Skip to content Skip to footer
Archangel Podiatry|足病診療所

Privacy Policy

Close
Archangel Podiatry
Website: https://archangel-podiatry.com/
Address: 13A, Gaylord Commercial Building, 114-118 Lockhart Road, Wanchai, Hong Kong
Effective Date: 2026.02.22
 
Archangel Podiatry (hereinafter referred to as “we”, “us”, or “our”) is a professional podiatric practice based in Hong Kong, dedicated to providing high-quality podiatric diagnosis, treatment, care and custom orthotic insole services. We highly value the privacy and personal data protection of our website visitors, clients and service users (hereinafter referred to as “you” or “your”).
 
This Privacy Policy sets out how we collect, use, store, disclose and protect your personal data when you access and use our official website, and when you receive our podiatric services (including in-clinic consultations, treatment, follow-up care and related services).
 
This Privacy Policy complies with the Personal Data (Privacy) Ordinance (Cap. 486) of the Hong Kong Special Administrative Region (HKSAR) and other relevant data protection laws and regulations, including but not limited to the Electronic Health Record Sharing System Ordinance (Cap. 625) (if applicable). By accessing, browsing or using our website, and/or by registering for our services, making an appointment, or receiving our podiatric diagnosis and treatment, you confirm that you have read, understood and agreed to the terms of this Privacy Policy and authorize us to process your personal data in accordance with the provisions herein. 

1. Personal Data We Collect

We only collect personal data that is necessary for the provision of our podiatric services, the operation of our website, and the fulfillment of our service obligations, in line with the Data Protection Principle 1 (DPP1) of the Personal Data (Privacy) Ordinance. The personal data we collect is divided into website-related data and service-related data (including sensitive medical data), and all collection is based on the principles of legality, necessity and transparency. We will not collect any unnecessary personal data (e.g., ID number of non-emergency contacts) without your voluntary provision.

1.1 Website-Related Personal Data

When you access, browse or use our official website (including filling in online appointment forms, leaving messages or submitting inquiries), we may collect the following personal data:
  • Basic contact information: Your full name, telephone number (including WhatsApp number), email address, and residential/contact address (if voluntarily provided);
  • Usage data: Your IP address, browser type and version, device information (e.g., mobile phone/desktop computer model), operating system, access time and duration, pages browsed on the website, and click-through behavior;
  • Inquiry/appointment data: The content of your online inquiry, the type of podiatric service you request, the preferred appointment time and other relevant information you fill in the appointment form.

1.2 Service-Related Personal Data (Including Sensitive Medical Data)

When you visit our clinic for in-person consultation, receive podiatric diagnosis, treatment, care or custom orthotic insole services, we will collect the following personal data (including paper and electronic records) necessary for medical services, in line with medical practice norms and DPP1:
  • Basic personal information: Full name, gender, date of birth, identity document number (only when necessary for medical records and legal compliance), contact telephone number, email address, and emergency contact person information;
  • Sensitive medical data (core podiatric health information): Your podiatric health condition, medical history (including diabetes foot history if applicable), past podiatric treatment records, symptoms description, examination and diagnosis results, treatment plans, progress and effect records, custom orthotic insole measurement and 3D modeling data, and follow-up care records;
  • Service-related data: Appointment and attendance records, service payment information, and your feedback and evaluation on our services.

1.3 Automatically Collected Non-Identifiable Data

We may automatically collect non-identifiable technical data through the website (excluding data that can be combined with other information to identify your identity), including but not limited to IP address, browser type, access time, and page browsing records. This data is only used to optimize the website’s user experience, analyze website operation status, and improve our website services, and will not be used to identify individual users independently. This collection complies with DPP1 and does not involve any personal identifiable information.

2. Purposes of Personal Data Processing

We process your personal data only for the following legitimate and necessary purposes (in line with Data Protection Principle 3 (DPP3)), and will not use your personal data for any unstated purposes without your prior written consent. All purposes are specific, legal and directly related to our podiatric services, and we will not use vague descriptions such as “for business development”:
  1. To provide and fulfill our podiatric services: Including arranging appointments, conducting professional diagnosis and treatment, formulating personalized treatment and care plans, making custom orthotic insoles, providing follow-up care and medical advice, and processing service payment and settlement;
  2. To communicate with you: Including confirming your appointment information, notifying you of treatment arrangements and follow-up care requirements, responding to your inquiries and feedback, and sending you relevant service reminders and professional podiatric health information (with your option to unsubscribe at any time);
  3. To optimize our website and services: Including analyzing website usage data to improve website design and user experience, evaluating the effect of our podiatric services, and optimizing our service processes and quality;
  4. To comply with legal and regulatory obligations: Including keeping medical and service records in accordance with Hong Kong’s medical and data protection laws, and disclosing personal data as required by government agencies, judicial authorities or other relevant regulatory bodies in accordance with the law;
  5. To protect our legitimate rights and interests: Including handling service disputes, preventing fraudulent acts, and safeguarding the safety of our clinic and website operations;
  6. Academic research (if applicable): Only when we obtain your prior written consent, and we will anonymize your personal data to ensure that you cannot be identified.

