​​01923 939 774  ​07442 944 849  info@HealthyHeel.com

Healthy Heel
podiatry clinic

Privacy Policy

Podiatry Privacy Policy (UK Private Practice) Healthy Heel LTD.

1) Introduction

This Privacy Policy explains how we collect, use, and protect your personal information when you receive podiatry services from us or use our website and online booking system. We are committed to safeguarding your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.By using our services, you consent to the collection and use of your information as described in this policy.

2) Who we are

Clinic Name: Healthy Heel LTD

Data Controller: Nirasha Fernando

Address: 86A Queens Road. Watford, Hertfordshire. WD17 2LA

Email: info@healthyheel.com

Telephone: 01923939774, 07442944849

As the Data Controller, we are responsible for deciding how your personal information is processed and ensuring it is protected.

3. Information We Collect

We collect personal and health information necessary to provide safe and effective podiatric care, including

  a) Personal Details

  Name, address, date of birth, phone number, and email address

  Emergency contact information

  

  b) Health and medical information

 Medical history, medications, allergies, and relevant health details

 GP details and healthcare professional correspondence

 Treatment notes, photographs (if clinically relevant), and diagnostic information


 c)Payment and administrative details

 Billing information, insurance or private healthcare details (if applicable)

 Appointment history and correspondence

  d) Website and booking information

 Information entered through our online booking platform

 Cookies and website usage data (see Section 9)


 4) How We Use Your Information

  Your information is used for the following purposes:

  • To provide safe and effective podiatry treatment
  • To communicate with you about your appointments or care
  • To manage billing, payment, and accounting
  • To maintain accurate clinical and administrative records
  • To meet our legal and regulatory obligations (e.g., HCPC, HMRC)
  • With your consent, to send relevant health updates or clinic news

 We will not use your data for marketing purposes without your explicit consent.


 5) Lawful Basis for Processing

 We process your data under the following lawful bases:

 Purpose

 Providing podiatry care

 Managing appointments and payments

 Complying with legal or regulatory obligations

 Marketing communications (if opted in)


Lawful Basis

 Legitimate interest and provision of health care

 Contractual necessity

 Legal obligation

 Consent


 6) Data Storage and Retention

 All clinical and personal data are stored securely, either electronically (password- protected and encrypted systems) or in locked physical records.

Patient records are retained for a minimum of 8 years after the last treatment (or until age 25 for children, whichever is longer), in line with HCPC and NHS record- keeping guidance.

After this period, data are securely destroyed or permanently anonymised.

 7) Sharing Your Information

We may share your data only when necessary for your care or required by law, including:

  • With your GP or other healthcare professionals involved in your treatment (with your consent)
  • With insurers, if required for claims or payment
  • With regulators or legal authorities, where we have a legal obligation
  • With trusted service providers (e.g., booking platforms, email or IT providers) who process data on our behalf under strict confidentiality and data security agreements

We will never sell or share your data for marketing purposes.

 8) Your Rights

 Under the UK GDPR, you have the right to:

  • Access a copy of your personal data
  • Request correction of inaccurate or incomplete information
  • Request deletion of your data (in certain circumstances)
  • Object to or restrict processing
  • Request data portability (transfer to another provider)
  • Withdraw consent for optional communications

To exercise your rights, please contact our Data Controller using the contact details above. We will respond within one month of receiving your request.

 9) Website, Cookies, and Online Bookings

 Our website and booking platform may collect technical data such as:

  • IP address, browser type, and usage statistics
  • Cookies for session management and analytics

Cookies are used only to improve user experience.

You can adjust your browser settings to refuse cookies if preferred.

Our booking system is hosted by a GDPR-compliant provider, and all online data transmissions are encrypted (SSL).

 10)  Data Security

 We take appropriate technical and organisational measures to protect your information, including:

  • Encrypted electronic records
  • Password protection and secure access controls
  • Regular data backups and staff training on confidentiality

If a data breach occurs that poses a risk to your rights or freedoms, we will notify you and the Information Commissioner’s Office (ICO) within the required timeframe.

  11) Complaints

 If you are concerned about how your data has been handled, please contact us in the first instance.

You also have the right to lodge a complaint with the:

 Information Commissioner’s Office (ICO)

Website: www.ico.org.uk Telephone: 0303 123 1113


  12) Updates to This Policy

This policy may be updated periodically to reflect legal or operational changes. The latest version will always be available on our website or upon request.

Last updated: 25/10/2025