Privacy Notice for Waverley Clinic Ltd

Effective Date: January 2025

At Waverley Clinic Ltd, we are committed to protecting the privacy and confidentiality of your personal information. This Privacy Notice explains how we collect, use, and protect your data in compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

1. Who We Are

Waverley Clinic Ltd
21A East Street, Farnham, Surrey, GU9 7SD
Contact Email:
Phone: 01252 716611

2. What Information We Collect

When you visit our clinic or contact us for podiatry and physiotherapy services, we may collect and process the following personal data:

  • Personal Identification Information: Full name, date of birth, address, phone number, and email address.
  • Medical Information: Health history, treatment details, diagnoses, medications, and any other relevant health information. We use Heidi Health, a secure note-taking tool, to store and manage this information.
  • Appointment Details: Dates and times of your appointments with us.
 

3. How We Collect Your Data

We collect data in the following ways:

  • Directly from You: When you fill out forms, contact us via phone, email, or in-person, and during your consultations or treatments.
  • From Other Healthcare Providers: If necessary and with your consent, we may receive relevant medical information from your GP or other healthcare professionals.
 

4. How We Use Your Data

We use your personal data to:

  • Provide high-quality podiatry and physiotherapy services tailored to your needs.
  • Manage your appointments and communicate with you regarding your treatments.
  • Maintain accurate medical records in compliance with legal obligations.
  • Process payments and send invoices or receipts.
  • Comply with legal and regulatory requirements, such as reporting obligations to healthcare authorities (e.g., NHS, if applicable).
 

5. Legal Basis for Processing

We process your data based on one or more of the following legal grounds:

  • Consent: You have given explicit consent for us to process your medical data.
  • Contractual Obligation: We need to process your information to provide the services you requested.
  • Legal Obligation: We are required to process your data in accordance with healthcare laws and regulations.
  • Legitimate Interest: For purposes such as clinic administration, including managing appointments and handling queries.
 

6. Data Sharing

We do not share your personal data with third parties, except in the following circumstances:

  • Healthcare Providers: With your consent, we may share information with your GP or other medical professionals to coordinate your care.
  • Payment Processors: To process payment transactions securely.
  • Regulatory Authorities: When required by law, we may share data with regulators or legal authorities.
 

We will not sell or rent your personal information to third parties.

7. Data Security

We take data security seriously and implement appropriate technical and organisational measures to protect your personal information. This includes secure storage systems, encryption, and restricted access to your data.

8. Data Retention

We will retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Notice and to comply with legal requirements. Medical records will be kept in accordance with regulatory guidelines, after which they will be securely destroyed.

9. Your Data Protection Rights

You have the following rights regarding your personal data:

  • Access: You can request access to the personal data we hold about you.
  • Rectification: You can ask us to correct any inaccurate or incomplete data.
  • Erasure: You can request the deletion of your data in certain circumstances.
  • Restriction of Processing: You can ask us to limit how we use your data.
  • Data Portability: You can request a copy of your data in a machine-readable format.
  • Objection: You can object to certain types of data processing.
  • Withdraw Consent: You may withdraw your consent at any time for data processing that relies on consent.
 

To exercise these rights, please contact us at or call 01252 716611.

10. Cookies we use

Cookies

Analytics

  • __utmd

    to store and track visitor journeys through the site and classifies them into groups.

  • _gac_UA

  • _utm

    to store and track visits across websites.

  • _dc_gtm_UA

    to store number of service requests.

  • UTMD_

    to store and count pageviews.

  • gtag_logged_in

  • _gat_gtag_UA_

  • utm_campaign

    to Provide parameters to URLs to identify the campaigns that refer traffic.

  • utm_source

    to Provide parameters to URLs to identify the campaigns that refer traffic.

  • _opt_expid

    Thrown when a redirect experiment is running. Stores the experiment ID, variation ID, and referral source to the redirected page.

  • _opt_utmc

    Retains the last query parameter utm_campaign.

  • _opt_awkid

    Used for campaigns linked to Google Ads Criteria IDs.

  • _opt_awgid

    Used for campaigns associated with Google Ads ad group IDs.

  • _opt_awmid

    Used for campaigns linked to Google Ads Campaign IDs.

  • _opt_awcid

    Used for campaigns that are linked to Google Ads customer IDs.

  • _gac_

  • _gac_gb_

  • _ga_

  • _gaexp

  • __utmxx

    Determines when the experiment in which the user participated expires.

  • __utmx

    Determines if the user took part in the experiment.

  • __utmv

    Stores data about a visitor level custom variable. Thrown when a developer uses the _setCustomVar method with a visitor-level custom variable. Also used by the _setVar method, which is no longer supported. Updated every time data is sent to Google Analytics.

  • __utmz

    Stores information about the source of traffic or campaign, allowing you to understand where the user came to the site from. Generated when the library is run and updated every time data is submitted to Google Analytics.

  • __utmc

    Not used in ga.js. Installed for interoperability with urchin.js. Previously worked in conjunction with the __utmb cookie to determine whether a user should start a new session or visit.

  • __utmb

    Used to define new sessions / visits. Thrown when the JavaScript library is executed if there are no existing __utmb cookies. Updated every time data is sent to Google Analytics.

  • __utmt

    Limits the frequency of requests.

  • __utma

    Allows you to distinguish between users and sessions. Thrown when the JavaScript library is executed, if there are no existing __utma cookies. Updated every time data is sent to Google Analytics.

  • AMP_TOKEN

    Contains a token that can be used to get the Client-ID from the AMP service. Other possible values: disabling the function, active request, or an error in obtaining the Client-ID from the AMP service.

  • _gat

  • _gid

    Allows you to differentiate between users.

  • _ga

Unassigned

  • __utm.gif

Embedded_video

  • __utmt_player

    to store and track audience reach.

  • vuid

    to store the user usage history.

  • YSC

    to Store and track interaction.

  • VISITOR_INFO1_LIVE

    to provide bandwidth estimations.

  • GPS

    to store location data.

  • PREF

    to store user preferences.

Our cookie bar allows you to easily opt out of non-essential cookies.

11. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. Any changes will be posted on our website and available in our clinic. The latest version will always be available at your request.

12. How to Contact Us

If you have any questions or concerns about this Privacy Notice or how we handle your personal data, please contact us at:

Email:
Phone: 01252 716611
Address: Waverley Clinic Ltd, 21A East Street, Farnham, Surrey, GU9 7SD

13. Complaints

If you are unsatisfied with how we handle your personal data, you can lodge a complaint with the Information Commissioner’s Office (ICO) or your local data protection authority.