Privacy Policy

This Privacy Policy outlines how we collect, use, disclose, and protect your personal information in compliance with applicable privacy laws, including the General Data

Protection Regulation (GDPR).

1. Information We Collect

We may collect personal information, including but not limited to:

  • Name, address, email address, and phone number
  • Medical history relevant to your treatment
  • Payment and billing information
  • Any other details necessary for the purpose of your treatment and care

2. Legal Basis for Processing Personal Data

Under GDPR, we process your personal data on the basis of:

  • Contractual Necessity: To provide treatment and manage your care
  • Legitimate Interest: To improve our services and for administrative purposes
  • Legal Obligation: When processing is required by law

Where consent is required for certain uses of your data, we will obtain it separately and ensure it is clear and easy to withdraw.

3. How We Use Your Information

We use your personal information to:

  • Provide and manage your treatment and care
  • Communicate with you about appointments, treatment plans, and services
  • Process payments and insurance claims, where applicable
  • Improve our services and ensure compliance with legal and regulatory obligations

4. Disclosure of Information

We may share your information:

  • With healthcare professionals directly involved in your care
  • With third-party service providers, such as payment processors, under strict confidentiality agreements
  • When required by law, regulation, or legal process
  • With your consent, for purposes outside of treatment, billing, and administrative functions

5. International Data Transfers

If we transfer your personal information outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data, such as using Standard Contractual Clauses (SCCs).

6. Data Security

Apex Podiatry employs strict security measures to protect your personal information from unauthorised access, use, or disclosure. All data is stored securely and only accessible by authorised personnel.

7. Retention of Information

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy or as required by law. When no longer needed, we securely delete or destroy your information.

8. Your GDPR Rights

Under GDPR, you have the right to:

  • Access: Request access to your personal data and obtain a copy
  • Rectification: Correct any inaccurate or incomplete data
  • Erasure: Request deletion of your data under certain circumstances
  • Restrict Processing: Request limited processing of your data in specific situations
  • Object: Object to data processing based on legitimate interest
  • Data Portability: Obtain your data in a portable format

To exercise these rights, please contact us using the information below. We will respond to all requests in accordance with GDPR requirements.

9. Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you and the relevant data protection authority within 72 hours, as required by GDPR.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements. Any changes will be posted on our website, and we encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy, your rights, or how we process your personal information, please contact us.

Apex Podiatry