Fortify Clinic

Healthcare Professional Privacy Notice

Introduction

Your information is very important to us and we will look after it in accordance with all applicable privacy and data protection laws and legislation, including the UK GDPR and the Data Protection Act 2018.

This healthcare professional privacy notice is for any individual engaged by us to provide services as a healthcare professional and whose personal data we process, including surgeons, physicians, anaesthetists, theatre practitioners, nurses, healthcare support workers and radiographers.

In this healthcare professional privacy notice, we explain what information we collect about you and why, how we use it, who we share it with and your legal rights as a data subject.

Who are we?

We are Fortify Clinic Limited (company number 12160393) with registered office address c/o Echo Tax, Spaces Manchester Peter House, Oxford Street, Manchester, M1 5AN and referred to throughout this healthcare professional privacy notice as "we", "us", "our".

We are known as the "data controller" and you can contact us at info@fortifyclinic.com for more details about how we use your information, including your rights as a data subject.

We are registered with the Information Commissioner's Office ("ICO") as a data controller (registration number ZA849667). For more information, please visit the ICO's website www.ico.org.uk.

Where your information is processed by other companies associated with us for their own independent purposes, these associated companies may also be controllers of your information.

Where did we obtain this information and what information are we collecting and why?

Personal information means any information relating to an identifiable individual. We may collect and process various types of personal information about you, as detailed below, for the purposes set out in this healthcare professional privacy notice.

We have personal information about you which you have supplied to us directly in person, or by post, email, telephone or instant messaging service.

We also collect personal information from other people and organisations such as:

  • Credit-reference agencies, fraud-detection agencies, criminal-history reference agencies, if we need to carry out relevant checks (we will tell you at the time if we collect information from you to carry out these checks);
  • Government departments (for example, the tax office or social security office);
  • Your agents (for example, legal representative, professional indemnity insurers);
  • Any service providers who work with us in relation to your engagement with us;
  • Doctors, other clinicians and health-care professionals, hospitals and clinics;
  • Your colleagues (for example, the other health professionals or employees you work with or those you report to);
  • The NHS or patients you provide treatment to or who you interact or work with;
  • Our agents (for example, our legal representatives if we are involved in legal proceedings relating to you);
  • Our regulators to make sure we are meeting the obligations we have by law;
  • Health regulators and registers that are relevant to your profession;
  • Sources which are available to the public, such as LinkedIn (to get an overview of your professional history and qualifications);
  • Websites of regulatory bodies to confirm your registration, whether you have any conditions of practise listed, and details of any hearings.

Types of personal information we collect

This may include, as applicable:

  • Standard personal information such as contact details (for example, name, username, address, email address and phone numbers), identity data (such as date of birth, national identifiers such as National Insurance number), financial details (for example, bank account), vetting and regulatory information (including your registration with any applicable regulatory authority), details of your qualifications, professional registrations and experience, details of your insurer and medical defence organisation, performance and appraisal records.
  • Special category information that is of a sensitive nature, for example information relating to your physical and mental health (which may include your Covid-19 vaccination status), racial or ethnic origin and religious beliefs. If you are carrying out exposure prone procedures, we may ask for evidence of hepatitis C, hepatitis B and HIV status.
  • Criminal offence information about you, for example, relating to criminal convictions and offences, the results of background checks such as the Disclosure and Barring Service and any disciplinary actions or investigations.

What are the purposes for which your information is used?

We use your personal information for a number of different purposes:

  • To assess your skills, qualifications and suitability to provide your services to us as a healthcare professional;
  • To confirm your fitness to work and any reasonable adjustments that may be needed to enable you to provide your services to us;
  • To ensure appropriate safeguards are taken to assure patient safety and a safe working environment;
  • To manage our relationship with you, our business, customers and service providers and to contact you in relation to your engagement;
  • To exercise our rights, take legal action or defend ourselves from claims and to comply with laws and regulations that apply to us and the people and organisations we work with;
  • For the purposes of preparing your contract for services with us and making payments;
  • For our business records, monitoring outcomes and responding to complaints;
  • For the purposes of taking part in a reorganisation of our business and/or any sale, merger or outsourcing of all or part of our business.

Legal grounds

Each time we process your personal information for the purposes described above, we must have a legal ground to do so. These grounds are set out below.

Standard personal information

We process standard personal information about you if:

  • It is necessary to comply with the obligations set out in a contract with you or to take steps which you have asked us to take before entering into a contract – if we have a contract with you, we will process your personal information to fulfil that contract (for example, to pay you for your service or services);
  • It is in our own or a third party's legitimate interests (see below for more details); or
  • We are required to or are allowed to do so by law.

Where we are processing special category or criminal offence information, we must have a specific additional legal justification to do so.

Special category information

We process special category information about you if:

  • It is necessary in the vital interests of you or another person (for example, if you need medical attention at work and are unable to communicate or give your consent);
  • You have obviously made that personal information public (for example, you publicly share sensitive personal information on the internet);
  • It is in the substantial public interest, in line with local laws;
  • It is necessary to establish, make or defend legal claims;
  • It is necessary for the purposes of occupational medicine, including to assess whether you are able to work; and
  • We have your explicit consent (in limited circumstances).

