Privacy Statement for Brain Bio Centre – Updated May 2018
Introduction : The Brain Bio Centre is committed to protecting the privacy and security of the personal information of our clients.
The company is a data controller under the General Data Protection Regulation (GDPR). This means that we are responsible for deciding how we collect, hold, use and protect your personal information and we are required to give you certain information about how and why we do this.
This privacy notice describes how Brain Bio Centre Ltd (“Brain Bio Centre”, “the Clinic”, “we”, “our”, “us”) collect, hold, use and protect personal information that relates, both during and after the time when you are a client or when you are enquiring about our services. We may update this notice from time to time.
Personal information we may collect about you: Personal information means, broadly, information that identifies (or that could, with other information that we hold or are likely to hold, identify) a living individual. This could include any information provided to us directly by yourself in relation to your relationship with us as a client, potential client or interested individual; or indirectly, for example when you visit our websites, some technical details will supplied such as your IP address, and internet browser used.
We also collect cumulative and user-specific information on what pages users access or visit. The information we collect is used for our review purposes, to improve the content of our web pages.
We may hold any or all of the following personal information about you: personal details such as your name, gender, age, date of birth, occupation, ethnicity, email address, postal address, telephone or mobile number. family and next of kin details, details of your GP and other medical professionals working with you, data on your health and family health history, including previous and current medications, lifestyle, diet and social circumstances, diagnosed health conditions and biochemical test data, feedback and testimonials in regards to our service and MYMOP (Measure Yourself Medical Outcome Profile) data, copy of merchant receipts relating to payments for our services. Some of the data, such as health data, that we hold is known as ‘special category data’, which has a higher level of protection and where we collect this type of information, we will give you separate information about its collection and use, and we will ask for your confirmation that you have understood and agree to this.
We collect your personal information when you contact us online, by phone, text, email, or post and complete forms for us such as our patient information form, MYMOP forms and feedback forms. It is important that the personal information we hold about you is accurate and up-to-date. Please let us know if your personal information changes.
What we may use your personal information for
The Clinic may use your personal information for the following purposes:
to contact you e.g. responding to a direct enquiry or informing you of action required or information relating to your consultations and therapy programme with the clinic; to arrange biochemical tests for you and enable the interpretation of the results, to create client consultation notes to enable the therapists and psychiatrist to provide appropriate consultation and therapy support, to contact and share reports and test results with medical professionals that you have provided us with signed authorisation to do so, to contact and share reports with family members or contacts that you have provided us with signed authorisation to do so, to collate information on changes to your health to support your therapy programme and for use anonymously to support the ongoing review of our services and in research, to collect payment for your use of the clinic and its services; to notify you about our services and changes to our services; to provide emails on updates of our clinic’s activities, services and events;to provide updates on our charitable foundations activities; for internal record keeping; to analyse and improve the activities, services and information offered through the clinic’s websites; to create statistics about the use of our services, complying with any present or future law, rule, regulation, guidance or directive, and complying with any industry or professional rules and regulations or any applicable voluntary codes; complying with demands or requests made by local and foreign regulators, governments and law enforcement authorities, and complying with any subpoena or court process, or in connection with any litigation; to protect our service against misuse, such as the use IP addresses to identify the location of users, to block disruptive use and to establish the number of visits from different countries;
We use your personal information in the ways described above for one or more of the following reasons:
(a) we need to comply with a legal obligation to which we are subject; and/or
(b) it is necessary in our legitimate interests (or those of a third party) to do so, and your interests and fundamental rights do not override those interests. For example, our legitimate interests may include: providing any clarification or assistance in response to your communications; improving our service to you as a client or potential client; complying with our record-keeping duties; ensuring that we manage payments at the correct time; complying with all laws, guidance and codes that apply to the charity, as well as with data requests from regulators, governments, courts and law enforcement authorities; minimising disruption to the Clinic if there is ever a change to our business; and monitoring the way in which our website is used, to help us improve your experience on these.
We will only use your personal information for the purposes for which we collected it, unless we reasonably need to use it for a different reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will explain the legal basis which allows us to do so.Keeping your personal information safe. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Further information is available from email@example.com. We also have procedures in place to deal with any suspected data security breach, should one arise.
Transfers of your personal information: For biochemical testing, we may transfer, store, or process your personal information with laboratories in destinations outside the European Economic Area (EEA), primarily the USA. Where the countries to which your personal information is transferred may not offer an equivalent level of protection for personal information to the laws of the UK, we will take reasonable steps to ensure that your personal information is treated securely and in accordance with this notice. This may include entering into data transfer agreements based on the model clauses approved by the European Commission, to ensure that third parties to whom we transfer personal information in those countries commit to ensuring an adequate level of protection for your personal information.
Sharing your personal information: We may share or disclose your personal information to any of the following recipients:
Medical professionals involved in your care, with your prior authorisation. Family members, next of kin or friend involved in your care, with your prior authorisation. Laboratories for the purposes of arranging biochemical testing and receiving and interpreting the results of these tests. Our service support providers such as IT contractors and payment portals. These providers are also data controllers in relation to your personal information and have to comply with their own legal obligations, industry codes and standards when processing your data.
Other third parties as required by law – for example, local or foreign regulators, governments and law enforcement authorities; local and foreign courts, tribunals and arbitrators or other judicial committees; If we share your personal information in this way, we require the transferee to implement appropriate security measures to protect your personal information and to treat it in accordance with the law. Except where the transferee is a data controller in its own right, we only permit the transferee to process your personal information in accordance with our instructions.
How long do we retain your personal information?
We will hold your personal information on our systems for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements. The period may depend on the type of data and the purpose for which it is held. Further information about retention periods in relation to specific types of personal information can be obtained from firstname.lastname@example.org.
Your rights regarding the personal information you provide to us: You have the right, in accordance with the law: to withdraw your consent to the processing of your personal information, to the extent it is processed on the basis of your consent (as set out above);
to request a copy of the personal information we hold about you, and to request information regarding the processing of your personal information (this is known as a ‘data subject access request’); to request the correction, completion and/or deletion of your personal information, or to request the restriction of processing of your personal information; to complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation as a result of unlawful processing of your personal information.
If you would like to exercise any of the rights described above, please let us know by emailing us at email@example.com.
What if you do not provide us with your personal information?
We may not be able to perform actions necessary to achieve the purposes set out above and you may not be able to make use of the services offered by us if you do not provide us with personal information that we may need to comply with our obligations, as set out in section 3 above..
Technical information that we may collect about you:
When you visit our website, we may collect technical information about your computer, such as your internet protocol address (which is a number that can uniquely identify a specific computer on the internet), your login information, browser type and version, browser plug-in types and versions, operating systems and platforms. We may also collect information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
You can find more information about the types of technical information that we collect about you, in our separate Cookies Policy.
Changes to our data protection arrangements: From time to time, we may update this privacy notice and the data protection arrangements described above. The most recent version can be found here, with the most recent revision date displayed at the top.
How to contact us:
If you have any questions, comments or requests about this privacy notice, please contact us at: