Phone: +44 (0)20 7175 0694

21 Ludgate Hill, St Paul’s, EC4M 7AE


Prohab Ltd Privacy Statement


Prohab Ltd (“Prohab” or “We” or “Us”) is committed to protecting and respecting your privacy in line with current legislation. This privacy statement is relevant to anyone who is using the Prohab service. It tells you what personal data is collected and what we do with that personal data.

The Prohab service uses your Health data (a combination of Personal Data and Sensitive Personal Data) collected manually from you.


Prohab Ltd (“Prohab” or “Us” or “We”) is a registered company in the United Kingdom (Company No. 05522835; Registered Office Address 21 Ludgate Hill, EC4M 7AE)


In the provision of the Prohab service, both Personal Data and Sensitive Personal Data will be collected and used.

Personal Data means data which relates to a living individual who can be identified from the data or from the data and any other information which is in the possession of, or likely to come into the possession of, the data controller.

Sensitive Personal Data means personal data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

We will also refer to the Data Protection Officer (DPO) and the Data Controller.

According to the GDPR legislation which comes into effect in May 2018, Prohab will be required to appoint a DPO as we carry out large scale systematic monitoring of individuals and carry out large scale processing of special categories of data. The purpose of the DPO is to inform and advise Prohab and our employees about obligations to comply with GDPR and other data protection laws; to monitor compliance with GDPR and data protection laws; and to be the first point of contact for supervisory authorities and for individuals whose data is processed.

The Data Controller is a person who determines the purposes for which and the manner in which any personal data are or are to be processed.

The Data Processor means any person who processes the data on behalf of the Data Controller.



Data Category Purpose of Data Type of Data
Personal Data We collect Personal Data at the point of contacting us via email, subscribing to any of our email lists, submitting a ‘contact’ form or purchasing the product/service. Name, Age, Phone Number, Address, Email
Sensitive Personal Data We collect Sensitive Personal Data after you have purchased the product as part of fulfilling the product/service. Ethnicity; Physical/mental health information; Biometric information
Cookies Cookies (small text files placed on your computer while using our site) may be used to assist with improving your site experience and to safeguard your privacy whilst browsing our site. For more information visit Strictly necessary cookies; Performance cookies; Functionality cookies; Targeting/Advertising cookies
Browser Event Data Browser event data is collected during your visit to our website. This information is collected and processed to provide insights into user behaviour in order for us to continually improve our service. Device IP address; Device screen resolution; Device type; Country location; Preferred language; Mouse events; Keypresses; Log data
Web Beacons Webpages and HTML emails may also contain a small snippet of code called a web beacon. In their simplest form, web beacons allow a website to transfer or collect information through a graphic image request. Prohab may use web beacons as part of the site, but only for fraud detection.


The Prohab service is run by us with our third party service providers to provide the overall service. These companies will, as necessary, process your data in order for us to fulfill the Prohab service you purchase.

The following parties are Data Controllers:


Prohab  Ltd Provides the overall service; Coordinates with and provides policy to Third Party Suppliers to fulfill the service.

The following Third Party Suppliers are Data Processors and this table reflects their requirements to fulfill our service and the data we share with them in order to do so:




Supplier Purpose What data we share
LiveSmart Lifestyle and health assessment, Receive blood samples, process blood samples and return results back to User Full name, Email.
Functional Dx Receive and process blood samples and return results back to Prohab. Full name, Gender, Date of Birth, Postcode, Phone number, Pathology Sample
Cyrex LLC Receive and process blood samples and return results back to Prohab. Full name, Gender, Date of Birth, Postcode, Phone number, Pathology Sample
Regenerus Receive and process blood, urine and stool samples and return results back to Prohab. Full name, Gender, Date of Birth, Postcode, Phone number, Pathology Sample
Stripe Inc Full name, Address, Email, Phone Number, Credit card details
Act as our card merchant and host your payment details for the purpose of any online transactions you make to us.
First Beat Full Name, Language, Address, Email, Phone Number
Act as our ‘First Beat’ supplier. They provide the kit and data collection tool to record stress and Heart Rate Variability. They then provide that report back to our clinical team
Cliniko Act as our practice management software. Cliniko stores medical records, appointments, treatment notes, invoices, payments Full Name, Address, Email, Phone Number, medicals records, treatment notes
iZettle Act as our card merchant and host your payment details for the purpose of in clinic payments Name, Credit card details

Kajabi            Act as our online membership Portal                  Name, Email

(Prohab Academy)

Eyegym        Visual Intelligence Training Platform                   Name, Email

London Cognition  Cognitive Function Testing.                     Name, Email

GoCardless Direct Debit payment processor               Name, Address, Bank account details




This section explains the purposes to which we put your Personal Data and Sensitive Personal Data and explains the legal basis and legitimate interests we rely upon when we do so.

