top of page

Privacy Policy

Foot Forward Podiatry – Privacy Policy

Last updated: 1 June 2026

1. Who we are

Podiatry UK Ltd (trading as Foot Forward Podiatry) is the data controller responsible for your personal information. We are an HCPC-registered podiatry practice and member of the Royal College of Podiatry, serving Lancaster, Morecambe and the surrounding North Lancashire area.

Registered address:

71-75 Shelton Street

Covent Garden

London

WC2H 9JQ


Email: contact@footforwardpodiatry.co.uk · Phone: 01524 574101


ICO registration number: C1963807

This policy explains what personal information we collect, how we use it, and your rights under UK data protection law (the UK GDPR and the Data Protection Act 2018).

2. The information we collect

Depending on how you interact with us, we may collect:

  • Identity and contact details: name, date of birth, address, telephone number, email address, and your GP's details.

  • Health information: your medical history, presenting condition, examination findings, treatment records, clinical notes, photographs (where clinically relevant), prescriptions, and details of any bespoke products supplied. This is special category data and is treated with particular care.

  • Appointment and account information: booking history, correspondence with us, and payment records (we do not store full card details, these are handled by our payment provider).

  • Website and social media data, information you provide through our website enquiry or booking forms, and information arising from your interactions with our Facebook page.

 

3. How we collect it

We collect information directly from you (in person, by phone, email, or through our website and booking system), and sometimes from third parties such as your GP, another healthcare professional, or a family member or carer acting on your behalf.

4. Why we use it, and our lawful basis

We process your personal data on the following bases under UK GDPR:

  • To provide podiatry care and manage your treatment, lawful basis: contract and legitimate interests; for health data, the condition is the provision of health treatment (Article 9(2)(h)).

  • To manage appointments, send reminders, and communicate with you, contract / legitimate interests.

  • To take payment and keep financial records, contract and legal obligation.

  • To comply with our professional, regulatory, and legal duties (including HCPC standards and clinical record-keeping requirements), legal obligation.

  • To send you marketing or practice updates, only with your consent, which you can withdraw at any time.

 

5. Our practice management system and other processors

We use Cliniko as our practice management and clinical records system. We use trusted third-party providers ("processors") who act on our instructions and are bound by data protection obligations, including our practice management software, payment provider, email and communication tools, and our website platform (Wix). We do not sell your personal data to anyone.

Where any provider stores data outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR.

6. Sharing your information

We only share your information where necessary and lawful: for example, with your GP or another healthcare professional involved in your care (with your consent or where clinically necessary), with regulators or insurers where required, or where we are legally obliged to do so. We will always seek your consent before sharing a referral letter or clinical report with a third party, except where the law requires otherwise.

7. How long we keep it

We retain clinical records in line with professional guidance for healthcare records. For adults, this is normally a minimum of eight years from the date of your last treatment. For patients seen as children, records are kept until their 25th birthday (or 26th if treatment ended near age 18), or eight years, whichever is longer. Non-clinical records (such as financial records) are kept only as long as required by law. After the retention period, records are securely destroyed.

8. How we keep it secure

We take appropriate technical and organisational measures to protect your information against loss, misuse, or unauthorised access. These include secure, access-controlled clinical software, encrypted storage where applicable, restricted staff access on a need-to-know basis, and secure disposal of records.

9. Your rights

Under UK data protection law, you have the right to:

  • access the personal data we hold about you (a "subject access request");

  • ask us to correct inaccurate or incomplete data;

  • ask us to erase your data, where this does not conflict with our legal duty to retain clinical records;

  • restrict or object to certain processing;

  • request your data in a portable format, where applicable;

  • withdraw consent at any time where we rely on consent.

To exercise any of these rights, contact us using the details above. We will respond within one month. There is normally no charge.

10. Cookies and our website

Our website may use cookies to help it function and to understand how visitors use it. You can control cookies through your browser settings.

11. Complaints

If you have concerns about how we handle your data, please contact us first so we can put things right. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk, or by calling 0303 123 1113.

12. Changes to this policy

We may update this policy from time to time. The latest version will always be available on request and on our website, with the date of the most recent update shown above.

bottom of page