

Privacy policy
This privacy policy explains why I collect, use and protect your personal information when you attend an appointment, purchase a product or service, contact me or otherwise engage with my practice. It ensures compliance with the UK General Data Protection Regulations and the Data (Use and Access) Act 2025
WHAT DATA IS COLLECTED
Personal Details: Names, date of birth, contact information and home address.
Medical History: Information about your GP, clinical notes and treatment history.
Financial Details: Payment records and insurance information.
Website Data: Information collected via cookies or analytics.
HOW YOUR DATA IS STORED
Secure Records: your information is stored in secure manual files (and encrypted systems for payment and communication).
Access Limitation: only the Data Controller has access to your data. Details are never shared with 3rd parties for marketing purposes.
SHARING AND DISCLOSURE
Continuity of care: the Data Controller may share necessary health information with your GP or other medical professionals.
Third Party Providers: Data may be securely processed by trusted partners such as software booking systems or payment processors.
LEGAL OBLIGATIONS
Patient data may be shared with law enforcement agencies, HMRC, or other regulatory bodies, only if legally required.
DATA RETENTION PERIODS
I am legally and professionally required to keep your records for a strict minimum duration.
Clinical records: Typically retained for a minimum of 8 years after your last appointment
( or up to the age of 25 for children).
Financial/ Tax records: Typically retained for 6 years
DATA RETENTION PERIODS
Under data protection laws, you retain the following rights:
Access: Requesting copies of the personal and medical information the clinic holds about you.
Rectification: Asking the clinic to correct any inaccurate or incomplete details.
Erasure: You may request that your data be deleted ( though clinical records are generally exempt from this whilst legal retention periods still apply).
Withdrawal of consent: Opting out of marketing communications or 3rd party sharing at any time. Currently Juliet Robson-White does not send marketing communications.
COMPLAINTS
Any complaint relating to matters concerning data need to be sent to the Data Controller- Juliet Robson-White at podusfootcare@icloud.com or by post to Podus Foot Care, The Little Shop, Cleveland Way, Helmsley, YO62 5AT.