1. Introduction

R M Callaghan & Associates (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy & Data Protection Policy sets out how we collect, use, store, share, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website (rmcallaghan.co.uk) or otherwise providing us with your personal data, you agree to the processing described in this policy.

2. Data We Collect

We may collect and process the following types of personal data about you:

a. Data you provide directly

• Name, title, date of birth

• Contact details: address, email address, telephone number

• Medical information relevant to podiatry / chiropody treatments (if you are a patient)

• Communication content (messages, emails, notes)

• Payment or billing information (if applicable)

• Any other information you choose to provide (e.g. via forms, surveys)

b. Data collected automatically

• IP address

• Browser type and version

• Operating system

• Referring URLs

• Pages visited, time and duration of visits

• Cookies and similar tracking technologies

c. Data from third parties
We may receive data from external sources (e.g. appointment platforms, health record systems, your GP with consent) where necessary and lawful.

3. Legal Basis for Processing

We will only process your personal data where we have a valid legal basis. These include:

• Consent — when you have given clear consent for us to process your data for a specific purpose (e.g. subscribing to our newsletter)

• Contractual necessity — to fulfil a contract with you (e.g. providing services, billing)

• Legal obligation — to comply with laws and regulations (e.g. record keeping, regulatory requirements)

• Legitimate interests — for our business interests (e.g. improving services, fraud prevention), provided your rights do not override them

• Vital interests / public interest — in limited circumstances, e.g. to protect someone’s life or for health protection

  
  

4. Purposes of Processing / What We Use Your Data For

We may use your personal data for:

• Administering your account and relationship with us

• Scheduling, providing, and managing treatment and services

• Communicating with you (e.g. reminders, follow-ups, enquiries)

• Billing and payment processing

• Improving our website, services, and operations

• Complying with legal, regulatory, and insurance obligations

• Marketing (if you give consent) — e.g. sending newsletters, special offers

• Aggregated analytics and reporting (non-identifiable)

• Fraud prevention, security, and internal audit

  
  

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience, to analyse usage, and for security purposes.

• You will be given an option to accept or decline non-essential cookies (analytics, marketing).

• Essential cookies necessary for the site to function will still be used.

• You can manage your cookie preferences via your browser settings.

• To learn more, see our Cookie Policy (or include a section or link here).

  
  

6. Sharing and Disclosing Data

We may share your personal data with third parties only where necessary, such as:

• Service providers and processors (e.g. appointment systems, payment providers, IT support)

• Healthcare or medical professionals (with your consent)

• Legal or regulatory bodies (where required by law)

• Insurance, indemnity, or auditing bodies

• In case of business transfer or restructuring (with safeguards)

We require appropriate contractual and organizational measures to ensure such third parties protect your data in accordance with GDPR.

7. Transferring Data Outside the UK / EEA

If we transfer your personal data to destinations outside the UK / European Economic Area (EEA), we will ensure:

• The destination country has been deemed to have adequate protection by the UK government; or

• We use standard contractual clauses or other appropriate safeguards approved under UK GDPR; or

• You have explicitly consented to the transfer.

  
  

8. Data Retention / How Long We Keep Your Data

We will retain your personal data only for as long as necessary to fulfil the purposes stated:

• Clinical / treatment records: in accordance with health regulations and professional guidelines

• Financial / billing information: for statutory audit / tax periods

• Marketing and communications: until you withdraw consent or opt out

• Analytics / logs: often aggregated and stored for a fixed period (e.g. 1–3 years)

When data is no longer required, we will securely delete or anonymise it.

9. Your Rights

Under UK GDPR, you have various rights in respect of your personal data. These include:

• The right to be informed (this policy is part of that)

• The right of access — to obtain a copy of your personal data

• The right to rectification — to correct inaccurate or incomplete data

• The right to erasure (“right to be forgotten”), subject to legal constraints

• The right to restrict processing

• The right to data portability — to receive your data in a structured, machine-readable format

• The right to object — to certain processing (e.g. marketing)

• Rights in relation to automated decision-making and profiling

To exercise any of these rights, contact us using the details below. We will respond within the statutory timeframe (usually one month, extendable in specific circumstances).

10. Security of Data

We use appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, access controls, regular backups, staff training, and secure storage.

However, no system is completely secure — if you believe your data has been compromised, please notify us promptly.

11. Complaints / Supervisory Authority

If you are unhappy with how we process your personal data, please contact us first so we can address your concerns.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK:
ICO (www.ico.org.uk).

12. Contact Information

If you have questions, wish to exercise your rights, or wish to make a complaint, please visit our contact page.

We may update this policy from time to time (for example, to reflect changes in law, data practices, or services). The “Last updated” date above will change accordingly. We will notify you of material changes (e.g. via website notice or email).

Last updated: October 2025