Protecting the personal privacy of every customer is a crucial part of gaining and keeping your trust in Fit Feet (the “Company”, “we”, “us”). We strive to provide a high level of privacy protection across all of our business activities and services and to deploy consistent, policies and procedures.
This privacy policy (the “Policy”) serves as our commitment to you to protect the security and privacy of your personal data, and covers the following areas of privacy concerns:
- The types of data we collect from you.
- When we collect your data.
- How we use and process your data.
- Our legal basis for processing your data.
- When and to whom we share your data.
- For how long we retain your data.
- Your rights over your data.
- Who to contact and what to do if you wish to discuss with us about your data and your rights.
This notice does not apply to third-party applications, products, services, websites or social media features that may be accessed through links that we provide on our websites and interfaces. Accessing those links may result in the collection of information about you by a third party. We do not control or endorse those third-party websites or their privacy practices. We encourage you to review the privacy policies of such third parties before interacting with them.
Your privacy is of utmost importance to us in servicing you. Our products and services are rendered to you on the basis of your understanding of your data privacy rights. Please read this Policy carefully. When visiting our website and using our products and services that link to or reference this Policy, you agree to be bound by the terms and conditions of this Policy.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the data alone or in conjunction with any other data in the data controller’s possession or likely to come into such possession. The processing of your personal data is governed by applicable privacy laws.
What roles do we play in processing your data?
We are the data controller with respect to processing your data (contact details below). This means that we decide how your personal data is processed and for what purposes. We know that you care how data about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly.
When is your personal data collected?
Some of your data can, in particular, be collected by us:
- whenever you become our customer or patient;
- whenever you register to use our services, online or otherwise;
- whenever you fill in forms and contracts that we send to you;
- whenever you use our services;
- whenever you opt-in to our marketing measures and activities, including but not limited to: newsletters and other promotional information and materials;
- whenever you contact us via the various channels we offer you;
Our collection of personal data
The personal data we collect includes any and all data you provide to us when you enter into contract with us, enter on our website, provide us information on a web form, update or add information to your account, or give us in any other way. You can choose not to provide data to us, but we may then not be able to service you where such services require processing such data. We use the data that you provide for purposes of administering your use of our services, such as communicating with you, responding to your requests, managing your account and bookings, customising your service experience with us, improving our products and services, and personalising marketing measures and activities where applicable.
We may communicate with you by mail, email or telephone. We will send you strictly service-related announcements or information on rare occasions when it is necessary to do so.
Examples of the data we collect and store include: your e-mail address, name, address, phone number, your account activity, transaction data and any information you provide during a transaction, or other transaction-based content that you generate or are connected to your account as a result of your transaction, financial data such as credit card numbers, logistics and billing data (such as customs ID and tracking number) and any other information you may provide us such as your age, gender, interests and preferences.
We also receive and store certain types of data whenever you interact with us. For example, we use “cookies,” which are unique identifiers that we transfer to your device to enable our website to provide features of our services such as providing remote access for you, allow you to visit our website without re-entering your username and/or password (if applicable), verify that you have the authorisation needed for the services to process your requests, personalise and improve your experience, record your preferences, customise functionalities for your devices, and to improve the functionality and user-friendliness of our services. It also helps us to better understand how you interact with our services and to monitor aggregate usage and web traffic routing on our website. Most of the cookies used by us are so-called “session cookies”. Cookies do not cause any damage on your computer and do not contain any viruses. Most browsers automatically accept cookies as the default setting. You can modify your browser setting by editing your browser options to reject our cookies or to prompt you before accepting a cookie. However, if a browser does not accept cookies or if you reject a cookie, some portions of our services may not function properly or as well as they are intended to.
All personal data that we store is directly related to a consultation or inquiry you have made or other information you have explicitly provided us. This is securely stored on our private database and is accessible only to authorised members of our team. Any new data you provide us will be added to an existing profile we hold about you.
Non-Personal data we collect
We collect data in a form that does not permit direct association with any specific individual. We may collect your activities on our website. The information is collected anonymously and it is aggregated and used to help us provide more useful information to our customers and to understand which parts of our website, products, and services are of most interest.
Use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies or IP-address to help the website analyse how users use the site, to monitor and analyse use of our services. The information generated by the cookie or IP-address about your use of the website will be transmitted to and stored by Google on servers. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity, and providing us other services relating to website activity and internet usage. The IP-address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing: https://tools.google.com/dlpage/gaoptout?hl=en.
How do we process your personal data?
Personal data is only collected through our website by use of the contact forms. All required information enables us to fulfill our services and requests made by you. We take our security responsibilities very seriously and never sell or otherwise share any data with third party companies or associations unless under exceptional circumstances (see ‘Sharing your personal data’ below for more information).
