IMPORTANT INFORMATION AND WHO WE ARE
The data controller is Portobello Behavioural Health, a trading name for companies owned or controlled by PBH Group Limited a company registered in England and Wales with Company Number 12522968, whose registered office is Niddry Lodge, 51 Holland Street, Kensington, London, W8 7JB.
Information we collect and how
“Special Category Data” means any data that requires more protection because it is sensitive. This includes health information and medical data.
Personal Data and Special Category Data does not include data where your identity has been removed (“Anonymised Data”).
Information we collect from you
Basic Identifiers and Contact Information: We collect some information from you when you provide it to us directly, such as via an email or an online form. This information may include your name, email, and phone number as well as other information.
Health and other Special Category Data: You may provide us with health and medical information directly. We will also receive such information from our third party providers in the course of providing the Services to you, as described below.
Information we obtain from third party providers
In the course of providing the Services, we will receive Personal Data from third parties with whom we have agreements in place. These include:
- Third party service providers such as clinical notes and assessments, and reporting providers.
Purposes for which we will use your Personal Data
We will collect and use your Personal Data in order to provide the Services you have requested.
The legal bases we rely upon to use your Personal Data include the contract we have with you, where we need to comply with a legal or regulatory obligation or when you have given your consent.
The legal bases upon which we will process health and other Special Category Data in delivering the Services to you are: the provision of preventative medicine; medical diagnosis; and the provision of health care and treatment.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may use your Personal Data in line with our legitimate interests, including:
- To administer, protect and improve our Services and website (including troubleshooting, data analysis, testing, support, fraud, reporting and hosting of data).
- To inform you of products or services that we provide.
Purposes for which we will share your Personal Data
In order to provide Services to you, we will use third parties as set out below.
Sharing with our service providers
We may share your Personal Data with our third-party business service providers who perform functions on our behalf in order to provide the Services. These may include:
- Contracted third parties such as freelance therapists, coaches, psychiatrists and psychologists;
- IT service providers and system administrators;
- Data hosts and providers of programming or technical support;
- Professional advisers including lawyers, accountants, bankers, auditors, regulators.
When required by law
We may also share Personal Data if we are also under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property, or safety of our business, our customers or others.
To enforce legal rights
We may also share Personal Data: (i) If disclosure is required in legal proceedings; (ii) as necessary to protect legal rights; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
Cross-border data transfers
Sharing of Personal Data sometimes involves cross-border data transfers, including transfers outside of the EEA in accordance with the law. We only transfer Personal Data to entities in third countries that have been held to providean adequate level of protection for Personal Data, or where contractual terms have been adopted to meet the legal requirements for such transfers.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We use encryption in order to store your Personal Data.
We limit access to your Personal Data to those employees, agents, contractors, healthcare providers and other third parties who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will retain your Personal Data for as long as necessary to comply with a contract we have with you, or to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, comply with insurance obligations and enforce our legal agreements and policies. We retain health and medical records for prescribed periods. This will typically be for a period of 20 years following treatment.
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Cookies are small files of letters and numbers which are downloaded onto your device when you visit a website. Usually, they contain two pieces of information: a site name and unique user ID. Cookies can be used to remember your preferences when visiting a site.
- Essential Cookies: these are cookies that are required for the operation of our site.
- Performance Cookies: they allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily; and,
- Functionality Cookies: these are used, for example, to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of region)
Within your browser you can also choose whether you wish to accept cookies or not. If you block cookies on our website, you may be unable to access certain areas of our website and certain functions and pages may not work in the usual way.
Your right to withdraw consent at any time
Your right to access the Personal Data we hold about you
You have the right to make a Data Subject Access Request (“SAR”) to access any Personal Data that we have collected. We aim to respond electronically to all SARs within one month.
In addition to the rights set out above, you also have the following rights:
- Right to be informed – you have the right to be informed about the collection and use of your Personal Data;
- Right of rectification - you have the right to correct any Personal Data we hold that is inaccurate or incomplete;
- Right to erasure – in certain circumstances you can ask for the Personal Data we hold about you to be erased from our records;
- Right to object – you have the right to object to certain types of processing of your Personal Data, such as for direct marketing;
- Right to restrict processing - you have the right to restrict processing of your Personal Data in certain circumstances; and
- Right to data portability – you have the right to request that we transfer the Personal Data we have collected to another organisation, or directly to you, under certain circumstances.
If we refuse your request to exercise your rights we will provide you with a reason why. You have the right to complain to the UK Information Commissioner’s Office (ICO):
Information Commissioner's Office
Telephone: 0303 123 1113
Fax: 01625 524510
Portobello Behavioural Health
140 Holland Park Avenue
London W11 4UE