Criminal offences information

When you work with us, we make sure you are fit and proper to fulfil your role. By doing this we are protecting patients and other healthcare professionals with whom you work.

We will only use information relating to criminal convictions where the law allows us to do so.

We will carry out a Disclosure and Barring Service (DBS) check on our healthcare professionals at a level that is appropriate to you and in line with the services you provide under your terms of engagement with us.

We consider that such checks are necessary for healthcare purposes and to prevent an unlawful act (for reasons of substantial public interest).

Our legitimate interests

We process your personal information for a number of legitimate interests. Taking into account your interests, rights and freedoms, the types of legitimate interest which allow us to process your personal information include:

  • To procure your services and to build the capability of health professionals to provide healthcare and related services;
  • Processing payments, quality assurance, maintaining our business records, monitoring outcomes and responding to any complaints;
  • To make sure that health services provided to patients are carried out to the requisite standards;
  • To maintain the health, safety and welfare of workers, health professionals and patients;
  • To manage our relationship with you, our business and people and organisations who provide services on our behalf;
  • For statistical research and analysis;
  • To protect our (or our customers' or other people's) rights, property or safety;
  • To tell other organisations you work for if we have serious concerns about patient safety or if you have not met the relevant clinical standards during your engagement with us;
  • To monitor how well we are meeting our clinical and non-clinical performance expectations;
  • To exercise our rights, to respond to complaints, to take legal action or defend ourselves from claims and to keep to laws and regulations that apply to us and the people and organisations we work with; and
  • To take part in, or be the subject of, any sale, merger, outsourcing or disposal of all or parts of the business or for us to take over another business.

Who has access to your information?

Your personal information will only be shared with third parties where necessary.

We may share your name, qualifications and professional contact details with patients, where necessary.

We may share information about you with other healthcare professionals and administrative assistants involved in the provision of the services. Where these third parties act as a "data processor", they carry out their tasks on our behalf and upon our instructions for the above-mentioned purposes. In this case, your personal information will only be disclosed to those parties to the extent necessary to provide the required services.

We may share information about you with the NHS and NHS commissioners involved in the provision of the services.

We may share your personal information with people or organisations we have to, or are allowed to, share your personal information with by law (for example, for safeguarding purposes).

We may share information about you with external organisations such as our lawyers, auditors, insurers, financial and tax advisors, debt-collection agencies, credit-reference agencies, fraud-detection agencies, with third party suppliers which provide us with document scanning, storage facilities, information technology systems, clinical and non-clinical software applications and other services we use to operate our business.

We may share information with government authorities, agencies and other regulators, including the Care Quality Commission. We may also need to share your information where we are legally obliged to do so, for example by a court order.

If we sell or buy any business or assets, we may share information with a potential buyer or seller of our business or those assets and a third party who acquires any or all of our assets.

If we share your personal information, we will make sure appropriate protection is in place in line with applicable data protection laws.

Where is your information transferred?

Your personal information is mainly processed within the European Economic Area ("EEA"). Where it is necessary for your healthcare to make a transfer of your personal information outside of the EEA, we will take the required steps to make sure that it is protected and that its transfer is in compliance with applicable data protection laws.

How long do we keep your information?

We will only keep your personal information for as long as reasonably required to fulfil the relevant purposes set out in this healthcare professional privacy notice and in order to comply with our legal and regulatory obligations.

Your rights

In law, you are a "data subject" and have certain rights in relation to the personal information we hold about you. These rights and how to use them are explained below.

If you have any questions, or need more information or guidance, please contact If you have any queries relating to our use of your personal information, please email info@fortifyclinic.com.

Access to your information

You can request access to the information we hold about you and details about:

  • Why we are processing it;
  • Who we are sharing it with and if any information is transferred to a country not deemed to have adequate protections in place for personal data;
  • How long we will be keeping your information;
  • The source of the information if not collected from you directly;
  • If we are using your information for automated decision making or profiling.

Rectifying inaccuracies

If you feel the information we hold on you is inaccurate, you can ask us to correct or update it.

Right to be forgotten

You can request that we erase your information, although that might not always be possible if we have a legal obligation or legitimate interest to keep the information. We will explain the consequences of erasing your information.

Restrict the processing

If you feel we are processing your information unlawfully or with inaccurate data, you can ask us to restrict processing. Where personal information is subjected to restriction in this way, we will only process it with your consent, or for the establishment, exercise or defence of legal claims.

Object to the processing

If you disagree with any legitimate interest or public interest we have relied on to process your information, you can object to the processing. We will then stop processing the information unless we can demonstrate a compelling legitimate ground that overrides your rights, or the processing is required to establish, exercise or defend a legal claim.

Data portability

In some circumstances, you have the right to receive personal information you have provided to us in a structured, commonly used and machine-readable format, or (if technically feasible) to require us to transmit it to another controller.

Make a complaint

We are committed to safeguarding your personal information and upholding your rights, but if you feel we have not done that, please contact us at info@fortifyclinic.com. Additionally, you have the right to complain to the relevant supervisory authority, which in the UK is the ICO.

Updates to this healthcare professional privacy notice

We may update this healthcare professional privacy notice from time to time and will publish any changes on our website at fortifyclinic.com.

This healthcare professional privacy notice was last updated in December 2024.