Privacy Policy

Updated: 8th July 2024

Welcome to The Forbes Clinic of Integrative Medicine (“we,” “our,” or “us”).

The integrity and security of your personal data is of the utmost importance to us and we are committed to ensuring that your personal information is handled securely, responsibly and in line with UK General Data Protection Regulations (UK GDPR).

This Privacy Policy outlines how we collect, use, disclose, and protect your information when you visit our website [] (the “Site”) and engage our services. 

Our Site may contain links to third-party websites and educational resources. These third-party sites are not covered under the terms of this Privacy Policy. We have no responsibility or liability for the content and activities of third-party websites links from our site. We encourage you to review their individual privacy policies to protect your personal information.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • The Right to be Informed: You have the right to be informed about the collection and use of your personal data.
  • The Right of Access: You have the right to access your personal data and supplementary information.
  • The Right to Rectification: You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
  • The Right to Erasure: You have the right to have your personal data erased, also known as the ‘right to be forgotten’. Please note there are some exemptions in place for health care providers.
  • The Right to Restrict Processing: You have the right to request the restriction or suppression of your personal data.
  • The Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
  • The Right to Object: You have the right to object to the processing of your personal data in certain circumstances.
  • Rights Related to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling.

1. Information we Collect

1.1 Personal Data

We may collect personal data from you when you visit our site, make an inquiry through a webform, complete an online form or book a service. We collect the following data provided explicitly by you:

  • Name.
  • Contact Information (email address, phone number, postal address).
  • Payment Information.
  • Any other information you provide to us.

1.2 Special Category Data

Given the nature of our services, you may disclose special category data related to your health or medical history when completing an online form or booking service. We will ask you to provide your consent to process your data in this case.

1.3 Children’s Data

As a family clinic, we offer healthcare services to children under 18, and will process related data with the explicit consent of their legal guardian. The use of this site, forms and booking of services is restricted to those aged 18 years or over. If you believe a child has submitted data to our site, please contact us via the details provided below.

1.4  Cookies

Our Site may use cookies to enhance your experience. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. You can choose to disable cookies through your browser settings.

Non-Personal Data 

We may also collect non-personal data about you automatically when you interact with our Site. This may include:

  • IP Address.
  • Browser Type.
  • Operating System.
  • Pages visited and duration.
  • Referral Source.

2. Lawful Basis for Processing

We will process your personal data provided through engagement with our site under the following lawful basis:

2.1 Legitimate Interests

Where processing is necessary for our legitimate interests, to operate our business and to deliver and facilitate our services.

2.2 Consent

We will seek your explicit consent to process your data as necessary.

2.2 Special Category Data

 We Process special category data related to your health under condition:
‘(h) Health or social care (with a basis in law)’ of Article 9 of the UK GDPR and under the legal basis of consent. 

3. How we use Your Information

We use the information we collect for various purposes, including:

  • To process bookings and payment transactions.
  • To understand and advise on appropriate services.
  • To facilitate the provision of services, treatments or testing.
  • To respond to inquiries, questions, and/or other requests.
  • To comply with legal and regulatory requirements.
  • To analyse usage of the Site and improve our content and services.
  • To send you offers related to other suitable services provided at the clinic or for the purposes of marketing.
  • To improve our business operations and services.

4. Who has access to Your Data

Data provided by you to The Forbes Clinic is accessible to medical practitioners, clinic support and professionals at The Forbes Clinic and will only be processed for legitimate purposes to deliver or facilitate your care or fulfil the duties of their role.

Our Practitioners hold regular case collaboration sessions where they discuss client cases, share expertise and confer to provide you with the best possible care. If you would prefer that your case is only discussed with the named practitioners with which you have formally purchased services, please let us know using the contact details below. 

5. Sharing Your Information

We do not sell, trade, or otherwise transfer your personal information to outside parties except as described below:

  • To third-party suppliers who assist us in operating our site and conducting our business:
    • With our payment processor, Square Pay.
    • With our Practice Management System, Practice Better.
    • With our patient testimonials platform, Doctify.
  • If we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.
  • For the purposes of safeguarding an adult or child as required by statutory authorities.
  • With your explicit consent, for example to facilitate testing or the delivery of treatments.

