Privacy Policy

Deal Podiatry (“we”, “us”, “our”) is the data controller responsible for your personal data. We are located at 87 Blenheim Road, Deal, Kent, CT14 7DE. You can contact us by telephone on 01304 371 558 or via our contact page.

This policy explains how we handle personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We collect and process the following categories of personal data:

• Identity & contact data – name, address, telephone number, email address, date of birth.
• Health & medical data – medical history, medications, treatment notes, referral letters, and clinical records.
• Appointment & billing data – appointment history, invoices, and payment records.
• Technical data – IP address, browser type, and pages visited when you use our website (see our Cookies Policy).
• Enquiry data – messages submitted via our contact form.

We use your personal data to:

• Provide and manage podiatry appointments and treatments.
• Maintain accurate clinical records as required by our professional regulators (HCPC).
• Process payments and manage accounts.
• Respond to enquiries and correspondence.
• Send appointment reminders (where consent has been given or it is in your legitimate interest).
• Comply with legal and regulatory obligations.

We rely on the following legal bases under UK GDPR:

• Contract – processing necessary to provide the appointment or service you have booked.
• Legal obligation – processing required to meet our regulatory and statutory duties.
• Legitimate interests – sending appointment reminders and managing our practice administration.
• Vital interests / health care – for special category health data processed as part of your direct care (Article 9(2)(h) UK GDPR).
• Consent – where we ask for your explicit agreement (e.g. marketing communications).

We do not sell or rent your personal data. We may share it with:

• Other healthcare providers – GPs, consultants, or NHS services where clinically necessary or with your consent.
• Private health insurers – to process claims where you ask us to.
• IT and software providers – our practice management and booking system suppliers, under appropriate data processing agreements.
• Statutory bodies – HCPC, the Information Commissioner's Office (ICO), or law enforcement where legally required.

Clinical records are retained for a minimum of 8 years following the last appointment, or until age 25 for records relating to children, in line with NHS and professional body guidance. Financial and administrative records are retained for 6 years for tax and legal purposes. After these periods, records are securely destroyed.

Under UK GDPR, you have the right to:

• Access your personal data (subject access request).
• Rectify inaccurate data.
• Erase your data in certain circumstances.
• Restrict processing in certain circumstances.
• Object to processing based on legitimate interests.
• Data portability for data provided by you and processed by automated means.
• Withdraw consent at any time where consent is the basis of processing.

To exercise any of these rights, please contact us at the address above. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All staff are trained in data protection and bound by confidentiality obligations.

Our website uses cookies. For full details, please see our Cookies Policy.

We may update this policy from time to time. The current version will always be available on this page. We recommend checking it periodically.