3. Storage of Personal Data

We strictly comply with Data Protection Principle 2 (DPP2) (data accuracy and retention) and relevant laws, ensuring that your personal data is stored securely and retained only for the minimum necessary period.

3.1 Storage Location

Your personal data (including electronic and paper records) is stored in the Hong Kong Special Administrative Region (our primary storage location). We will not transfer your personal data to any jurisdiction outside Hong Kong unless required by applicable laws and regulations, or with your prior explicit written consent. If cross-jurisdictional data transfer is necessary (e.g., cloud backup), we will take all necessary and reasonable protective measures (such as encryption, access control) to ensure that your personal data is protected in accordance with this Privacy Policy and Hong Kong’s data protection laws, and that the receiving jurisdiction has an equivalent level of data protection.

3.2 Storage Period

We will only store your personal data for the minimum period necessary to achieve the purposes set out in this Privacy Policy, and will delete or anonymize your personal data in a timely manner once the storage purpose is achieved and there is no legal obligation to retain it. The specific storage periods are as follows:
  • Medical and service records (including sensitive medical data): Retained in accordance with Hong Kong’s medical practice norms and relevant laws (minimum retention period is 7 years; for minors, retained until the minor reaches the age of 18 plus an additional 7 years);
  • Website appointment and inquiry data: Retained for 2 years from the date of your last inquiry/appointment, and then anonymized or deleted;
  • Automatically collected website usage data: Retained for 6 months from the date of collection, and then deleted or aggregated into non-identifiable statistical data;
  • Payment and transaction records: Retained in accordance with Hong Kong’s tax and financial laws and regulations (minimum retention period is 7 years).

3.3 Storage Security

We take industry-standard technical and administrative security measures to protect your personal data from unauthorized access, collection, use, disclosure, alteration, loss or destruction, in line with Data Protection Principle 4 (DPP4) (data security). Our security measures include but are not limited to:
  • Encrypted storage of electronic personal data (including SSL/HTTPS encryption for website data transmission);
  • Restricted access to personal data (only authorized medical staff and administrative personnel can access your personal data, and all access is recorded; medical staff can only access data of patients under their charge, and cross-patient inquiry is prohibited);
  • Regular security training for our staff to enhance data protection awareness and familiarize them with PDPO requirements and data breach emergency response processes;
  • Physical security measures for paper records (e.g., locked filing cabinets, restricted access to record storage areas, 24-hour monitoring in the clinic);
  • Regular inspection and update of our data storage and security systems to prevent cyber attacks and data breaches.
In the event of a suspected or actual personal data breach, we will immediately take all necessary remedial measures, launch an emergency response plan within 24 hours, and notify the affected individuals and the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) as required by the Personal Data (Privacy) Ordinance.

4. Disclosure and Transfer of Personal Data

We strictly protect the confidentiality of your personal data and will not sell, rent, or disclose your personal data to any third party for commercial purposes without your prior explicit written consent, in line with DPP3. We may disclose or transfer your personal data to third parties only in the following limited circumstances:
  1. Authorized service providers: We may share your personal data with third-party service providers who assist us in providing services (e.g., IT service providers for website operation, payment service providers, and courier companies for delivering custom orthotic insoles). These third-party service providers are only authorized to process your personal data for the specific purposes agreed with us, and are required to comply with strict data protection obligations (via written contracts) and take corresponding security measures;
  2. Legal and regulatory requirements: We may disclose your personal data in accordance with the provisions of Hong Kong’s laws and regulations, or in response to a valid request from a government agency, judicial authority, or other relevant regulatory body (including but not limited to subpoenas, court orders);
  3. Medical record sharing (if applicable): If we participate in the Electronic Health Record Sharing System (eHealth), we will only share necessary medical data with other medical institutions after obtaining your explicit consent, in line with the “need-to-know” principle and the Electronic Health Record Sharing System Ordinance;
  4. Protection of legitimate rights and interests: We may disclose your personal data when we believe in good faith that such disclosure is necessary to protect our legitimate rights and interests (e.g., handling service disputes, preventing fraudulent acts, or safeguarding the safety of our staff and clients);
  5. With your explicit consent: We may disclose or transfer your personal data to any third party with your prior explicit written consent or verbal authorization (recorded).
We will not disclose any user data to third parties without data protection obligations (e.g., marketing agencies).

