Privacy Policy
Who We Are
Firefly Orthoses Ltd. (‘we’ or ‘us’ or ‘our’) gather and process personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and law. This notice provides the necessary information regarding rights and obligations and explains how, why and when we collect and process personal data.
Firefly Orthoses Ltd. registered office is at Firefly Orthoses Ltd., 4th Floor Connacht House, Markievicz Road, Sligo, Ireland. Our designated Data Protection Compliance Officer for the organisation is Andrea Sheridan, and we can be contacted at Firefly Orthoses Ltd., 4th Floor Connacht House, Markievicz Road, Sligo, Ireland. Phone: 00353 71 91 494 94. Email: [email protected]
Purpose of this policy
This policy is a statement of Firefly Orthoses Ltd. commitment to protect the rights and privacy of individuals. It sets out how we use and protect the information you supply when using our services. We are committed to ensuring that individuals privacy is protected.
Our Privacy Policy explains:
- What information we collect
- How we collect it
- How we use that information
- What information we share
- How we safeguard any data that is supplied to us
Please make sure that you have read and understood our Privacy Policy. We prioritise safeguarding all data which you provide in order for us to fulfil orders.
Principles of Processing Personal Data
Any staff member of Firefly Orthoses Ltd. who is involved in the collection, storage or processing of personal data has responsibilities under legislation:
- to obtain and process personal data fairly.
- to keep such data only for explicit and lawful purposes.
- to disclose such data only in ways compatible with these purposes
- to keep such data safe and secure.
- to keep such data accurate, complete and up-to-date.
- to ensure that such data is adequate, relevant and not excessive.
- to retain such data for no longer than is necessary for the explicit purpose.
- to give, on request, a copy of the data to the individual to whom they relate, such a request is known as an Access Request
Information That We Collect
Firefly Orthoses Ltd. processes personal information to meet our legal, statutory and contractual obligations and to provide our products and services. We will never collect any unnecessary personal data and do not process information in any way, other than already specified in this notice.
The personal data that we collect is: –
- Patient name
- Patient date of birth
- Patient weight and shoe size
- Patients prescribing clinician/hospital
- Patient identifier no.
- Special Category Data: Patient medical/pathology details
- Special Category data: Patient gender
- Prescription and order details for the patient as determined by the prescriber
- Patient phone number and address in some instances
- Patient credit card details in some instances
- Clinician’s personal email, phone no. and address (not always required)
We collect information in the below ways: –
- Product order form hardcopy/downloadable clickable form
- Private Patient consent form (hardcopy)
- Shield Insurance form (hardcopy)
- Over the phone, only in some instances
- Via our website, for the collection of clinician name and email addresses
How We Use Your Personal Data (Legal Basis for Processing)
Firefly Orthoses Ltd takes data privacy very seriously and will never disclose, share or sell personal data without consent, unless required to do so by law. We only retain personal data for as long as is necessary and for the purposes specified in this notice.
Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw consent at any time.
The purposes and reasons for processing your personal data are detailed below: –
- We collect personal data in the performance of a contract to provide custom made foot orthotic products and services [including educational and training services] and to ensure that orders are completed and dispatched to a specified address.
- We collect and use a personal phone number (only as requested by the Data Subject) to confirm postal details if they are outside of a business address.
- We collect and store personal data as part of a relevant filing system.
- We may use personal data in a generic format for the purpose of case histories for internal training purposes that may help in resolving issues in the prescriber/patient medical treatment and for educational/training purposes.
- We may transfer personal data in the performance of a contract outside of the European Economic Area to our contract manufacturers, for the manufacture of a custom-made product.
- We may disclose personal information to any relevant regulator, if they require it or to anyone else if there is a legal duty to do so.
Data Subject Rights
Data Subjects have the right to access any personal information that Firefly Orthoses Ltd. processes and to request information about: –
- What personal data we hold about a data subject
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from the data subject, information about the source
Data Subjects rights include the right of access, rectification, erasure, restriction as well as the right to transfer of their data, the right to object to some processing and automated decision making, including profiling. These rights may be exercised freely and at no cost.
If you believe that we hold any incomplete or inaccurate personal data, the data subject has the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified. Please write to us or email us at [email protected] . We will promptly correct any information found to be incorrect.
The data subject also has the right to request erasure of their personal data or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use.
If we receive a request from a data subject to exercise any of the above rights, we may ask that person to verify their identity before acting on the relevant request; this is to ensure that a data subjects data is protected and kept secure.
Data Subject Access Requests
Where a formal request is submitted by a Data Subject in relation to the data held by Firefly Orthoses Ltd. such a request gives rise to access rights in favour of the Data Subject. We will ensure that, where necessary, such requests are forwarded to the Data Protection Compliance Officer in a timely manner, and they are processed as quickly and efficiently as possible, but within not more than 30 days from receipt of the request.
