Privacy Policy

Parkside Podiatry
Last updated: March 2026

Parkside Podiatry is the trading name of Parkside Podiatry LTD, registered at 207 Lower Church Road, Burgess Hill, RH15 9AA (Company No. 15930665). We’re the Data Controller for the purposes of UK GDPR, which means we’re responsible for deciding how and why your personal information is used.

If you have any questions about this policy, you’re welcome to get in touch:
Email: parksidepodiatry@outlook.com
Telephone: 01444 849873

1. What information do we collect?

When you book an appointment or come to us for treatment, we’ll typically collect:

  • Your name, date of birth and contact details (email, phone, and address if you provide it)
  • Appointment details (which service you’ve booked, and when)
  • Your medical history and treatment notes
  • Clinical photographs, where these are clinically necessary
  • Your GP’s details
  • Your NHS number, if applicable
  • Your IP address, which is collected automatically when you book online for security and fraud prevention

Your health information is classed as special category data under UK GDPR, which means it’s subject to stricter rules and handled with extra care.

2. Why do we collect your information?

We use your information to:

  • Book and manage your appointments
  • Send you confirmation and reminder messages
  • Provide your podiatry treatment and keep accurate clinical records
  • Meet our legal obligations around medical record-keeping
  • Keep our booking system secure and prevent fraud

The legal basis for using your information

Under UK GDPR, we need a lawful reason to use your personal data. We rely on:

  • Article 6(1)(b): we need your information to fulfil your appointment booking
  • Article 9(2)(h): we need your health information to provide healthcare
  • Article 6(1)(c): we’re legally required to keep medical records for a set period
  • Article 6(1)(a): your consent, where we send optional marketing communications

3. Who do we share your information with?

We don’t sell your data, and we never share patient information with third parties for marketing purposes.

Cliniko: our practice management software

We use Cliniko to manage patient records and appointments. This means your information is stored and processed on their platform on our behalf. They act as what’s known as a Data Processor, working under our instruction.

Cliniko is based in Australia, which means your data is transferred outside the UK. To make sure this is done lawfully, Cliniko has:

  • Entered into a UK Data Processing Addendum covering the transfer and handling of personal data
  • Appointed a UK privacy representative, VeraSafe (37 Albert Embankment, London SE1 7TL), as required by Article 27 of UK GDPR
  • Appointed an in-house Data Protection Officer
  • Ensured all of their own third-party providers also comply with UK GDPR

You can read Cliniko’s privacy policy at cliniko.com/policies/privacy.

Insurers, GPs and other healthcare providers

Where your treatment involves an insurer, your GP, or another healthcare professional, we may share relevant information with them where it’s needed for your care or to process a claim.

We’re not responsible for the privacy practices of any external websites we may link to, including Cliniko’s. We’d encourage you to read their policies directly.

4. Our website and cookies

Our website is built on WordPress. We use Google Analytics to understand how people find and use the site, which helps us improve it over time. Google Analytics collects information like which pages you visit and roughly where in the world you’re accessing the site from, but it doesn’t identify you personally.

Our website may also use cookies for essential functionality and, where you’ve agreed to it, for marketing purposes. You can manage your preferences through the cookie banner when you visit the site. For full details, please see our separate Cookie Policy.

5. How long do we keep your information?

We keep records in line with NHS and legal guidance:

  • Adult patient records: kept for a minimum of eight years after your last appointment
  • Children’s records: kept until the age of 25, or eight years after the last appointment, whichever is later
  • Financial records: kept for six years, as required by HMRC
  • Marketing consent: kept until you withdraw your consent

Where we’re legally required to keep records, we won’t be able to delete them on request, but we’ll always explain the situation clearly if this applies to you.

6. Marketing

From time to time we may send you practice updates or other communications you might find useful. We’ll only do this if you’ve given us your consent, and you can opt out at any time by emailing us or using the unsubscribe link in any message we send.

Withdrawing your consent won’t affect anything we’ve already sent before you opted out.

7. Children and vulnerable adults

We treat children and vulnerable adults as part of our practice. Where necessary, we’ll obtain consent from a parent, guardian or legal representative. Children’s records are kept in line with the longer retention period described above.

8. Home visits

If we visit you at home, we’ll record your address and any access information needed to deliver your care safely. This information is only used for that purpose.

9. How we keep your information safe

We take the security of your data seriously. The measures we have in place include:

  • Secure, encrypted clinical software (Cliniko)
  • Password policies and access controls, so only authorised staff can view patient records
  • SSL encryption on our website

What happens if there’s a data breach?

If we ever become aware of a breach that could put your information at risk, we’re legally required to report it to the Information Commissioner’s Office within 72 hours. If the breach is likely to affect you directly, we’ll also contact you as soon as we can.

10. Your rights

Under UK GDPR, you have the right to:

  • See the information we hold about you
  • Ask us to correct anything that’s inaccurate or incomplete
  • Ask us to delete your information (though this may not always be possible where we have a legal obligation to keep it)
  • Ask us to restrict how we use your information
  • Object to us using your information in certain ways
  • Receive a copy of your information in a portable format
  • Withdraw your consent to marketing at any time

To exercise any of these rights, just get in touch:
Email: parksidepodiatry@outlook.com
Telephone: 01444 849873

We’ll respond within one calendar month. In more complex cases we may need up to three months in total, but we’ll let you know if that’s the case.

11. Automated decision-making

We don’t use any automated decision-making or profiling. All decisions about your care and treatment are made by our clinical staff.

12. Complaints

If you’re unhappy with how we’ve handled your information, we’d always rather sort things out directly first. If you’d prefer to make a formal complaint, or if you’re not satisfied with our response, you can contact the Information Commissioner’s Office:

Website: www.ico.org.uk
Helpline: 0303 123 1113

13. Changes to this policy

We’ll update this policy from time to time to keep it accurate and up to date. The latest version will always be on our website. If we make any significant changes, we’ll let affected patients know directly.

Parkside Podiatry LTD • Company No. 15930665 • 207 Lower Church Road, Burgess Hill, RH15 9AA