The Forbes Clinic Logo
£0.00 0

Basket

No products in the basket.

This privacy statement was last updated on June 19, 2026 and applies to citizens and legal permanent
residents of the United Kingdom.

Privacy Notice

In this privacy statement, we explain what we do with the data we obtain about you via
https://www.theforbesclinic.co.uk and the data you provide to us by other means after you have
registered with the Forbes Clinic and continue to engage our services.

We reserve the right to make amendments to this privacy statement. It is recommended that you
carefully read this statement and consult this privacy statement regularly in order to be aware of any
changes. In addition, we will actively inform you wherever possible.

In our processing we comply with the requirements of privacy legislation. That means, among other
things, that:

● we clearly state the purposes for which we process personal data. We do this by means of
this privacy statement;
● we aim to limit our collection of personal data to only the personal data required for
legitimate purposes;
● we first request your explicit consent to process your personal data in cases requiring your
consent;
● we take appropriate security measures to protect your personal data and also require this
from parties that process personal data on our behalf;
● we respect your right to access your personal data or have it corrected or deleted, at your
request, in line with legal and statutory obligations..

If you have any questions, or want to know exactly what data we hold about you, please contact us
using the contact form at the bottom of this policy.

1.How we use data captured on our website

The information that follows explains what we do with the data we obtain about you via
https://www.theforbesclinic.co.uk.

1.1 Purpose, data and retention period


We may collect or receive personal information for a number of purposes connected with our business
operations which may include the following:

1.1.1 Payments

For this purpose we use the following data:

● A first and last name
● Account name or alias
● A home or other physical address, including street name and name of a city or town
● An email address
● A telephone number
● IP Address
● Internet activity information, including, but not limited to, browsing history, search history,
and information regarding a consumer's interaction with an Internet Web site, application, or
advertisement
● Geolocation data

The basis on which we may process these data is:
For compliance with a legal or regulatory obligation.

Retention period
We retain this data upon termination of the service for the following number of months: 60


1.1.2 Registering an account

For this purpose we use the following data:
● A first and last name
● Account name or alias
● An email address
● IP Address
● Internet activity information, including, but not limited to, browsing history, search history,
and information regarding a consumer's interaction with an Internet Web site, application, or
advertisement

The basis on which we may process these data is:
It is necessary for the execution of a contract or preliminary procedures related to a contract to which
the data subject is a party.

Retention period
We retain this data upon termination of the service for the following number of months: 24

1.1.3 To support services or products that a customer wants to buy or has
purchased


For this purpose we use the following data:
● A first and last name
● A home or other physical address, including street name and name of a city or town
● An email address
● A telephone number
● IP Address
● Date of birth
● Sex
● Medical information

The basis on which we may process these data is:
It is necessary for the execution of a contract or preliminary procedures related to a contract to which
the data subject is a party.

Retention period
We retain this data upon termination of the service for a period of 8 years to comply with statutory
regulatory requirements imposed by the General Medical Council and other health care regulators. After
this time your data will be deleted or fully and comprehensively anonymised so that you are no longer
identifiable.

1.1.4 To be able to comply with legal obligations

For this purpose we use the following data:

● A first and last name
● A home or other physical address, including street name and name of a city or town
● An email address
● A telephone number
● IP Address
● Internet activity information, including, but not limited to, browsing history, search history,
and information regarding a consumer's interaction with an Internet Web site, application, or
advertisement

The basis on which we may process these data is:
It is necessary for the execution of a contract or preliminary procedures related to a contract to which
the data subject is a party.

Retention period
We retain this data upon termination of the service for a period of 8 years to comply with statutory
regulatory requirements imposed by the General Medical Council and other health care regulators. After
this time your data will be deleted or fully and comprehensively anonymised so that you are no longer
identifiable.


1.1.5 Compiling and analyzing statistics for website improvement.

For this purpose we use the following data:
● IP Address

The basis on which we may process these data is:
Upon the provision of consent.

Retention period
We retain this data upon termination of the service for the following number of months: 24

1.1.6 Deliveries

For this purpose we use the following data:

● A first and last name
● A home or other physical address, including street name and name of a city or town

The basis on which we may process these data is:
It is necessary for the execution of a contract or preliminary procedures related to a contract to which
the data subject is a party.

