Phone: +44 (0)20 7175 0694
21 Ludgate Hill, St Paul’s, EC4M 7AE
Prohab Ltd Privacy Statement
Prohab Ltd (“Prohab” or “We” or “Us”) is committed to protecting and respecting your privacy in line with current legislation. This privacy statement is relevant to anyone who is using the Prohab service. It tells you what personal data is collected and what we do with that personal data.
The Prohab service uses your Health data (a combination of Personal Data and Sensitive Personal Data) collected manually from you.
Prohab Ltd (“Prohab” or “Us” or “We”) is a registered company in the United Kingdom (Company No. 05522835; Registered Office Address 21 Ludgate Hill, EC4M 7AE)
In the provision of the Prohab service, both Personal Data and Sensitive Personal Data will be collected and used.
Personal Data means data which relates to a living individual who can be identified from the data or from the data and any other information which is in the possession of, or likely to come into the possession of, the data controller.
Sensitive Personal Data means personal data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We will also refer to the Data Protection Officer (DPO) and the Data Controller.
According to the GDPR legislation which comes into effect in May 2018, Prohab will be required to appoint a DPO as we carry out large scale systematic monitoring of individuals and carry out large scale processing of special categories of data. The purpose of the DPO is to inform and advise Prohab and our employees about obligations to comply with GDPR and other data protection laws; to monitor compliance with GDPR and data protection laws; and to be the first point of contact for supervisory authorities and for individuals whose data is processed.
The Data Controller is a person who determines the purposes for which and the manner in which any personal data are or are to be processed.
The Data Processor means any person who processes the data on behalf of the Data Controller.
WHAT DATA WE USE
|Data Category||Purpose of Data||Type of Data|
|Personal Data||We collect Personal Data at the point of contacting us via email, subscribing to any of our email lists, submitting a ‘contact’ form or purchasing the product/service.||Name, Age, Phone Number, Address, Email|
|Sensitive Personal Data||We collect Sensitive Personal Data after you have purchased the product as part of fulfilling the product/service.||Ethnicity; Physical/mental health information; Biometric information|
|Cookies||Cookies (small text files placed on your computer while using our site) may be used to assist with improving your site experience and to safeguard your privacy whilst browsing our site. For more information visit www.allaboutcookies.org||Strictly necessary cookies; Performance cookies; Functionality cookies; Targeting/Advertising cookies|
|Browser Event Data||Browser event data is collected during your visit to our website. This information is collected and processed to provide insights into user behaviour in order for us to continually improve our service.||Device IP address; Device screen resolution; Device type; Country location; Preferred language; Mouse events; Keypresses; Log data|
|Web Beacons||Webpages and HTML emails may also contain a small snippet of code called a web beacon. In their simplest form, web beacons allow a website to transfer or collect information through a graphic image request. Prohab may use web beacons as part of the site, but only for fraud detection.|
WHO WE SHARE YOUR DATA WITH AND WHY
The Prohab service is run by us with our third party service providers to provide the overall service. These companies will, as necessary, process your data in order for us to fulfill the Prohab service you purchase.
The following parties are Data Controllers:
|Prohab Ltd||Provides the overall service; Coordinates with and provides policy to Third Party Suppliers to fulfill the service.|
The following Third Party Suppliers are Data Processors and this table reflects their requirements to fulfill our service and the data we share with them in order to do so:
|Supplier||Purpose||What data we share|
|LiveSmart||Lifestyle and health assessment, Receive blood samples, process blood samples and return results back to User||Full name, Email.|
|Functional Dx||Receive and process blood samples and return results back to Prohab.||Full name, Gender, Date of Birth, Postcode, Phone number, Pathology Sample|
|Cyrex LLC||Receive and process blood samples and return results back to Prohab.||Full name, Gender, Date of Birth, Postcode, Phone number, Pathology Sample|
|Regenerus||Receive and process blood, urine and stool samples and return results back to Prohab.||Full name, Gender, Date of Birth, Postcode, Phone number, Pathology Sample|
|Stripe Inc||Full name, Address, Email, Phone Number, Credit card details|
|Act as our card merchant and host your payment details for the purpose of any online transactions you make to us.|
|First Beat||Full Name, Language, Address, Email, Phone Number|
|Act as our ‘First Beat’ supplier. They provide the kit and data collection tool to record stress and Heart Rate Variability. They then provide that report back to our clinical team|
|Cliniko||Act as our practice management software. Cliniko stores medical records, appointments, treatment notes, invoices, payments||Full Name, Address, Email, Phone Number, medicals records, treatment notes|
|iZettle||Act as our card merchant and host your payment details for the purpose of in clinic payments||Name, Credit card details|
Kajabi Act as our online membership Portal Name, Email
Eyegym Visual Intelligence Training Platform Name, Email
London Cognition Cognitive Function Testing. Name, Email
GoCardless Direct Debit payment processor Name, Address, Bank account details
HOW DO WE PROVIDE THE PROHAB SERVICE WITH OTHERS
This section explains the purposes to which we put your Personal Data and Sensitive Personal Data and explains the legal basis and legitimate interests we rely upon when we do so.
