Privacy Policy

Promenade Foot Clinic
111 Promenade, Cheltenham GL50 1NW

Effective Date: [INSERT DATE]

1. Introduction

This Privacy Policy explains how Promenade Foot Clinic collects, uses, stores, and protects your personal information.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller responsible for your personal information is:

Promenade Foot Clinic
Operated by: Deborah Julie Cross (Sole Trader)

Registered Address: 4 Jasmine Gardens, Tetbury GL8 8FR
Clinic Address: 111 Promenade, Cheltenham GL50 1NW
Email: dhayklan@icloud.com
Telephone: 07854 648470

3. What Personal Data We Collect

We collect and process the following categories of personal data:

Contact Information:

  • Full name
  • Home address
  • Telephone number
  • Email address
  • Date of birth

Medical Information:

  • GP name and contact details
  • Medical history
  • Current medications
  • Details of foot and lower limb conditions
  • Treatment records
  • Clinical notes and observations

Appointment Information:

  • Appointment dates and times
  • Attendance records
  • Cancellation history

Financial Information:

  • Payment records (we do not store card details)

All medical and health information is classified as “special category data” under UK GDPR and is subject to enhanced protection.

4. How We Collect Your Data

We collect personal data directly from you through:

  • Initial patient registration forms (paper or electronic)
  • Telephone bookings
  • Email communications
  • Website contact forms
  • Fresha booking platform
  • In-person consultations and assessments
  • Subsequent appointments

5. Legal Basis for Processing Your Data

We process your personal data under the following legal bases:

For general personal data (Article 6 of UK GDPR):

  • Article 6(1)(e) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (provision of healthcare services)

For special category health data (Article 9 of UK GDPR):

  • Article 9(2)(h) – Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment

We also comply with the Common Law Duty of Confidentiality in relation to patient information.

6. How We Use Your Personal Data

We use your personal data for the following purposes:

Providing Podiatry Services:

  • Assessing your foot health and medical needs
  • Providing appropriate treatment
  • Maintaining accurate clinical records
  • Monitoring treatment outcomes

Managing Appointments:

  • Scheduling and confirming appointments
  • Sending appointment reminders
  • Managing cancellations and rescheduling

Maintaining Medical Records:

  • Recording clinical findings and treatment provided
  • Ensuring continuity of care
  • Complying with professional standards and record-keeping requirements

Legal and Regulatory Compliance:

  • Meeting obligations under HCPC registration
  • Responding to regulatory enquiries
  • Maintaining insurance requirements
  • Complying with legal and professional duties

Financial Management:

  • Processing payments
  • Maintaining financial records for tax and accounting purposes

7. Who We Share Your Data With

We may share your personal data with the following third parties where necessary:

Regulatory Bodies:

  • Health and Care Professions Council (HCPC) – if required for regulatory purposes
  • Information Commissioner’s Office (ICO) – if required by law

Legal and Insurance Advisers:

  • Professional indemnity insurers – if required in relation to a claim
  • Legal advisers – if required for legal advice or proceedings

Payment Processors:

  • Paymentsense – for processing card payments (they do not have access to your medical records)

Healthcare Professionals:

  • Your GP or other healthcare providers – only with your consent or in clinical emergencies where it is in your vital interests

We do not sell or share your personal data with third parties for marketing purposes.

All third parties are required to keep your data secure and use it only for the purposes we specify.

8. Data Retention Periods

We retain your personal data for the following periods:

Medical Records:

  • Adults: 8 years from the date of your last appointment
  • Children: Until the patient’s 25th birthday

Financial Records:

  • 6 years from the end of the financial year (as required by HMRC)

Appointment Records:

  • 8 years from the date of your last appointment

We do not maintain marketing records as we do not engage in marketing activities.

After the retention period expires, records are securely destroyed or permanently deleted.

9. How We Keep Your Data Secure

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure:

Paper Records:

  • Historical records are stored securely in locked filing cabinets at the clinic
  • Access is restricted to authorised personnel only

Electronic Records:

  • Current records are stored on the Cliniknote electronic application
  • The system is password-protected with access controls
  • An annual data protection scan is undertaken by Cliniknote providers

General Security Measures:

  • Staff are trained in data protection and confidentiality
  • Physical security measures are in place at the clinic
  • Data is not transferred outside the UK

While we implement robust security measures, no method of data transmission or storage is completely secure. We cannot guarantee absolute security but take all reasonable steps to protect your information.

10. International Data Transfers

Your personal data is not transferred outside the United Kingdom.

All data is stored and processed within the UK in accordance with UK GDPR requirements.

11. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling in relation to your personal data.

All clinical decisions are made by qualified healthcare professionals based on individual assessment.

12. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

Right of Access: You have the right to request a copy of the personal data we hold about you.

Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data. However, this right is limited where we are required to retain records for legal, regulatory, or professional obligations (such as medical record retention requirements).

Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Object: You have the right to object to the processing of your personal data in certain circumstances.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.

How to Exercise Your Rights:

To exercise any of these rights, please contact us in writing:

By Post:
Promenade Foot Clinic
111 Promenade
Cheltenham
GL50 1NW

By Email:
dhayklan@icloud.com

We will respond to your request within one month. In complex cases, we may extend this period by a further two months and will notify you if this is necessary.

We may require proof of your identity before processing your request.

13. Complaints

If you have any concerns about how we handle your personal data, please contact us using the details above.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

14. Cookies and Website Tracking

Our website may use cookies and similar tracking technologies to improve user experience.

Essential Cookies: These are necessary for the website to function properly, such as remembering your session.

Analytics Cookies (if applicable): We may use Google Analytics or similar services to understand how visitors use our website. This helps us improve the website and your experience.

You can manage your cookie preferences through your browser settings. Blocking certain cookies may affect website functionality.

For more information about the cookies we use, please contact us.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

When we make changes, we will update the “Effective Date” at the top of this policy.

Where we hold your email address, we will notify you of significant changes by email.

The current version of this Privacy Policy is always available on our website and at the clinic.

16. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Promenade Foot Clinic
111 Promenade, Cheltenham GL50 1NW
Email: dhayklan@icloud.com
Telephone: 07854 648470

By using our services, you acknowledge that you have read and understood this Privacy Policy.