All data captured through our website is sent via email to our team and transferred to our data system for storage and future recall. If you decide you wish to be made anonymous or deleted, we will securely destroy the relevant data and inform you of our actions.
We use your personal data for the following purposes:
- To design and deliver our services and activities to you.
- To provide you access to and use of our services.
- To design services and activities, inform you of online and offline offers, products, services, and updates, customise your shopping processes (where applicable).
- To maintain the integrity and safety of our data system which stores and processes your personal data.
- To enforce or defend our policies or contract with you.
- To detect and investigate data breaches, illegal activities, and fraud.
Privacy of data subjects under the age of 16
Our products and services are not targeted to persons under the age of 16. We do not knowingly collect or process personal data from persons under the age of 16.
What is our lawful basis for processing your personal data?
In general, the lawful bases for us to process your personal data for the various types of processing performed on your data (please refer to “How do we process your personal data?” section of this Policy) is, as applicable, processing based on your consent, as necessary for us to enter into and to perform our contract with you, to comply with our obligations or as necessary to pursue the legitimate interest of our company.
We will collect, process and use the personal data supplied by you only for the purposes communicated to you and will not disclose it to third parties except under exceptional circumstances (see ‘Sharing your personal data’ below for more information).
Processing of certain personal data
We do not collect or process the following categories of data relating to you: your racial or ethnic origin, political opinions, religious beliefs, trade union membership, health data, genetic data, biometric data. If we have to process this type of data, we will always request your prior explicit consent.
Necessity to provide us data
You are not under any obligation to provide us any personal data. The choice is yours. However, without certain data from you, we may not able to undertake some or all of our obligations under our service contract with you, or adequately provide you with our full range of services. If you would like to obtain more detail about this, please contact us following the instructions in the “Who should I contact?” section below.
Sharing your personal data
Your personal data will be treated as strictly confidential, and will only ever be shared with the categories of data recipients listed below under exceptional circumstances:
- Governments and/or government-affiliated institutions, courts, or law enforcement agencies, to comply with our obligations under relevant laws and regulations, enforce or defend our policies or contract with you, respond to claims, or in response to a verified request relating to a government or criminal investigation or suspected fraud or illegal activity that may expose us, you, or any other of our customers to legal liability; provided that, if any law enforcement agency requests your data, we will attempt to redirect the law enforcement agency to request that data directly from you, and in such event, we may provide your basic contact information to the law enforcement agency.
- Third parties involved in a legal proceeding, if they provide us with a court order or substantially similar legal procedure requiring us to do so.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary for the given purpose for which your data is processed. If you will provide us, or have provided us, consent for us to process your data, we will process your data for no longer than your consent is effective. Notwithstanding the above, we may retain your personal data as required by applicable laws and regulations, as necessary to assist with any government and judicial investigations, to initiate or defend legal claims or for the purpose of civil, criminal or administrative proceedings. If none of the above grounds for us to keep your data apply, we will delete and dispose of your data in a secure manner.
Your rights and your personal data
You have the choice to allow us to collect and process your data. The collection and processing of your personal data is neither a statutory nor a contractual requirement.
When dealing with us online, note that most browsers will inform you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and how to disable cookies. Additionally, you can disable or delete data used by browser add-ons, such as Flash cookies, on your browser or on the website of its manufacturer.
Unless subject to an exemption under applicable privacy laws, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which we hold about you.
- The right to request that we correct any personal data if it is found to be inaccurate or out of date.
- The right to request to erase or make anonymous your personal data where it is no longer necessary for us to retain such data, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- The right to withdraw your consent to the processing at any time, where we rely on your consent to process your data.
- The right to restrict our processing of your personal data where you believe such data to be inaccurate, our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
- The right to object to us using your personal data, where the legal justification for our processing of your personal data is our legitimate interest. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of legal claims.
- The right to lodge a complaint regarding our processing of your data, with the competent authority where you reside or in which your data is processed.
If you would like to exercise any of the above rights, please do so using the relevant avenues outlined in the ‘Who should I contact’ section. After receiving your request, we will evaluate and inform you how we intend to proceed.
In summary, what we are allowed to do with your data is up to you. However, in the event that you choose for us not to further process your data, such choice may affect the delivery of our obligations or services to you; in this situation, we will inform you of our constraints.
Who should I contact?
If you have any questions about this Policy, complaints or other queries that you would like to discuss with us please use the contact form on the ‘Contact’ page or by e-mailing: janice@fitfeet.org.
If you wish to exercise your rights to the data we hold about you, in the first instance fill in the form on the ‘GDPR rights of access’ page to formally begin proceedings.
In case of disagreements relating to our processing of your personal data, you can submit a request for mediation or other administrative action to the data protection supervisory authority with the competent authority where you reside or in which your data is processed. Please click here for a list of local data protection authorities in EEA countries: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.