The GDPR is the General Data Protection Regulation (EU) 2016/679. It sets out the key principles, rights and obligations for most processing of personal data – but it does not apply to processing for law enforcement purposes, or to areas outside EU law such as national security or defence.
The GDPR came into effect on 25 May 2018. As a European Regulation, it has direct effect in UK law and automatically applies in the UK until we leave the EU (or until the end of any agreed transition period, if we leave with a deal). After this date, it will form part of UK law under the European Union (Withdrawal) Act 2018, with some technical changes to make it work effectively in a UK context.
All data which is stored by South Devon Foot Clinic, is operated, controlled and processed solely by Helen Jones (owner of South Devon Foot Clinic) whilst utilising our bespoke clinical record system: Cliniko.
South Devon Foot Clinic shall retain all personal information including name, address, date of birth, medical history, surgical history, medication, assessment and treatment details as provided during your initial consultation.
South Devon Foot Clinic shall also retain financial statements received from suppliers. Such correspondence shall provide bank details and all crucial accounting information required. This information shall all be stored in securely, within a locked cabinet.
When informed of any changes to your personal information South Devon Foot Clinic shall update your information accordingly.
South Devon Foot Clinic retains your personal information for the purpose of undertaking Podiatric services and treatments. South Devon Foot Clinic, may at times utilise such information for marketing purposes however, an opt out of this service is available at all times.
Your rights with personal data stored by South Devon Foot Clinic :
1. Evidence of your personal information which is stored,
2. You have the right to request all personal data to be erased,
3. The right to restrict processing – being able to limit the amount or type of data used.
4. The right to data portability – requesting to move their data electronically to another business.
5. The right to object – being able to request you stop using their data.
We respectfully ask you to put your request in writing to South Devon Foot Clinic, 15 Fore Street, Yealmptom, PL8 2JN. You can also make your requests via phone 07827816203 or email via southdevonfootclinic@gmail.com. Your request shall be completed within 30 days of the date of your request.
All physical and electronic data shall be stored for a duration of seven years. South Devon Foot Clinic, 15 Fore Street, Yealmptom, PL8 2JN. tel: 07827816203 Provisions in place to protect all data:
1. All paper records are transported between treatment setting and registered premises of South Devon Clinic, in accordance with DPA 2018 guidelines
2. All data is stored, in a locked cabinet in-between appointments. In a secured room within a secured building.
3. Only business owner, Helen Jones shall have access to personal information.
4. All old data shall be shredded and disposed off via confidential waste.
1. All electronic client data, to include name, address, date of birth and any other record specific to the client, shall be stored by South Devon Foot Clinic within an encrypted file/s. Encryption of any personal information will essentially cause damage or distress should it become lost or stolen.
2. Operating computers shall be updated with Firewalls and Virus programmes to protect such electronic data.
3. Operating systems shall be set up to receive automatic updates.
4. Only business owner, Helen Jones shall have access to personal information. This is required to allow them to do their job.
5. No passwords will be shared..
6. All personal information shall be securely removed before disposing of old computers (by using technology or destroying the hard disk).
7. An encryption facility shall be utilised should a referral to an external individual or body be required.
8. When emails are required to be sent to a recipient, steps will be taken not to revealing their address to other recipients, by using blind carbon copy (bcc), not carbon copy (cc).
9. When using a group email address bcc shall also be utilised. No physical or electronic data shall be shared with any other person/s unless, consultation with client/s for the purpose for such sharing of data has been undertaken and full consent has been provided and obtained from the client.
Where consent is provided by any other persons on behalf to the client i.e. parent, guardian or via Power Attorney, such personal information of either the patient or third party, shall not be use for marketing purposes.
All data shall be processed lawfully and a copy of this privacy notice is available upon request.
15 Fore Street,
Yealmpton PL8 2JN
Mon: 09:00 – 17:00
Tues: 09:00 – 17:00
Wed: 09:00 – 17:00
Thurs: 09:00 – 17:00
Fri: 09:00 – 15:00
Mon: 09:00 – 17:00
Tues: 09:00 – 17:00
Wed: 09:00 – 17:00
Thurs: 09:00 – 17:00
Fri: 09:00 – 15:00
