Privacy Policy

Book Now

Privacy Policy

The Podiatry Clinic

We take your privacy seriously and are committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and related laws such as PECR (Privacy and Electronic Communications Regulations).

By attending an appointment, using our website, booking online, or communicating with us, you agree to the terms of this Privacy Policy.

1. Who We Are

The Podiatry Clinic is the Data Controller of your personal data.

Contact details:

  • Address: 15 High Street, B179NT

  • Email: hello@thepodiatryclinics.co.uk

  • Phone: 0121 285 5656

  • Data Controller: Muhammad Tausif

2. Information We Collect

We may collect and process the following types of data:

  • Identity data – name, date of birth, gender.

  • Contact details – address, phone, email.

  • Health data (special category data) – medical history, clinical notes, diagnostic images, treatments.

  • Appointment and communication data – bookings, reminders, correspondence, messages.

  • Financial data – payment information, billing history.

  • Website and technical data – cookies, analytics, IP address.

  • Marketing preferences – your choices about how we contact you.

3. How We Collect Your Information

  • Directly from you when you register, book, or attend.

  • Through online booking or forms.

  • From referring healthcare professionals (with your consent).

  • Through communication platforms (email, SMS, WhatsApp, video call).

  • Automatically through website cookies and analytics.

4. Why We Collect Your Data & Legal Bases

We only process personal data when lawful. Legal bases include:

  • Provision of healthcare services – processing necessary for medical diagnosis and treatment (GDPR Article 9(2)(h)).

  • Performance of a contract – booking and managing appointments.

  • Consent – for marketing communications, optional health questionnaires.

  • Legal obligations – tax, insurance, and medical recordkeeping.

  • Legitimate interests – ensuring clinic efficiency, patient support, staff training.

5. AI & Third-Party Systems We Use

To deliver efficient and modern care, we use trusted partners and platforms:

  • Cliniko – our electronic patient record and appointment system.

  • Peptalkr – automated patient communications (email/SMS/WhatsApp).

  • Heidi – AI-powered assistant to support patient engagement.

  • BookedSolid – online appointment booking platform.

  • Abby – AI support tool assisting with clinic administration.

AI use explained:

  • Some systems use automation and AI to help us communicate, confirm bookings, or send reminders.

  • These systems do not replace clinical judgment. All healthcare decisions are made by qualified clinicians.

  • Data processed by these platforms is limited to what is necessary (e.g. appointment details, communications).

  • We ensure these providers do not use your personal health information to train external AI models.

  • Each provider acts as a Data Processor under contract, bound to keep your information secure.

6. Sharing Your Information

We may share your information with:

  • Healthcare professionals involved in your care.

  • Trusted service providers listed above.

  • Regulators, insurers, or legal bodies if required by law.

  • Payment providers to process transactions.

We do not sell your personal information.

7. International Transfers

Some providers store data outside the UK/EU (e.g. Cliniko servers in Australia). Where this occurs, we use Standard Contractual Clauses (SCCs) and additional safeguards to ensure your data is adequately protected.

8. Retention Periods

  • Patient records: retained for a minimum of 8 years after your last appointment (or until age 25 if under 18 at last treatment), in line with professional standards.

  • Financial/transaction records: 6 years for tax and legal purposes.

  • Marketing data: until you withdraw consent.

9. Marketing Communications

We may contact you about services, events, or promotions if you have given consent. Communications may be sent via email, SMS, WhatsApp, or post.

  • You can withdraw consent anytime by clicking “unsubscribe”, replying “STOP”, or emailing us.

  • Withdrawing consent does not affect the lawfulness of communications sent before withdrawal.

10. Cookies & Website Analytics

Our website uses cookies to improve functionality and track performance. See our [Cookie Policy] for details on what cookies we use and how to manage them.

11. Your Rights

You have the right to:

  • Access your personal data.

  • Request correction of inaccurate data.

  • Request erasure of data (subject to healthcare/legal exemptions).

  • Restrict or object to processing.

  • Request data portability (structured electronic copy).

  • Withdraw consent for marketing or optional processing.

  • Lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk.

12. Security of Your Information

We use technical and organisational measures including:

  • Encrypted storage and backups.

  • Secure access controls.

  • Staff confidentiality training.

  • Regular audits of third-party providers.

13. Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be available on our website.

14. Contact Us

If you have questions or want to exercise your rights:

  • Email: hello@thepodiatryclinics.co.uk

  • Phone: 0121 285 5656