This Privacy Policy explains how Grays Foot Clinic collects, uses, stores, and protects your personal information when you use our website at graysfootclinic.co.uk or engage with our services. We are committed to protecting your privacy and handling your data in an open and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
The data controller responsible for your personal information is:
Mr Michael J Keet
Grays Foot Clinic
140 Gray's Inn Road
Holborn, London WC1X 8AZ
Email: Michaelkeet@aol.com
Phone: +44 7956 276788
If you have any questions about this policy or about how we handle your data, please do not hesitate to contact us using the details above.
2. What Information We Collect
We may collect and process the following categories of personal information:
- Contact and enquiry data: When you contact us via our website, email, phone, or WhatsApp, we may collect your name, email address, phone number, and the details of your enquiry or message.
- Patient information: If you attend the clinic as a patient, we will collect health-related information necessary to provide your podiatry treatment. This constitutes special category data under the UK GDPR and is handled with additional care.
- Technical data: We may collect your IP address, browser type and version, operating system, referral source, and information about how you use our website through cookies and similar technologies.
We do not collect data from children under the age of 13 without verified parental consent.
3. How We Use Your Information
We use the personal information we collect for the following purposes:
- To respond to your enquiries and provide you with information about our services
- To provide and manage your podiatry treatment and patient care
- To send appointment reminders or follow-up communications where you have consented
- To comply with our legal and regulatory obligations, including record-keeping requirements under healthcare regulations
- To improve our website and services through analysis of usage data
Our lawful basis for processing your data is primarily Article 6(1)(b) of the UK GDPR (processing necessary for the performance of a contract, or to take steps at your request prior to entering into a contract), Article 6(1)(c) (compliance with a legal obligation), and Article 9(2)(h) for health-related data (processing necessary for the provision of healthcare). Where we rely on consent, you may withdraw it at any time.
4. How Long We Keep Your Data
We retain your personal information only for as long as is necessary for the purposes for which it was collected, or as required by law:
| Data Type | Retention Period |
|---|---|
| Enquiry and contact data | 2 years from the date of last contact |
| Patient clinical records | 8 years from last treatment (in line with NHS and professional guidelines) |
| Financial / billing records | 7 years (HMRC requirement) |
| Website analytics data | Up to 26 months (Google Analytics default) |
After the applicable retention period has expired, your data will be securely deleted or anonymised.
5. Cookies
Our website uses cookies and similar technologies. Cookies are small text files placed on your device that help us understand how you use our website and provide certain functionality. For full details of the cookies we use and how to control them, please see our Cookie Policy.
6. Your Rights Under UK GDPR
Under Articles 15-21 of the UK GDPR, you have the following rights in relation to your personal data:
- Right of access (Article 15): You have the right to request a copy of the personal data we hold about you.
- Right to rectification (Article 16): You have the right to ask us to correct inaccurate or incomplete personal data.
- Right to erasure (Article 17): You have the right to ask us to delete your personal data in certain circumstances ("the right to be forgotten").
- Right to restriction of processing (Article 18): You have the right to ask us to limit how we use your data in certain circumstances.
- Right to data portability (Article 20): Where processing is based on consent or a contract, you may request your data in a structured, machine-readable format.
- Right to object (Article 21): You have the right to object to our processing of your personal data in certain circumstances, including processing for direct marketing.
To exercise any of these rights, please contact us using the details in Section 1. We will respond within one calendar month. If you believe we have not handled your data correctly, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
7. Third Parties
We do not sell, rent, or trade your personal data with third parties for marketing purposes. We may share your information in the following limited circumstances:
- Google Maps: Our website embeds a Google Maps iframe to show our clinic location. Google may set cookies when this map loads. Please refer to Google's Privacy Policy at policies.google.com/privacy for details.
- Legal obligation: We may disclose your information to law enforcement or regulatory authorities where required by law.
- Healthcare referral: With your consent, we may share relevant clinical information with other healthcare providers for the purpose of your treatment.
8. Data Security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include:
- SSL/TLS encryption for all data transmitted between your browser and our website
- Access controls ensuring only authorised personnel can access patient records
- Secure storage of physical records in locked cabinets
- Regular review of our data security practices
Whilst we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. If you believe your data has been compromised, please contact us immediately.
9. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your data, please contact us:
Mr Michael J Keet - Grays Foot Clinic
140 Gray's Inn Road, Holborn, London WC1X 8AZ
Phone: +44 7956 276788
Email: Michaelkeet@aol.com
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.