top of page

Privacy Policy

Yorkshire Foot Clinic

Effective Date: 8 May 2026
Last Reviewed/Updated: 10/05/2026

Yorkshire Foot Clinic is committed to protecting your privacy and handling your personal information lawfully, fairly and transparently. This Privacy Policy explains how we collect, use, store and share personal information when you use our website, contact us, book an appointment, attend treatment, communicate with us, or use our services.

 

This policy applies to:

Yorkshire Foot Clinic
149 Town Street
Horsforth
Leeds
LS18 5BL


Email: hello@yorkshirefootclinic.com
Website: www.yorkshirefootclinic.com

For data protection purposes, Yorkshire Foot Clinic is the data controller for the personal information we hold about patients, prospective patients, website users and other individuals.

This policy has been prepared with reference to UK GDPR and ICO guidance. Health information is classed as special category data, meaning it requires additional protection and must have both a lawful basis under Article 6 UK GDPR and a special category condition under Article 9 UK GDPR. 

1. Information We Collect

We may collect and process the following types of personal information.

1.1 Information you provide directly to us

This may include:

  • Name, address, date of birth and contact details.

  • Telephone number and email address.

  • GP details or details of other healthcare professionals involved in your care.

  • Emergency contact details, where relevant.

  • Medical history, medication information, allergies and relevant lifestyle information.

  • Details of symptoms, assessments, diagnoses, treatment plans and clinical notes.

  • Photographs, images or scans of your feet or lower limbs, where clinically relevant.

  • Appointment, billing and payment information.

  • Correspondence you send to us by email, telephone, online form, website enquiry, social media message or other communication method.

  • Feedback, reviews, complaints or survey responses.

  • Information you provide when making an enquiry, booking an appointment or registering as a patient.

We are required to keep clear and accurate clinical records for patients we assess, treat or advise. HCPC standards require registrants to keep full, clear and accurate records, complete records promptly, and keep records secure from loss, damage or inappropriate access. 

1.2 Information collected automatically through our website

When you visit www.yorkshirefootclinic.com, we may automatically collect limited technical information, including:

  • IP address.

  • Browser type and version.

  • Device type.

  • Operating system.

  • Pages visited.

  • Date and time of your visit.

  • Referring website or search engine.

  • Approximate location based on IP address.

  • Cookie and analytics information.

This information helps us maintain website security, understand how visitors use our website and improve our services.

1.3 Information from third parties

We may receive personal information about you from third parties where appropriate, such as:

  • Your GP.

  • Consultants, physiotherapists, nurses or other healthcare professionals.

  • Care homes, relatives or carers, where they are involved in your care.

  • Insurance providers, where relevant.

  • Referral services or booking platforms.

  • Payment processors.

  • Website, analytics or communication providers.

We will only use third-party information where we have a lawful basis to do so.

2. Special Category Health Data

As a healthcare provider, we process health information about you. This may include details about your medical history, symptoms, assessments, diagnoses, treatment, prescriptions, podiatry care, photographs and clinical outcomes.

Health information is special category data under UK GDPR and is given a higher level of protection. The ICO states that organisations must identify both a lawful basis under Article 6 UK GDPR and a separate Article 9 condition when processing special category data. 

We usually process health data because it is necessary for:

  • Providing healthcare or treatment.

  • Managing our healthcare services.

  • Maintaining accurate clinical records.

  • Complying with professional, regulatory and legal obligations.

  • Establishing, exercising or defending legal claims, where necessary.

3. How We Use Your Information

We may use your personal information to:

  • Respond to your enquiries.

  • Register you as a patient.

  • Book, manage and confirm appointments.

  • Provide podiatry, foot health and related healthcare services.

  • Assess your health needs and provide clinical advice or treatment.

  • Maintain clinical records.

  • Send appointment reminders by phone, SMS or email.

  • Take payments and manage invoices.

  • Communicate with your GP, consultant or another healthcare professional, where appropriate.

  • Manage referrals.

  • Respond to complaints, concerns or subject access requests.

  • Meet legal, regulatory, insurance and professional obligations.

  • Improve our website and services.

  • Keep our website and systems secure.

  • Send marketing information, but only where we are legally allowed to do so and you have not opted out.

We do not sell your personal information.

4. Lawful Basis for Processing

Depending on the circumstances, we may rely on the following lawful bases under UK GDPR:

Contract

We may process your information where it is necessary to provide services you have requested, such as booking and attending appointments.

Legal obligation

We may process your information where we are required to comply with the law, including tax, accounting, safeguarding, health and safety, regulatory or statutory obligations.

Legitimate interests

We may process information where it is necessary for our legitimate business or clinical interests, provided your rights and freedoms do not override those interests. This may include managing enquiries, improving services, protecting our systems and managing legal claims.

Consent

We may rely on consent in some circumstances, such as certain marketing communications, optional photographs, sharing information with a third party where consent is required, or using testimonials.

You can withdraw consent at any time where we rely on consent. However, withdrawing consent does not affect processing that took place before consent was withdrawn.

Vital interests

In rare situations, we may process or share information to protect your life or someone else’s life, for example in a medical emergency.

Healthcare provision

For special category health data, we may process information where it is necessary for the provision of healthcare or treatment, or the management of healthcare services.

5. Confidentiality

We treat patient information as confidential.

HCPC standards require registrants to respect confidentiality and to treat information about service users as confidential. HCPC guidance also requires reasonable steps to protect information and keep records secure. 

We will only share your information where there is a lawful reason to do so, such as:

  • You have given consent.

  • It is necessary for your care.

  • We are required by law.

  • There is a safeguarding concern.

  • There is a serious risk of harm.

  • It is necessary for legal, insurance or regulatory purposes.

