Privacy Statement

Malvern Foot Clinic Cookie Use
Updated 2nd November 2020
Your privacy is important to us. Foot Clinics™ (John Malik Ltd and the Malvern Foot Clinic Ltd) may collect personal information from this site from information submitted to us such as your name, gender, mailing address, email address, telephone number and any other information specifically forwarded to us:

Any personal data supplied to us may be used to communicate with you and to let you know about appropriate services or offerings from John Malik Ltd and the Malvern Foot Clinic Ltd and for record-keeping. This includes adding your email address to our mailing list. If you do not wish us to use your information in this manner you should email us at:

Except as expressly stated in this policy we will not sell, share, trade or license any of your personal information to others without your express consent. We reserve the right to disclose your information if requested by the police or any regulatory or Government authority in connection with any investigations concerning your activities while visiting the site.

We will make all reasonable efforts to safeguard the security of your information but please be aware that we cannot guarantee the security or transmission of data over the internet.

If your information changes or you wish to contact us to unsubscribe or make any other enquiry regarding our Privacy policy please email us at:

How we use your information
This privacy notice tells you what to expect when Foot Clinics™ collects personal information. It applies to information we collect about:

• visitors to our websites;
• client feedback surveys
• our employees
• customers and clients
• suppliers and services providers
• advisers, consultants and other professional experts
• complainants and enquirers
• job applicants and our former employees

Visitors to our websites
When someone visits the Foot Clinics™ website, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. 

We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Important notice for users – Like most websites, this site uses Google Analytics cookies and session cookies. These are small files of data that collect information about how visitors use our site, for instance which pages visitors go to most often, and if they get error messages from web pages.These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. The information is only used to improve the responsiveness of our website when you visit. By using our website, you agree that we can place these types of cookies on your device. For more information about cookies please see our cookie use page.

Website Hosted Services and data handling
We use a third party services for our hosted website services. We do not share or pass on any data that is collected via contact forms, sign up forms, enquiry links or direct email links. 

Our website and website pages use Secure Sockets Layer Security (SSL) to encrypt and protect traffic.

People who contact us via social media
If you send us a private or direct message via social media the message will be stored by the social media provider it will not be shared with any other organisations.

People who email us
We use Secure Sockets Layer Security (SSL) to encrypt and protect email traffic. If your email service does not support SSL, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

What will we do with the information you provide to us?
Contact us if you would like to know more about our data flow.

How long is the information retained for?
We will generally keep data until you request its deletion.

Access to personal information
John Malik Ltd and the Malvern Foot Clinic Ltd tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the General Data Protection Regulations (GDPR). 

If we do hold information about you we will:

• give you a description of it;
• tell you why we are holding it;
• tell you who it could be disclosed to; and
• let you have a copy of the information in an intelligible form.

To make a request to John Malik Ltd and the Malvern Foot Clinic Ltd for any personal information we may hold you need to put the request in writing addressing it to “The Data Controller”, or writing to the address provided below.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting “The Data Controller”.

Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on the date shown above. If we make changes we’ll update this date here on our website.

How to contact us
If you want to request information about our privacy policy you can email us at or write to:

The Data Controller (John Malik),
John Malik Ltd and the Malvern Foot Clinic Ltd
The Malvern Foot Clinic,
67 Barnards Green Road,
WR14 3LR

01684 893 820


Clinical Privacy Policy: 

Privacy Notice in compliance with General Data Protection Regulation (GDPR) (EU) 2016/679

John Malik LTD (lead John Malik) and the Malvern Foot Clinic LTD (lead Helen Gough) collect your personal data so that we can provide excellence in the provision of health care and the services we provide.

When you supply your personal details to us it is stored and processed for three reasons (the parts in bold are the relevant terms used in the Data protection Act 2018, which includes GDPR).

  1. We need to collect personal information about your health in order to provide the best possible treatment. Your requesting treatment and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide this information, but this would mean that we would not be able to provide treatment.
  2. We have a ‘Legitimate Interest’ in collecting that information, as it is necessary for us to be able to safely and effectively perform our job.
  3. It is also necessary for us to be able to contact you to arrange appointments and answer any of your queries update you on matters related to your medical care. This constitutes your ‘Legitimate Interest’.

We have a legal obligation to retain your records for 8 years after your most recent appointment, but after this period you can ask us to delete your records if you wish.

As part of our obligation as health care practitioners, there may be circumstances related to treatment, on-going care or medical diagnosis that will require sharing of your medical records with other healthcare professionals e.g. GPs, Consultants, Surgeons, our regulatory body the HCPC, professional body the College of Podiatry (for national audit purposes PASCOM and national care development) and/or medical insurance companies.

We do not engage in any direct marketing and will not use or sell your details for promotional purposes. We will not use your contact details to contact you aside from arranging and re-minding of appointments,  follow-up after an appointment to check on your well-being or let you know about clinical services that may be relevant to you. We will only collect the information needed so that we can provide you with the services you require from us, the business does not sell or broker your data in any way.

Your personal medical records are either created on paper and then transferred to Cliniko clinic management software, or added directly to Cliniko, which stores your data in the ‘cloud’. This is only accessible by the podiatrists working in the practice and is protected by password access. Whilst the company is based in Australia, they are fully GDPR compliant in line with EU law. Here is their privacy policy:

Your details will also appear in our electronic diary system in Cliniko. This is password protected and only accessible by the podiatrist or our medical secretaries.  You have the right to see what personal data of your we hold, and you can also ask us to correct any factual errors. Provided the legal minimum period has elapsed, you can also ask us to erase your records.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing all that we can to make sure only the people with a genuine need to access that data can do so.

Of course, if you feel that we are mishandling your data, you have the right to complain. Complaints need to be sent to the Data Controller: Mr John Malik:

We are registered with the ICO Z2644562.  If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.

See also Cookie Use →