This privacy policy describes how and when the clinic collects, uses and shares information gathered during your appointment, or when you otherwise use my services. This is to comply with the General Data Protection Regulations (GDPR) 2018.

Information I Collect

To aid your treatment you will normally provide me with certain information, such as your name, address and medical information. I will store this information on an electronic patient record and diary system which is fully password protected.

Why I need your information and how I use it

For this I rely on a number of legal bases:

  • To fulfil your podiatry assessment and treatment, and to provide patient support
  • You are entitled to see the information that is held in relation to yourself
  • To comply with a legal obligation

Information Sharing

I share your personal information only in limited circumstances:

  • When it is relevant, and with your consent, I will share information with medical professionals such as your GP to allow continuity of care.
  • Your contact details (name and phone number) are shared with reception staff so that they can perform reception duties.

Data Retention

I retain your personal information only for as long as necessary to provide you with my services and as described in my Privacy Policy. However, I am also required to retain this information to comply with my legal and regulatory obligation, to resolve disputes. The retention of Podiatry records is normally a minimum of 8 years, after the last appointment.

Transfer of personal information outside of the EU

Cliniko, the electronic patient record and diary system I use) process your information through a third-party hosting service called Red Guava Pty Ltd, in Australia. Their EU representative is a company called VERASAFE EU. You can contact them at See below for more detail.

Your Rights

You have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases.

  • Access. You have the right to access and receive a copy of the personal information I hold about you by contacting me using the contact information below.
  • Change, restrict, delete. You may also have rights to change, restrict my use of, or delete your personal information. However, in the case of health records these are normally exempt from change or deletion requests.
  • Complain. If you wish to raise a concern about my use of your information (and without prejudice to any other rights you may have), you have the right to do so with the Information Commissioner at

How to contact me

For the purposes of GDPR, I Nicola Spuffard, am the data controller of your personal information. If you have any questions or concerns, you may write to me at:
DW Roberts (Opticians) 63 Queensway, Bletchley, MK2 2DR
Details of Electronic patient record and diary system Cliniko – Data Protection Officer –
Managed by Red Guava Pty Ltd Servers are located in Australia

  • EU representative is a company called Verasafe who can be contacted at Address: Verasafe EU, Zahradnickova 1220/20A, Prague 15000, Czech Republic
  • Or Verasafe Ireland Ltd, Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23 ATZP Ireland

Main Subprocessors

  • Cloud service provider – Amazon, United States
  • Platform – Engine Yard. Inc US
  • Content Delivery – Fastly Inc US

Other Sub processors

  • Cloud based customer support – Intercom, Inc. US
  • Cloud based email services – Mailgun Technologies, Inc US
  • Cloud based email services – The Rocket Science Group LLC US
  • Cloud based SMS services – Messages 4U Pty Ltd, Australia
  • Cloud based messaging services – Slack Technologies, US
  • Cloud based software error monitoring services – Honey Badger Industries LLC US
  • Cloud based Real time Notification services – Pusher Ltd UK