6. Sharing Your Information

We may share relevant information with:

  • Your GP or other healthcare professionals involved in your care.

  • Hospitals, consultants, physiotherapists, nurses or other clinical providers.

  • Referral partners, where relevant.

  • Payment processors.

  • IT, website, email, booking, hosting and cloud storage providers.

  • Accountants, insurers, legal advisers and professional advisers.

  • Regulatory bodies, such as HCPC, where required.

  • Safeguarding authorities, where necessary.

  • HMRC or other public authorities where legally required.

Where we use third-party processors, we expect them to process personal information securely and only in accordance with our instructions and applicable data protection law.

We will not share your clinical information with your GP, consultant, insurer or another third party unless there is an appropriate lawful basis. In many cases, we will ask for your consent before doing so.

7. Cookies and Similar Technologies

Our website may use cookies and similar technologies to:

  • Make the website work properly.

  • Improve website functionality.

  • Understand how visitors use the website.

  • Help keep the website secure.

  • Support marketing or analytics, where applicable.

Cookies are small text files placed on your device when you visit a website.

You can usually control cookies through your browser settings. You may also be asked to accept or reject non-essential cookies when visiting our website.

Where we use analytics tools, such as Google Analytics or similar services, these may collect information such as your IP address, device type, browser and website activity.

8. Marketing

We may contact you with information about our services, offers or clinic updates where permitted by law.

You can opt out of marketing communications at any time by contacting:

hello@yorkshirefootclinic.com

Even if you opt out of marketing, we may still contact you about appointments, treatment, payments, clinical matters or important service-related issues.

9. Children and Young People

We may provide services to children and young people.

Where a child is under 16, consent may need to be provided by someone with parental responsibility unless the child has sufficient understanding and intelligence to make their own decision. This is commonly known as Gillick competence.

We will handle children’s information carefully and only collect what is necessary for their care and our legal and professional obligations.

10. How Long We Keep Your Information

We keep personal information only for as long as necessary for the purposes for which it was collected, including legal, regulatory, clinical, tax, insurance and professional requirements.

Clinical records must be retained securely for appropriate periods. HCPC standards require full, clear and accurate records to be kept securely, and professional podiatry record-keeping guidance recognises patient rights to access their records under data protection law. 

As a guide, we may retain:

  • Adult clinical records: normally at least 8 years after the last treatment or contact.

  • Children’s clinical records: normally until the patient’s 25th birthday, or longer where required.

  • Financial and accounting records: normally 6 years.

  • Enquiry records: only as long as necessary to respond and manage the enquiry.

  • Complaint, legal or insurance-related records: for as long as necessary to manage risk, complaints, claims or legal obligations.

Retention periods may vary depending on legal, regulatory, insurance or clinical requirements.

When records are no longer required, we will securely delete, destroy or anonymise them.

11. Your Data Protection Rights

Under UK data protection law, you may have the right to:

  • Request access to your personal information.

  • Request correction of inaccurate information.

  • Request deletion of your information in certain circumstances.

  • Request restriction of processing.

  • Object to processing in certain circumstances.

  • Request data portability, where applicable.

  • Withdraw consent where processing is based on consent.

  • Complain to the Information Commissioner’s Office.

Please note that your right to erasure is not absolute. We may need to retain clinical records where required for legal, regulatory, professional, insurance or healthcare reasons.

The Royal College of Podiatry’s record-keeping and consent guidance notes that patients can access their own records under data protection law and that access requests are generally not chargeable. 

To exercise your rights, contact:

hello@yorkshirefootclinic.com

You also have the right to complain to the UK Information Commissioner’s Office if you are unhappy with how we handle your personal data.

12. Subject Access Requests

You may request a copy of the personal information we hold about you. This is known as a Subject Access Request.

We may need to verify your identity before responding. We will usually respond within one month, unless the request is complex or multiple requests have been made, in which case the law allows additional time.

13. International Transfers

Some service providers we use may process personal information outside the UK.

Where personal information is transferred outside the UK, we will ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations.

  • The UK International Data Transfer Agreement.

  • UK Addendum to the EU Standard Contractual Clauses.

  • Other lawful safeguards or exceptions under UK GDPR.

The previous EU-US Privacy Shield should not be relied on because it was invalidated in 2020. Current UK international transfer rules require appropriate safeguards or another lawful transfer mechanism where personal data is transferred outside the UK. 

14. Security

We take appropriate technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, alteration or destruction.

These measures may include:

  • Secure clinical record systems.

  • Password protection.

  • Access controls.

  • Secure email and communication practices.

  • Staff confidentiality obligations.

  • Secure storage of paper records, where used.

  • Regular review of data protection practices.

  • Secure disposal of records.

However, no method of internet transmission or electronic storage is completely secure, so we cannot guarantee absolute security.

15. Third-Party Websites and Services

Our website may contain links to third-party websites, booking systems, social media platforms or other services.

We are not responsible for the privacy practices, content or security of third-party websites. You should read the privacy notices of those third parties before providing them with personal information.

16. Social Media and Public Reviews

If you interact with us on social media or leave a public review, the information you provide may be visible to others depending on your privacy settings and the platform used.

Please avoid posting sensitive health information publicly.

We will not publish testimonials, photographs or identifiable clinical information for marketing purposes without appropriate consent.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulatory guidance, our services or how we process personal information.

The latest version will be available on our website.

18. Contact Details

If you have any questions about this Privacy Policy or how we handle your personal information, please contact:

Yorkshire Foot Clinic
149 Town Street
Horsforth
Leeds
LS18 5BL

Email: hello@yorkshirefootclinic.com
Website: www.yorkshirefootclinic.com

bottom of page