Care for Feet treats the privacy of its customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This Policy explains how we protect and manage any personal data* you share with us and that we hold about you, including how we collect, process, protect and share that data.
*Personal data means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
How we use your personal data
We use your personal data to manage and administer your account as a controller and processor. We undertake at all times to protect your personal data, including any health and financial details, in a manner which is consistent with the requirements of the GDPR (General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standards (where payments are taken by credit/debit card) concerning data protection. We will also take reasonable security measures to protect your personal data in storage.
We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.
By using this extension, you may be storing personal data or sharing data with an external service
Information about cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website experience, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We will keep information about you confidential. We will only disclose your information with other third parties with your express consent with the exception of the following third parties.
Categories of third parties
- insurance companies, loss assessors, regulatory authorities and other fraud prevention agencies for the purposes of fraud prevention and to comply with any legal and regulatory issues and disclosures
- any mailing or printing agents, contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential
- anyone to whom we may transfer our rights and duties under any agreement we have with you
- any legal or crime prevention agencies and/or to satisfy any regulatory request (including recognised practitioner bodies) if we have a duty to do so or if the law allows us to do so.
We keep information for a period of seven years, however, we will automatically stop using your information three years from the time of your last transaction (purchase) with us. These retention periods are in line with the length of time we need to keep your personal information in order to manage and administer your account. They also consider our need to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece of information to the next. In all cases our need to use your personal information will be reassessed on a regular basis and information which is no longer required will be securely disposed of.
Data subject rights – Subject access requests
The General Data Protection Regulation (GDPR) grants you (hereinafter referred to as the “data subject”) the right to access personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly, and certainly within one calendar month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold about you, including the following:
- sources from which we acquired the information
- the purposes for processing the information
- persons or entities with whom we are sharing the information.
Right to rectification
You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Considering the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You, the data subject, shall have the right to obtain from us the erasure of personal data concerning you without undue delay.
Right to restriction of processing
Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified
- the processing is unlawful and you, the data subject, oppose the erasure of the personal data and instead request the restriction in its use
- we no longer need the personal data for the purposes of processing, but it is required by you, the data subject, for the establishment, exercise or defence of legal claims
- you, the data subject, have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections
Notification obligation regarding rectification or erasure of personal data or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject, with information about those recipients if you request it.
Right to data portability
You, the data subject, shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us, please write to the Managing Director at Care for Feet Limited, Suite 2, 4 Market Street, Chapel en-le Frith, High Peak, SK23 0HH or email at email@example.com
Accuracy of information
In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear, and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
Questions and queries
If you have a complaint
If you have a complaint regarding the use of your personal data or sensitive information then please contact us by writing to the Managing Director at Care for Feet, Suite 2, 4 Market Street, Chapel en-le Frith, High Peak, SK23 0HH or email at firstname.lastname@example.org and we will do our best to help you.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.
All of your personal details are encrypted to help keep them secure. We only accept orders using Secure Socket Layout (SSL). This technology prevents you from inadvertently revealing personal information using an insecure connection. Our site supports 128-bit encryption to keep your details as safe as possible at all times. We will reveal only the last five digits of your credit card number when confirming an order and we ask you for your card billing address as an additional security check. No credit or debit details are stored once your order has been processed. Therefore, you need to enter your card details each time you make an order. We also maintain physical and procedural safeguards in connection with the collection, storage and disclosure of personal information. This includes ensuring that only employees who need the information to perform a specific job (like billing clerk or customer service representative) are granted access to personally identifiable information. All employees are trained and regularly updated on our security and privacy practices.