Data Protection Policy

Bailey Podiatry & Reflexology – Data Protection Policy

Effective Date: April 2025
Review Date: April 2026

1. Introduction

Bailey Podiatry & Reflexology is committed to protecting the personal data of all patients, staff, and stakeholders. This policy outlines how we handle personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Purpose

The purpose of this policy is to ensure that personal data:

  • Is processed fairly, lawfully, and transparently

  • Is collected for specified, legitimate purposes

  • Is relevant, accurate, and kept up to date

  • Is stored securely and retained only as long as necessary

  • Is processed in a manner that ensures appropriate security

3. Legal Basis for Processing

We collect and use patient data under the following lawful bases:

  • Consent: Where the individual has given clear permission

  • Contract: Processing is necessary for the delivery of podiatry and reflexology services

  • Legal obligation: Compliance with health and safety or professional standards

  • Vital interests: In emergency situations where consent cannot be obtained

  • Legitimate interests: For administrative purposes necessary for the clinic's functioning

4. What Data We Collect

We may collect and store the following types of personal data:

  • Full name, address, phone number, and email

  • Date of birth and gender

  • Medical history, medications, and allergies

  • GP and emergency contact details

  • Treatment records and clinical notes

  • Payment and invoicing information

5. How Data Is Stored

  • Data is stored securely in electronic and/or paper formats.

  • Access to records is limited to authorised personnel only.

  • All electronic systems are password protected and encrypted where appropriate.

6. Sharing of Information

We do not share your data with third parties without your consent, unless required to do so by law or to protect your vital interests. With your permission, we may:

  • Contact your GP or other healthcare providers

  • Refer you to NHS or specialist services if clinically appropriate

7. Data Retention

We retain patient records for a minimum of 8 years after the last treatment, or until the patient turns 25 if they were under 18 at the time of treatment, in accordance with current clinical record-keeping guidance.

8. Your Rights

Under data protection law, you have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate data

  • Request deletion of data where appropriate

  • Object to or restrict certain types of processing

  • Withdraw consent where applicable

9. Breaches and Complaints

Any suspected data breach will be investigated and reported in accordance with ICO guidelines. Patients can raise concerns or complaints by contacting the clinic directly or by contacting the Information Commissioner's Office (ICO).

10. Contact

If you have any questions or concerns about how we handle your data, please contact:

Data Controller:
Bailey Podiatry & Reflexology
The Glen, Main Street, Brampton, Cumbria, CA8 1SB
Tel: 016977 2191
Email: Baileypodiatry@gmail.com
Website: www.baileypodiatry.co.uk

We are committed to maintaining your trust by protecting and respecting your personal data.