Privacy Policy
Harley Medical Foot and Nail Laser Clinic (“we”, “us”, “our”) is a podiatry clinic providing assessment,
diagnosis, and treatment of foot-related conditions. We are committed to protecting your personal data and
ensuring it is handled securely and in accordance with the UK General Data Protection Regulation (UK
GDPR), the Data Protection Act 2018, and other applicable laws.
This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights.
What information do we collect?
When you use our website or book an appointment, we may collect personal information, including your name, address, date of birth, phone number, email address, General Practitioner (GP) details, and any information you provide about your foot health or condition. We also collect health-related information necessary for your care, such as clinical notes and treatment history.
This information may be collected directly from you when booking an appointment, completing forms, or
contacting us, or from third parties such as healthcare professionals (e.g. GP referrals).
We use your information to provide assessment, diagnosis, and treatment; communicate with your GP and
other healthcare professionals involved in your care; ensure accurate referrals and continuity of care; arrange
and manage appointments (including reminders) and maintain encrypted electronic clinical notes; process
payments and insurance claims; assess and audit the type and quality of care provided; investigate concerns,
complaints, or incidents; and support research, teaching, and training only with your consent and anonymised where possible.
We use Acuity Scheduling and Cliniko to manage our appointments. When you book online, your information is processed through these platforms in accordance with their privacy and security policies. This allows us to
efficiently organise and deliver our services.
We may share relevant information with your GP, referring clinician, or other healthcare professionals for
continuity of care; insurance companies or third-party payers where required to arrange or authorise treatment or payment; laboratories, orthotic manufacturers, or other medical providers involved in your treatment; and processors acting on our instructions, such as our electronic medical record provider, IT support, and accountants. We have data processing agreements in place and only share the minimum necessary information.
We may also share information where required by law or in exceptional circumstances, for example with health authorities, the NHS, the Department of Health and Social Care, or the CQC, to protect public health, prevent or detect serious crime, comply with a court order, or meet other statutory duties. In all cases, we share only what is necessary and anonymise data wherever possible.
You may object to certain sharing that is not legally or clinically required. We will explain any consequences of
such an objection for your care.
We may also collect administrative data such as appointment details, payment records, consent forms, and
correspondence.
Our lawful basis for processing
We process your personal data based on the following legal grounds:
• UK GDPR Article 6(1)(b) – Performance of a contract: to provide assessment, diagnosis, treatment,
appointment management, and related administration (including billing and payments)
• UK GDPR Article 6(1)(c) – Legal obligation: where we must keep records or make reports to comply
with legal or regulatory requirements (e.g. accounting, clinical safety, notifiable events)
• UK GDPR Article 9(2)(h) – Provision of health or social care for special category (health) data, together
with the Data Protection Act 2018, Schedule 1, paragraph 2
We do not rely on consent to provide clinical care. If consent is required for any non-essential use, we will
request it separately.
As part of providing healthcare services, we may maintain records of consultations, treatments, and relevant
medical information to ensure continuity of care and compliance with professional and legal obligations.
Website usage, cookies, and advertising
Our website may automatically collect certain non-personal information, such as your IP address, browser
type, and pages visited. This helps us improve our website and user experience.
We do not use or sell your health information or personal data for marketing purposes. We do not share it
without your consent. All photos or foot concerns are anonymised in accordance with our values.
We may share your data only with trusted service providers (such as booking platforms or website hosting
providers) where necessary to operate our services, and always under appropriate data protection safeguards.
We use third-party services such as Google Analytics and Google Ads, which may use cookies and similar
technologies to collect information about how you interact with our website. This information may be used to
analyse website traffic and show relevant advertisements based on your previous visits. Google may process
this data in accordance with its own privacy policies. You can manage or opt out of personalised advertising by visiting Google Ads Settings.
You can control or disable cookies through your browser settings.
Where do we store your data, and what security measures do we take?
Clinical records are securely stored in Cliniko, hosted within the UK/EU. Access is restricted to authorised
clinical and administrative personnel. Staff receive training on confidentiality and data protection. Systems are secured by usernames and passwords, devices are locked when unattended, and records are stored securely in electronic (and, where applicable, paper) form.
Suspected misuse of information is investigated and may result in disciplinary action or reporting to authorities.
If we ever need to transfer data outside the UK/EU, we will implement appropriate safeguards (e.g. adequacy
regulations or standard contractual clauses) and inform you where required.
How long do we keep your data?
We follow the NHS Records Management Code of Practice (2021). As a guide:
• Adult health records: 8 years after last contact
• Children’s records: until the patient’s 25th birthday (or 26th if treated aged 17)
• Surgical records and gait analysis data may be retained longer where necessary for clinical or medico-
legal purposes
Records that are no longer required are securely deleted or anonymised.
Your rights
Under UK GDPR, you have the rights of access, rectification, erasure (where legally possible), restriction,
portability, and objection. You can exercise these rights verbally or in writing, and we will respond within one
month.
We may charge a reasonable fee for excessive or repetitive requests, or for additional copies.
To exercise these rights, please contact us using the details below.
Complaints
If you are unhappy with how we process your data, you can complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.
We encourage you to contact us first so we can try to resolve your concerns quickly.
Contact
If you have any questions about this Privacy Policy or how your data is handled, please contact us at:
Clinic Name: Harley Medical Foot, Hand and Nail Laser Clinic
Email: receptionist@footcliniclondon.co.uk
Address: The Harley Medical Foot, Hand and Nail Clinic (London)
46 Harley Street, London W1G 9PT
Reception hours:
1PM – 2PM (Lunch Break)
After 5PM and weekends: please call the buzzer
Phone: 01206484185