy Policy.  We prioritise safeguarding all data which you provide in order for us to fulfil our obligations to you.

Principles of Processing Personal Data

Any staff member of Firefly Foot and Ankle Clinic who is involved in the collection, storage or processing of personal data has responsibilities under legislation:

  • to obtain and process personal data fairly.
  • to keep such data only for explicit and lawful purposes.
  • to disclose such data only in ways compatible with these purposes
  • to keep such data safe and secure.
  • to keep such data accurate, complete and up-to-date.
  • to ensure that such data is adequate, relevant and not excessive.
  • to retain such data for no longer than is necessary for the explicit purpose.
  • to give, on request, a copy of the data to the individual to whom they relate, such a request is known as an Access Request


Information That We Collect

Firefly Foot and Ankle Clinic processes personal information to meet our legal, statutory and contractual obligations and to provide our products and services. We will never collect any unnecessary personal data and do not process information in any way, other than already specified in this notice.


The personal data that we collect is: -

Patient title

  • Patient title, full name, address, phone number, email, date of birth
  • Parent details for any person under 16 year old
  • Source of introduction to our clinics
  • Referral source - consultant/physiotherapist/GP etc.
  • GP details
  • Special Category Data: Patient medical/pathology details, prescribed medications
  • Special Category Data: Patient gender


We collect this information in the below ways: -

  • In person
  • Over the phone
  • Via email
  • Via patient medical questionnaire
  • Via our online booking system
  • Via referral letters from GP’s, consultants, physios.
  • Via digital marketing platforms, Google Ads, Facebook etc.


Special Categories Data

Owing to the products and services that we offer Firefly Foot and Ankle Clinic need to request sensitive personal information in the performance of a contract to advise on best product and prescription combinations to provide medical treatment to the data subject.  Where we collect sensitive personal data, we will only request the information required for the specified purpose.


How We Use Your Personal Data (Legal Basis for Processing)

Firefly Foot and Ankle Clinic takes data privacy very seriously and will never disclose, share or sell personal data without consent, unless required to do so by law. We only retain personal data for as long as is necessary and for the purposes specified in this notice.


The purposes and reasons for processing your personal data are detailed below: -


  • We collect personal data necessary for the purposes of podiatric medical assessment, medical diagnosis, the provision of treatment.
  • We collect and store personal data as part of a relevant filing system.
  • We may use personal data in a generic format in case histories for internal assessment, diagnosis and treatment training purposes.
  • We may transfer personal data to 3rd parties for medical referral purposes for further medical investigation.
  • We may disclose personal information to any relevant regulator, if they require it or to anyone else if there is a legal duty to do so.


How Long We Keep Personal Data

Firefly Foot and Ankle Clinic retains personal data for as long as necessary to provide a data subject with our services. Firefly Foot and Ankle Clinic are required under tax laws to keep personal data for 6 years, and accounting records for a period of 6 years after the end of the financial year.


Consequences of Not Providing Personal Data

A data subject is not obligated to provide personal information to Firefly Foot and Ankle Clinic, however, as this information is required for us to provide our services/deliver our products, we will not be able to offer our products or services without it.


Sharing and Disclosing Your Personal Information

We do not share or disclose any of personal information without consent, other than for the purposes specified in this notice or where there is a legal requirement. Firefly Foot and Ankle Clinic uses third-parties to provide the below services and business functions, however all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures. We share your personal data with the following categories:


Orthotic Supplier

We share personal data with a 3rd party orthotic supplier. We do this for the purpose of providing custom made podiatric orthoses as per order requests. Our supplier is located in Ireland.

This includes sharing such data as: Patient name, age (only for under 16year olds who are enrolled in the Outgrowth Programme), weight and shoe size, product order details and product prescription details.


Other medical professionals

We share personal data with other 3rd party professionals.  We do this for referral purposes where our diagnosis warrants further medical investigation.

These referrals are based in Ireland primarily, with some based in Northern Ireland.


Any marketing to you shall be based strictly on consent to do so, obtained directly from you. Any Data Subject Access requests regarding our marketing/digital marketing can be made to Conor Lynch, email [email protected].

We may collect non-personally identifiable information with cookies, such as IP address, browser type and version, and pages you view on our website.

We also use Google Analytics to keep track of how you got to our site and any links you click on to leave our site.

Once you leave our site, we do not track you.