Retention period
We retain this data upon termination of the service for the following number of months: 24


1.1.7 Contact – Through phone, mail, email and/or webforms

For this purpose we use the following data:

● A first and last name
● An email address
● A telephone number
● IP Address
● Medical Information

The basis on which we may process these data is:
It is necessary for the purposes of the legitimate interests pursued by the controller or by a third party,
and that interest outweighs the interest of the person concerned.

Retention period
We retain this data upon termination of the service for a period of 8 years to comply with statutory
regulatory requirements imposed by the General Medical Council and other health care regulators. After
this time your data will be deleted or fully and comprehensively anonymised so that you are no longer
identifiable.


1.1.8 To be able to offer personalised products and services

For this purpose we use the following data:

● A first and last name
● A home or other physical address, including street name and name of a city or town
● An email address
● A telephone number
● IP Address
● Date of birth
● Sex
● Medical information

The basis on which we may process these data is:
It is necessary for the execution of a contract or preliminary procedures related to a contract to which
the data subject is a party.

Retention period
We retain this data upon termination of the service for a period of 8 years to comply with statutory
regulatory requirements imposed by the General Medical Council and other health care regulators. After
this time your data will be deleted or fully and comprehensively anonymised so that you are no longer
identifiable.

1.2. Sharing with other parties

We do not sell, trade or otherwise disclose your data to third parties except to our data processors in
order to deliver services to you and fulfill our general business operations or on the basis of explicit
consent.

We only share or disclose this data to data processors for the following purposes:

1.2.1. General Business operations Data Processors

Name: Practice Better (Practice Management System)
Country: Canada
Purpose: To facilitate consultation booking, client communication, process payment for
consultations and/or functional tests booked on our website and record keeping


Name: Stripe
Country: United Kingdom
Purpose: To process payments for functional testing ordered on our website.


Name: Doctify
Country: United Kingdom
Purpose: To facilitate anonymous client feedback. When you purchase a service on our website,
you may receive contact from the patient testimonial platform Doctify asking you to share your
experience of The Forbes Clinic. The data shared with Doctify is limited to your phone number,
and we remain the data controller. You may choose to post an anonymous testimonial to the
Doctify platform or ignore the request.


Name: Google
Country: United Kingdom
Purpose: When you purchase a service on our website, you may receive contact from the
patient platform asking you for a testimonial for Google Reviews to share your experience of
The Forbes Clinic. Google treats reviews as public contributions tied to your account. Your
display name, profile photo, and review text are publicly visible across Google services. You can
manage what information is shared, use custom display names, and delete reviews to remove
your data from public view.

1.2.2. Functional Testing

When you purchase functional testing with us you will be asked to consent for us to share your
data with the relevant third-party supplier(s) to facilitate delivery of your test kit, laboratory
testing and results. By purchasing you agree to the processing of special category health data
related to your samples and results. Where we engage a third party data processor to deliver
testing services we do so as the data controller and on the basis of your explicit consent. Our
third party testing suppliers are GDPR compliant and adhere to strict confidentiality in line with
their own privacy policies. You are responsible for reviewing the relevant privacy policy before
purchasing. You will retain your rights under GDPR which can be exercised by contacting The
Forbes Clinic. You have the right to request the deletion of data held by a testing supplier to
The Forbes Clinic in line with any legal, statutory and regulatory obligations. Please note some
healthcare data is exempt from the right to erasure.

We never share data about your medical history with our providers. The data we share is
submitted via a secure online portal and is limited to:

● Name
● Address
● Date of Birth
● Email address
● Phone number
● Sex

We share data with the following Data Processors to facilitate functional testing:

● Regenerus Laboratories Limited, United Kingdom, Privacy Policy
● Colab Services, United Kingdom, Privacy Policy
● Genova Diagnostics, United Kingdom, Privacy Policy
● Viva Health Laboratories, United Kingdom, Privacy Policy
● LifeCodeGX, United Kingdom, Privacy Policy
● Invivo Healthcare, United Kingdom, Privacy Policy

1.3. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.

1.4. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law
enforcement agency, to the extent permitted under other provisions of law, to provide information, to
safeguard an adult or child, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may
be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

We have concluded a data processing agreement with Google.

Google may not use the data for any other Google services.

The inclusion of full IP addresses is blocked by us.

