Privacy Policy

The London Podiatry Centre Privacy Notice

The London Podiatry Centre (“we”, “us”, “our”) is a Care Quality Commission (CQC)-registered podiatry facility. We are regulated to undertake diagnostic and screening procedures, surgical procedures, and the treatment of foot disorders. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Human Rights Act 1998 and other relevant laws to ensure we maintain full and accurate records of the care we provide for you and keep this information confidential and secure. This privacy notice explains what data we collect, how and why we use it, how we protect it, your rights, and how to contact us.

What information do we collect?

We collect information such as your name, address, date of birth, contact details and General Practitioner (GP) details, alongside health-related information required for the delivery of your care. This may include clinical notes documenting encounters with our clinicians, gait analysis data, imaging, surgical records and treatment history. Data may be collected directly from you when you register, or sent to us if you have been referred by a third party (e.g. GP, insurance company, or other healthcare professional). We also collect information needed for administration and payment, consent forms, correspondence and feedback.

Our lawful basis for processing

We do not rely on consent to provide your clinical care. We process your personal data because it is necessary to deliver and manage your care and the clinic’s operations:

• UK GDPR Article 6(1)(b) – Performance of a contract: to provide assessment, diagnosis, treatment, appointment management, and related administration (including billing and payments).
• UK GDPR Article 6(1)(c) – Legal obligation: where we must keep records or make reports to comply with law or regulatory requirements (e.g. accounting, clinical safety, notifiable events).
• UK GDPR Article 9(2)(h) – Provision of health or social care for special category (health) data, together with Data Protection Act 2018, Schedule 1, paragraph 2 (health or social care purposes).
  

If we ever need to rely on consent for a non-essential use, we will ask you clearly and you can withdraw that consent at any time.

How we use your information

We use your information to:

• provide assessment, diagnosis and treatment;
• communicate with your GP and other healthcare professionals involved in your care;
• ensure accurate referrals and continuity of care;
• arrange and manage appointments (including reminders) and maintain encrypted electronic clinical notes;
• process payments and insurance claims;
• assess and audit the type and quality of care provided;
• investigate concerns, complaints or incidents;
• support research, teaching and training only with your consent and anonymised where possible.
  

We do not use your health information for marketing.

Sharing your information

We may share relevant information with:

• your GP, referring clinician, or other healthcare professionals for continuity of care;
• insurance companies or third-party payers where required to arrange or authorise treatment or payment;
• laboratories, orthotic manufacturers or other medical providers involved in your treatment;
• processors acting on our instructions, such as our electronic medical record provider (Semble), IT support and accountants. We have data processing agreements in place and only share the minimum necessary information.
  

We may also share information where required by law or in exceptional circumstances, for example with health authorities, the NHS, the Department of Health and Social Care, the CQC, to protect public health, prevent or detect serious crime, comply with a court order or meet other statutory duties. In all cases we share only what is necessary and anonymise data wherever possible.

You may object to certain sharing that is not legally or clinically required. We will explain any consequences of such an objection for your care.

Where we store your data and security

Clinical records are securely stored in Semble, hosted within the UK/EU. Access is restricted to authorised clinical and administrative personnel. Staff receive training on confidentiality and data protection. Systems are secured by username and password, devices are locked when unattended, and records are stored securely in electronic (and where applicable paper) form. Suspected misuse of information is investigated and may lead to disciplinary action or reporting to the authorities.

If we ever need to transfer data outside the UK/EU, we will implement appropriate safeguards (e.g. adequacy regulations or standard contractual clauses) and inform you where required.

How long we keep your data

We follow the NHS Records Management Code of Practice (2021). As a guide:

• Adult health records: 8 years after last contact.
• Children’s records: until the patient’s 25th birthday (or 26th if treated aged 17).
• Surgical records and gait analysis data may be retained longer where necessary for clinical or medico-legal purposes.
  Records that are no longer required are securely deleted or anonymised.
  

Your rights

Under UK GDPR you have the rights of access, rectification, erasure (where legally possible), restriction, portability and objection. You can exercise these rights verbally or in writing and we will respond within one month. We may charge a reasonable fee for excessive or repetitive requests, or for additional copies.

Complaints

If you are unhappy with how we process your data, you can complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113. We encourage you to contact us first so we can try to resolve your concerns quickly.

Contact and Data Protection Lead

Our Data Protection Lead is Mrs Nutan McCulloch. To exercise your rights or raise a concern, please contact info@london-podiatry.com