Privacy & GDPR Policy | M C Podiatry

Privacy Notice

1. Introduction
M C Podiatry is committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.
This Privacy Notice explains how I collect, use, store, and protect your personal information when you use my services, contact me, visit my website, or engage with me as a patient or customer.

2. Data Controller
Business Name: M C Podiatry
Address: 57 Baring Road, Bournemouth, Dorset BH6 4DT
Email: mcpodiatry@hotmail.com
Telephone: +447967 621 537
Website: www.mcpodiatry.co.uk
M C Podiatry is the “Data Controller” for the purposes of UK GDPR.

3. Personal Information We Collect
I may collect and process the following categories of personal information:
Identity Information

Full name
Date of birth
Gender

Contact Information

Address
Telephone number
Email address
Emergency contact details
Health & Medical Information
Medical history
Medication details
Allergies
Foot health assessments
Treatment notes
Biomechanical assessments
Diagnostic information
Referral information
Photographs relating to treatment (where necessary)
Financial Information
Payment details
Invoices and billing records

4. How I Collect Your Information
Information collected:

Directly from you during appointments, consultations, forms, or communications
From referrals made by healthcare professionals
Through my website or online booking systems
Via telephone, email, or social media communication
From payment providers and administrative systems

5. Lawful Bases for Processing
Under UK GDPR, I rely on the following lawful bases:

For General Personal Data

Performance of a contract
Legal obligation
Legitimate interests
Consent (where required)

For Special Category Health Data
I process health data under:

Article 9(2)(h): provision of health or social care
Article 9(2)(a): explicit consent (where applicable)

6. How I Use Your Information
I use your information to:

Provide podiatry assessment and treatment
Maintain accurate clinical records
Communicate regarding appointments and care
Process payments and invoices
Comply with legal and regulatory obligations
Improve my services
Manage complaints or legal claims
Send service-related communications

I will only use your information for the purposes for which it was collected unless I reasonably consider another compatible purpose.

7. Sharing Your Information
I may share your information with:

Your GP or other healthcare professionals (where necessary for your care)
Laboratories or diagnostic providers
Professional advisers and insurers
Payment processors
IT and practice management service providers
Regulatory authorities where legally required

I require all third parties to respect the security of your data and process it lawfully.
I do not sell your personal information.

8. International Transfers
I generally store and process your information within the United Kingdom.

If any data is transferred outside the UK, I will ensure appropriate safeguards are in place in accordance with UK GDPR.

9. Data Security
I implement appropriate technical and organisational measures to protect your personal
information, including:

Secure electronic record systems
Password-protected devices
Restricted access to records
Encryption where appropriate
Secure disposal of records
Staff confidentiality obligations

Despite my efforts, no transmission or storage system can be guaranteed completely secure.

10. Data Retention
I retain patient records in accordance with legal, regulatory, and professional obligations.
Typically, adult patient records are retained for a minimum of 8 years after the last treatment date.

Children’s records may be retained until age 25 or longer where legally required.
Financial records may be retained for up to 6 years for tax and accounting purposes.
After retention periods expire, records are securely deleted or destroyed.

11. Your Rights Under UK GDPR
You have the right to:

Access your personal data
Request correction of inaccurate data
Request erasure of your data (where applicable)
Restrict processing
Object to processing
Request data portability
Withdraw consent at any time (where processing is based on consent)
Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, please contact me using the details provided above.

12. Complaints
If you are unhappy with how I handle your information, please contact me first so we can attempt to resolve your concern.
You also have the right to complain to:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113

13. Cookies & Website Usage
If you operate a website, you may use cookies and analytics technologies.
Cookies help improve website functionality and user experience.
Users can manage cookie preferences through browser settings.
If applicable, a separate Cookie Policy should be provided.

14. Marketing Communications
I will only send marketing communications where permitted by law or where you have provided consent.
You may opt out of marketing communications at any time.

15. Changes to This Privacy Notice
I may update this Privacy Notice from time to time.
The latest version will always be available upon request or on my website.

GDPR Data Protection Policy

1. Purpose
This GDPR Data Protection Policy sets out how M C Podiatry complies with UK GDPR and the Data Protection Act 2018.
The purpose of this policy is to ensure personal data is processed lawfully, fairly, securely,
and transparently.

2. Scope

This policy applies to:
All staff
Contractors
Temporary workers
Consultants
Anyone handling personal data on behalf of M C Podiatry

3. Data Protection Principles
M C Podiatry adheres to the following principles:
Personal data shall be:
1. Processed lawfully, fairly, and transparently
2. Collected for specified, explicit purposes
3. Adequate, relevant, and limited to what is necessary
4. Accurate and kept up to date
5. Retained only as long as necessary
6. Processed securely
7. Managed in a way that demonstrates accountability

4. Responsibilities
M C Podiatry is responsible for ensuring compliance with data protection legislation.
All staff and contractors must:

Handle personal data confidentially
Follow security procedures
Report suspected breaches immediately
Complete any required data protection training

5. Special Category Data
As a healthcare provider, M C Podiatry processes special category health data.
This information is handled with enhanced safeguards and accessed only where necessary.

6. Data Subject Rights
Individuals have rights under UK GDPR, including:

Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to object
Right to data portability

Requests should normally be responded to within one calendar month.

7. Data Security Measures
Security measures may include:

Password-protected systems
Secure cloud-based software
Antivirus and firewall protection
Controlled access to records
Secure backups
Secure disposal procedures

8. Data Breaches
Any actual or suspected data breach must be reported immediately.
Where required, breaches will be reported to the ICO within 72 hours.
Affected individuals will be informed where legally necessary.

9. Data Sharing
Personal information will only be shared where:

Necessary for patient care
Required by law
Consent has been obtained
Legitimate professional reasons apply

All third-party processors must provide sufficient guarantees regarding data security and
compliance.

10. Staff Confidentiality
Anyone with access to personal data must maintain confidentiality both during and after their relationship with M C Podiatry.

11. Records Management
Records must be:

Accurate
Up to date
Securely stored
Retained appropriately
Securely disposed of when no longer required

12. Policy Review
This policy should be reviewed annually or sooner if legal or operational changes occur.