1.5. Security

We are committed to the security of personal data. We take appropriate security measures to limit
abuse of and unauthorised access to personal data. This ensures that only the necessary persons have
access to your data, that access to the data is protected, and that our security measures are regularly
reviewed.

The security measures we use consist of:

● Login Security
● DKIM, SPF, DMARC and other specific DNS settings
● (START)TLS / SSL / DANE Encryption
● Website Hardening/Security Features
● Vulnerability Detection

1.6. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We
cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We
recommend you read the privacy statements of these websites prior to making use of these websites.

1.7. Children

As a healthcare provider we offer services to under 18’s but will process children’s data only when
provided by a legal guardian and only on the basis of explicit consent. We therefore request that
children under the age of consent do not submit any personal data to us. If you believe a child has
submitted data to us, please contact us via the details provided below.

1.8. Special Category Data

Given the nature of our services we may process special category data related to your health or medical
history which you choose to disclose or which we receive from a testing supplier after you purchase
functional testing. We Process special category data related to your health under condition ‘(h) Health
or social care (with a basis in law)’ of Article 9 of the UK GDPR and under the legal basis of consent. You
will be asked to provide your consent upon booking or purchasing a service.

1.9.Your rights under GDPR

Please see 3. below for information about our data protection contact, complaints and exercising your
rights.

2.How we use data captured during engagement with
our services

The following information applies to data you provide to us by other means after you have registered
with the Forbes Clinic and continue to engage our services.

2.1. Information we Collect

2.1.1 Personal Data

We may collect personal data from you during consultation, when you contact us via phone or email or
upon booking an appointment or purchasing a service. We may collect the following data provided
explicitly by you:

● Name
● Address
● Contact details
● Occupation
● Sex assigned at Birth
● Gender
● Ethnicity
● Emergency Contact Details
● Medical Information e.g. health concerns, medical history, relevant historic test results
● Diet and lifestyle information
● Social and emotional information e.g. significant emotional experiences, stressors and support
● Payment Information
● Any other information you disclose to us

2.1.2 Special Category Data

Given the nature of our services, you may disclose data of a sensitive nature and special category data
related to your health or medical history when booking a service or during consultation. We will ask you
to provide your consent to process this data upon booking.

2.1.3 Children’s Data

As a family clinic, we offer healthcare services to children under 18, and will process related data with
the explicit consent of their legal guardian. By engaging our services on behalf of a child you
acknowledge that you are their legal guardian and may legally consent to the processing of their data.

2.2. Lawful Basis for Processing

We will process your personal data provided during your continued engagement with our services
under the following lawful basis:

2.2.1 Legitimate Interest

Where processing is necessary for our legitimate interests, to operate our business and to deliver and
facilitate our services.

2.2.2 Consent

We will seek your explicit consent to process your data as necessary.

2.2.2 Special Category Data

We Process special category data related to your health under condition:
‘(h) Health or social care (with a basis in law)’ of Article 9 of the UK GDPR and under the legal basis of
consent.

2.3. How we use Your Information

We use the information we collect for a range of purposes in the delivery, facilitation and improvement
of our business operations, including:

● To process bookings and payment transactions.
● To understand your health concerns and advise on appropriate services.
● To facilitate the provision of services, treatments or testing.
● To respond to enquiries, questions, and/or other requests made by you.
● To comply with legal and regulatory requirements.
● To analyse client engagement, satisfaction and outcomes.
● To improve business operations.
● To request you share your experience of our services.
● To send you offers related to other suitable services provided at the clinic or for the purposes of
marketing.
● To improve the content and services we provide.

2.4. Who has access to Your Data

The data you provide to The Forbes Clinic is accessible to Practitioners at the Forbes Clinic with whom
you have purchased a service or clinic support staff who require access to our Practice Management
system in order to fulfill the requirements of their role. Your data is only accessed and processed for
legitimate purposes. Our Practitioners hold regular case collaboration sessions where they discuss client
cases, share expertise and confer to provide you with the best possible care. If you would prefer that
your case is only discussed with the named practitioners with which you have formally purchased
services, please let us know using the contact form below.

2.5. Sharing Your Information

We do not sell, trade, or otherwise transfer your personal information to outside parties except to our
data processors or for a specific purpose with your explicit consent as outlined below:
2.5.1 With our payment processor, Practice Better Payments


We use Practice Better Payments to process payments and facilitate payment plans, deposits and
enable automated payments for pre-booked services. When you make a payment, your personal and
payment information will be shared with Stripe via Practice Better Payments. Practice Better Payments
is powered by Stripe. That means the underlying infrastructure for the payment features we provide is
handled by Stripe.


Stripe handles the secure processing, transmission, and storage of sensitive payment information.
Practice Better itself doesn’t capture or store this information. We retain payment information, including
credit card details, solely for the purpose of processing your transactions. Your card information is
encrypted and stored securely and your data is processed in accordance with their data processing
terms which you are responsible for reviewing.

You can request that your payment method is amended or deleted at any time.

2.5.2 With our Practice Management System, Practice Better

When you fill out forms, upload documents, communicate with us or book a service your data will be
stored securely on our GDPR Compliant Practice Management System. Upon registering with us, you
will be invited to activate your Practice Better account, secure it with a password and consent to
additional terms regarding the processing of your personal data.

2.5.3 With the Patient Testimonials Platform, Doctify

We might contact you to request that you share your experience of The Forbes Clinic on the patients
testimonials platform, Doctify. The data shared with Doctify is limited to your phone number, and The
Forbes Clinic remains the data controller. You may choose to post an anonymous testimonial to the
Doctify platform or ignore the request.

2.5.4 With the Patient Testimonials Platform, Google

We might contact you to request that you share your experience of The Forbes Clinic on Google
Reviews. Google treats reviews as public contributions tied to your account. Your display name, profile
photo, and review text are publicly visible across Google services. You can manage what information is
shared, use custom display names, and delete reviews to remove your data from public view.

2.5.5 With our testing suppliers

When you purchase functional testing with us you will be asked to consent for us to share your data
with the relevant third-party supplier(s) to facilitate delivery of your test kit, laboratory testing and
results. By purchasing you agree to the processing of special category health data related to your
samples and results. Where we engage a third party data processor to deliver testing services we do so
as the data controller and on the basis of your explicit consent. Our third party testing suppliers are
GDPR compliant and adhere to strict confidentiality in line with their own privacy policies. You are
responsible for reviewing the relevant privacy policy before purchasing. You will retain your rights under
GDPR which can be exercised by contacting The Forbes Clinic. You have the right to request the
deletion of data held by a testing supplier to The Forbes Clinic in line with any legal, statutory and
regulatory obligations. Please note some healthcare data is exempt from the right to erasure.
We never share data about your medical history with our providers. The data we share is submitted via
a secure online portal and is limited to:

● Name
● Address
● Date of Birth
● Email address
● Phone number
● Sex assigned at Birth
● Ethnicity (rarely, and only where it is necessary for analysis for example to facilitate
certain genetic testing)
We share data with the following Data Processors to facilitate functional testing:
● Regenerus Laboratories Limited, United Kingdom, Privacy Policy
● Colab Services, United Kingdom, Privacy Policy
● Genova Diagnostics, United Kingdom, Privacy Policy
● Viva Health Laboratories, United Kingdom, Privacy Policy
● LifeCodeGX, United Kingdom, Privacy Policy
● Invivo Healthcare, United Kingdom, Privacy Policy
● Academy of Nutritional Medicine Limited, United Kingdom, Privacy Policy
● Melisa Diagnostics Limited, United Kingdom, Privacy Policy
● Nordic Laboratories ApS, Denmark, Privacy Policy
● The Doctors Laboratory Group (TDL), United Kingdom, Privacy Policy
● Cyrex Laboratories, United States of America, Privacy Policy
● Functional Diagnostix Limited, United Kingdom, Privacy Policy

2.5.6 With a supplier of remedies or supplements

We provide a range of options for sourcing recommended supplements and remedies for your
convenience. If you choose to purchase with a supplier to The Forbes Clinic you’ll be asked to give your
consent to share the following data to facilitate delivery of your order:

● Name
● Delivery Address
● Phone number
Your data will be processed by our suppliers in line with their privacy policies and it is your
responsibility to review the relevant policy before purchasing:
● Biomedico, Ireland, Privacy Policy
● Balance Healthcare Limited, United Kingdom, Privacy Policy

2.5.7 With an alternative provider at your request

We may share your data with a practitioner outside of The Forbes Clinic to facilitate a referral to
another practitioner made at your request. We will ask you to consent and will only share the data you
request us to share.

