Privacy Policy for Zoe Davison Podiatry

Last Updated: July 7th 2025

1. Introduction

Welcome to Zoe Davison Podiatry’s Privacy Policy. This document explains how we collect, use, and protect your personal data when you interact with our services, whether in person, via our website (www.zoedavisonpodiatry.co.uk), or through other communications. Your privacy is important to us, and we are committed to transparency and compliance with UK data protection laws, including the UK GDPR and Data Protection Act 2018.

If you have questions, please contact us:

2. Who We Are

Zoe Davison Podiatry provides mobile podiatry services, offering assessment, diagnosis, and treatment for foot and lower limb conditions in clients’ homes or care facilities.

Data Controller: Zoe Davison Podiatry is the data controller for all personal data processed in connection with our services.

3. Why We Collect Your Data

We collect and use personal data for the following purposes:

  • Clinical Care: To diagnose, treat, and manage foot-related conditions.

  • Administration: To schedule appointments, process payments, and maintain records.

  • Communication: To respond to inquiries and provide updates about our services.

  • Legal Compliance: To meet regulatory and accounting obligations.

4. Types of Personal Data We Collect

Depending on your interaction with us, we may process:

  • Contact Details: Name, address, phone number, email.

  • Clinical Information: Medical history, treatment notes, and health data.

  • Financial Data: Payment details (processed securely; we do not store card information).

  • Technical Data: IP address, cookies (for website analytics only; see our Cookie Policy).

5. Lawful Basis for Processing

We rely on the following legal grounds under UK GDPR:

  • Contractual Necessity: To deliver podiatry services (e.g., treatment plans).

  • Legal Obligation: For tax, accounting, or regulatory requirements (e.g., retaining financial records for 7 years).

  • Consent: For marketing communications (you may withdraw consent anytime).

  • Legitimate Interest: To improve services or respond to inquiries (balanced against your rights).

6. Data Retention

We retain personal data only as long as necessary:

  • Clinical Records: 8 years post-treatment. If a patient was under 18 at the time of treatment, their records might be kept until the patient's 25th birthday (aligned with medical best practices).

  • Financial Records: 7 years (to comply with HMRC requirements).

  • Inactive Enquiries: 2 years (unless you become a client).

Data is securely deleted or anonymized after retention periods expire.

7. Data Sharing and Third Parties

We share data only when essential, with strict safeguards:

Third Party Purpose Data Shared

Santander Bank Payment processing Transaction details

NB Lancaster Accountants Financial reporting Invoices, client identifiers

Squarespace Website hosting IP addresses, cookies

International Transfers: If data is transferred outside the UK (e.g., via Squarespace), we use ICO-approved safeguards like Standard Contractual Clauses.

8. Your Rights

Under UK data protection law, you have the right to:

  • Access your personal data (free of charge, within 30 days).

  • Correct inaccurate or incomplete records.

  • Request Erasure (where no legal basis for retention exists).

  • Restrict Processing (e.g., while accuracy is verified).

  • Object to direct marketing or legitimate interest-based processing.

  • Data Portability (for electronically held data you provided).

To exercise these rights, contact us at zoe@zoedavisonpodiatry.co.uk.

9. Security Measures

We implement robust technical and organisational measures to protect your data, including:

  • Encrypted digital records.

  • Secure paper storage for clinical notes.

  • Staff training on confidentiality and GDPR compliance.

10. Complaints

If you’re unhappy with how we handle your data:

  1. Contact us first—we’ll resolve it promptly.

  2. Escalate to the ICO if unsatisfied:

11. Policy Updates

We review this policy annually or as laws change. Updates will be posted on our website.