Last updated: February 2026
Lower Limb Clinic ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website (www.lower-limb.com), attend our clinics, or interact with our services.
We comply fully with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR). This policy should be read alongside our Terms & Conditions.
The data controller responsible for your personal data is:
Lower Limb Limited
Company Number: NI636450
Registered Address: 385 Lisburn Rd, Belfast BT9 7EP
Email: hello@lower-limb.com
Phone: 028 9013 9185
For all data protection enquiries, please contact us at hello@lower-limb.com marked "FAO Data Protection".
We may collect and process the following categories of personal data:
This is "special category data" under Article 9 of UK GDPR and receives enhanced protections. It includes:
We process your personal data only where we have a lawful basis to do so. The table below sets out the purposes for which we process your data and the corresponding lawful basis under UK GDPR:
| Purpose | Lawful Basis (UK GDPR) |
|---|---|
| Providing clinical treatment and care | Art. 6(1)(b) — Contract; Art. 9(2)(h) — Health purposes |
| Managing appointments and bookings | Art. 6(1)(b) — Contract |
| AI-assisted clinical note-taking | Art. 6(1)(f) — Legitimate interests; Art. 9(2)(h) — Health purposes |
| Processing payments and invoicing | Art. 6(1)(b) — Contract |
| Sending appointment reminders | Art. 6(1)(f) — Legitimate interests |
| Complying with legal and regulatory obligations (HCPC, HMRC) | Art. 6(1)(c) — Legal obligation |
| Safeguarding and child protection | Art. 6(1)(d) — Vital interests; Art. 9(2)(c) — Vital interests |
| Improving our website and services | Art. 6(1)(f) — Legitimate interests |
| Managing insurance claims on your behalf | Art. 6(1)(b) — Contract; Art. 9(2)(h) — Health purposes |
| Marketing (only with your explicit consent) | Art. 6(1)(a) — Consent |
Where we rely on legitimate interests, we have carried out a Legitimate Interest Assessment (LIA) to ensure that your interests, rights, and freedoms do not override our legitimate interests. You may request details of our LIA by contacting us.
Health and clinical data is classified as "special category data" under UK GDPR and receives additional protections. We process this data under Article 9(2)(h) — processing necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care, or the management of health or social care systems and services. This is further supported by Schedule 1, Part 1, Paragraph 2(2)(f) of the Data Protection Act 2018, which permits processing for the management of health care systems or services.
All clinicians who access special category data are subject to a duty of confidentiality under HCPC professional standards and the common law duty of confidence.
We use carefully selected third-party services to help us deliver our services. Each processor is bound by a written data processing agreement in accordance with Article 28 of UK GDPR and operates in compliance with applicable data protection law:
We use Cliniko to manage patient records, appointments, and clinical notes. Cliniko stores all data on secure, encrypted servers and acts as a data processor on our behalf. Cliniko's servers are located in Australia; appropriate safeguards (including Standard Contractual Clauses and the UK International Data Transfer Agreement) are in place. For more information, see Cliniko's Privacy Policy.
We use Gift Up to manage the sale and redemption of gift vouchers. When you purchase a gift voucher, your name, email address, and payment details are processed by Gift Up on our behalf. Payments are processed securely via Stripe. For more information, see Gift Up's Privacy Policy.
Our sister company Realta Labs receives 3D foot scan data and prescription information for the purpose of manufacturing custom orthotic devices. Realta Labs processes this data solely for the fulfilment of your orthotic prescription and is bound by a data processing agreement.
We may also use processors for email communications, website hosting, analytics, and payment processing. All processors are vetted for UK GDPR compliance and are bound by appropriate data processing agreements. A full list of sub-processors is available on request.
We implement appropriate technical and organisational measures to protect your personal data in accordance with Article 32 of UK GDPR, including:
We use AI-assisted technology during clinical assessments to support accurate and efficient note-keeping. It is important to understand:
We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on you, as defined under Article 22 of UK GDPR. All clinical decisions are made by qualified human clinicians. AI tools (as described in Section 8) assist with administrative tasks only and do not make or influence clinical decisions.
All personal and health information you share with us is treated as strictly confidential. We adhere to:
We will never share your personal or health data with third parties for marketing purposes. Information may only be disclosed:
We retain your data for the following periods, in line with professional, legal, and regulatory requirements:
When retention periods expire, data is securely deleted or anonymised. Clinical records are disposed of in accordance with NHS confidential waste procedures.
Our website uses cookies in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR). We use:
You can manage cookie preferences through your browser settings or through the cookie consent mechanism on our website. Disabling certain cookies may affect website functionality. For more details on the specific cookies we use, please contact us.
We will only send you marketing emails with your prior explicit consent, in accordance with PECR. You can withdraw consent at any time by clicking "unsubscribe" in any marketing email or by contacting us directly.
Some of our third-party processors may store or process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place in accordance with Chapter V of UK GDPR, including:
Details of the specific safeguards in place for each international transfer are available on request.
We treat children under 16 with our Children's Foot Assessment service. In relation to children's data:
In the event of a personal data breach, we will:
Under UK GDPR, you have the following rights:
To exercise any of these rights, contact us at hello@lower-limb.com marked "FAO Data Protection". We will respond within one calendar month. This period may be extended by up to two further months for complex or numerous requests, in accordance with Article 12(3) of UK GDPR. We will inform you of any extension within one month of receiving your request.
We may ask you to verify your identity before processing your request. There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
We would appreciate the opportunity to address your concerns before you contact the ICO. Please reach out to us at hello@lower-limb.com.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated revision date. Where changes are material, we will take reasonable steps to notify affected individuals. We encourage you to review this policy periodically.