Privacy Notice

At Blackwater Podiatry Limited, we are committed to protecting your personal data and respecting your privacy. This notice explains how we collect, use, store, and protect your information in accordance with the UK GDPR and the Data Protection Act 2018.

 

What information do we collect?

We may collect and process the following information:

• Personal details (e.g. name, address, date of birth, contact details).
• GP details and other healthcare providers involved in your care.
• Medical history and clinical notes relating to your treatment.
• Appointment history and correspondence.
• Payment and billing information (where applicable).

This information is collected when you:

• Register as a patient.
• Attend appointments.
• Are referred to us by another healthcare professional.
• Contact us directly.

Your records may be held electronically, in paper format, or both.

 

Information collected automatically (Website use)

If you use our website, we may collect:

• Usage data (pages visited, time spent, navigation patterns)
• Device information (browser type, IP address, operating system)
• Cookies to improve user experience

This data is generally anonymised and used for analytical purposes.

 

Use of Heidi Health AI

We may use Heidi Health AI to assist with clinical documentation and note-taking during consultations.

This system may process information you provide during your appointment, including:

• Personal details
• Medical history
• Information discussed during your consultation

Purpose of use:
Heidi Health AI is used to support accurate, efficient, and high-quality clinical record keeping. It assists clinicians by generating structured clinical notes, which are always reviewed and approved by a qualified practitioner.

Lawful basis:
We process this data as part of providing healthcare services and fulfilling our legal obligations in maintaining accurate medical records.

Data protection and security:

• Heidi Health AI operates in compliance with applicable data protection laws
• Data is processed securely and access is restricted to authorised personnel only
• We ensure that any third-party providers we use meet appropriate data protection and confidentiality standards

Your rights:
You have the right to object to the use of AI-assisted documentation. If you would prefer that this system is not used during your consultation, please inform us and we retain the right to refuse treatment to any patients who do not consent to AI being used in the clinic.

 

CCTV Monitoring

We operate a Closed-Circuit Television (CCTV) system within our clinic premises for the purposes of safety and security.

Purpose of CCTV:

• To protect patients, staff, and visitors
• To prevent and detect crime
• To support the investigation of incidents

What we collect:
CCTV systems may capture:

• Video footage of individuals on the premises
• Images of staff, patients, and visitors
• All audio from inside the premises
• Two-way audio is utilised throughout the premises via CCTV cameras

Lawful basis:
CCTV is used under our legitimate interests in maintaining a safe and secure environment, in accordance with the UK GDPR.

Data storage and retention:

• CCTV footage is stored securely
• Access is restricted to authorised personnel only
• Recordings are retained for a limited period (2 months), however we retain the right to keep footage and audio, should legal requirements dictate.

Your rights:
You have the right to request access to CCTV images in which you appear. Requests will be handled in line with data protection laws.

Clear signage is displayed on-site to inform individuals that CCTV is in operation.

 

Cookies

Cookies are small files stored on your device to improve website functionality.

We use cookies to:

• Ensure the website functions properly
• Understand how visitors use our site
• Improve user experience

You can control or disable cookies through your browser settings.

 

How do we use your information?

We use your information to:

• Provide safe and effective podiatry care
• Communicate with you regarding appointments and treatment
• Share relevant information with other healthcare professionals involved in your care
• Maintain accurate medical records
• Process payments (where applicable)
• Respond to complaints or queries

We may also use anonymised data for:

• Clinical audit and service improvement
• Training and education
• Legal or regulatory requirements

 

Sharing your information

We may share your data with:

• Your GP or other healthcare professionals
• NHS or regulatory bodies where required
• Insurance companies (with your consent)
• Legal authorities if required by law

We will never share your data without your consent, unless:

• There is a legal obligation
• It is necessary to protect you or others from serious harm

Only the minimum necessary information will be shared.

 

How we keep your data secure

We take data security seriously and use:

• Secure clinical software systems
• Password-protected access controls
• Staff training in confidentiality and data protection
• Secure storage for paper records
• Regular data protection reviews

Any data breaches will be handled in line with legal requirements.

 

How long do we keep your data?

We retain patient records in accordance with UK healthcare guidelines.

Typically:

• Adult records are kept for at least 8 years after last treatment
• Children’s records are kept until age 25 (or longer if required)

After this period, records are securely deleted or destroyed.

 

Your rights

Under the UK GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request erasure (where applicable)
• Restrict or object to processing
• Data portability (where applicable)

 

Accessing your information

You may request a copy of your records (Subject Access Request).

• Requests are usually free of charge
• We will respond within one month
• A reasonable fee may apply for excessive or repeated requests

 

Right to erasure

You have the right to request deletion of your data in certain circumstances. However, this is not absolute, particularly where we are required to retain medical records for legal or regulatory reasons.

 

Data Protection Contact

If you have any questions or wish to exercise your rights, please contact:

Data Protection Lead
Mr. N. K. Hazael
Email: info@blackwater.co.uk

 

Complaints

If you are unhappy with how we handle your data, you can contact the:

Information Commissioner’s Office

 

Policy Review

We regularly review this privacy notice to ensure compliance with current legislation and best practice.