‘Legitimate Interests’ refers to our interests in conducting and managing our business. The particular interest which we are relying on in each case is explained in more detail below. When we use your data in our legitimate interests, we make sure to balance any potential impact on you and your rights under data protection laws. Our interests do not automatically override your interests.
We will never share the Personal Data or Sensitive Personal Data with any other parties except for the purposes of fulfilling our service and aggregated data or research, in which case all data we use would not be identifiable.
What Data we use: Name, Email, Date of Birth, Address, Telephone Number, GP Information, Medical history, Medication information, Biometric Data, Dietary and exercise data
How We will use Data: We will use your Personal Data and Sensitive Personal Data to provide the service, including to manage our relationship with you, to verify your identity and eligibility to use our service and/or to contact you to provide and administer our service. Without this information, we cannot provide the Prohab service.
What Data we use: Name, Email, Date of Birth, Address, Telephone Number
How we will use Data: We may use contact you for your feedback or use your information to improve the Prohab service by creating pseudonymised reports and by contacting you to receive feedback. We can use your data in this way because we have a legitimate interest in improving and tailoring our service and keeping our customers happy.
What Data we use: Pseudonymised Personal Data and Sensitive Personal Data
How We will use Data: We may use this data to conduct research on the efficacy of our products and to identify where we can improve our product, or to provide aggregated anonymised reports to analyse the usage, uptake and efficacy of the products and services.
What Data we use: Name, Email, Date of Birth, Address, Telephone Number
How We will use Data: We may be required to retain or use your data if we have a legal duty or obligation to do so. This may be in the context of an employer and retaining certain employee data for a certain period of time, or it may be in the context of providing law enforcement agencies with data to aid with legal proceedings.
What Data we use: Name, Email, Address, Telephone Number, GP Information
How We will use Data: We may use your Data to assist where your health or life is in danger. We can use your data in this way because it protects your vital interests.
HOW LONG CAN WE KEEP YOUR PERSONAL DATA FOR
We may only keep your personal data for as long as it is required for one of the reasons detailed in the above section.
We have policies about how we keep/store your personal data. The periods differ depending on the period and the purpose for which we are using your personal data and the nature of the personal data.
How long we keep the data is determined by the period we need to keep it for in line with fulfilling the service and our legal obligations.
We typically retain personal data for approximately 7 years from the point we obtained the data however in some cases, such as legal requirements, we may be required to keep it longer.
When data is no longer required for its purpose, we ensure data is securely and irrevocably deleted from our system.
WHEN CAN YOU ASK US TO STOP USING YOUR DATA
We rely on consent and lawful basis for processing in order to fulfill the products and services we offer and also so we can contact you directly about the status of your product/service.
You can ask us to stop using your Data at any time, however in doing so we will be unable to continue providing the service.
In order to request that we stop using your data, you can send us an email at firstname.lastname@example.org stating that you wish for us to stop using your data immediately.
WHAT HAPPENS IF YOU DON’T GIVE US SOME OF YOUR DATA
It is entirely optional to provide consent for us to collect and process your data, however where you do not provide the Data we need in order to provide the requested Prohab service or to fulfill a legal requirement, we will not be able to fulfill the service requested.
HOW TO CONTACT US ABOUT THIS PRIVACY STATEMENT
You may contact us at any time via email or post to query anything that may have come up from reading this statement.
Address: Prohab Ltd, Att: 21 Ludgate Hill, EC4M 7AE
We can be contacted at the addresses above for one or more of the following reasons:
On or after 25 May 2018, We can also be contacted at the address above for the following reasons:
Sometimes We will not be able to stop using Your Personal Data when You ask Us to (e.g. where We need to use it because the law requires Us to do so).
You have the right to complain about how We treat Your Personal Data to the Information Commissioner’s Office (the “ICO”). The ICO can be contacted at:
CHANGES TO THIS PRIVACY STATEMENT
We may update this Privacy Statement from time to time. We will notify You of the changes where required by law to do so.
Last modified on 11/05/2019