Privacy Policy
Your privacy and the security of your personal information is important to us. This policy explains how we collect, use, and protect your data in compliance with UK GDPR.
Last updated: January 2026
1. Introduction
mind · body · sole ("we", "us", "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services or visit our website, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
As a healthcare provider, we have additional responsibilities under the common law duty of confidentiality and professional standards set by the Health and Care Professions Council (HCPC).
2. Data Controller
mind · body · sole is the data controller for your personal information. If you have any questions about this privacy policy or how we handle your data, please contact us:
3. Information We Collect
We collect and process the following types of personal information:
3.1 Personal and Contact Information
- • Name, date of birth, and gender
- • Contact details (address, phone number, email address)
- • Emergency contact information
3.2 Medical and Health Information
- • Medical history and current health conditions
- • Treatment records, assessments, and clinical notes
- • Gait analysis data and biomechanical assessments
- • Prescription and treatment information
- • Photographs or images of your feet (with consent)
3.3 Financial Information
- • Payment information and transaction records
- • Insurance details (if applicable)
3.4 Website Usage Information
- • IP address and browser information
- • Pages visited and time spent on our website
- • Information provided through contact forms or appointment bookings
4. How We Use Your Information
We use your personal information for the following purposes:
- Providing healthcare services: To assess, diagnose, and treat your foot and lower limb conditions
- Administrative purposes: Managing appointments, billing, and clinic operations
- Legal and regulatory compliance: Meeting our obligations under healthcare regulations and professional standards
- Communication: Responding to your enquiries and keeping you informed about your care
- Improving our services: Analyzing website usage to enhance user experience (anonymized data only)
5. Legal Basis for Processing
Under UK GDPR, we process your personal data based on the following legal bases:
- • Provision of healthcare: Processing is necessary for the provision of healthcare and treatment
- • Legal obligation: Compliance with healthcare regulations and professional standards
- • Legitimate interests: Managing clinic operations and improving our services
- • Consent: Where you have provided explicit consent (e.g., for marketing communications)
6. Sharing Your Information
We may share your information with:
- • Other healthcare professionals: With your consent or when necessary for your care (e.g., your GP, specialists)
- • Service providers: Third parties who assist with our operations (e.g., IT services, payment processors) under strict confidentiality agreements
- • Regulatory bodies: When required by law or professional regulations (e.g., HCPC, CQC)
- • Legal requirements: When required by court order or legal process
We do not sell your personal information to third parties.
7. Data Retention
We retain your medical records in accordance with NHS and professional guidelines:
- • Adult records: Retained for 8 years after your last appointment, or until age 25 if you were under 18 when treatment ended
- • Children's records: Retained until age 25 or 8 years after last appointment, whichever is longer
- • Financial records: Retained for 7 years for tax and accounting purposes
After the retention period, records are securely destroyed in accordance with data protection requirements.
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion of your data (subject to legal requirements)
Right to Restrict Processing
Request limitation of how we process your data
Right to Data Portability
Request transfer of your data to another provider
Right to Object
Object to processing of your data in certain circumstances
Note: Some rights may be limited for healthcare data due to legal and professional obligations. To exercise your rights, please contact us using the details in section 2.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encrypted storage and transmission of sensitive data
- Secure, password-protected systems with restricted access
- Regular staff training on data protection and confidentiality
- Physical security measures for paper records
- Regular security assessments and updates
11. National Data Opt-Out
You have the right to opt out of your confidential patient information being used for research and planning purposes beyond your direct care. This is known as the National Data Opt-Out.
To find out more or to opt out, visit: www.nhs.uk/your-nhs-data-matters
12. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your information.
13. Complaints
If you have concerns about how we handle your personal data, please contact us first using the details in section 2. We will investigate and respond to your concerns.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator:
ICO Website: www.ico.org.uk
ICO Helpline: 0303 123 1113
14. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us: