Privacy policy

Last updated 11/06/2023

The data controller is Portobello Behavioural Health, a trading name for companies owned or controlled by PBH Group Limited a company registered in England and Wales with Company Number 12522968, whose registered office is Niddry Lodge, 51 Holland Street, Kensington, London, W8 7JB.

This Privacy Policy explains how we collect and use your Personal Data (as defined below) and is provided in accordance with our obligations under applicable privacy and data protection law in the UK found in the Data Protection Act 2018, including Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018 (“Applicable Data Protection Law”).

Information we collect and how

For the purposes of this Privacy Policy, the term “Personal Data” means any information which identifies you or which allows you to be identified when combined with other information.

“Special Category Data” means any data that requires more protection because it is sensitive.  This includes health information and medical data.

Personal Data and Special Category Data does not include data where your identity has been removed (“Anonymised Data”).

Information we collect from you

Basic Identifiers and Contact Information: We collect some information from you when you provide it to us directly, such as via an email or an online form.  This information may include your name, email, and phone number as well as other information.

Health and other Special Category Data: You may provide us with health and medical information directly. We will also receive such information from our third party providers in the course of providing the Services to you, as described below.  

Information we obtain from third party providers

In the course of providing the Services, we will receive Personal Data from third parties with whom we have agreements in place.  These include:

  • Third party service providers such as clinical notes and assessments, and reporting providers.

Purposes for which we will use your Personal Data

We will collect and use your Personal Data in order to provide the Services you have requested.  

The legal bases we rely upon to use your Personal Data include the contract we have with you, where we need to comply with a legal or regulatory obligation or when you have given your consent.  

The legal bases upon which we will process health and other Special Category Data in delivering the Services to you are: the provision of preventative medicine; medical diagnosis; and the provision of health care and treatment.  

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.   If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may use your Personal Data in line with our legitimate interests, including:

  • To administer, protect and improve our Services and website (including troubleshooting, data analysis, testing, support, fraud, reporting and hosting of data).
  • To inform you of products or services that we provide.

Purposes for which we will share your Personal Data

In order to provide Services to you, we will use third parties as set out below.

Sharing with our service providers

We may share your Personal Data with our third-party business service providers who perform functions on our behalf in order to provide the Services.  These may include:

  • Contracted third parties such as freelance therapists, coaches, psychiatrists and psychologists;
  • IT service providers and system administrators;
  • Data hosts and providers of programming or technical support;
  • Professional advisers including lawyers, accountants, bankers, auditors, regulators.

When required by law

We may also share Personal Data if we are also under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property, or safety of our business, our customers or others.

To enforce legal rights

We may also share Personal Data: (i) If disclosure is required in legal proceedings; (ii) as necessary to protect legal rights; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

Cross-border data transfers

Sharing of Personal Data sometimes involves cross-border data transfers, including transfers outside of the EEA in accordance with the law. We only transfer Personal Data to entities in third countries that have been held to providean adequate level of protection for Personal Data, or where contractual terms have been adopted to meet the legal requirements for such transfers.

Data security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  We use encryption in order to store your Personal Data.

We limit access to your Personal Data to those employees, agents, contractors, healthcare providers and other third parties who have a business need to know.  We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

We will retain your Personal Data for as long as necessary to comply with a contract we have with you, or to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, comply with insurance obligations and enforce our legal agreements and policies.  We retain health and medical records for prescribed periods.  This will typically be for a period of 20 years following treatment.

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Cookie Policy

Cookies are small files of letters and numbers which are downloaded onto your device when you visit a website. Usually, they contain two pieces of information: a site name and unique user ID. Cookies can be used to remember your preferences when visiting a site.

We do our utmost to respect users’ privacy and our use of cookies is explained below.

  • Essential Cookies: these are cookies that are required for the operation of our site.
  • Performance Cookies: they allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily; and,
  • Functionality Cookies: these are used, for example, to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of region)

Within your browser you can also choose whether you wish to accept cookies or not. If you block cookies on our website, you may be unable to access certain areas of our website and certain functions and pages may not work in the usual way.

Your rights

Your right to withdraw consent at any time

Whenever we rely on your consent to process your Personal Data, you have the right to withdraw your consent at any time.  If you wish to withdraw your consent, please contact PBH using the contact details provided at the end of this Privacy Policy.  This will not affect the lawfulness of any processing carried out before you withdraw, nor ongoing contractual or other obligations requiring us to process data for example due to a court ordered law enforcement request.

Your right to access the Personal Data we hold about you

You have the right to make a Data Subject Access Request (“SAR”) to access any Personal Data that we have collected. We aim to respond electronically to all SARs within one month.  

Other rights

In addition to the rights set out above, you also have the following rights:

  • Right to be informed – you have the right to be informed about the collection and use of your Personal Data;
  • Right of rectification - you have the right to correct any Personal Data we hold that is inaccurate or incomplete;
  • Right to erasure – in certain circumstances you can ask for the Personal Data we hold about you to be erased from our records;
  • Right to object – you have the right to object to certain types of processing of your Personal Data, such as for direct marketing;
  • Right to restrict processing - you have the right to restrict processing of your Personal Data in certain circumstances; and
  • Right to data portability – you have the right to request that we transfer the Personal Data we have collected to another organisation, or directly to you, under certain circumstances.

If we refuse your request to exercise your rights we will provide you with a reason why. You have the right to complain to the UK Information Commissioner’s Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane

Telephone: 0303 123 1113
Fax: 01625 524510

Changes to this Privacy Policy and Notice

This Privacy Policy may be updated to reflect changes to the ways in which we process Personal Data, and will be updated from time to time on our website.

Contact information

Portobello Behavioural Health
140 Holland Park Avenue
London W11 4UE