Privacy Policy

Privacy Policy - February 2021

  • Our privacy policy covers the collection, processing and use of your personal data under the Data Protection Act 1998 (DPA) and General Data Protection Regulations (GDPR).
  • Joanna Lea is the data controller. If you have any queries regarding your personal data please contact Joanna Lea at
  • We hold and process all personal data that you have provided to us in accordance with the DPA and GDPR guidelines.
  • kingstonfeet is registered with the Information Commissioner’s Office.

Providing consent & the data we collect

  • Attendance at the clinic requires you to consent to our privacy policy.
  • When booking with us you will be asked for your agreement to our privacy policy. On the day of your appointment you will/ have been asked to complete a patient registration form, signing this form includes consent to our privacy policy.
  • The information that we collect and store relating to you is primarily used to enable us to provide our service to you.
  • kingstonfeet also collects personal data on paper clinical notes. This information is also about your health and medication, including GP details. This enables us to assess, diagnose and treat your presenting condition.

Using your information

  • By providing your personal details on our patient registration form, you automatically consent to it being used for the purpose of:
    • Notifications of appointment reminders and changes
    • Notifications of unpaid fees
    • Sending copies of medical correspondence /referral request letters to other health care providers
    • Sending of occasional updates regarding clinical treatments available

We do not share your information with third parties for the purpose of sales or marketing.


  • All electronic data is held securely by Cliniko (see here)
  • All paper records are held in locked filing cabinets within the locked premises of kingstonfeet
  • Links on our website to other websites have their own privacy policies. We do not accept any responsibility or liability for their policies or website.
  • However, no personal data is held on our website.

Disclosure of your information

  • We may disclose your information to other healthcare providers as covered above and to regulatory bodies to enable us to comply with the law, assist fraud protection, investigations, legal cases, etc.

 Transfer of your personal data

  • We may disclose your personal data in the event that we sell the business. However, any such transfer will only be on terms that the confidentiality of your personal data is protected and that the terms of this privacy policy will continue to be complied with by the onward buyer.

Your rights

  • You have the right to access information held about you by us. Please contact us by email if you wish to access the personal information we hold relating to you. We will provide this information within one month of your request. There is a charge for this.
  • According to UK law, adult patient’s clinical records have to be kept for seven years from the last appointment. For children under the age of 18 years (eighteen), they are kept until their twenty-fifth birthday.
  • After the legally required time has expired, clinical notes will be shredded.
  • Your right to be forgotten: you may request via email that your personal data be erased from our system, excluding clinical notes, they have to be retained by law – see above.
  • We will continue to update this privacy policy to reflect changes to the DPA and/or GDPR.