If our Site or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

5.1 Payment Processing with Square Pay

We use Square Pay as our payment processor to facilitate payment plans, deposits and enable seamless payments for future services.

When you make a payment, your personal and payment information will be shared with Square Pay and encrypted to their servers, regardless of whether you’re using a public or private Wi-Fi connection or a data service on your phone (such as 3G or 4G).

Square Pay complies with all required PCI standards and will never sell information to third-party vendors. Square Pay processes your information in accordance with their own privacy policies and terms of service. We encourage you to review Square Pay’s Privacy Policy at Square Pay Privacy Policy.

You can request that your payment method is amended or deleted at any time.

5.2 Form Processing and Service Booking with Practice Better

When you fill out forms or book a service on our site, your information will be stored on our secure GDPR compliant Practice Management System, Practice Better. Upon booking a service you will be invited to activate an account, secure it with a password and consent to additional terms regarding the processing of your personal data for the delivery of your care. 

5.3 Using Doctify for Patient Testimonials

When you engage with Our Services, we might contact you to request that you share your experience of The Forbes Clinic on the patients testimonials platform, Doctify.

The data shared with Doctify is limited to your phone number, and The Forbes Clinic remains the data controller.

You may also choose to post an anonymous testimonial publicly to the Doctify platform or ignore the request.

5.4 Third-Party Data Sharing with Consent

We may share your data with a third-party supplier with your explicit consent under the following circumstances:

  • To facilitate laboratory, and functional medicine testing with a third party testing partner.
  • To order supplements or remedies for delivery to your home address.
  • To complete a referral to a practitioner outside of The Forbes Clinic as relevant.

Where we engage a third party data processor to deliver services, treatments or testing on your behalf, we do so as the Data Controller, and only on the basis of your explicit consent.

Our third party suppliers adhere to strict confidentiality and all General Data Protection Regulations. They will never share or sell your data to outside parties except as required to deliver the requested services upon our instruction. They will retain your data in line with statutory and legal regulations applicable to them. You will be asked to review and accept their terms and conditions before purchasing. You will retain your rights under GDPR which can be exercised by contacting The Forbes Clinic.

You may have the right to request the deletion of any data held by a third party supplier to The Forbes Clinic providing this is permitted by statutory and regulatory authorities.

6. Data Retention

We will retain your data for a period of 8 years to comply with statutory regulatory requirements imposed by the General Medical Council and other health care regulators. After this time your data will be deleted or fully and comprehensively anonymised so that you are no longer identifiable.

7. Deletion Requests

Clients who have not yet not been provided with services by The Forbes Clinic (have not engaged in testing or attended a consultation or treatment session) may request the deletion of their data under UK GDPR.

Healthcare Data is exempt from the right to erasure. Clients who have been provided with healthcare services such as testing, consultation and treatment with a medically trained Doctor at The Forbes Clinic may not request the deletion of data before the end of the retention period above to ensure compliance with statutory and regulatory conditions.

It may be possible to request the deletion of supplementary data such as data captured during consultation for complementary therapies or services so long as the request complies with all relevant regulatory and statutory requirements.

8. Data Security

We implement a variety of security measures to maintain the safety of your personal data. These measures include encryption, access controls, and secure networks. However, please note that no data transmission over the internet or our storage systems can be guaranteed to be 100% secure.

By submitting your personal information via our website you agree to the collection, storage and processing of said data in line with the terms laid out in this Privacy Policy.

9. Contact Information

If you have any questions about this Privacy Policy, or you wish to exercise your rights, please contact us at:

The Forbes Clinic of Integrative Medicine, The Hale Clinic, Harley Street, London.

or through our website Contact Us form.

Thank you for trusting The Forbes Clinic of Integrative Medicine with your health care.