Skip to content
Menu

Privacy Policy

1. Key Information

As a leading healthcare provider for physical and mental health solutions in the United Kingdom, we at Clement are committed to safeguarding the privacy and fundamental rights of those who use our services. This privacy policy will inform you about how we look after your personal data, and about your privacy rights and how the law protects you.

This privacy policy aims to give you information on how Clement collects and processes your personal data through your use of this website and when use our services. It is not intended for children and we do not knowingly collect data relating to children.

You should read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

We keep our privacy policy under regular review. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

In this privacy policy, “UK GDPR” means the retained EU law version of the General Data Protection Regulation ((EU) 2016/679), and “DPA 2018” means the Data Protection Act 2018.

Data Controller

Clement Mind Limited (trading as Clement, Cognity, and ABM Psychology) is the controller and responsible for your personal data (collectively referred to as Clement (or “we”, “us” or “our” in this privacy policy).

We have appointed a data protection manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, please contact the data privacy manager using the details set out below.

  • Legal entity: Clement Mind Ltd
  • Email address: hello@clementmind.com
  • Postal address: 16 Upper Woburn Place, London, WC1H 0AF, United Kingdom.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Third Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2. Data We Collect About You

“Personal data” means any information about an individual from which they can be identified. It does not include where the identity has been removed (i.e. anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity: names, username or similar identifier, marital status, title, date of birth, gender.
  • Contact: address, email address, phone number, billing address.
  • Financial: bank account and/or payment card details.
  • Transaction: payments to and from you, products and services you have purchased from us.
  • Technical: IP address, browser type and version, time zone, location, and other information about technology which you use to access this website.
  • Profile: purchases or payments made by you, interests, preferences, feedback.
  • Usage: information about how you use our website, products and services.
  • Marketing and communication: your preference to receive marketing and other communications from us.
  • Special category: health and medical, racial or ethnic origin, political opinions, religious or philosophical beliefs, sex life and sexual orientation.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3. How We Collect Your Data

Your data is collected in various ways including through:

  • Direct interactions: You may give us details by filling in forms or corresponding with us via post, phone, email or otherwise. This includes personal data which you provide when you use our products and services.
  • Automated technology: If you interact with our website we may automatically collect some data about your equipment, browsing actions and patterns. This is done via Google Analytics.
  • Third parties: We may receive personal data about you from various third parties and public authorities, such as the NHS or private medical practices.

4. How We Use Your Personal Data

We only use your personal data when we are allowed to do so by law. The most common uses will be:

  • Where you have provided explicit consent.
  • Where we need to perform the contract we are about to or have entered into with you.
  • Where it is necessary for our legitimate interests, and where your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Generally we do not rely on consent for processing your personal data. You have the right to withdraw consent to marketing communications at any time by contacting us.

Purposes for which we use your personal data

The table below describes the ways we may use your personal data, and which legal bases we rely on to do so.

  • Type of data: Identity, Contact, Financial, Transaction, Technical, Profile, Usage, Marketing and communications
  • Purpose/activity: Register you as a patient, manage payments, fees and charges, collect and recover money, manage our relationship with you, administer and protect our business, analytics.
  • Lawful basis: Performance of a contract with you, comply with a legal obligation, necessary for our legitimate interests (keep records, recover payments, perform services, IT and administration functions, network security, prevention of fraud).
  • Special Category and Criminal Convictions: Perform services which you have procured from us, safeguarding, referring you to third parties (e.g. NHS or private practices) for further services which you are procuring.
  • Legal basis: Necessary for health and social care purposes, and public health (Paragraphs 2(1) and 3, Schedule 1, DPA 2018).

We comply with the principles relating to processing personal data set out in the UK GDPR which require personal data to be:

  • Processed lawfully, fairly and in a transparent manner.
  • Collected only for specified, explicit and legitimate purposes.
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
  • Accurate and where necessary kept up to date.
  • Not kept in a form which permits identification of data subjects for longer than is necessary.
  • Processed in a manner that ensures its security using appropriate technical and organisational measures.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

Marketing

If you have opted in to receive marketing communications, data will be stored within our MailChimp account. The purpose is to send patients updates about the business, treatments, and health & wellbeing news. Optional personal data may be collected for email marketing purposes. You can unsubscribe at any time via the link in the emails or by contacting us.

5. International Transfers

We may transfer your personal data outside of the European Economic Area (EEA). If this occurs, we ensure an adequate level of protection by implementing appropriate safeguards.

6. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. These include:

  • Use of firewalls and intrusion detection/prevention systems.
  • Data stored securely in the UK.
  • Encrypted connections and enterprise-grade antivirus/antimalware protection.
  • Remote monitoring and deletion capabilities for high-risk endpoints.
  • Secure destruction or anonymisation of data when no longer needed.

Access is limited to those with a business need, who are subject to confidentiality obligations.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes we collected it for. This includes legal, regulatory, tax, accounting or reporting requirements.

We consider the following when determining retention periods:

  • Amount, nature and sensitivity of the data.
  • Risk of harm from unauthorised use or disclosure.
  • Purpose of processing and if it can be achieved by other means.
  • Applicable legal and regulatory requirements.

Your Legal Rights

You have rights under data protection laws, including the right to:

  • Access your data
  • Request correction
  • Request erasure
  • Object to processing
  • Request restriction of processing
  • Request transfer
  • Withdraw consent

Third Parties

We may share your data with:

  • Other companies in the Clement group
  • IT system and administration service providers
  • Professional advisers
  • HM Revenue & Customs and other regulators