Privacy Policy
Introduction
This privacy policy sets out how Chronic Pain Recovery Centre Ltd uses and protects your personal data. This policy is provided in a layered format so you can click through (or scroll) to the specific areas set out below.
This website is not intended for children. By providing us with your data, you confirm that you are 13 years of age or older and we do not knowingly collect data relating to children.
1. Important information and who we are
Controller: Chronic Pain Recovery Centre Ltd ("we", "us", "our") is the controller and responsible for your personal data.
If you have any questions about this privacy policy, including any requests to exercise your legal rights (see paragraph 9), please contact us using the details in paragraph 10.
2. The types of personal data we collect about you
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped as follows:
• Identity Data (e.g., first name, last name, title).
• Contact Data (e.g., billing address, email address, telephone number).
• Financial and Transaction Data (e.g., payments to and from you; processed securely by Stripe; we do not store full card details).
• Technical Data (e.g., IP address, browser type and version, time zone setting, device ID, operating system).
• Profile and Usage Data (e.g., session bookings, preferences, feedback, how you use our website and services).
• Marketing and Communications Data (e.g., preferences in receiving marketing from us).
• Special Category Data (health‑related information you choose to share for coaching purposes). We only process this with your explicit consent or where otherwise permitted by law.
• Where you choose to share Special Category Data for coaching, this may include information about current health conditions, previous or ongoing medical evaluation or treatment, and aspects of your mental health relevant to coaching. We will only process such data with your explicit consent (or where otherwise permitted by law).
• Aggregated Data. We also collect, use and share aggregated or anonymised data (for example, statistics about website usage). This data does not directly or indirectly identify you and is not treated as personal data.
3. How is your personal data collected?
• Direct interactions: You may give us data by completing online forms on our website, booking sessions, corresponding by email, WhatsApp (on request), or video call (Zoom).
• Automated technologies: We automatically collect Technical Data as you interact with our website through cookies and similar technologies (see our Cookie Policy).
• Third parties: We receive data from Stripe (payments), Zoom (account and meeting metadata), and, where applicable, analytics providers.
4. How we use your personal data
Legal bases: We use your data where necessary for (a) performance of a contract with you, (b) our legitimate interests (e.g., running our business and providing a secure experience), (c) compliance with legal obligations, and (d) consent — for example, to process special category data (health) or to send certain marketing communications.
Purposes for which we will use your personal data:
Change of purpose: We will only use your personal data for the purposes we collected it for, unless we reasonably consider that we need to use it for another purpose that is compatible with the original one. If we need to use your data for an unrelated purpose, we will explain the legal basis to you.
Direct marketing: You may set your marketing preferences when you provide your data. We will get your express consent before sharing your data with any third party for their own marketing. You can opt out at any time via the link in our emails or by contacting us.
Promotional offers. We may use your Identity, Contact, Technical, Usage and Profile data to form a view on what services or resources may be relevant for you (we call this marketing). PECR soft opt-in. Where permitted by law, we may send you marketing if you have previously purchased from us or asked for information and you have not opted out. You can opt out at any time via the link in our emails or by contacting us.
Cookies: For more information about cookies and how to change your preferences, see our Cookie Policy.
5. Disclosures of your personal data
• Service providers acting as processors, including Zoom Video Communications, Inc. (video conferencing), Stripe Payments UK, Ltd. and Stripe, Inc. (payments), email and website hosting, and analytics providers.
• Professional advisers (e.g., legal, accounting, insurance), regulators and other authorities where required by law.
• WhatsApp LLC (where you request to communicate via WhatsApp).
• We require all third parties to respect the security of your personal data and to process it in accordance with the law. They may process your data in accordance with their own privacy notices.
• We may disclose your personal data in connection with a reorganisation, merger, or sale of our business or assets. If a change happens to our business, the new owner may use your personal data in the same way as set out in this policy.
6. International transfers
Some of our service providers (including Zoom, Stripe and WhatsApp) are based outside the UK or process data in multiple countries. Where we initiate transfer your personal data outside the UK, we ensure a similar degree of protection is afforded by using appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or transfers to countries with UK adequacy regulations.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those who have a business need to know and subject them to confidentiality obligations. We have procedures to deal with suspected personal data breaches and will notify you and any applicable regulator where legally required.
8. Data retention
We only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including to satisfy legal, regulatory, tax, accounting or reporting requirements. By law, we generally keep basic customer and transaction information for up to 6 years after your last interaction for tax and accounting purposes. If we create session recordings with your consent, we retain them no longer than necessary for the stated purpose and then delete them securely.
You will not have to pay a fee to access your personal data (or to exercise your other rights). We may charge a reasonable fee or refuse to comply only if a request is clearly unfounded, repetitive or excessive.
9. Your legal rights
Under data protection laws, you have rights including: access; correction; erasure (in certain cases); objection; restriction; portability; and withdrawal of consent where we rely on consent. If you wish to exercise any of these rights, please contact us (see paragraph 10).
10. Contact details
Email: info@chronicpainrecoverycentre.com
Postal address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Telephone: +44 (0)7525543100
11. Complaints
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection (www.ico.org.uk). We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.
12. Changes to the privacy policy and your duty to inform us of changes
We keep this privacy policy under regular review. This version was last updated on 11th August 2025. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
13. Third-party links
This website may include links to third‑party websites, plug‑ins and applications (including links to Zoom, Stripe or WhatsApp policies). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third‑party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.
