Eligibility Questionnaire

Privacy Policy

Last updated: January 2025

1. Who We Are

Neuro Reset Clinic ("the Clinic", "we", "us", "our") is a private specialist mental health clinic operating from ZEN Healthcare premises at 57–61 Heath Street, Hampstead, London NW3 6UG, and 53 Beauchamp Place, Knightsbridge, London SW3 1NY.

For the purposes of UK GDPR and the Data Protection Act 2018, the Clinic acts as a Data Controller for personal data collected through this website and in connection with the provision of clinical services.

2. What Data We Collect

We may collect and process the following categories of personal data:

  • Identification data: name, date of birth, gender
  • Contact data: email address, telephone number, postal address
  • Health data (special category): psychiatric and medical history, current symptoms, treatment history, medication details — collected via the eligibility questionnaire and during clinical consultations
  • Technical data: IP address, browser type, cookies, and pages visited (collected automatically when you visit our site)
  • Communications data: messages sent via our contact form or email

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Explicit consent (Article 9(2)(a) UK GDPR) — for health data collected via our eligibility questionnaire and clinical records
  • Legitimate interests (Article 6(1)(f) UK GDPR) — for website analytics and improving our services
  • Legal obligation — where required to do so by applicable law or a regulatory body
  • Vital interests — where necessary to protect life in an urgent clinical situation

4. How We Use Your Data

Personal data collected is used solely for the following purposes:

  • Assessing your eligibility for our clinical services
  • Booking and delivering clinical consultations and treatments
  • Communicating with you regarding your care
  • Maintaining clinical records as required by professional and legal standards
  • Responding to general enquiries
  • Improving our website and service (anonymised analytics only)

We do not use your personal data for marketing purposes without your explicit consent. We do not sell or transfer your data to third parties for commercial purposes.

5. Data Sharing

We will only share your data with:

  • Other treating clinicians — only with your explicit written consent
  • Your GP — only where you have given consent, or where there is a serious risk to life requiring immediate action
  • Regulatory bodies or legal authorities — where required by law
  • Technology service providers (e.g. email systems, cloud hosting) — under appropriate data processing agreements ensuring GDPR compliance

6. Data Retention

Clinical records are retained for a minimum of eight years from the date of last consultation in accordance with NHS and GMC guidance applicable to private practice in the UK. Non-clinical enquiry data (e.g. contact form submissions) is retained for two years unless you request earlier deletion.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access — to request a copy of your personal data
  • Right to rectification — to have inaccurate data corrected
  • Right to erasure — to request deletion of your data (subject to legal retention obligations)
  • Right to restrict processing — to limit how we use your data
  • Right to data portability — to receive your data in a portable format
  • Right to object — to processing based on legitimate interests
  • Right to withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at info@neuroresetclinic.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

Our website uses essential cookies required for the website to function correctly. We do not use tracking or advertising cookies. By using our website, you consent to the use of essential cookies as described here.

This website also uses Google reCAPTCHA v3 on our forms to protect against spam and abuse. reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. All data transmissions and form submissions are encrypted using industry-standard TLS. Access to clinical records is restricted to authorised clinical staff.

10. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in law or our practices. The current version will always be available on this page with the date of last revision shown at the top.

11. Contact

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: