Privacy Policy

Last Updated: 23rd March 2018

CBR Clinics Ltd (“us”, “we”, or “our”) operates the website (the “Service”). We are a Physiotherapy and Osteopathy clinic providing rehabilitation and relaxation therapies to members of the general public. We are located in two locations, Mercury House, 117 Waterloo Road, London, SE1 8UL, and South Quay Building, 189 Marsh Wall, London, E14 9SH. Our telephone number is 02079210538 and our contact email is

In its everyday business operations CBR Clinics Ltd makes use of a variety of data about identifiable individuals, including data about:

  • Current, past and prospective employees or self-employed therapists or limited companies
  • Clients
  • Users of its website

In collecting and using this data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.

The purpose of this policy is to set out the relevant legislation and to describe the steps CBR Clinics Ltd is taking to ensure that it complies with it.

This control applies to all systems, people and processes that constitute the organisation’s information systems, including board members, directors, employees,  contractors, suppliers and other third parties who have access to CBR Clinics Ltd systems.

Information Collection And Use

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to, your email address, name, phone number, postal address and date of birth (“Personal Information”).

Log Data

We may also collect information that your browser sends whenever you visit our Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.

In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase our Service’s functionality. These third party service providers have their own privacy policies addressing how they use such information.


Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Behavioral Remarketing

CBR Clinics Ltd uses remarketing services to advertise on third party web sites to you after you visited our Service. We, and our third party vendors, use cookies to inform, optimize and serve ads based on your past visits to our Service.

  • GoogleGoogle AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page:
  • Google also recommends installing the Google Analytics Opt-out Browser Add-on – – for your web browser.
  • Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:
  • Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting this page:
  • To opt-out from Facebook’s interest-based ads follow these instructions from Facebook:
  • Facebook adheres the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA, the Digital Advertising Alliance of Canada in Canada or the European Interactive Digital Advertising Alliance in Europe, or opt-out using your mobile device settings.
  • For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy:

Third Parties

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. They are as follow:

  • Cliniko Limited
  • CliniqApps Limited
  • MailChimp Limited

These third parties have access to your Personal Information only to perform the tasks specified on the Legitimate Interestes section on our behalf and are obligated not to disclose or use it for any other purpose.

Purposes and legal basis of the processing

1. Performance of a Contract

The personal data collected and processed are required to fulfil a contract with the data subject, and explicit consent to process their data is not required. The contract of services cannot be completed without the personal data in question.

2. Legal Obligation

The personal data is required to be collected and processed in order to comply with the law. Being a healthcare provider, we are required by law to keep clients data and clinical notes for a period of no longer than six years.

Legitimate Interests

The processing of specific personal data is in the legitimate interests of CBR Clinics Ltd and is judged not to affect the rights and freedoms of the data subject in a significant way as below:

  • To record data and clinical notes within Cliniko in order to be compliant with the law which requires us to keep client’s clinical notes for six years
  • To improve client attendance, re-engagement and retention
  • To market for our services following the client’s engagement
  • To advise clients of our opening hours on special dates and bank holidays, new services or therapists and special offers


We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Compliance With Laws

We will disclose your Personal Information where required to do so by law or in accordance with an order of a court of competent jurisdiction, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service. We will retain your clinical notes and personal data for a period of 6 years in order to comply with the law.

Your rights to access, rectification, erasure and portability of your personal data.

You, the data subject, have rights under the GDPR. These consist of:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

Each of these rights are supported by appropriate procedures within CBR Clinics Ltd that allow the required action to be taken within the timescales stated in the GDPR. Any requests to address your personal data should be sent in writing to our physical address below or via email to

However, we are required by law to keep your data for a period of six years. We will be unable to deal with any erasure requests before that time. You can ask to transfer your data from our clinic to a different clinic. In that case, we will securely send all your data to the new appointed clinic and will then erase your data at CBR Clinics. Once the transfer is completed you will not be able to engage with our services any longer.

Business Transaction

If CBR Clinics Ltd is involved in a merger, acquisition or asset sale, your Personal Information may be transferred. We will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Policy. In the event of such a transfer of information, your rights under the GDPR are not affected.


The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the current GDPR.

International Transfer

Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the information, including Personal Information, to United Kingdom and process it there. Your data is also transferred to Australia and to the United States to the third parties mentioned above, all of which are compliant with the GDPR.

In the event that a dispute arises with regards to the international transfer of data, you agree that the courts of England and Wales shall have exclusive jurisdiction over the matter.

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.


This Policy shall be governed and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions.

Contact Us

If you have any questions about this Privacy Policy, please contact us.