Privacy Policy

1. Who We Are

Claire Richards Mobile Footcare is the data controller for the personal data we collect and process. This means we are responsible for deciding how and why your personal data is used.
Contact details:
• Name: Claire Richards Mobile Footcare
• Email: claire@clairerichardsmobilefootcare.co.uk
• Telephone: 07967 816 870

2. What is Personal Data?

“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photograph, email address, or postal address). Identification can be by the information alone or in conjunction with any other information in our possession.

Where you share personal data about a third party with us, you should first obtain their consent to do so unless it is not possible or practical.

3. What Personal Data We Collect

We may collect and process some or all of the following personal data:
• Names, titles, and aliases
• Contact details such as telephone numbers, postal addresses, and email addresses
• Where relevant, demographic information such as gender, age, and date of birth
• Health information relevant to the foot care treatment you receive
• Website usage data, including IP address, browser type, pages visited, and the timing and frequency of visits

4. How We Use Your Personal Data

We use your personal data for the following purposes:
• To provide foot care services to you
• To maintain our own accounts and records
• To meet all legal and statutory obligations
• To send you appointment reminders, email notifications, and/or newsletters (where you have subscribed or consented)
• To analyse use of our website and improve our services

5. Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
Legitimate interests: Most of our processing is based on our legitimate interests (or those of a relevant third party) in operating and improving our services. We always consider and balance any potential impact on you and your rights.
• Legal obligation: Some processing is necessary for us to comply with legal or regulatory obligations.
• Consent: Where required (for example, for marketing emails or certain cookies), we will ask for your explicit consent before processing.
• Recognised Legitimate Interests (DUAA 2025): In certain scenarios, the Data (Use and Access) Act 2025 recognises additional legitimate interest grounds that may apply, such as processing necessary to prevent and detect unlawful acts.

Where we process special category data (such as health information), we will ensure an additional condition under Schedule 1 of the DPA 2018 applies, or we will seek your explicit consent.

6. Who We Share Your Data With

We will only share your personal data where necessary. This may include:
• Our agents, contractors, and service suppliers who provide services on our behalf (for example, our website host or booking system provider) — all of whom are bound by confidentiality and data processing agreements
• Government agencies, departments and regulatory bodies where required by law
• We do not sell your personal data to any third party

7. Cookies

Our website uses cookies to count visits and to customise pages based on your preferences. We obtain your consent before placing any non-essential cookies on your device, in accordance with the Privacy and Electronic Communications Regulations (PECR) as amended by the DUAA 2025.

For full details, please see our Cookies Policy.

8. International Data Transfers

Where personal data is transferred to countries or territories outside the UK, we will ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or other transfer mechanisms approved under UK law. Our website is accessible from overseas, and on occasion some personal data (for example in a newsletter) may be accessed from overseas.

9. How Long We Keep Your Data

We will keep your personal data only for as long as we need it for the purposes set out in this policy, unless we are required to keep it for longer by law. For example, it is current best practice to keep financial records for a minimum of 8 years. Personal data relating to health records is retained in line with applicable professional guidance.Where you provide information through a web form, voicemail, text, or postal form, the original source is erased or shredded as soon as the data is captured within our secure database. Data held about you will be securely deleted when it is no longer required.

10. Your Rights

Under UK data protection law, you have the following rights:
Right of access: You can request a copy of the personal data we hold about you (a Subject Access Request or SAR). Under the DUAA 2025, we will conduct a reasonable and proportionate search in response to your request. We may ask for clarification where needed, which will pause the response timeframe until we receive it.
Right to rectification: You can ask us to correct inaccurate or incomplete data.
• Right to erasure: You can ask us to delete your personal data in certain circumstances.
Right to restrict processing: You can ask us to limit how we use your data.
• Right to data portability: You can ask us to transfer your data to you or another organisation in a commonly used format.
• Right to object: You can object to us processing your data on the basis of legitimate interests or for direct marketing purposes.
• Rights in relation to automated decision-making: You have the right not to be subject to decisions made solely by automated means that have a significant effect on you. Under the DUAA 2025, where automation is used, transparency and human intervention safeguards apply.

To exercise any of these rights, please contact us using the details in Section 11. We will respond to your request within one month. If we are unable to take action on your request, we will let you know why, and inform you of your right to complain to us and to the Information Commissioner’s Office (ICO).

11. How to Make a Data Protection Complaint

New from 19 June 2026 — your right to complain directly to us.

Under Section 164A of the Data Protection Act 2018 (as introduced by the Data (Use and Access) Act 2025), you have a statutory right to make a data protection complaint directly to us. We are required to:
• Provide you with an accessible way to submit a data protection complaint
• Acknowledge your complaint within 30 days of receiving it
• Take appropriate steps to investigate your complaint without undue delay
• Keep you informed about the progress and outcome of your complaint without undue delay

To submit a complaint, please contact us:
• By email: claire@clairerichardsmobilefootcare.co.uk
• By telephone: 07967 816 870

If you remain unhappy with the outcome of your complaint to us, or if you prefer to complain directly to the regulator, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
• Website: www.ico.org.uk
• Telephone: 0303 123 1113

12. Data Security

We take the security of your personal data seriously. We comply with all legal obligations to keep personal data up to date; to store and destroy it securely; to not collect or retain excessive amounts of data; and to protect it from loss, misuse, unauthorised access, disclosure, and alteration. Appropriate technical and organisational measures are in place to protect your data.

13. New Purposes

If we wish to use your personal data for a new purpose not covered by this Policy, we will provide you with a new privacy notice explaining the new use prior to commencing the processing, and will set out the relevant purposes and legal basis. Where necessary, we will seek your prior consent.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law or our practices. The current version will always be available on our website, and the date at the top of this policy indicates when it was last revised.

15. Contact Us

If you have any questions about this Privacy Policy, or wish to exercise your rights or make a complaint, please contact:
• Email: claire@clairerichardsmobilefootcare.co.uk
• Telephone: 07967 816 870

This policy was last updated on 15th June 2026 to reflect the requirements of the Data (Use and Access) Act 2025