PRIVACY POLICY
The Chiropody Clinic Limited is registered as a data controller with the UK Information Commissioner’s Office (ICO), registration number Z2549730.
Within this policy, the terms “we”, “us” and “our” mean The Chiropody Clinic Limited.
All information is held confidentially and only those involved in the provision of patient care (podiatry and reception/administration staff) have direct access to it.
This policy describes how and when your information is collected, used, shared, stored and retained when you attend for an appointment, purchase a product, contact by any means, or otherwise use a service in this practice. This is to comply with the General Data Protection Regulations 2018 (GDPR).
Information we collect
To enable us to provide suitable treatment or as part of purchasing something from our practice, you will normally provide us with information, including your name, date of birth, postal address, contact details, medical information and payment information.
Why we need your information and how we use it
We rely on several legal bases to collect, use and share your information, including:
-
where it is necessary for the purposes of the provision of health care as needed to provide our services, such as when we use your information to fulfil your podiatry assessment and treatment, or to provide patient support
-
when you have provided your valid consent, which you may revoke at any time, such as by signing up for a mailing list
-
if necessary, to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law
Information sharing and disclosure
We may share your information, for limited reasons and in limited circumstances, with:
-
medical professionals – such as your GP or consultant to allow continuity of care, with your valid consent or if it is in the best interests of your health
-
service providers – we may engage trusted third parties to perform functions and provide services to our practice, such as external reception services
-
police or other legal authority – we may collect, use, share, store and retain your information if we are legally required to
-
those involved in a business transfer – if we sell or merge our practice, we may disclose your information as part of that transaction, only to the extent permitted by law and with your valid consent
Storage and retention of information
Your information is stored on a paper-based patient record, which is locked in metal filing cabinets, and/or on our electronic diary system, which is password protected.
Your information is usually retained for a minimum of 8 years after your last appointment, after which time it is disposed of securely via our confidential waste. For customers who are not patients, but have bought products from our practice, we will keep any information you have provided for a minimum of 6 years in line with tax legislation. We may also be required to retain your information to comply with our legal and regulatory obligations, to resolve disputes or to enforce our agreements.
Your rights
-
Access – you have the right to access and receive a copy of the information we hold about you within one month of your request, free of charge
-
Change, restrict, delete – you may have the right to change, restrict our use of or delete your information; however, health records are normally exempt from change and deletion requests
-
Object – you can object to our processing of your information based on our legitimate interests to the provision of high-quality care, for example clinical audit; in such cases, your information will not be used or deleted unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons
-
Complain – if you wish to raise a concern about our use of your information (without prejudice to any other rights you may have), you can do so via the Information Commissioner’s Office
How to contact us
If you have any questions about this policy, or if you believe there has been a breach of your confidentiality, you may contact us using our contact details below.