Thank you for visiting the website of Cranstoun Footcare

We are committed to protecting and respecting your privacy. As of May 25, 2018, we have an obligation to collect and protect your data in accordance with European standards for data protection. The goal of the new framework is to make sure that we deal with your data in a lawful, fair and transparent manner, and that we take steps to ensure that your data are adequately protected.

This Privacy Policy is where we explain to you how we collect, use, and store your personal data.

We collect personal information when you visit the clinic, purchase from us, contact us or otherwise use our services, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We are limited to using your data under the following conditions: where you have consented to it, where we need to do so in order to fulfil our contract with you, or in certain special circumstances, such as compliance with legal obligations, or for other legitimate purposes.

We have adopted a “Privacy by Design” approach to your personal information, meaning that, to the best of our ability, we will employ state of the art means of collecting, storing, and transmitting your data, with a view to promoting privacy and data protection from the outset.

We keep this Policy under regular review. We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By consenting, you’re agreeing to be bound by this Policy. This Policy was last updated in May 2020.


Depending on how you use our services and our website, we may request data from you for a variety of reasons:


Should you create a user account on our website, we may request information such as your name and email address to identify you to us. This is to allow you to use the services available to you on the website, such as the ability to comment on articles.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help with spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here ( After approval of your comment, your profile picture may be visible to the public in the context of your comment.


When you contact us using email, a contact form on our website, via social media, or by any other method, we will use this information to reply to your message and to respond to your request.

Information we collect

We obtain information about you to aid your treatment or as part of purchasing something from our business you will normally provide us with certain information when you register with us, for example, when you contact us to book an appointment, or book online. We use mainly digital record keeping but may need to use paper forms on occasions.

The personal information we collect may include your name, postal address, email address, Date of Birth, Phone numbers, the Name of your GP, a medical history including a list of medication. We will store your information on an electronic patient record and diary system which is fully password protected. This information is stored securely in our cloud based clinic software Cliniko. We will never store or keep details such as your bank account or debit/credit card number.

Why we need your Information and How We Use It

We rely on a number of legal bases to collect, use, and share your information, including:

  • Where it is necessary for the purposes of creating a health care record to provide our services, such as when we use your information to fulfil your podiatry assessment and treatment, or to provide customer support.
  • We will contact you regarding appointment confirmation, changes to appointments or follow up after appointment, reminder for review appointments. When you contact us using email, a contact form on our website, via social media, or by any other method, we will use this information to reply to your message.
  • Share with your permission, information contained within your health record to other health professionals
  • When you have provided your affirmative consent, which you may revoke at any time, we will contact you by email, SMS or mail with product offers, newsletters and updates about our clinic.
  • If necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchase if required by tax law.

Information sharing and disclosure 

Information about our patients is important to our business. We share your personal information for very few limited reasons and in limited circumstances.

Medical professionals- With your consent we may contact your GP or other health professional involved in your care regarding your treatment with us. The reasons for this may include referral for treatment or diagnostic tests, to request information regarding a treatment or test you have had elsewhere, for the purposes of sending a medical report, for other reasons to coordinate your care or otherwise at your request.

Service Providers- If we refer you for a private clinical test the test providers may require information from us such as your name, date of birth, or other personal data in connection with the test. Should you need an orthotic insole as part of your treatment, our orthotic providers usually require basic information such as name, date of birth, height, weight and shoe size for the purposes of the orthotic prescription and for identifying your prescription. Since this varies from one provider to another we will discuss this with you before referring.

Business transfers- If we sell or merge our business me may disclose your information as part of that transaction, only to the extent permitted by law and with your consent.

Compliance with laws- We may collect, use, retain, and share your information if I am legally required to.

Retention of Data

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil legal obligations. This means you cannot ask for your records to be removed or destroyed. We will hold your personal information on our systems for as long as is necessary. The statutory period for the retention of health records for an adult is 8 years after the patient’s last appointment for adults. For children and young person under the age of eighteen, it is until their 25th (twenty-fifth) birthday. For mentally disordered persons (within the meaning of the Mental Health Act 1983), for 20 (twenty years) after their last treatment. For customers who are not patients but have bought products from our business we will keep any data you may have provided for a minimum of 6 years in line with tax legislation. We protect the privacy of children aged 16.  If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Where is your personal information stored?

