For the purpose of Data Protection Laws, the Data Controller is The Optimum Health Clinic, with registered address at: Unit A, Gainsborough Studios North, 1 Poole Street, London, N1 5EB. When we refer to ‘we’, ‘us’ and ‘our’, we mean The Optimum Health Clinic and the wider Alex Howard Group. For reference OHC is currently owned by the Alex Howard Group.
The Optimum Health Clinic (OHC) is committed to protecting and respecting your privacy. The Optimum Health Clinic understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end we comply fully with UK-GDPR (United Kingdom General Data Protection Regulation).
Any personal data you provide will be held for as long as is necessary in accordance with all applicable UK GDPR laws. In line with UK GDPR guidance, as specific to the management of health data, we are obligated to retain all clinical records and data for a period of 8 years from the date of your last consultation. Or in the case of clients who are aged 16 at point of clinical engagement we will retain clinical records until their 25th birthday, and in the case of clients aged 17 at the point of clinical engagement we will retain clinical records until their 26th birthday. At the applicable timepoint, we will delete all clinical files in line with your right to be forgotten under UK GDPR.
This Privacy Policy sets out the basis on which we collect and process personal data about you including our practices regarding the collection, use, storage, disclosure and erasure of personal data that we collect from you and/or hold about you, and your rights in relation to that data. This notice does not provide exhaustive detail. However, we are happy to provide any additional information or explanation needed.Please read the following carefully to understand how we process your personal data. By providing your personal data to us or by using our services, website or other online platforms you are accepting or consenting to the practices as described or referred to in this Privacy Policy.
The Optimum Health Clinic provides psychology and nutritional therapy services to clients to improve their health through the use of psychology tools, diet and lifestyle interventions. We focus on the optimisation of physical and mental health, and support those with chronic fatigue-related health conditions.
When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual. Accordingly, we may hold and use personal data about you as a customer, a client or in any other capacity, for example, when you visit one of our websites, complete a form, access our services or speak to us. Depending on what services you receive from us this may include sensitive personal data such as information relating to your health.
Personal data we collect from you may include the following:
information that you give us when you enquire or become a customer or client of us or apply for a job with us including name, address, contact details (including email address and phone number)
the name and contact details (including phone number) of your next of kin
details of referrals, quotes and other contact and correspondence we may have had with you
details of services and/or services you have received from us or which have been received from a third party and referred on to us
recordings of calls or video content that we have received or made with your consent
notes and reports about your health and any services and care you have received and/or need, including about clinic visits and all advice and guidance regarding nutrition and psychology
client feedback and services outcome information you provide
information about complaints and incidents
information you give us when you make a payment to us, such as financial or credit card information
other information received from other sources, including from your use of websites and other online platforms we operate or the other services we provide. Where you have named someone as your next of kin and provided us with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this Privacy Policy.
Where you use any of our websites, we may automatically collect personal data about you including:
technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform,
information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
The data that we request from you may include sensitive personal data. By providing us with sensitive personal data, you give us your explicit consent to process this sensitive personal data for the purposes set out in this Privacy Policy. We may use this information in order to provide you with direct healthcare support, the legal basis for our handling of your personal data is for legitimate interest.
We may collect personal data about you if you:
visit one of our websites
enquire about any of our services or services
register to be a customer or client with us or book to receive any of our services or services
fill in a form or survey for us
carry out a transaction on our website
complete a consultation with one of our practitioners
participate in fund raising activities or other marketing activities
make online payments
contact us, for example by email, telephone or social media
participate in interactive features on any of our websites.
In the interests of training and continually improving our services, calls to The Optimum Health Clinic and its agents may be monitored or recorded.
We may collect personal data about you from third parties such as:
If you are an employee of one of our corporate clients who has taken up one of our services. We may be passed your name, contact number and email address, in order to get in touch with you to arrange an appointment or collect further information from you.
We have a number of independent third parties acting on our behalf who may collect personal data from you to allow us to carry out the services we offer e.g. an independent practitioner may carry out your initial triage call or a subsequent consultation and collect personal data from you which is subsequently shared with The Optimum Health Clinic for the continuity of your care and may be used for quality and monitoring purposes
The Optimum Health Clinic use the services of independent practitioners who carry out consultations. Practitioners may need to share your personal data and health information with The Optimum Health Clinic. Please refer to Section 8 for further information regarding the UK-GDPR and privacy obligations of our independent practitioners.
Insurance providers will pass The Optimum Health Clinic personal data of clients who have commenced a claim and require medical services with The Optimum Health Clinic. This will normally be in the form of a referral and may consist of basic details e.g full name, date of birth, address, contact number and email address and the type of procedure/services they require.