5. Your Rights Regarding Personal Data

Pursuant to the Personal Data (Privacy) Ordinance of Hong Kong, you have the following rights in respect of your personal data held by us, in line with Data Protection Principle 5 (DPP5) (access and correction), and we will not restrict or deprive you of these statutory rights:
  1. Right of access: You have the right to request access to your personal data held by us and to obtain a copy of such data. We may charge a reasonable administrative fee for processing this request in accordance with the provisions of the Personal Data (Privacy) Ordinance;
  2. Right of correction: You have the right to request us to correct any inaccurate or incomplete personal data held by us;
  3. Right of erasure: You have the right to request us to erase your personal data in accordance with the law (where the data is no longer necessary for the purposes of processing, you withdraw your consent, or the processing is in violation of the law); provided that this right does not apply if we are required by law to retain the data;
  4. Right to restrict processing: You have the right to request us to restrict the processing of your personal data in certain circumstances (e.g., when you contest the accuracy of the data);
  5. Right to data portability: You have the right to request us to provide your personal data in a structured, commonly used and machine-readable format, and to transmit such data to another data controller where applicable;
  6. Right to withdraw consent: You have the right to withdraw your consent to our processing of your personal data at any time (withdrawal of consent will not affect the validity of processing conducted before the withdrawal);
  7. Right to make a complaint: You have the right to make a complaint to the Office of the Privacy Commissioner for Personal Data, Hong Kong if you believe that our processing of your personal data violates the Personal Data (Privacy) Ordinance.
To exercise the above rights, you may submit a written request to our data protection officer (DPO) via the contact methods set out in Section 8 of this Privacy Policy. We provide two application methods for your convenience: written application (by post/email) and online application (by WhatsApp/online form). We will respond to your valid request in a timely manner in accordance with Hong Kong’s data protection laws (generally within 40 days of receiving your request).

6. Use of Cookies on the Website

Our website uses cookies (small text files stored on your device) to improve your website browsing experience and optimize the operation of the website. Cookies do not contain your personal data that can identify your identity independently, and we will not use cookies to collect or store your sensitive personal data, in line with DPP1 and DPP4.

6.1 Types of Cookies We Use

  • Necessary Cookies: These cookies are essential for the operation of the website, enabling you to use basic functions such as filling in online appointment forms and submitting inquiries. Disabling these cookies may affect the normal use of the website;
  • Analytical/Performance Cookies: These cookies are used to analyze website usage data (e.g., number of visitors, pages browsed, access time), so that we can optimize the website’s design and user experience. This data is collected in an anonymized form and will not be used to identify individual users;
  • Functional Cookies: These cookies are used to remember your preferences (e.g., language settings) during your browsing, providing a more personalized user experience.

6.2 Cookie Management

You can manage or disable cookies at any time through the settings of your browser (e.g., Chrome, Safari, Firefox). For specific methods, please refer to the help section of your browser. Please note that disabling some or all cookies may affect the normal use of our website’s functions.

7. Third-Party Links on the Website

Our website may contain links to third-party websites (e.g., social media platforms, medical information websites). These third-party websites have their own privacy policies and data protection practices, and we have no control over their operations and data processing activities.
When you click on links to third-party websites and access such websites, your personal data processing will be subject to the privacy policies of those third parties. We recommend that you read the privacy policy of any third-party website carefully before providing your personal data to it. We shall not be liable for any loss or damage arising from your access to third-party websites or your provision of personal data to third parties.

8. Contact Information for Data Protection

If you have any questions, comments or requests regarding this Privacy Policy, or wish to exercise your rights under Section 5 of this Privacy Policy, you may contact our Data Protection Officer (DPO) via the following methods:
  • Postal Address: 13A, Gaylord Commercial Building, 114-118 Lockhart Road, Wanchai, Hong Kong
  • Telephone/WhatsApp: +852 6616 8668
  • Email Address: [Insert Official Email Address]
  • In-Person Consultation: Our Wanchai clinic during business hours
We will respond to your inquiries and requests in a timely and professional manner, and handle all your communications regarding personal data protection in strict confidence.

9. Changes to This Privacy Policy

We reserve the right to revise or update this Privacy Policy from time to time in accordance with changes in Hong Kong’s data protection laws, regulatory requirements, or our service practices (e.g., adding online consultation services, participating in eHealth). Any revised or updated Privacy Policy will be published on our official website (https://archangel-podiatry.com/) with a new effective date, and the revised version will replace the original version from the effective date. We will conduct a comprehensive review of this Privacy Policy at least once a year and retain all revision records for regulatory inspection.
We recommend that you regularly check our website for the latest version of the Privacy Policy. Your continued access to or use of our website, or your continued receipt of our podiatric services after the effective date of the revised Privacy Policy, constitutes your acceptance of the revised terms.

10. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Hong Kong Special Administrative Region. Any dispute, controversy or claim arising out of or in connection with this Privacy Policy (including its interpretation, performance, breach and termination) shall be submitted to the exclusive jurisdiction of the courts of the Hong Kong Special Administrative Region.
 
Archangel Podiatry
All rights reserved.
Monday - SundayBy Appointment Only
灣仔駱克道114-118 號
嘉洛商業大廈13樓A13A Gaylord Commercial Building114-118 Lockhart RoadWanchai Hong Kong
Call: +(852) 6616 8668 Whatsapp: 6616 8668 archangelpodiatry@gmail.com
Go to Top