Lightfoot are committed to safeguarding and preserving the privacy of our visitors, staff and clients. We never give your details to third parties to use for marketing or sales activity.
This policy was last updated on 29th July 2022. Lightfoot update this Policy from time to time so please do review this Policy regularly.
This privacy notice covers the operations of
Lightfoot Solutions Group Ltd
and the following wholly owned subsidiaries
Henceforth known as Lightfoot.
Lightfoot Solutions Group Ltd and Lightfoot Solutions UK Ltd are registered with the Information Commissioners Office in England. The registration certificates are below –
Lightfoot shares data between its subsidiaries named above as required for operational purposes.
Lightfoot acts as a data processor processing data following instructions as specified by Lightfoot’s clients who are the data controller. For concerns regarding data processed by Lightfoot on behalf of other organisations please contact the relevant organisation directly. Please note Lightfoot cannot deal directly with subject access requests and freedom of information requests related to data they process on behalf of other data controllers.
Lightfoot hold a database of personal data in the form of pseudonymised Health Episode Statistics. This is provided by NHS Digital who in turn obtain the data from NHS hospital trusts. This is in a form where identifiable data has been removed – and individuals cannot be readily or easily identified. This is retained under a data sharing agreement with NHS Digital – and will be destroyed on termination of this agreement.
This data is used to provide NHS bodies and Academic Health Science Networks with analytics to assist with improving health systems and patient outcomes. This includes modelling the COVID-19 pandemic to ensure appropriate treatment resources are available.
The data is processed on the basis of legitimate interest as patients would reasonably expect information about hospital treatment to be used to improve care provided. The risks of using pseudonymised data are considered to be proportionate to the benefits – ultimately saving lives and reducing harm.
Lightfoot hold pseudonymised special category data for the purpose of statistical processing under Article 9 of the GDPR.
As we do not hold data which allows for the identification of the data subject we are not able to – and have exemption under Article 11 from processing subject access requests.
NHS health data held by Lightfoot is not used for automated decision making (a decision made solely by automated means without any human involvement).
Please refer to the following information provided by the Information Commissioners Office for more details on your rights under the GDPR –
In running and maintaining our website we may collect and process the following data about you:
You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “settings” section of your computer. For more information please read the advice at AboutCookies.org.
Lightfoot holds employee records as required for the correct and legal operation of the business. These are not shared with other organisations unless consent is given – or there is a statutory requirement.
Lightfoot holds data about its clients as required to perform normal business operations. These include records of business letters and other communications. These records are not shared with other organizations unless
Lightfoot also hold details of organisations and contacts with which they have entered into meaningful discussions or negotiations. These are not shared with other organisations.
Lightfoot information security management system complies with ISO/IEC 27001:2013. This system covers all four subsidiary companies in the Lightfoot group. The management of information security is externally audited by CQS Ltd on an annual basis.
Lightfoot have appointed a data protection officer:-
Name: Andrew Garside CEng CITP