Personal Information Policy
General Data Protection Regulations 2018
We need to collate and keep our patient’s personal data to be able to provide safe and appropriate treatments and care.
All About Feet Ltd is a healthcare company offering Podiatry, Chiropody, Foot Health, Complementary Therapies and Beauty Treatments. Each All About Feet clinic is a company within the All About Feet franchise. Relevant Personal Information Policies are available at each location.
All About Feet Ltd and All About Feet Franchising Ltd are registered at Companies House. Contact information is below.
We process information to enable us to provide health services to our patients, to maintain our accounts and records, promote our services and to support and manage our employees, co-workers and franchisees.
Our patient records and some financial details are held on a computer system and with i-pads used in each clinic (patient details only). The system provider is based in the UK and GDPR compliant, as is our email provider and card payment system. The computer is password protected, has a privacy mode, is only accessible by authorised members of staff and information is stored securely and backed up automatically.
This is collected at first and subsequent appointments and may include:
- Contact and identification details such as name, address, contact number, date of birth, occupation, next of kin (in the event of an emergency)
- Electronic signature on Consent to Treatment form which is available to read as hard copy. Verbal consent is noted at each appointment. This form is our legal basis for processing the patient’s data.
- Medical details such as GP and any specialists, medical history, current condition and medications
- Details, notes and photos of reason for treatment, conditions presented, treatment given, advice, subsequent contact, incidents, practitioner carrying out treatment
- Photos for identification purposes may be taken with patient’s permission
- Information and correspondence from other health care professionals
- Accounting information
Children under 16 will need to be accompanied by a parent, guardian or so nominated responsible adult who will sign a consent form on their behalf. Any proposed procedure to be carried out will be carefully explained to the child, so they are fully aware of what is going to happen and will only be carried out with their and their accompanying adults’ consent.
We are always very aware of what can be overheard and are mindful of this. All information collected is treated in the strictest of confidence and is gathered in order to identify, treat, advise with next-of-kin details needed for an emergency. We do not collect more information than we require in order to treat and advise the patient.
The Computer and i-pad are all password protected with each user having their own password and code. Data accessed on remote devices is also accessed via multiple passwords. The computer also has a locked screen key.
Data may be shared with other professionals (GP, physiotherapist, consultants etc) with the patient’s permission.
Receipts for insurance companies give only broad, not precise, details of the appointment.
Any photographs taken during appointments are done so with the patients written and verbal consent and used for identification or medical purposes.
Should the patient no longer wish to be on our data base, we are unable to delete them completely since we have to keep medical records for a period of time. We can however, ‘deactivate’ them from our system, whereby they are ‘archived’. Childrens records are kept until they are age 25 or for eight years after the last contact, whichever is longer.
Our records are as accurate as the data provided by the patient or data received from a third party (GP, Consultant etc).
We do not provide or sell data to any outside agencies. We may email patients to advise them of a new or improved treatment now available or send a Newsletter to keep patients up-to-date on a matter.
Should we become aware of a data breach we will notify the ICO via their Live Chat Line: 0303 123 1113 or email as is required by law.
We are aware of our responsibilities and the rights of individuals and endeavour to treat all data carefully, safely, securely and responsibly adhering to the 6 Core GDPR principles. Our patients have the right to request a copy of their information by making a request in writing. We will provide a copy of the records within 30 days of receipt of the request.
If you have any disagreement with the above, please discuss the matter with us. You have the right to object but please be aware that this will affect our ability to treat you. Complaints should be made at the time of the appointment at the location concerned. Written complaints should be made within a reasonable time after the appointment either to the location concerned or to the data controllers below.
This data will be reviewed and updated regularly
All About Feet Ltd, 25 Plough Road, Yateley, Hants, GU46 7UW, 01252 874242 and
222-224 Fleet Road, Fleet, Hants, GU51 4BY
Data Protection Controllers
Kay Knight and Amanda Cherry
Directors Feb 2021