This aggregate information is analysed and combined with similar aggregate information of other users and may be collected both on our site and on other sites. We may share aggregate information with our business partners and other third parties. Such aggregate information is anonymous and does not identify any individual user, and we do not link this automatically collected data to personally identifiable information.


Cookies: You can remove cookies by following directions on your Internet browser’s settings. We use your website activity to assist us in offering you a personalised web experience, assist you with technical support, and administer our websites and to tailor our product and service offerings to you.


Legal Reasons

We will share personal information with 3rd parties if we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to:

Meet any applicable law, regulation, legal process or enforceable governmental request.

Enforce applicable Terms of Service, including investigation of potential violations.

Detect, prevent or otherwise address fraud, security or technical issues.

Protect against harm to the rights, property or safety of Firefly Foot and Ankle Clinic, our users or the public, as required or permitted by law.


Safeguarding Measures

Firefly Foot and Ankle Clinic takes data privacy seriously and we take every reasonable measure and precaution to protect and secure personal data. We work hard to protect the data subject and their information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: -


  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.


  • Access to and management of staff and customer records is limited to those staff members who have appropriate authorisation and password access.


  • We restrict access to personal information solely to Firefly employees and 3rd parties who require the information to supply products for us and who are subject to strict contractual confidentiality obligations. Failure of a third party to manage Firefly Foot and Ankle Clinic’s data in a compliant manner will be viewed as a breach of contract and may be disciplined, or their contract terminated if they fail to meet these obligations.

Failure of Firefly Foot and Ankle Clinic’s staff to process Personal Data in compliance with this policy may result in disciplinary proceedings.


Data Subject Rights

Data Subjects have the right to access any personal information that Firefly Foot and Ankle Clinic processes and to request information about: -

  • What personal data we hold about a data subject
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from the data subject, information about the source


Data Subjects rights include the right of access, rectification, erasure, restriction as well as the right to transfer of their data, the right to object to some processing and automated decision making, including profiling.  These rights may be exercised freely and at no cost. 


If you believe that we hold any incomplete or inaccurate personal data, the data subject has the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.  Please write to us or email us at [email protected] .  We will promptly correct any information found to be incorrect.


The data subject also has the right to request erasure of their personal data or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use.


If we receive a request from a data subject to exercise any of the above rights, we may ask that person to verify their identity before acting on the relevant request; this is to ensure that a data subjects data is protected and kept secure.


Data Subject Access Requests

Where a formal request is submitted by a Data Subject in relation to the data held by Firefly Foot and Ankle Clinic such a request gives rise to access rights in favour of the Data Subject.  We will ensure that, where necessary, such requests are forwarded to the Data Protection Compliance Officer in a timely manner, and they are processed as quickly and efficiently as possible, but within not more than 30 days from receipt of the request.


Breach Notification

It is Firefly’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data.  In line with GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be notified within 72 hours.  This will be managed in accordance with our Information Security Incident Response Procedure which sets out the overall process of handling information security incidents.


Lodging A Complaint

Firefly Foot and Ankle Clinic only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint:

Andrea Sheridan, Complaints, Firefly Foot and Ankle Clinic, Markievicz Road, Sligo, F91 KXH6, Ireland


Or furthermore with the supervisory authority:

Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, Ireland R32 AP23 

+353 (0) 57 8684800

[email protected]



Addressing compliance to GDPR

The following actions are undertaken to ensure that Firefly Foot and Ankle Clinic complies at all times with the accountability principle of GDPR:

  • The legal basis for processing information is clear and unambiguous
  • All staff involved in handling personal data understand their responsibilities for following good data protection practise.
  • Training in data protection has been provided to all staff
  • Rules regarding consent are followed.
  • Routes are available to data subjects wishing to exercise their rights regarding personal data and such enquiries are handled effectively
  • Regular reviews of procedures involving personal data are carried out
  • Privacy by design is adopted for all new or changed systems and processes.
  • The following documentation or processing activities are recorded:


  • Organisation name and relevant details
  • Purposes of the personal data processing
  • Categories of individuals and personal data processed
  • Categories of special data processed
  • Personal data retention schedules
  • Relevant technical and organisational controls in place


Changes to our privacy notice

Firefly Foot and Ankle Clinic may change this notice from time to time. All changes will be posted and updated here. We will notify you directly by email (if we hold one for you) if any significant changes occur. We advise you to check back here frequently to review the most current version of this notice.


This Statement was last updated on 24th April 2018