Healthcare Professional Privacy Notice
Introduction
Your information is very important to us and we will look after it in line with privacy and data protection laws, including the General Data Protection Regulation and any applicable UK legislation.
This healthcare professional privacy notice is for any individual engaged by us to provide services as a healthcare professional and whose personal data we process, including surgeons, physicians, anaesthetists, theatre practitioners, nurses, healthcare support workers and radiographers.
In this healthcare professional privacy notice, we explain what information we collect about you and why, how we use it, who we share it with and your legal rights as a data subject.
Who are we?
We are Fortify Clinic Limited (company number 12160393) with registered office address First Floor, 49 Peter Street, Manchester, M2 3NG and referred to throughout this healthcare professional privacy notice as “we”, “us”, “our”.
We are known as the “data controller” and you can contact us at directors@fortifyclinic.com for more details about how we use your information, including your rights as a data subject.
We are registered with the Information Commissioner’s Office (“ICO”) as a data controller (registration number ZA849667). For more information, please visit the ICO’s website www.ico.org.uk.
Where your information is processed by other companies associated with us for their own independent purposes, these associated companies may also be controllers of your information.
Where did we obtain this information and what information are we collecting and why?
Personal information means any information relating to an identifiable individual. We may collect and process various types of personal information about you, as detailed below, for the purposes set out in this healthcare professional privacy notice.
We have personal information about you which you have supplied to us directly in person, or by post, email, telephone or instant messaging service. This may include, as applicable, your name and contact details, details of your qualifications, professional registrations and experience, details of your insurer and medical defence organisation, appraisal record, DBS check and payment details.
To the extent you provide such information to us, and as permitted by applicable laws, we may also collect and process some information about you that may be sensitive in nature.
This includes information relating to your physical and mental health (which may include your Covid-19 vaccination status), racial or ethnic origin and religious beliefs and any disciplinary actions or criminal convictions. If you are carrying out exposure prone procedures, we may ask for evidence of hepatitis C, hepatitis B and HIV status. We refer to this as “sensitive information” in this healthcare professional privacy notice.
What are the purposes for which your information is used?
We use your personal information for a number of different purposes:
- To assess your skills, qualifications and suitability to provide your services to us as a healthcare professional;
- To confirm your fitness to work and any reasonable adjustments that may be needed to enable you to provide your services to us;
- To ensure appropriate safeguards are taken to assure patient safety;
- To contact you in relation to your engagement;
- For the purposes of preparing your contract for services with us and making payments;
- For our business records, monitoring outcomes and responding to complaints.
Each time we process your personal information for the purposes described above, we must have a legal justification to do so. Where we are processing sensitive information, we must have a specific additional legal justification in order to do so.
Generally, we will rely on the following legal justifications:
- You have provided your consent to our use of your personal information;
- We have an appropriate business need to process your personal information. We will rely on this for activities such as processing payments, quality assurance, maintaining our business records, monitoring outcomes and responding to any complaints;
- The processing is necessary for the provision of healthcare and related services;
- To protect your vital interests or those of another person where you are physically or legally incapable of giving consent (for example, in an exceptional medical emergency);
- We have a legal or regulatory obligation to use such personal information; or
- We will need to use such personal information to establish, exercise or defend our legal rights.
Who has access to your information?
Your personal information will only be shared with third parties where necessary.
We may share your name, qualifications and professional contact details with patients, where necessary.
We may share information about you with other healthcare professionals and administrative assistants involved in the provision of the services. Where these third parties act as a “data processor”, they carry out their tasks on our behalf and upon our instructions for the above mentioned purposes. In this case, your personal information will only be disclosed to those parties to the extent necessary to provide the required services.
We may share information about you with NHS commissioners involved in the provision of the services.
We may share information about you with external organisations such as our lawyers, auditors, insurers, financial and tax advisors, with third party suppliers which provide us with document scanning, storage facilities, information technology systems, and clinical and non-clinical software applications.
We may share information with our regulators, including the Care Quality Commission. We may also need to share your information where we are legally obliged to do so, for example by a court order.
Where is your information transferred?
Your personal information is mainly processed within the European Economic Area (“EEA”). Where it is necessary for your healthcare to make a transfer of your personal information outside of the EEA, we will take the required steps to make sure that it is protected and that its transfer is in compliance with applicable data protection laws.
How long do we keep your information?
We will only keep your personal information for as long as reasonably required to fulfil the relevant purposes set out in this healthcare professional privacy notice and in order to comply with our legal and regulatory obligations.
Your rights
In law, you are a “data subject” and have certain rights in relation to the personal information we hold about you. These rights and how to use them are explained below.
If you have any questions, or need more information or guidance, please contact If you have any queries relating to our use of your personal information, please email directors@fortifyclinic.com.
Access to your information
You can request access to the information we hold about you and details about:
- Why we are processing it;
- Who we are sharing it with and if any information is transferred to a country not deemed to have adequate protections in place for personal data;
- How long we will be keeping your information;
- The source of the information if not collected from you directly;
- If we are using your information for automated decision making or profiling.
Rectifying inaccuracies
If you feel the information we hold on you is inaccurate, you can ask us to correct or update it.
Right to be forgotten
You can request that we erase your information, although that might not always be possible if we have a legal obligation or legitimate interest to keep the information. We will explain the consequences of erasing your information.
Restrict the processing
If you feel we are processing your information unlawfully or with inaccurate data, you can ask us to restrict processing. Where personal information is subjected to restriction in this way, we will only process it with your consent, or for the establishment, exercise or defence of legal claims.
Object to the processing
If you disagree with any legitimate interest or public interest we have relied on to process your information, you can object to the processing. We will then stop processing the information unless we can demonstrate a compelling legitimate ground that overrides your rights, or the processing is required to establish, exercise or defend a legal claim.
Data portability
In some circumstances, you have the right to receive personal information you have provided to us in a structured, commonly used and machine-readable format, or (if technically feasible) to require us to transmit it to another controller
Make a complaint
We are committed to safeguarding your personal information and upholding your rights, but if you feel we have not done that, please contact us at directors@fortifyclinic.com. Additionally, you have the right to complain to the relevant supervisory authority, which in the UK is the ICO.
Updates to this healthcare professional privacy notice
We may update this healthcare professional privacy notice from time to time and will publish any changes on our website at fortifyclinic.com.
This healthcare professional privacy notice was last updated in March 2022.