Privacy Policy - Clinical Touch Podiatry

Effective Date: 1st January 2025

Clinical Touch Podiatry is committed to protecting the privacy and confidentiality of your personal and sensitive health information. This policy explains how we collect, use, store, and protect your data in compliance with the UK General Data Protection Regulation (GDPR) and our professional obligations as healthcare practitioners registered with the Health and Care Professions Council (HCPC).

1. Our Contact Details and Role

Data Controller: Mark Wolstenholme (HCPC-Registered Podiatrist) Clinic Address: 358 Edge Lane, Manchester Contact Email: mark@clinicaltouchpodiatry.com

As an HCPC-registered healthcare provider, we act as the Data Controller for all clinical and administrative data we hold about you.

2. The Data We Collect

Clinical Touch Podiatry collects and processes several categories of data to provide our services and manage our operations.

We collect Personal Data such as your name, address, date of birth, telephone number, email address, and emergency contact details. This information is processed under the legal bases of Contract (to provide you with scheduled services) and Legitimate Interest (for essential administrative and communication purposes).

Crucially, as a healthcare provider, we collect Special Category Data (Health Data). This includes your detailed medical history, current symptoms, diagnosis, podiatry and reflexology treatment plans, records of sessions, your GP's details, and signed consent forms. The legal basis for processing this highly sensitive data is our Statutory/Legal Obligation (specifically, adherence to HCPC requirements) and because it is Necessary for the provision of Healthcare Treatment.

Finally, we collect Financial Data (payment information for treatments, invoices, and payment history—though we never store full credit card details) based on the legal basis of Contract (to process payments for services rendered). We also collect basic Technical Data from our website, such as your IP address, browser type, and usage data, which is justified by our Legitimate Interest in maintaining website security and improving your user experience.

3. How We Use Your Data

Your data is used to:

• Provide Clinical Care: To diagnose, treat, and manage your podiatric and reflexology conditions (the primary purpose).

• Manage Appointments: To book, confirm, and remind you of scheduled appointments.

• Communicate: To contact you about your care, follow-up, or in case of an emergency.

• Referrals: To communicate with other healthcare professionals (e.g., your GP, or Clinical Touch Sports Rehab in Oldham for physiotherapy referrals), but only with your explicit consent.

• Financial Records: To process payments and maintain legal and accounting records.

4. Data Storage, Security, and Retention

• Storage: Clinical records are stored securely, either in locked filing cabinets or within secure, password-protected, and encrypted electronic health record systems.

• Security: We take all reasonable steps to ensure your data is secure, including staff training, secure systems, and controlled access to files.

• Retention: As an HCPC-registered provider, we are legally and professionally required to retain adult clinical records for a minimum of 8 years after the conclusion of your treatment or death, and until the patient reaches the age of 25 for children.

5. Sharing Your Data

We will only share your data under the following circumstances:

• With Your Consent: For referrals to other healthcare providers (e.g., when referring to Clinical Touch Sports Rehab for multi-disciplinary care).

• Legal Obligation: Where required by law (e.g., court order, regulatory body requests from the HCPC).

• Emergencies: If we believe it is necessary to protect your vital interests or the vital interests of another person.

6. Your Data Protection Rights

Under GDPR, you have rights including:

• Right of Access: You can request a copy of the personal and clinical data we hold about you.

• Right to Rectification: You can ask us to correct data that is inaccurate or incomplete.

• Right to Erasure (The right to be forgotten): This right is limited in the healthcare setting due to our legal requirement to retain clinical records. We cannot erase essential clinical records that we are legally obliged to keep.

• Right to Restrict Processing: You can ask us to limit how we use your personal data.

If you have any questions or wish to exercise your rights, please contact the Data Controller using the details above