The London Podiatry Centre is a Care Quality Commission (CQC) registered Podiatry facility. We are regulated to undertake diagnostic and screening procedures, surgical procedures and the treatment of foot disorders. Our aim is to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Human Rights Act 1998 and other relevant laws to ensure we maintain full and accurate records of the care we provide for you and keep this information confidential and secure. This privacy notice sets out information about the data we collect, how we protect your data, confidentiality and information security, your rights under data protection law, and how you can obtain access to the information relating to your healthcare.
What information do we collect?
We collect information such as your name, address, date of birth, contact details and General Practitioner (GP) details, alongside any health-related information required for the delivery of your care. This may include clinical notes documenting your encounters with our clinicians, gait analysis data, imaging, surgical records, and treatment history. Data may be collected directly from you when you register with us, or sent to us if you have been referred by a third party (e.g. GP, insurance company, or other healthcare professional). We also collect information needed for administration and payment, consent forms, correspondence and feedback.
Lawful basis for processing
We process your data under Article 6(1)(f) (legitimate interests, to operate a private healthcare service), Article 9(2)(h) (provision of health or social care, treatment, or management of health systems and services, for special category data), and where required, Article 6(1)(c) (legal obligations).
How do we use the information we collect?
We use your information to provide assessment, diagnosis and treatment; communicate with your GP or other healthcare professionals; ensure accurate referrals; arrange and manage appointments (including reminders and encrypted electronic clinical notes); process payments and insurance claims; assess and audit the type and quality of care provided; investigate concerns, complaints or incidents; support research, teaching and training (only with your consent and anonymised where possible); and ensure your concerns can be properly investigated if you are unhappy with your care.
How else could your information be used?
Your information may also be used to ensure the health of the general public, review the care we provide, collect clinical audit data, support legal claims, conduct health research and development, ensure our service meets patient needs in the future, and train healthcare professionals. If information is used for training, we will obtain your written consent and anonymise data wherever possible.
Do we share information about you with anyone?
We may share your data with your GP, other healthcare professionals involved in your care, health authorities, the NHS, the Department of Health, and the Care Quality Commission. If you are receiving care from other organisations (such as Social Services) we may also share relevant information with them. We will not disclose your information to third parties without your consent unless required by law or in exceptional circumstances (e.g. to prevent serious crime, protect public health, report certain infectious diseases, comply with a court order, or notify the CQC of a serious incident). In all cases we share only the minimum amount of information required and anonymise data wherever possible.
How we keep your information secure and confidential
Staff are trained in confidentiality and data protection responsibilities. Patient information systems are secured by username and password, and PC screens are locked when unattended. Healthcare records are stored securely in electronic or paper form. Any suspected misuse of information is investigated and, where appropriate, action is taken which may include disciplinary action or reporting to the authorities.
How long do we keep your data?
We follow the NHS Records Management Code of Practice (2021). Adult health records are retained for 8 years after last contact. Children’s records are retained until the patient’s 25th birthday (or 26th if treated aged 17). Surgical records and gait analysis data may be retained longer if necessary for clinical or medico-legal purposes. Records no longer required are securely deleted or anonymised.
Your rights
Under UK GDPR you have the right of access, rectification, erasure (where legally possible), restriction, portability and objection. Requests can be made verbally or in writing and we will respond within one month. We may charge a reasonable fee if a request is excessive or repetitive, or for additional copies.
Complaints
If you are unhappy with how we process your data, you have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113. We encourage you to contact us first so we can try to resolve your concerns quickly.
Data Protection Lead
Our Data Protection Lead is Mrs Nutan McCulloch. She is responsible for overseeing data protection within the practice and can be contacted at info@london-podiatry.com if you wish to exercise your rights or raise a concern.
Review of this policy
This policy will be reviewed annually and updated when required. Version: v2, September 2025