We subscribe to a clinical system called Cliniko. This is a secure cloud based system our clinicians and administrative staff access via a password protected log in. Any personal information recorded on paper forms is scanned, added to your notes and the paper forms shredded and disposed of by a third party as confidential waste.  On occasions we may have your personal information on paper kept securely in a locked cabinet on the premises of Cranstoun Footcare.  We store and process your information through third-party hosting service Cliniko.  As a result, may transfer your personal information to a jurisdiction with different data protection and government surveillance laws outside the EU. We rely on Privacy Shield as the legal basis for the transfer with Cliniko clinical hosting. We do not sell, rent or share your information with third parties for marketing purposes. Only our clinicians and clinical assistants have direct access to your medical records. Our administrative staff have access to your personal details for the purposes of administration. This will include your contact information when you to book, cancel or change an appointment, in response to a general enquiry, or to let you know of any important changes in our practice such as opening hours and changes in therapy staff who are involve in your treatment. For more information regarding Cliniko visit

Technical uses of your Information

Our site collects data about visits to the site in order to optimise our site, as well as to promote security by checking for unusual activity, hacking attempts, and other potential threats. The data that is collected also facilitates internal operations such as troubleshooting, data analytics, and research and testing. Data about visits to the site are generally anonymous or pseudonymous. If you are logged into the website and have provided us with personal information, it may be possible for us to track your activity on the site.

Information collected for technical purposes may include which pages you have visited (including the date and time), which services and pages you viewed or searched for, page response times, download errors, files downloaded, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from a page, and other metrics related to your visit to our site.

We use Google Analytics to track visits to the site. More information about Google Analytics can be found on the Google Analytics website (

Information that may be passed to third parties outside our control:

On many of the pages on our site you will see “social feeds” for services such as Twitter, Pinterest, Facebook, and/or other social media services. These services enable you to share, comment, or bookmark pages on our site.

Some pages may also include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor has visited the other website directly.

You should be aware that all of these sites and services are likely to be collecting information about what you are doing all around the Internet, including on our site. We recommend that you check the respective policies of each of these sites to see how exactly they use your personal information and to find out how to opt out, or delete, such personal information if you should wish to do so at any time.

Cookie Policy

As with most websites, our website does use cookies which are small files downloaded to your computer to improve your experience. They are mainly used to remember your browsing preferences such as information you may enter on one of our contact forms. If you would like any more information about this then you can also view our more detailed cookie policy at

Links to other websites

Our website may contain links to other websites. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

How you can access and update your information

The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at:

Security precautions are in place to protect the loss, misuse or alteration of your information. Your personal data is accessed by us via password protected computers, phone or iPad. Your personal data is not stored on these devices but kept on secure servers operated by Cliniko, our clinical resource management software programme.

When email submissions via our webpage we ask you not to include too much personal information, please only use for general enquiries.


You have a choice about whether or not you wish to receive information from us. If you do not want appointment reminder communications from us then you can opt out at any time – We will ask you about this at your initial appointment. We would point out that we offer reminders as a courtesy to help you remember your appointment.

We do like to keep our patients informed from time to time about new services and improvements in our practice to help with your Podiatry care. We will not contact you for marketing purposes by email, phone or text message, without your permission. You can opt out of marketing communications from us at any time.

Your Rights

You have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. We describe these rights below.

Access. You have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information.

Change, restrict, delete. You may also have rights to change, restrict my use of, or delete your personal information. In the case of health records these are normally exempt from change and deletion requests.

Object. You can object to (i) us, processing of some of your information based on your legitimate interests and (ii) receiving marketing messages from us after providing your express consent for receiving them. In such cases, we will delete your personal information unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.

Complain. If you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with the information commissioner

How to Contact Us

For purposes of the GDPR, I, Kirsty Smith, am the data controller of your personal information. If you have any questions or concerns, you may contact me at Cranstoun Footcare, Cranstoun Hall, Pathhead. EH37 5RF or by email to