We act as a data controller in regard to the processing of your personal data in order to provide direct healthcare services. We also act as a controller and processor in regard to the processing of your data from third parties such as testing companies and other healthcare providers. Additionally, we act as a data controller and processor in regard to the processing of credit card and online payments.
We will undertake to ensure that personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with both UK-GDPR law and also regulatory guidance pertaining to clinical data retention, erasure and clinical confidentiality.
Sensitive personal data related to your health will only be disclosed to those involved with your services or care, or in accordance with UK-GDPR laws and the guidance of professional bodies, or for the purpose of clinical audits (unless you object). We may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime, or where there is a legal requirement such as a formal court order.
Further details on how we use health related personal data are given below. Please note that, although we have set out the purposes for which we may use your personal data below, we will not use your sensitive personal data for those purposes unless you have given us your explicit consent to do so.
We may use your personal data to:
enable us to carry out our obligations to you arising from any contract entered into between you and us including relating to the provision by us of services or services to you and related matter such as, billing, accounting and audit, credit or other payment card verification and anti-fraud screening
provide you with information, products or services that you request from us
provide you with information about products or services we offer that we feel may interest you.
allow you to participate in interactive features of our services when you choose to do so
notify you about changes to our products or services
respond to requests where we have a legal or regulatory obligation to do so.
check the accuracy of information about you and the quality of your services or care, including auditing medical and billing information for insurance claims as well as part of any claims or litigation process
support your doctor, nurse or other healthcare professional
assess the quality and/or type of care you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated
to conduct and analyse market research
We protect all personal data we hold about you by ensuring that we have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged. We conduct assessments to ensure the ongoing security of our information systems.
Any personal data you provide will be held for as long as is necessary in accordance with all applicable UK GDPR laws.
Personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Where we transfer your personal data outside the EEA, we will ensure that there are adequate protections in place for your rights, in accordance with Data Protection Laws. By submitting your personal data, and in providing any personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.
All information you provide to us is stored securely. Any payment transactions will be processed securely by third party payment processors.
The transmission of information via the internet cannot be guaranteed as completely secure. However, we ensure that any information transferred to our websites is via an encrypted connection. Once we have received your information, we will use strict procedures and security features for prevention of unauthorised access.
At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.
In the usual course of our business we may disclose your personal data (to the extent necessary) to certain third party organisations that we use to support the delivery of our services. This may include the following:
business partners, suppliers and sub-contractors for the performance of any contract we enter into with you, or anyone to whom we may transfer our rights and duties under any agreement we have with you
Any legal or crime prevention agencies and/or to satisfy any regulatory request (e.g. BANT, ICO or BACP) if we have a duty to do so or if the law requires us to do so
We may share your information with supplement companies and biochemical testing companies as part of providing you with direct healthcare, subject to your consent
You will be required to provide the details for your G.P./Doctor when enrolling with the clinic. We will seek your express consent to share information with your G.P. or other healthcare providers. You can ask us not to do this, in which case we will respect that request if we are legally permitted to do so, but you should be aware that it can be potentially very dangerous and/or detrimental to your health to deny your G.P. full information about your medical history, and we strongly advise against it. In some cases, a decision to deny your G.P. full disclosure may also directly impact on our ability to continue to work with you. For clinical safety however, the practitioner can disclose confidential information to a G.P. without formal consent if the client is deemed to be at risk, or where there is a legal requirement to do so by an appropriate authority on the legal basis of vital interest.
In all cases, where we believe that your life is in danger then we may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.
We may share your case history in an anonymised form with our peers for the purpose of professional development. This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites. We will seek your explicit consent before processing your data in this way
Organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored,
Third party service providers for the purposes of storage of information and confidential destruction, third party marketing companies for the purpose of sending marketing emails, subject to obtaining appropriate consent. Marketing data may also be shared with our parent company the Alex Howard Group.
Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.
We will never disclose your personal data to third parties other where we are required by law to do so.
Sensitive personal data (including information relating to your health) will only be disclosed to third parties in accordance with this Privacy Policy. That includes third parties involved with your services or care, or in accordance with UK-GDPR laws and guidelines of appropriate professional bodies. Where applicable, it may be disclosed to any person or organisation who may be responsible for meeting your service needs. It may also be provided to external service providers and regulatory bodies (unless you object) for the purpose of clinical audit to ensure the highest standards of care and record keeping are maintained. We will also share this data as below:
Health practitioners working with us: We share clinical information about you with our practitioners as we think necessary for the provision of our services. Practitioners working with us might be our employees, or they might be independent practitioners in private practice. Where we contract the services of independent practitioners, we will offer guidance to ensure that they operate under the terms of this Privacy Notice, within UK-GDPR guidance and under the guidance of our professional regulating bodies regarding the gathering, storing, protection and erasure of personal data. This ensures that independent practitioners support the Optimum Health Clinic contractually in its role as the data controller and that we offer guidance to these practitioners as data controllers or processors to ensure the safe management of your data.
In all circumstances, those individual practitioners will only process your personal data for the purposes set out in this Privacy Policy or as otherwise notified to you.
External practitioners: If we refer you externally for services, we will share with the person or organisation that we refer you to, the clinical and administrative information we consider necessary for that referral. It will always be clear when we do this.
Your insurer: We share with your medical insurer information about your services, its clinical necessity and its cost, only if they are paying for all or part of your services with us. We provide only the information to which they are entitled. If you raise a complaint or a claim we may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.
The Optimum Health Clinic collects certain information from and about its users three ways: directly from our Web Server logs, the user, and with Cookies. When you visit our Website, we may track information to administer the site and analyse its usage for the purpose of serving our visitors and customers better. This website uses:
Google AdWords: free conversion tracking features on certain pages. If you contact us online, the destination page will have code on it that will help us understand the path you took to arrive on that page.
DoubleClick: We use Google AdWords remarketing codes to log when users view specific pages or take specific actions on a website. This allows us to provide targeted advertising in the future. If you do not wish to receive this type of advertising from us in the future you can opt out using the DoubleClick opt-out page or the Network Advertising Initiative opt-out page.
Bing Ads: This website uses Microsoft’s free tracking features on its webpages. If you contact us online, the destination page will have code on it that will help us understand the path you took to arrive on that page.
Google Analytics: Google Analytics is a web analytics service offered by Google that tracks website traffic. This helps us to understand how visitors utilise our website, so that we can improve the resources we offer.
Google Tag Manager: Google Tag Manager is management platform and tracking tool that allows us to collect marketing data. This helps us understand which our online resources are most useful and allows us to continuously enhance and improve our content and reach in alignment with the needs of our web visitors.
We will not disclose personally identifiable information we collect from you to third parties without your permission except to the extent necessary including:
To fulfil your requests for services.
To protect ourselves from liability.
To respond to legal process or comply with law, or in connection with a merger, acquisition, or liquidation of the company.
We may send out by mail, information on special offers or future products. If you do not wish for this to be the case, please simply let the clinic know by contacting us.
Participating Clients, Merchant Policies, and Third Party Websites: Related services and offerings with links from this website, including all other websites, have their own privacy statements that can be viewed by clicking on the corresponding links within each respective website. The Optimum Health Clinic is not responsible for the privacy practices or contents of third-party or client websites. We recommend and encourage that you always review the privacy policies of merchants and other third parties before you provide any personal information or complete any transaction with such parties.
If you no longer wish to receive web based marketing information you can unsubscribe by emailing bebe@theoptimumhealthclinic.com.
For non-web based marketing information please write to: The Optimum Health Clinic, Unit A, Gainsborough Studios North, 1 Pool St, London, N1 5EB with a reasonable amount of notice, to give us time to update our systems. While the precise timings vary by department we generally ask that you give us at least 30 days’ notice.
Under UK GDPR law, subject to some exemptions, you may request access a copy of the personal data that we hold about you via a Subject Access Request (SAR). We will comply with the information request, as UK-GDPR requires, within one month from the day that we receive the SAR. We are within our rights, under UK-GDPR guidance, to extend this response period to 2 months where the information request is complex or where we have received a number of requests from the same individual simultaneously. We may ask for further clarification about the information that you require, in which case the one month response period will begin once we have received the necessary clarification.
You have the right, subject to exemptions, to ask to:
Have your information corrected or updated where it is no longer factually accurate. Please contact us to ensure that personal data is regularly updated, especially contact information such as: email address, phone number and home address.
Ask us to stop processing information about you, where we are not required to do so by law or in accordance with the BANT, CNHC and ICO guidelines.
Object at any time to the processing of personal data concerning you
If you want to exercise your rights in respect of your personal data, the best way to do so is to contact us by email on bebe@theoptimumhealthclinic.com or to write to us for the attention of the data protection officer at the address below. In order to protect your privacy, we may ask you to prove your identity before we take any steps in response to such a request.
Data Protection Officer, The Optimum Health Clinic, Unit A, Gainsborough Studios North, 1 Poole St, London, N1 5EB
If you are not satisfied with how we handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website (http://www.ico.org.uk).
We keep our Privacy Policy under regular review and as a result it may be amended from time to time without notice.
We’re governed by the laws of the UK and Wales and that we cannot be responsible for knowing or implementing global laws.