Who We Are
Firefly Foot and Ankle Clinic (‘we’ or ‘us’ or ‘our’) gather and process personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and law. This notice provides the necessary information regarding rights and obligations, and explains how, why and when we collect and process personal data.
Firefly Foot and Ankle Clinic registered office is at Firefly Foot and Ankle Clinic, Markievicz Road, Sligo, Ireland. Our designated Data Protection Compliance Officer for the organisation is Andrea Sheridan, and we can be contacted at Firefly Foot and Ankle Clinic, Markievicz Road, Sligo, Ireland. Phone: 00353 71 91 494 94. Email: email@example.com
Purpose of this policy
This policy is a statement of Firefly Foot and Ankle Clinic’s commitment to protect the rights and privacy of individuals. It sets out how we use and protect the information you supply when using our services. We are committed to ensuring that individuals privacy is protected.
Principles of Processing Personal Data
Any staff member of Firefly Foot and Ankle Clinic who is involved in the collection, storage or processing of personal data has responsibilities under legislation:
Information That We Collect
Firefly Foot and Ankle Clinic processes personal information to meet our legal, statutory and contractual obligations and to provide our products and services. We will never collect any unnecessary personal data and do not process information in any way, other than already specified in this notice.
The personal data that we collect is: -
We collect this information in the below ways: -
Special Categories Data
Owing to the products and services that we offer Firefly Foot and Ankle Clinic need to request sensitive personal information in the performance of a contract to advise on best product and prescription combinations to provide medical treatment to the data subject. Where we collect sensitive personal data, we will only request the information required for the specified purpose.
How We Use Your Personal Data (Legal Basis for Processing)
Firefly Foot and Ankle Clinic takes data privacy very seriously and will never disclose, share or sell personal data without consent, unless required to do so by law. We only retain personal data for as long as is necessary and for the purposes specified in this notice.
The purposes and reasons for processing your personal data are detailed below: -
How Long We Keep Personal Data
Firefly Foot and Ankle Clinic retains personal data for as long as necessary to provide a data subject with our services. Firefly Foot and Ankle Clinic are required under tax laws to keep personal data for 6 years, and accounting records for a period of 6 years after the end of the financial year.
Consequences of Not Providing Personal Data
A data subject is not obligated to provide personal information to Firefly Foot and Ankle Clinic, however, as this information is required for us to provide our services/deliver our products, we will not be able to offer our products or services without it.
Sharing and Disclosing Your Personal Information
We do not share or disclose any of personal information without consent, other than for the purposes specified in this notice or where there is a legal requirement. Firefly Foot and Ankle Clinic uses third-parties to provide the below services and business functions, however all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures. We share your personal data with the following categories:
We share personal data with a 3rd party orthotic supplier. We do this for the purpose of providing custom made podiatric orthoses as per order requests. Our supplier is located in Ireland.
This includes sharing such data as: Patient name, age (only for under 16year olds who are enrolled in the Outgrowth Programme), weight and shoe size, product order details and product prescription details.
Other medical professionals
We share personal data with other 3rd party professionals. We do this for referral purposes where our diagnosis warrants further medical investigation.
These referrals are based in Ireland primarily, with some based in Northern Ireland.
Any marketing to you shall be based strictly on consent to do so, obtained directly from you. Any Data Subject Access requests regarding our marketing/digital marketing can be made to Conor Lynch, email firstname.lastname@example.org.
We may collect non-personally identifiable information with cookies, such as IP address, browser type and version, and pages you view on our website.
We also use Google Analytics to keep track of how you got to our site and any links you click on to leave our site.
Once you leave our site, we do not track you.
This aggregate information is analysed and combined with similar aggregate information of other users and may be collected both on our site and on other sites. We may share aggregate information with our business partners and other third parties. Such aggregate information is anonymous and does not identify any individual user, and we do not link this automatically collected data to personally identifiable information.
Cookies: You can remove cookies by following directions on your Internet browser’s settings. We use your website activity to assist us in offering you a personalised web experience, assist you with technical support, and administer our websites and to tailor our product and service offerings to you.
We will share personal information with 3rd parties if we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to:
Meet any applicable law, regulation, legal process or enforceable governmental request.
Enforce applicable Terms of Service, including investigation of potential violations.
Detect, prevent or otherwise address fraud, security or technical issues.
Protect against harm to the rights, property or safety of Firefly Foot and Ankle Clinic, our users or the public, as required or permitted by law.
Firefly Foot and Ankle Clinic takes data privacy seriously and we take every reasonable measure and precaution to protect and secure personal data. We work hard to protect the data subject and their information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: -
Failure of Firefly Foot and Ankle Clinic’s staff to process Personal Data in compliance with this policy may result in disciplinary proceedings.
Data Subject Rights
Data Subjects have the right to access any personal information that Firefly Foot and Ankle Clinic processes and to request information about: -
Data Subjects rights include the right of access, rectification, erasure, restriction as well as the right to transfer of their data, the right to object to some processing and automated decision making, including profiling. These rights may be exercised freely and at no cost.
If you believe that we hold any incomplete or inaccurate personal data, the data subject has the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified. Please write to us or email us at email@example.com . We will promptly correct any information found to be incorrect.
The data subject also has the right to request erasure of their personal data or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use.
If we receive a request from a data subject to exercise any of the above rights, we may ask that person to verify their identity before acting on the relevant request; this is to ensure that a data subjects data is protected and kept secure.
Data Subject Access Requests
Where a formal request is submitted by a Data Subject in relation to the data held by Firefly Foot and Ankle Clinic such a request gives rise to access rights in favour of the Data Subject. We will ensure that, where necessary, such requests are forwarded to the Data Protection Compliance Officer in a timely manner, and they are processed as quickly and efficiently as possible, but within not more than 30 days from receipt of the request.
It is Firefly’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be notified within 72 hours. This will be managed in accordance with our Information Security Incident Response Procedure which sets out the overall process of handling information security incidents.
Lodging A Complaint
Firefly Foot and Ankle Clinic only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint:
Andrea Sheridan, Complaints, Firefly Foot and Ankle Clinic, Markievicz Road, Sligo, F91 KXH6, Ireland
Or furthermore with the supervisory authority:
Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, Ireland R32 AP23
+353 (0) 57 8684800
Addressing compliance to GDPR
The following actions are undertaken to ensure that Firefly Foot and Ankle Clinic complies at all times with the accountability principle of GDPR:
Changes to our privacy notice
Firefly Foot and Ankle Clinic may change this notice from time to time. All changes will be posted and updated here. We will notify you directly by email (if we hold one for you) if any significant changes occur. We advise you to check back here frequently to review the most current version of this notice.
This Statement was last updated on 24th April 2018