2.6. Disclosure Practices

We disclose personal information if we are required by law or by a court order, in response to a law
enforcement agency, to the extent permitted under other provisions of law, to provide information, to
safeguard an adult or child, or for an investigation on a matter related to public safety.
If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may
be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

2.7. Security

We are committed to the security of personal data. We take appropriate security measures to limit
abuse of and unauthorised access to personal data. This ensures that only the necessary persons have
access to your data, that access to the data is protected, and that our security measures are regularly
reviewed.

The security measures we use consist of:

● Login Security
● Use of secure portals for client communication

2.8. Data Retention

We will retain your data for a period of 8 years to comply with statutory regulatory requirements
imposed by the General Medical Council and other health care regulators. After this time your data will
be deleted or fully and comprehensively anonymised so that you are no longer identifiable.

2.9. Erasure Requests

Please be aware that some Healthcare Data is exempt from the right to erasure. Clients who have been
provided with healthcare services such as testing, consultation and treatment with a medically trained
Doctor at The Forbes Clinic may not request the deletion of data before the end of the retention period
above to ensure compliance with statutory and regulatory requirements. It may be possible to request
the deletion of some supplementary data if permitted by the relevant regulatory and statutory bodies.
Prospective clients who have not yet received consultation, testing or treatment may exercise their
right to erasure.

2.10. Third-party websites

This privacy statement does not apply to third-party websites we may share with you for informational
purposes after consultation. We cannot guarantee that these third parties handle your personal data in
a reliable or secure manner. We recommend you read the privacy statements of these websites prior to
making use of these websites.

2.11. Special Category Data

Given the nature of our services we may process special category data related to your health or medical
history which you choose to disclose or which we receive from a testing supplier after you purchase
functional testing. We Process special category data related to your health under condition ‘(h) Health
or social care (with a basis in law)’ of Article 9 of the UK GDPR and under the legal basis of consent. You
will be asked to provide your consent upon booking or purchasing a service.

3.Your Rights under GDPR

3.1. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us.
You can contact us by using the information below. You have the following rights:

● You have the right to know why your personal data is needed, what will happen to it, and
how long it will be retained for.
● Right of access: You have the right to access your personal data that is known to us.
● Right to rectification: you have the right to supplement or, correct your personal data
whenever you wish.
● If you give us your consent to process your data, you have the right to revoke that consent.
Right to transfer your data: you have the right to request all your personal data from the
controller and transfer it in its entirety to another controller.
● Right to object: you may object to the processing of your data. We comply with this, unless
there are justified grounds for processing.
● Right to erasure: You have the right to request deletion of your data so long as your request
complies with legal and statutory regulations. Please be aware certain healthcare data is
exempt from the right to erasure as outlined in this policy. .

Please make sure to always clearly state who you are, so that we can be certain that we do not modify
or delete any data of the wrong person.

3.2. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your
personal data, you have the right to submit a complaint to the Information Commissioner’s Office:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF


Jersey Office of The Information Commissioner
2nd Floor 5 Castle Street
St. Helier
Jersey
JE2 3BT


St Martin’s House
Le Bordage
St. Peter Port
Guernsey
GY1 1BR


3.3. Contact details

Dr. Anna Forbes
The Hale Clinic, 4 Harley Street, London, W1G 9PB
United Kingdom
Website: https://www.theforbesclinic.co.uk
Email: enquiries@theforbesclinic.co.uk
Phone number: 0207 631 0156

Logo with white text
Pioneering integrative medicine and holistic health for a balanced, vibrant life.
Please note:
The phone line goes through to voicemail.
We aim to return messages within 48 clinic
opening hours
Monday - Wednesday - Friday
(9am - 5pm)

STAY CONNECTED

Sign up for supplement discount codes, latest Integrative Medicine information & more
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Follow us on socials

© Copyright 2026 – The Forbes Clinic of Integrative Medicine. All rights reserved
BEFORE YOU GO , WHY NOT .....

Sign up to receive clinical insights and discounts

Enter your details and receive discount codes and the latest Integrative Medicine Information straight to your inbox.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.