Privacy Policy

Footnote Podiatry

Footnote Podiatry is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 


1. Who We Are

Footnote Podiatry is the Data Controller responsible for your personal data.

We are a podiatry clinic providing treatment for foot, ankle, and lower leg conditions.

Contact details:
 Email: dan@footnotepodiatry.co.uk
 Practice Owner: Dan Aston

If you have any questions about this policy or how your data is handled, please contact us using the details above.

 


2. How We Collect Information

We collect personal information when you:

  • Register as a patient
  • Book an appointment (online, in person, or by phone)
  • Contact us with an enquiry

We operate a primarily paperless practice. Occasionally, paper forms may be used and are securely scanned into our system and confidentially destroyed.

 


3. What Information We Collect

We may collect and store the following information:

  • Name, address, and contact details
  • Date of birth
  • GP details
  • Medical history (including medications and conditions)

This includes special category health data, which is afforded additional protection under UK GDPR.

All records are stored securely within our clinical management system, Cliniko.

 


4. Legal Basis for Processing

We process your personal data under the following lawful bases:

Article 6 (UK GDPR)

  • 6(1)(b) – Performance of a contract (providing healthcare services)
  • 6(1)(c) – Compliance with legal obligations

Article 9 (Special Category Data)

  • 9(2)(h) – Provision of health care and treatment

 


5. How We Use Your Information

We use your information to:

  • Create and maintain your medical record
  • Provide safe and effective treatment
  • Manage appointments and communicate with you
  • Share relevant information with other healthcare professionals (with your knowledge or consent where appropriate)
  • Meet legal and regulatory obligations

We will only use your data for purposes related to your care and the operation of our practice.

 


6. Data Storage and Security

We use Cliniko, a secure cloud-based clinical system, to store your data.

  • Access is restricted via secure logins
  • Data is encrypted and securely stored on remote servers
  • Data is not stored directly on local devices

Paper records (where used) are:

  • Scanned into Cliniko
  • Securely shredded via a confidential waste provider

 


7. International Data Transfers

Cliniko may store data on servers located outside the UK.

Where your data is transferred internationally, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations, or
  • Standard Contractual Clauses (SCCs)

These safeguards ensure your data remains protected to UK GDPR standards.

 


8. Who Has Access to Your Information

Your data may be accessed by:

  • Clinicians and clinical assistants (for treatment purposes)
  • Administrative staff (for appointment and practice management)

We may share your information with:

  • Your GP or other healthcare professionals involved in your care
  • Diagnostic or referral providers

All third parties act as data processors and are contractually required to protect your data.

We do not:

  • Sell your data
  • Share your data for marketing purposes

 


9. Data Retention

We retain medical records in line with UK healthcare guidelines:

  • Adults: 8 years after last treatment
  • Children: Until age 25
  • Mental health cases: 20 years after last treatment

In most cases, we are legally required to retain health records and may not be able to delete them upon request.

 


10. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request restriction of processing
  • Object to processing
  • Request data portability

You also have the right to request erasure of your data; however, this may not apply where we are legally required to retain medical records.

 


11. Complaints

If you are unhappy with how your data is handled, you can contact us directly.

You also have the right to lodge a complaint with the
 Information Commissioner's Office (ICO), the UK regulator for data protection.

 


12. Communications and Marketing

We may contact you regarding:

  • Appointments (including reminders)
  • Important updates about your care or our services

We will only send marketing communications if you have given consent.
 You can opt out at any time.

 


13. Website and Email Security

Our website may use cookies to improve user experience. Please see our Cookie Policy for more details.

Please note:

  • Email communication is not always secure
  • We advise against sending sensitive medical information via email

 


14. Links to Other Websites

Our website may contain links to external sites.
 We are not responsible for the privacy practices of those websites.

 


15. Children’s Data

We take the privacy of children seriously.
 If you are under 16, parental or guardian consent is required before providing personal information.

 


16. Policy Updates

We review this policy regularly to ensure compliance.

Last updated: March 2026