Our role in your privacy
If you are a PPL customer or just visiting our website, this policy applies to you.
If you are a registered customer of PPL we act as the data controller of personal data about you, but as the data processor of personal data about those for whom you are ordering our products.
We are not required to appoint a data protection officer, however, we have appointed a person who is responsible for all data protection queries. Her name is Julie Hegarty. You can reach her via email@example.com
- Read this Privacy Statement.
- If you are our customer, please also check the contracts between us: they may contain further details on how we collect and process your data.
When and how we collect data
We collect data from our customers when they request a new account with us. We will confirm payment details and shipping information at this time.
When you order a custom-made device from us, you provide us with your patient details via a prescription as well as an image or reasonable facsimile of the patient’s foot.
Here’s when and how we collect data:
- You complete a contact form requesting more information via our website.
- You initiate a new customer request from us which can be made via telephone, post or email.
- You send us a prescription for a custom-made device (sent via An Post, email, facsimile, courier).
- You amend your prescription based upon our technical guidance (via phone or email).
- Any changes necessary during the customer service process.
Types of data we collect
- Customer name, profession*, Address and e-mail address; Telephone number and mobile number
- Billing address and shipping address and bank details or credit/debit card details.
- Patient name, sex, age, weight, and other medical information as it relates to designing an appropriate device.
- Your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version, etc.
How and why, we use your data
Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data:
Fulfil an order.
When a customer prescribes and purchases a device from us, we may only use the patient data to produce the device ordered. We use your customer data to bill and ship the device (important note – PPL will not ship direct to the patient).
Legal Basis: Contract
Notifying you of any changes to our service, solving issues via phone or email including any device issues.
Legal Basis: Contract
Track our website health and usage
Legal Basis: Consent
Your privacy choices and rights
You can choose not to provide us with personal data.
If you choose to do this, you can continue to use the website and browse its pages, but we will not be able to process orders without personal data.
You can turn off cookies
You can ask us not to use your data for marketing
We will inform you (before collecting your data) if we intend to use your data for marketing and if third parties are involved. You can opt out from marketing by emailing us at firstname.lastname@example.org
You can exercise your rights by sending us an email to: email@example.com
However, if you are not a PPL Biomechanics customer, but a patient who has received one of our products via a practitioner, please contact your practitioner.
This includes the right to ask us supplementary information about:
- The categories of data we’re processing
- The purposes of data processing
- The categories of third parties to whom the data may be disclosed
- How long the data will be stored (or the criteria used to determine that period)
- Your other rights regarding our use of your data
We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of other (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.
You have the right to access information we hold about you
You have the right to make us correct any inaccurate personal data about you
You can object to us using your data for profiling you or making automated decisions about you
You have the right to port your data to another service
We will give you a copy of your data in CSV or JSON so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.
You have the right to be ‘forgotten’ by us
You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for purposes for which we process it. This right doesn’t always apply (for example, if we have a contract with you), but we’ll tell you if this is the case when you ask us to erase your data.
You have the right to lodge a complaint regarding our use of your data
Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the Data Protection Commission
How secure is the data we collect?
We have physical, electronic, and managerial procedures to safeguard and secure the information we collect. We take our commitment to protecting personal data very seriously.
And please remember:
- You provide personal data at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure
- If you believe your privacy has been breached, please contact us immediately on firstname.lastname@example.org
Where do we store the data?
The personal data we collect is processed at our offices in Cork and in any data processing facilities operated by the third parties identified below. All facilities storing special category data (health data) are located in the EEA.
How long do we store your data?
If you’ve been a PPL Biomechanics customer, we’ll delete your personal data from our systems six years after you stop being a PPL Biomechanics customer. We keep the information in case there are any legal claims relating to your time as a customer.
We will hold prescription and order data for 10 years as per Regulation (EU) 2017/745 Annex XIII.
Third parties who process your data
We use third parties to help us host our website, host remote backups, power our emails etc. We partner with third parties who we believe are the best in their field at what they do.
Any data transfers to these third parties are encrypted and protected to the highest level due to their sensitive nature.
How can I block cookies?
You made it
Please don’t make this the last time you read it as we will post any changes on this page - significant changes will of course be notified to PPL Biomechanics customers.