Sharing and Disclosing Your Personal Information
We do not share or disclose any of personal information without consent, other than for the purposes specified in this notice or where there is a legal requirement. Firefly Orthoses Ltd. uses third-parties to provide the below services and business functions, however all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures. We share your personal data with the following categories:
Manufacturing
We share personal data with third party contract manufacturers. We do this for the purpose of manufacturing custom made podiatric orthoses as per order requests. Our contract manufactures are located in the USA, Canada and UK. Passing your personal information to certain countries including USA and Canada is permitted under an adequacy decision made by the European Commission.
This includes sharing such data as: Patient name, age (only for under 16year olds who are enrolled in the Outgrowth Programme), weight and shoe size, product order details and product prescription details.
Marketing & Cookies
We may collect non-personally identifiable information with cookies, such as IP address, browser type and version, and pages you view on our website. You can remove cookies by following directions on your Internet browser’s settings.
We use third-party marketing cookies that are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not directly store personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Your browser settings can control how your browser manages cookies on your device.
We use Google Analytics to track how you got to our site and any links you click on to leave our site. Once you leave our site, we do not track you.
We use your website activity to assist us in offering you a personalised web experience, to assist you with technical support, and administer our websites and to tailor our product and service offerings to you.
This aggregate information is analysed and combined with similar aggregate information of other users and may be collected both on our site and on other sites. We may share aggregated information with our business partners and other third parties. Such aggregate information is anonymous and does not identify any individual user, and we do not link this automatically collected data to personally identifiable information.
Legal Reasons
We will share personal information with 3rd parties if we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to:
Meet any applicable law, regulation, legal process or enforceable governmental request.
Enforce applicable Terms of Service, including investigation of potential violations.
Detect, prevent or otherwise address fraud, security or technical issues.
Protect against harm to the rights, property or safety of Firefly Orthoses Ltd., our users or the public, as required or permitted by law.
Safeguarding Measures
Firefly Orthoses Ltd. takes data privacy seriously and we take every reasonable measure and precaution to protect and secure personal data. We work hard to protect the data subject and their information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: –
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
- Access to and management of staff and customer records is limited to those staff members who have appropriate authorisation and password access.
- We restrict access to personal information solely to Firefly employees and 3rd parties who require the information to manufacture products for us and who are subject to strict contractual confidentiality obligations. Failure of a third party to manage Firefly Orthoses Ltd. data in a compliant manner will be viewed as a breach of contract and may be disciplined, or their contract terminated if they fail to meet these obligations.
Failure of Firefly Orthoses Ltd. staff to process Personal Data in compliance with this policy may result in disciplinary proceedings.
How Long We Keep Personal Data
Firefly Orthoses Ltd. retains personal data for as long as necessary to provide a data subject with our services through our client base. Firefly Orthoses Ltd. is required under tax laws to keep personal data for 6 years, Accounting records for a period of 6 years after the end of the financial year.
Special Categories Data
Owing to the products and services that we offer Firefly Orthoses Ltd. need to request sensitive personal information in the performance of a contract to advise on best product and prescription combinations to provide medical treatment to the data subject. Where we collect sensitive personal data, we will only request the information required for the specified purpose.
Consequences of Not Providing Personal Data
A data subject is not obligated to provide personal information to Firefly Orthoses Ltd., however, as this information is required for us to provide our services/deliver your products, we will not be able to offer our products or services without it.
Breach Notification
It is Firefly’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be notified within 72 hours. This will be managed in accordance with our Information Security Incident Response Procedure which sets out the overall process of handling information security incidents.
Addressing compliance to GDPR
The following actions are undertaken to ensure that Firefly Orthoses Ltd. Complies at all times with the accountability principle of GDPR:
- The legal basis for processing information is clear and unambiguous
- All staff involved in handling personal data understand their responsibilities for following good data protection practise.
- Training in data protection has been provided to all staff
- Rules regarding consent are followed.
- Routes are available to data subjects wishing to exercise their rights regarding personal data and such enquiries are handled effectively
- Regular reviews of procedures involving personal data are carried out
- Privacy by design is adopted for all new or changed systems and processes.
- The following documentation or processing activities are recorded:
- Organisation name and relevant details
- Purposes of the personal data processing
- Categories of individuals and personal data processed
- Categories of special data
- Agreements and mechanisms for transfer of personal data to non-EU countries including details of controls in place
- Personal data retention schedules
- Relevant technical and organisational controls in place
Lodging A Complaint
Firefly Orthoses Ltd. only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint.
Andrea Sheridan, Complaints, Firefly Orthoses Ltd., 4th Floor Connacht House, Markievicz Road, Sligo, F91 KXH6, Ireland
Or furthermore with the supervisory authority:
Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, Ireland R32 AP23
+353 (0) 57 8684800
Changes to our privacy notice
Firefly Orthoses Ltd. changes this notice from time to time. All changes will be posted and updated here. We will notify you directly by email (if we hold one for you) if any significant changes occur. We advise you to check back here frequently to review the most current version of this notice.
This Statement was last updated on 25th May 2023