‘Legitimate Interests’ refers to our interests in conducting and managing our business. The particular interest which we are relying on in each case is explained in more detail below. When we use your data in our legitimate interests, we make sure to balance any potential impact on you and your rights under data protection laws. Our interests do not automatically override your interests.

We will never share the Personal Data or Sensitive Personal Data with any other parties except for the purposes of fulfilling our service and aggregated data or research, in which case all data we use would not be identifiable.

  • To provide the Prohab service

What Data we use: Name, Email, Date of Birth, Address, Telephone Number, GP Information, Medical history, Medication information, Biometric Data, Dietary and exercise data

How We will use Data: We will use your Personal Data and Sensitive Personal Data to provide the service, including to manage our relationship with you, to verify your identity and eligibility to use our service and/or to contact you to provide and administer our service. Without this information, we cannot provide the Prohab service.

  • To improve the Prohab Service

What Data we use: Name, Email, Date of Birth, Address, Telephone Number

How we will use Data: We may use contact you for your feedback or use your information to improve the Prohab service by creating pseudonymised reports and by contacting you to receive feedback. We can use your data in this way because we have a legitimate interest in improving and tailoring our service and keeping our customers happy.

  • To conduct research and aggregated reports

What Data we use: Pseudonymised Personal Data and Sensitive Personal Data

How We will use Data: We may use this data to conduct research on the efficacy of our products and to identify where we can improve our product, or to provide aggregated anonymised reports to analyse the usage, uptake and efficacy of the products and services.

  • To do what we are required to do by law

What Data we use: Name, Email, Date of Birth, Address, Telephone Number

How We will use Data: We may be required to retain or use your data if we have a legal duty or obligation to do so. This may be in the context of an employer and retaining certain employee data for a certain period of time, or it may be in the context of providing law enforcement agencies with data to aid with legal proceedings.

  • To assist you where you may be at risk

What Data we use: Name, Email, Address, Telephone Number, GP Information

How We will use Data: We may use your Data to assist where your health or life is in danger. We can use your data in this way because it protects your vital interests.


We may only keep your personal data for as long as it is required for one of the reasons detailed in the above section.

We have policies about how we keep/store your personal data. The periods differ depending on the period and the purpose for which we are using your personal data and the nature of the personal data.

How long we keep the data is determined by the period we need to keep it for in line with fulfilling the service and our legal obligations.

We typically retain personal data for approximately 7 years from the point we obtained the data however in some cases, such as legal requirements, we may be required to keep it longer.

When data is no longer required for its purpose, we ensure data is securely and irrevocably deleted from our system.


We rely on consent and lawful basis for processing in order to fulfill the products and services we offer and also so we can contact you directly about the status of your product/service.

You can ask us to stop using your Data at any time, however in doing so we will be unable to continue providing the service.

In order to request that we stop using your data, you can send us an email at stating that you wish for us to stop using your data immediately.


It is entirely optional to provide consent for us to collect and process your data, however where you do not provide the Data we need in order to provide the requested Prohab service or to fulfill a legal requirement, we will not be able to fulfill the service requested.


You may contact us at any time via email or post to query anything that may have come up from reading this statement.

Address: Prohab Ltd, Att: 21 Ludgate Hill, EC4M 7AE






We can be contacted at the addresses above for one or more of the following reasons:

  1. To ask Us to fix Personal Data about You that is wrong or incomplete, or delete Personal Data about You.
  2. To tell Us that You no longer consent to Us using Personal Data about You and to ask Us to stop. This would not invalidate Our use of the Personal Data prior to the withdrawal of consent.
  3. To tell Us to stop using Your Personal Data for direct marketing purposes.
  4. To ask Us to send You the Personal Data We have about You. This is sometimes called a “subject access request”.


On or after 25 May 2018, We can also be contacted at the address above for the following reasons:

  1. To ask Us to provide You with the Personal Data You have provided to Us. We will provide the Personal Data in a CSV formatted document so that another organisation’s software can understand that Personal Data. This is sometimes called a “data portability” right.
  2. To ask Us not to use Personal Data about You in a way that allows Our computer systems to make decisions about You.
  3. To request that We restrict use of Your Personal Data or to object to its use (including objecting to data used in Our “legitimate interests”).

Sometimes We will not be able to stop using Your Personal Data when You ask Us to (e.g. where We need to use it because the law requires Us to do so).


You have the right to complain about how We treat Your Personal Data to the Information Commissioner’s Office (the “ICO”). The ICO can be contacted at:

  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Telephone: 0303 123 1113 (local rate) or 01625 545 745
  • Email:


We may update this Privacy Statement from time to time. We will notify You of the changes where required by law to do so.

Last modified on 11/05/2019