Who we are

This web-site is owned and operated by Footpal. Our website address is: https://www.footpal.co.uk.

Our approach to privacy

We know that everyone says security and privacy is important to them. We personally feel strongly about these things and believe it is especially important for our type of business.

We manage our own use of the Internet to maximise our privacy and don’t like many of the intrusive things some companies do. But anyone can say this, so here’s what we’re doing in concrete terms:

  • We have written this privacy policy with care and made sure it’s all true. This might be a surprising statement, but some web-sites just use a standard policy and do not check they are following it.
  • We minimise the information we collect and store. Our clients come to us and stay with us because we provide good foot care and more, not because we bombard them with advertising.
    • A good example of this is that we use Google “fonts” to display the text of this web-site, but we have done extra work to store these on our own servers rather than getting them from Google – this is just to remove one form of Google tracking.
  • We use leading privacy compliance software to give you the ability to choose which cookies are used by our web-site on your device. This also automatically generates a cookie policy which is kept up to date and lists all cookies with descriptions of what they are for. You can change your preferences at any time through that page.
  • We have provided simple short, clear English summary as well as the full policy because we know that all long policies are impossible to check.
  • We welcome hearing from you if you have suggestions so that we can put more action behind these words.

Summary of Privacy Policy

This is provided for ease of reading, but is not a substitute for the full policy below.

  1. We only collect personally identifiable information about you if you contact us. We only use it for responding to you. We will not subscribe you to further regular communications without asking you first. We may contact you infrequently for a specific reason, but you can ask us not to and to remove your details – we will do that straight away. An example might be because you had asked us about a specific foot issue and we later learn something new which we think could be of use to you.
  2. If you become a client, we have to record and retain details about you and any treatments. But this is separate from any details and permissions for contacting you to market our services.
  3. We use a couple of types of cookies – the first is a cookie so that we know you have accepted cookies (if you have of course). The second are cookies from Google so that we can use Google Analytics. When we do this, we never provide Google (or anyone else) with your personal data or a way to identify you.
  4. It is possible we may want to give you extra features on this site or use services ourselves in future which have an impact on privacy. If we do this this, we will publish a clear explanation of what we’re changing and why and your options. We will NOT just say there is a new policy and bury the changes within it.

Our Full Privacy Policy

What personal data we collect and why we collect it

Cookies

Our intention is that our use of cookies** is minimal compared to most web-sites and avoids anything which is of unknown purpose or invasive. If you spot something or think this is not the case, please get in touch as we will investigate.

We use Google Analytics so that we can see, for example, how people find our web-site and what pages they visit most. This is so we can improve our site for you and us.

We have turned on an optional feature with Google to protect your privacy. This is called IP-masking which means that your computer’s unique address is NOT recorded by Google (only a part of it is).

You can tell us not to use Google Analytics for statistics while you are on our site by unselecting “Statistics” in the cookie pop-up or on the cookie policy page.

Our full cookie policy explains our use of cookies more thoroughly and lists all cookies with a description of what they do. This is kept up to date automatically. It also allows you to change your preferences at any time.

[** a cookie is a small piece of information our web-site asks your web browser to store on your computer/device.]

Other data we hold

We do not currently hold any other data about you if you are just a web-site visitor. We will store emails you send to us and other messages (e.g. texts and WhatsApp) are stored on the relevant services.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically.

The cookies we set (see above) on your device are kept for up to one year so that you do not have to keep accepting a pop-up. But you can change your preferences at any time through the cookie policy page.

You can also delete cookies from your devices yourself at any time. This link (from another web-site not under our control) explains how you can do this or you can use a Web search engine to get advice.

Emails are periodically removed from their servers and archived by us in the UK. Other forms of messaging will typically only be stored for a short time relevant to their purpose, but we do not have a specific policy on erasing these messages and contact details currently so you should consider them to be held indefinitely (unless you ask us to remove them).

Your rights over your data

You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

It is worth noting that currently, unless you have contacted (e.g. by email), we will not hold any personal data about you.

You have these rights also if you are a client who has provided us with personal data as part of your treatment, but this is NOT stored on our web-site.

Where we send your data

We have chosen to keep all our web-site processing in the EU as this provides a higher level of data protection legislation than other parts of the World. If we store personal data on our web-site in future, it would be held there. We will maintain a policy of keeping minimal data on our web-site (usually no more than one day’s worth). After that, data will be stored securely in the UK on our own equipment.

If you send us email, it is processed by an email provider in Canada whose revenue comes from fees such as we pay rather than advertising etc. We have worked with this email provider for a number of years for business and personal email services for reasons of service, privacy and security.

We believe this provides a higher level of privacy than using one of the free or mainstream US email providers (e.g. Google, Microsoft etc). It is worth noting that any email you send to us will pass through your own email provider (and possibly other services) before reaching our email provider. We have no control over these other services and email should not be considered secure.

Additional information

How we protect your data

We store the minimum information required to operate this web-site on our servers. We do NOT store other personal data collected from clients or prospective clients from other sources (e.g. when you fill in a consent form or provide your address to us).

We use a range of security software and procedures to protect the minimal information we do hold on our web-site. We do not disclose the full details of these but they include expected measures such as monitored firewalls, monitoring of attempted attacks and effective procedures for quickly improving and changing security measures when needed.

We automatically update our web-site software to ensure that when any security flaws are found, these are removed as quickly as possible.

Our security measures have been put in place and are monitored and reviewed by a person with information security experience.

Data breach procedures we have in place

We do NOT hold your personal information on our web-site computer servers. If you use our Contact Us form* to contact us, your details will be briefly held on the server while this request is processed.

We will notify any affected users of our site as soon as reasonably practical should a data breach be suspected or confirmed. We will also notify the Information Commissioner where necessary.

Third parties we receive data from

Google Analytics provides us with information about visitors to our web-site without identifying them. Some of this is information collected during your use of our web-site (for example which pages you look at and whether you’ve been here before).

They also provide us with other information such as where visitors to our site have come from. For example, did they search for something specific, type in our address or come from another web-site link.

Automated decision making and/or profiling we do with user data

We don’t do any of this.