This is the Podfo® website Privacy and Cookies Policy. Please read it carefully as you should only submit information to us through this site if you agree we may use it in accordance with this notice.
This notice sets forth the expected behaviours of Podfo Limited Employees and Third Parties in relation to the collection, use, retention, transfer, disclosure and destruction of any Personal Data belonging to a data subject.
Personal Data is any information (including opinions and intentions) which relates to an identified or Identifiable Natural Person. Personal Data is subject to certain legal safeguards and other regulations, which impose restrictions on how organisations may process Personal Data. An organisation that handles Personal Data and makes decisions about its use is known as a Data Controller. Podfo Limited, as a Data Controller, is responsible for ensuring compliance with the Data Protection requirements outlined in this notice.
We collect certain basic information about you when you visit our website. We recognise the importance both of keeping that information secure and of letting you know what we intend to do with it.
We may amend this notice to reflect changes to our business, website or to data protection law or legislation. We therefore ask you revisit this notice on a regular basis to ensure you are familiar with its terms.
The notice sets out (1) who we are and describes (2) the information we collect (3) what we do with it (4) how you can find out more.
Who we are
The Podfo® website is provided by Podfo Limited, and we are committed to:
- the appropriate use and protection of personal data in all our business dealings;
- maintaining high levels of confidentiality
- developing a data protection regime that is effective, fit for purpose and complies with GDPR
We recognise our obligations under the Data Protection Act 2018 and the provisions of Regulations (EU) 2016/679 (the General Data Protection Regulations “GDPR”).
We confirm that:
- the Data ‘Controller’ is Podfo Limited; and
- Podfo Limited is registered with the Information Commissioner’s Office.
For our address details, please see our contact us pages. We are a registered Company in England and Wales 04199223. Our registered address is;
Suite 7, QEleven
Quorum Business Park
Newcastle Upon Tyne
Principles of GDPR
We shall so far as is reasonably practicable comply with the Data Protection Principles (the Principles)contained in the Data Protection legislation to ensure all data is:
- processed fairly, lawfully and transparently;
- collected and processed only for specified, explicit and legitimate purposes;
- adequate, relevant and limited to what is necessary for the purposes for which it is processed;
- accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
- not kept for longer than is necessary for the purposes for which it is processed; and
- processed securely.
The information we collect
What is the source of your personal information?
We collect data from the following sources:
- From you directly through:
- our on-line forms
- when you call us
- when you email us
- subscriptions at marketing events
- From data generated by us about you when you use our products or services
- From podiatrists, who send us your information
- By means of ’cookies’ when you use our site
- In the form of ’traffic data’ (see Cookies and Traffic Data below)
What information do we collect about you?
If you make an enquiry by online form, email or phone, we will collect your email address, first and last name, postcode, telephone number, how you found out about us and the message that you send.
Data generated by us about you may include, but is not limited to, order numbers, computer files and the products and services you have accessed.
Podiatrists may provide us with the above information as well as some health information including medical conditions and scans, casts or moulds of your feet. This is what is known as a “special category” of data and is subject to further restrictions (see What legal basis do we rely on when processing your data?).
Where we ask for more information to help us improve our services, over and above the basic required information, your response is voluntary and you are free not to provide us with more information if you would prefer not to do so.
Do you have to provide your personal information to us?
We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.
What we do with your information
How do we use it?
We use your personal data, including any of the personal data listed in the section above, for the following purposes:
- To provide you with the support which you have requested
- To design and manufacture products for you
- To provide you with a service
- For management and auditing of our business operations including accounting
- For direct marketing via email (see Marketing below about opting out)
- To perform and/or test the performance of, our products, services and internal processes
- To improve the operation of our business
- For market research and analysis and developing statistics
- To develop new products and services and to review and improve current products and services
- To comply with legal and regulatory obligations, requirements and guidance
- To share information, as needed, with business partners (for example, financial services institutions, insurers), account beneficiaries, service providers or as part of providing and administering our products and services or operating our business
Whenever you make an enquiry about our products or services, we will keep your contact details on our mailing lists until you ask us not to contact you further. You will be given the opportunity to opt out at every communication we make to you, or at any time by contacting us.
When do we share it?
We may disclose your information to third parties in certain circumstances.
Suppliers who process information on our behalf, such as our IT service providers. They will have incidental access to your information but will be obliged to act only on our instructions and to keep your information secure.
We may disclose your information to law enforcement or regulatory bodies if required to do so by them.
We may also disclose your information to a third party in the context of actual or threatened legal proceedings or if otherwise required to do so by law.
Your information will not be disclosed to or shared with any third party except as specified above.
Where we ask a third party to process your data on our behalf, we have a contract in place with them so that we can ensure your data is processed in accordance with our data protection policy, and that they are compliant with the relevant regulations.
