Version Date: January 1st 2020
We are committed to protecting and preserving the privacy of our visitors when visiting our site or communicating electronically with us.
This policy sets out how we process any personal data we collect from you or that you provide to us through our website. We confirm that we will keep your information secure and that we will comply fully with all applicable UK Data Protection legislation and regulations. Please read the following carefully to understand what happens to personal data that you choose to provide to us, or that we collect from you when you visit this site. By visiting our website you are accepting and consenting to the practices described in this policy.
Types of information we may collect from you
Information you supply to us
Information our website automatically collects about you.
With regard to each of your visits to our website we may automatically collect information including the following:
technical information, including a truncated and anonymised version of your Internet protocol (IP) address, browser type and version, operating system and platform;
information about your visit, including what pages you visit, how long you are on the site, how you got to the site (including date and time); page response times, length of visit, what you click on, documents downloaded and download errors.
Cookies
How we may use the information we collect
We use the information in the following ways:
– To provide you with information and/or services that you request from us;
– To administer our site including troubleshooting and statistical purposes;
– To improve our site to ensure that content is presented in the most effective manner for you and for your computer;
– For security and debugging as part of our efforts to keep our site safe and secure.
– This information is collected anonymously and is not linked to information that identifies you as an individual. We use Google Analytics to track this information. Find out how Google uses your data at https://support.google.com/analytics/answer/6004245.
Disclosure of your information
Any information you provide to us will either be emailed directly to us or may be stored on a secure server. We use a trusted third party hosting provider (FlyWheel) to facilitate the running and management of this website.
We do not rent, sell or share personal information about you with other people or non-affiliated companies, any external sources required by your website such as mailing lists from service providers such as mailchimp, sendinblue etc, are subject to your own user agreement per the terms of your account with the provider themselves.
We will use all reasonable efforts to ensure that your personal data is not disclosed to regional/national institutions and authorities, unless required by law or other regulations.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Third party links
Use of Lyngo and Heidi Health
At Barefoot Physio, we are committed to protecting your personal data. This section explains how we use two digital tools — Lyngo (our AI call-handling service) and Heidi Health (our clinical transcription assistant) — as part of delivering safe, high-quality care.
1. Lyngo – Call Handling & Call Recording
We use Lyngo, an AI-assisted receptionist service, to help manage incoming phone calls when our team is unavailable.
What Lyngo Collects
- Your phone number
- Your name (if given)
- Reason for your call
- Any information you choose to provide
- A recording of the call (audio)
Why We Use It (Lawful Basis)
Legitimate interests: to ensure calls are answered promptly, messages are recorded accurately, and we can provide good continuity of care.
Contract: where the call relates to booking, managing, or delivering your care.
How the Data Is Used
- To pass messages accurately to our admin/clinical team
- To assist in booking and managing appointments
- To improve the quality and safety of our communication process
Retention
- Call recordings are stored securely by Lyngo according to their data-retention policy (typically short-term).
- We only access recordings when needed for clinical, safety, or administrative reasons.
Security
Lyngo is GDPR-compliant, uses encrypted servers, and restricts access to authorised Barefoot Physio staff.
2. Heidi Health – AI Clinical Transcription
We use Heidi Health, a secure AI transcription tool, to support clinicians during appointments by converting spoken clinical notes into structured written clinical records.
What Heidi Collects
- Audio of the consultation only when the clinician activates recording
- Transcribed text from the appointment
- Relevant clinical information shared during the consultation
Why We Use It (Lawful Basis)
Provision of healthcare (UK GDPR Article 9(2)(h)) – processing special-category health data is necessary for accurate clinical documentation.
Legitimate interests – to ensure records are accurate, comprehensive, and securely stored.
How the Data Is Used
- To create high-quality clinical notes
- To update your health record within our practice management system
- Not used for decision-making by the AI — your clinician remains fully responsible for all clinical judgement
Retention
Audio is processed securely and not stored long-term unless the provider requires temporary storage for transcription.
Final written notes are stored in your clinical record according to our standard retention periods.
Security
Heidi Health is designed for medical use and utilises:
- Encrypted data transfer
- Restricted access
- UK/EU-compliant data processing
No data is used for marketing or shared with third-party advertisers.