R M Callaghan & Associates (“we”, “our”, or “us”) is committed to protecting and respecting your privacy.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website rmcallaghan.co.uk, contact us, or receive treatment from us.

1. Who We Are

R M Callaghan & Associates
Website: https://rmcallaghan.co.uk/
Email: [Insert contact email address]
Phone: [Insert contact phone number]
Address: [Insert business address]

We are a podiatry and chiropody practice providing clinical foot care and related health services.
For the purposes of data protection law, we are the Data Controller of your personal information.

If you have any questions about this policy or how we handle your data, please contact us using the details above.

2. What Personal Data We Collect

We may collect and process the following personal information:

a) Information you provide directly

• Full name and title

• Date of birth

• Contact details (address, telephone number, email address)

• Medical history and treatment records (as required for podiatry services)

• GP details and referral information

• Payment details and billing information

• Correspondence and communications with us

b) Information collected automatically

When you visit our website, we may collect:

• IP address

• Browser type, version, and device information

• Date, time, and duration of your visit

• Pages visited and how you interact with them

• Cookies and analytics data (see Section 6)

c) Information from third parties

We may receive personal data from:

• Your GP or referring clinician (with your consent)

• Health insurance providers

• Third-party booking or payment systems

• Regulatory or professional bodies (as required by law)

  
  

3. Lawful Bases for Processing

We will only process your personal data where we have a lawful basis under the UK GDPR:

Special category data (e.g. health information) is processed under Article 9(2)(h) of the UK GDPR — “necessary for the provision of health or social care.”

4. How We Use Your Personal Data

We use your information to:

• Register and manage your patient record

• Deliver safe and effective podiatry treatment

• Communicate appointment details, updates, and follow-ups

• Process payments and maintain financial records

• Respond to enquiries and feedback

• Comply with professional and legal obligations

• Improve our website, services, and customer experience

• Send occasional marketing communications (only if you have opted in)

  
  

5. Sharing Your Data

We will only share your data when necessary and appropriate, including with:

• Your GP, consultant, or healthcare provider (with your consent)

• Our insurers, indemnity, and regulatory bodies (if required)

• IT, payment, and administrative service providers (under contract)

• Legal or regulatory authorities (where required by law)

We ensure all third parties comply with strict data protection obligations.

We never sell or rent your data to third parties.

6. Cookies and Website Analytics

Our website uses cookies to improve functionality and performance.
Essential cookies are required for the site to operate. Non-essential cookies (e.g. analytics) are used only with your consent.

You can adjust your cookie preferences or disable cookies at any time via your browser settings.
For more details, please see our Cookie Policy.

7. Data Retention

We keep your personal data only as long as necessary:

• Medical and treatment records — in line with legal and professional standards (usually 7–10 years after the last treatment, or longer for children until age 25).

• Financial records — minimum 6 years for tax and audit purposes.

• Marketing data — until you withdraw consent or unsubscribe.

After the relevant retention period, your data will be securely deleted or anonymised.

8. Your Data Protection Rights

Under UK GDPR, you have the right to:

1. Access – request a copy of the personal data we hold about you

2. Rectification – correct inaccurate or incomplete data

3. Erasure – request deletion of your data (“right to be forgotten”), where legally applicable

4. Restriction – limit how we use your data

5. Data portability – receive your data in a structured, machine-readable format

6. Object – to certain processing, such as marketing

7. Withdraw consent – at any time where processing is based on consent

8. Complain – to the Information Commissioner’s Office (ICO)

To exercise any of these rights, contact us.
We will respond within one month of your request.

9. Data Security

We use appropriate technical and organisational measures to protect your data, including:

• Secure systems and encrypted storage

• Restricted access to authorised personnel only

• Regular data protection training for staff

• Secure disposal of physical and electronic records

While we take all reasonable steps to protect your information, please note that no system is entirely risk-free. If you suspect a data breach, please contact us immediately.

10. Data Transfers Outside the UK

If any of our service providers process data outside the UK or EEA, we ensure that:

• The country has an adequacy decision, or

• Appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your data.

  
  

11. Marketing Communications

We may occasionally send you updates or offers relevant to our services only if you have opted in.
You can withdraw consent or unsubscribe at any time by following the link in our emails or contacting us directly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or business practices.
Any updates will be posted on this page with a new “Last updated” date.
We encourage you to check this page periodically.

13. Contact Us

If you have questions about this policy or how your data is used, please contact us.

You also have the right to contact the Information Commissioner’s Office (ICO) if you are not satisfied with how we have handled your data:
Website: www.ico.org.uk