What legal basis do we rely on when processing your data?
We rely on the following legal bases to use your personal data:
- Where it is needed to provide you with our products or services
- Where it is in our legitimate interests to do so
- To comply with our legal obligations
When special categories of data, such as health, are processed:
- Your consent, normally acquired by your podiatrist
How do we keep it secure?
Only authorised personnel and contractors have access to your information.
We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
How long will we store it for?
We will not keep your personal data for longer than we need it for our legitimate purposes.
We take into account the following aspects when determining the suitable retention period for any employee personal data:
- the amount, nature and sensitivity of the data
- the risk of harm from unauthorised use or disclosure
- the purposes for which we process your personal data
- the period for which the data is likely to remain accurate
- the possibility of the relevance of the data in future legal claims
- any applicable legal, accounting, reporting or regulatory requirements
Do we do any monitoring involving processing of your personal information?
In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may keep records of phone calls and emails in order to provide you with a service or product.
What about other automated decision making?
We do not use any automated decision making involving your personal information.
Transfers outside Europe
Data protection legislation is harmonised throughout the European Economic Area (EEA), which comprises the EU member states, Norway, Iceland and Liechtenstein. Countries outside the EEA do not generally have the same level of protection for personal information as those within the EEA.
Because of the way the Internet works, it is possible that the information you provide to us could be routed via countries outside the EEA. However this is not considered a ‘transfer’ under data protection legislation and unless you are from outside the EEA, we will not transfer any information we collect from you outside the EEA without your permission or as permitted by law.
Further information about data protection issues including the online Register of Data Controllers can be found at https://ico.org.uk/
What are your rights as a data subject?
You have the right to information about what personal data we process, how and on what basis as set out in this notice.
- You have the right to access your own personal data by way of a subject access request.
- You can correct any inaccuracies in your personal data.
- You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected.
- While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made.
- You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
- You have the right to object if we process your personal data for the purposes of direct marketing.
- You have the right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
- With some exceptions, you have the right not to be subjected to automated decision-making.
- You have the right to be notified of a data security breach concerning your personal data.
In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later.
You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.
If you would like to exercise any of your rights as listed above, including making a subject access request, withdrawing consent or opting out of direct marketing, you should contact us via methods on the Contact Us page.
Cookies and Traffic Data
Cookies are small text files that are stored on your computer’s hard drive by websites you visit to enable the site to ’remember’ who you are. In general, cookies are only visible to the site that serves them, not to other websites. ‘Serves’ means places on your computer’s hard drive.
We use the cookies on this website to help you navigate our website efficiently, perform certain functions and to collect site statistics. These cookies do not store any personal information that would, on its own, allow us to identify individual users of this service without your permission.
Podfo Limited use a number of suppliers (third party) who also set cookies on this website on our behalf in order to deliver the services they are providing. If you would like more information about the cookies used by these suppliers, as well as information on how to opt-out, please see the information in the tables provided below.
Please be aware that restricting cookies may impact on the functionality of the Podfo Limited website and could mean that key features do not work properly. We strongly recommend allowing cookies from this website so that we can provide you with a full service.
To help you make an informed decision, we have categorised the cookies used on this site into two categories;
- Necessary cookies – these cookies are fundamental to ensure the site works correctly.
- Optional cookies – These cookies could help us track how you use the website so that we can improve the information and experience provided to you. They may also provide additional features by third party providers to allow you to socially share content or comment on this website.
The cookies used on this site are explained in the tables below.
- Provider: Podfo Limited
- Cookie: ASP.NET_SessionId
- Expires: End of session
- Description / Purpose: This session cookie is used to store anonymous details about the pages visited by you on this website and is required to provide this functionality to you. If you do not allow this cookie this website will not work correctly.
- Provider: Podfo Limited
- Cookie: AcceptCookies
- Expires: Never
- Description / Purpose: This cookie tells us you have accepted cookies from this site and allows us to stop showing you the same message each time you visit the site.
- Provider: Google Analytics
- Provider: YouTube
How to control and delete cookies
Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies.
For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.
We do not use ’spyware’, that is web bugs or hidden identifiers or other similar devices to gain access to information, store hidden information or to trace your activities.
We keep a record of traffic data which is logged automatically by the server. This includes your IP address, the website address you visited before ours, the website address you visit after leaving our site and which pages you visit on our site. We do not store or analyse this traffic data in a way that identifies any individual. We also use Google Analytics for site statistics – see ‘Cookies’ above for details of how this works.
Finding out more
Further information about data protection issues including the online Register of Data Controllers can be found on the Information Commissioner’s website.
If you have any questions or concerns or would like to find out more about how we process personal data, contact us via methods on the Contact Us page.