01945 585292
boo and harvey logo red

Privacy Policy

Boo & Harvey Ltd

The Foot Centre

Website Privacy Statement

The Purpose of this privacy statement is to explain how Boo & Harvey Ltd, owners of The Foot Centre, process personal data to fulfil its data protection responsibilities. This statement will be supplemented by ‘specific to client’ privacy notices when needed. The scope of this statement covers all related activities by the staff of Boo & Harvey Ltd referred to as B&H for the remainder of this document. 

The Role of B&H in data protection terms is that of a data controller where it determines the purpose and use of personal data collected. Once received it becomes the responsibility of the privacy manager (PM) to ensure that it is processed in accordance with the latest UK data protection legislation. To contact the PM please use admin@booandharvey.co.uk. B&H is registered with the Information Commissioner’s Office (ICO).

The personal data processed by B&H will be basic contact information for the purposes of responding to general enquiries, making bookings and staying in touch once your treatment has finished. Due to the nature of the services on offer, it will also be necessary to collect and process health related data. If B&H is not given all of the requested information, it may result in an incomplete service being provided. 

B&H’s duty of confidentiality means that B&H staff will treat clients’ personal data with due respect and in confidence. It is only disclosed to those that need to know it. B&H uses reasonable organisational and technical measures to ensure personal data is kept secure including the use of the Cliniko platform for bookings and storing your medical notes. B&H also expects the same duty of confidentiality of all third parties with whom it shares personal data, including sub-contractors. 

B&H processes personal data against a lawful basis as described below:

  • To respond to your general enquiries, and staying in touch with you after your treatment, we will use our legitimate interests
  • To comply with our legal obligations
  • To fulfil our contractual obligations including their prior preparation. This includes the processing of special category data when it is necessary including for the purposes of preventive or occupational medicine, for the assessment of the working capacity of employees, and the management of health or social care of individuals.
  • To act in the vital interests of clients if confronted with an emergency situation
  • When processing for a pre-defined purpose for which your consent has been sought and recorded prior to that processing commencing 

In all cases the processing of personal data by B&H shall be:

  • Processed lawfully, fairly and transparently
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary (and no more)
  • Accurate and, when necessary, updated
  • Kept for no longer than is necessary
  • Processed in a manner that ensures appropriate security.

B&H will share personal data, but only when absolutely necessary, with some or all of the following third parties:

  • Emergency services
  • The Inland Revenue (HMRC)
  • Solicitors appointed by B&H
  • An accountant appointed by B&H
  • Cliniko for booking and record keeping
  • NHS when you have been referred to your GP 
  • Foot health professionals appointed by B&H 
  • Other health professionals but only with prior consent
  • Joyous shoes but only if you are ordering shoes through B&H
  • Unspecified recipients but only when compelled to do so for legal reasons

Please note that cliniko is a practice management system used extensively by health care professionals that is used for the purposes of bookings, processing medical records and running on-line consultations. You can view their privacy policy by visiting their website, cliniko.com or by clicking https://www.cliniko.com/policies/privacy/.

On-line consultations with B&H are not normally recorded although it may be necessary to take still images during the consultation for the purposes of providing our services. If recording is beneficial, then you will be asked for your consent prior to recording.

B&H will process your personal data in the UK either on standard office equipment or using Cliniko (see above). Email is processed using a reputable web-based provider and mobile phone contacts are stored on both office IT equipment and mobile phones. 

B&H follows a retention schedule to determine the length of time it holds different types of personal data. The retention schedule is shown below:

  • Routine correspondence for casual enquiries that do not result in a booking will only be stored for no more than one week before deletion 
  • Personal data, including health data, collected as a result of a booking, will be retained for 7 years after the last treatment is recorded
  • Contact data is stored indefinitely unless a valid request to erasure is received from the interested data subject
  • Financial records and invoices, which may include personal data, will be retained for 6 years after the end of the current tax year of processing
  • By exception, documentation that includes personal data may be retained by B&H beyond the schedule, but only for a specific purpose and only when B&H believes there is a legitimate interest or a legal obligation to do so

At the end of the retention schedule B&H will either return, destroy or delete your personal data and any associated emails or relevant documentation. If it is technically impractical to delete electronic copies of personal data, it will put it beyond operational use. It should be noted that B&H allows up to 3 months after the retention schedule to complete the action.

The B&H website uses cookies but visitors to the website are asked to consent to non-essential cookies before these are dropped – please see the separate cookie notice. 

The B&H website links to appropriate business websites of interest. If these are used, you should be aware that the B&H has no responsibility for the control, content or handling of your personal data by these other websites.

The General Data Protection Regulation defines the rights that you have (although these do not apply in all situations), For convenience, these rights are shown below:

  • Right to be informed as to how your personal data is being processed by us – this is done through this statement or specific to customer privacy notices
  • Right to access your personal data held by B&H which is done by making a ‘Data Subject Access Request’ (DSAR) to the privacy manager
  • Right to rectification of your personal data if you believe B&H has collected it incorrectly or it needs to be updated
  • Right to erasure of your personal data for which B&H no longer has a legitimate purpose to process
  • Right to restrict processing under certain circumstances, during which time your personal data but will be out of operational use until the related matter is resolved;
  • Right to data portability of your personal data in a machine-readable version, as you have provided but only applicable to data provided with your consent or under contract
  • Right to object to B&H processing your personal data for which it does not have a legal or contractual obligation
  • Rights related to automated decision making and profiling (however B&H does not use these techniques in its decision making) 

Further details on data subjects’ rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk.

Raising concerns, exercising rights or making queries about B&H’s processing of personal data can be done by contacting the privacy manager. Please be aware that we will need to determine your identity before responding fully, therefore, you may be asked for proof of ID or other material that, in context, will enable us to confirm your identity. Alternatively, if you have a complaint, you may contact the ICO directly, using the details provided above.


March 2021