top of page

Privacy Policy (GDPR 2018)

The Functional Podiatrist (Richmond Sports Podiatry Ltd)
Effective from: [Insert Date]

This Privacy Policy explains how we collect, use, and protect your personal information when you attend an appointment, purchase a product, or otherwise interact with our services. It is written to comply with the UK General Data Protection Regulation (GDPR 2018).

Information We Collect

To provide care or supply products, we may collect:

  • Personal details: name, date of birth, contact details, postal address.

  • Medical information: history, test results, treatment details.

  • Payment information.

  • Appointment and communications history.

This information is stored on a secure, password-protected electronic patient record and diary system.

Please note: during appointments we may use Heidi Notes, a secure tool that uses temporary audio recordings to create accurate written clinical notes. Audio files are not stored or retained.

Why We Collect and Use Your Information

We only collect what is relevant and necessary. We process your data under the following lawful bases:

  • Provision of healthcare – to deliver safe and effective treatment.

  • Consent – where you opt into marketing or communications.

  • Legal obligations – e.g. tax, insurance, safeguarding, or court orders.

  • Legitimate interests – to manage your appointments, respond to enquiries, or follow up on treatment.

You can withdraw consent to marketing at any time by contacting us.

Information Sharing and Disclosure

We will never sell your data. We may share your information only in the following limited situations:

  • Medical professionals – with your consent, to support continuity of care with your GP or consultant.

  • Service providers – trusted third parties such as orthotics laboratories, insurers, external reception services, and vetted Virtual Assistants (VAs) who provide administrative support. All third parties are subject to confidentiality agreements and given access only to what is necessary.

  • Business transfers – if the clinic is sold or merged, information may be shared lawfully.

  • Legal requirements – where disclosure is necessary to comply with the law.

Data Retention

We retain records for a minimum of 8 years after your last appointment (or until age 25 for patients aged 16–18), in line with legal and professional requirements.

Data Storage

All personal data is stored in the United Kingdom. Remote access by support staff (such as VAs) is strictly controlled, logged, and GDPR-compliant.

Your Rights

You have the right to:

  • Access – request a copy of your records.

  • Rectification – request corrections where data is inaccurate.

  • Restriction or erasure – in certain circumstances, though medical records are normally exempt from deletion.

  • Object – to processing or to marketing communications.

  • Complain – to the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Contact Us

For purposes of GDPR, William Joyce is the Data Controller.
📧 info@thefunctionalpodiatrist.uk

Explicit Consent

By registering as a patient, you consent to us creating and storing medical records concerning your treatment in line with this Privacy Policy. If you do not provide consent, we will be unable to carry out assessment or treatment.

bottom of page