Privacy notice
Important: This is a generic template document. It requires tailoring specifically for your organisation before being published. We recommend that professional advice should be seek before applying it.
Introduction
Fortis Health is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our customers that communicate (online or offline) with us, over the phone, through our website and social media platforms.
We have therefore developed this privacy notice to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.
This website is not intended for children and we do not knowingly collect data relating to children.
Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018 which incorporates the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the General Data Protection Regulation which is the governing legislation that regulates data protection across the EEA. This includes any replacement legislation coming into effect from time to time.
We have appointed a Data Protection Lead (DPL) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact them by using the details set out below.
Full name of legal entity: Fortis Health
Email address: enquires@fortishealth.co.uk
Postal address: 16a Aldeburgh Road, Leiston, Suffolk, IP164ED
Telephone number: 07516867499
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
The information we collect and when
We only collect information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of information that we will collect on you, and you voluntarily provide to us on this website, over the phone, via forms, service delivery or face to face includes:
- Your name
- Date of birth
- Gender
- Address
- Telephone number(s)
- Email address
- Survey responses
- IP address
- Cookies
- Medical information/history
We may, in further dealings with you, extend this information to include your address, purchases, services used, and subscriptions, records of conversations and agreements and payment transactions etc.
- You are under no statutory or contractual requirement or obligation to provide us with your personal information; however we require at least the information above in order for us to deal with you as a customer or service user in an efficient and effective manner.
- The legal basis for processing your data is based on your consent given to store personal information provided. We will have requested consent at the point the information was initially provided, therefore we will not store, process or transfer your data outside the parties detailed above unless we have an appropriate lawful reason to do so.
- Marketing and Communications Data includes your preferences in receiving marketing from us including newsletters and email communications.
- We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Medical Information
Medical data is collected to ensure that care can be provided safely and effectively. This data is stored in accordance with Health care professions council (HCPC) standards and GDPR policy. Data will be shared with other members of the team where relevant and appropriate, following given consent. Patients have the right to request any information about them.
HCPC standards:
5.1 You must treat information about service users as confidential
Names of clients will only be shared with fellow members of the team if consent is given for the client. If onward referral is required to treat client’s consent will be asked prior to the sharing of information.
5.2 you must only disclose confidential information if
-you have permission
-the law allows this
-it is in the client’s best interest
-it is in the public interest, such as if it is necessary to protect public safety or prevent harm to other people
All information provided is confidential and any patient much consent to sharing of information with colleagues prior to sharing. Reasoning for sharing such information will be discussed with the patient at that time.
10.3 You must keep records secure by protecting them from loss, damage or inappropriate access
Records will be stored on a password protected system called ‘Vagaro’ where only team members will have access to client information.
COOKIES
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. Except for essential cookies, all cookies will expire after 6 months.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How we use your information
- To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;
- Fulfilling our contract to provide you with the agreed service;
- Make available our products and services to you;
- Take payment from you or give you a refund;
- Personalise your shopping experience, for example we may provide you with details of products that match a product, which you may have purchased or enquired about previously;
- For statistical analysis and to get feedback from you about our products, website and other services and activities. For example, occasionally we may invite you to review a product or service you’ve bought or used from us.
- To power our security measures and services so you can safely access our website
- Help us understand more about you as a customer, the products and services you consume, so we can serve you better;
- Contact you about products and services from us;
- Provide you with online advertising and promotions; and
- Help answer your questions and solve any issues you have.
- In communication with the rest of our team to ensure your care is managed effectively
Who we might share your information with
We may share your personal data with other organisations in the following circumstances:
- If the law or a public authority says we must share the personal data;
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or
- From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.
International Transfers
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
How we keep you updated on our products and services
We will send you relevant offers and news about our products and services in a number of ways including by email, but only if you have previously consented to receive these marketing communications or we have a legitimate interest to do so and completed a legitimate interest assessment (LIA).
When you register with us, we will ask if you would like to receive marketing communications, and you can change your marketing choices online, over the phone or in writing at any time.
If you wish to amend your marketing preferences, you can do so by unsubscribing at the bottom of the email or by contacting us on the details outlined below.
Your rights over your information
Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 30 days from when your identity has been confirmed.
We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If you would like to exercise this right, please contact us as set out below.
Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
If you would like to exercise this right, please contact us as set out below.
Right to Object, Erasure or Limit Our Processing of Your Data
You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
For more information about your privacy rights
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here https://ico.org.uk/for-the-public.
How long we keep your information for
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Unless otherwise required by law, your data will be stored for a period of [X years] after our last contact with you/some other identifiable action or period, at which point it will be deleted. Details of retention periods for different aspects of your personal data are available upon request by contacting us as outlined below.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
3rd party links and sharing your thoughts
When using our website, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Security
Data security is of great importance to us and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
How to contact us
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this notice, the way your personal information is processed, please contact us by one of the following means:
By email: enquires@fortishealth.co.uk
By post: Fortis Health, 16A Aldeburgh Road, Leiston, Suffolk, IP164ED
Thank you for taking the time to read our Privacy Notice.
Fortis Health
This Notice was last updated on 18/03/2022