Fortius Clinic is a private limited company, providing musculoskeletal and orthopaedic healthcare services, which includes outpatient consulting and treatments, surgical services and diagnostic imaging services. We also provide practice management services (appointments, medical records management, clinical outcomes collection, secretarial services and billing) for Fortius clinicians seeing patients at other locations. Clinicians make decisions about information they require about you, and may maintain their own set of medical records in relation to the treatment that they provide. They are a Data Controller in respect of the personal information that they hold within those records, meaning that they must comply with the data protection legislation and relevant guidance when handling your personal information. To the extent relevant to their practice, you can expect clinicians (including their medical secretaries) to handle your information in line with this Privacy Notice. This includes using your personal information as set out in more detail below.
Registered office: Our registered office is 17 Fitzhardinge Street, London, W1H 6EQ
In order for Fortius and your clinician to provide your care and treatment we will collect certain types of personal and sensitive data about you.
The personal data we collect includes
We also collect and hold data that is known as a special category of personal data which includes:
The information, which is part of your medical record may be provided by either yourself, your GP, your referring clinician as well as by your consultant and any other health professionals involved in your care. Further information may also be provided by your insurer or others funding your treatment.
We also collect information directly from you when you visit our website and patient portals, including from our SCORES clinical outcome system.
We will never market our services or pass on your information to a third party without your consent except in the circumstances in a section below.
You are not obliged to share any information with us but limiting the information you do disclose may mean we are unable to offer a full range of services and therefore it may affect the service we can offer.
We will seek explicit consent to collect and process your data where is it required under data protection law. You may withdraw your consent at any time by contacting the Fortius Data Protection Officer
Under certain circumstances your data will be shared with others but we will only share such information as is appropriate and in the following situations
We will only keep your personal data for as long as is necessary to comply with the purposes outlined in this privacy notice and to comply with legal and regulatory requirements. The retention periods are in line with the Information Governance Alliance Records Management Code of Practice for Health and Social Care 2016.
Priority One IT is the official IT service provider for Fortius Clinic. Priority One IT has implemented a number of technical controls on behalf of Fortius Clinic to ensure that the confidentiality, the integrity and the availability of the data that is being processed are preserved at all times.
Backups are performed on a daily basis in order to keep it readily available in the event of a natural disaster or a technical issue. This measure is also critical for proper business continuity and to ensure an exemplary level of customer service.
Encryption controls have been implemented for data that is in transit. This ensures that the data being transmitted over email is kept secure and that it is only accessible by the intended recipient(s).
All machines are built to a standard following a strict process and pre-defined requirements. This ensures that the machine is secure with the appropriate user level and approved tools from the beginning of its lifecycle. In addition to that, all machines are password protected to restrict access to authorised personnel only.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
If you exercise any of your rights in a situation where a third party is involved we will forward your request to them.
Should you have any queries or wish to exercise any rights set out in this notice you can contact the Fortius Clinic Data Protection Officer at the address below. If you make a data request you will be required to provide identification and Fortius will accept the following forms of ID: Passport, driving licence, utility bill from the last three months or another form of photo ID.
You can complain to the Information Commissioner’s Office (ICO) if you are unhappy with the way we have dealt with a request from you to exercise any of your rights or if you think we have not complied with our legal obligations. Whilst you do not have to do so, we would appreciate you making the Data Protection Officer aware of the issue and giving us an opportunity to respond and to address it before contacting the ICO. Making a complaint will not affect any other legal rights or remedies that you have. More information can be found on the ICO website: https://ico.org.uk https://ico.org.uk/ and the Information Commissioner's Office can be contacted by post, phone, fax or email as follows:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745 9 (if you prefer to use a national rate number)
Fax: 01625 524 510
Email: casework@ico.org.uk
In the event that you wish to make a complaint about how your personal data is being processed by Fortius Clinic please contact the Data Protection officer at Fortius Clinic. You also have the right to complain directly to the Information Commissioner’s Office.
The details for each of these contacts are:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Email: Casework@ico.org.uk
Telephone: 0303 123 1113 (local rate)
01625 545 7459 (national rate)
Data Protection Officer
Fortius Clinic
17 Fitzhardinge Street
London
W1H 6EQ
Email: datasecurity@fortiusclinic.com
We will also collect and use some personal data when you visit our website or use our other digital services, such as our patient portal.
In addition to the information already mentioned we collect the following information through the website:
We use this in the following ways:
Any personal information held by Fortius is held on secure servers and encrypted. However, the transmission of information via the internet is not completely secure. During transmission of data, whether by forms or email, we cannot guarantee the security of your data and doing so is at your own risk.
Cookies are small data files that can identify you when you visit a website. Cookies remember your settings during and between visits to our site and also improve the speed and security of the website.
We use cookies on our website to improve the visitor’s experience, ensuring our website is responsive, fast and shows the information that you need. It enables us to improve the website and our marketing.
We do not use cookies to collect any personally identifiable information about you, and do not pass personally identifiable data to third parties. You can disable cookies in your browser settings. If your browser settings are set to accept cookies we take this as agreement.
Code set cookies
XSRF-TOKEN
Expires: 2 hours
A security token held to avoid cross-domain form submission spamming
fortius_session
Expires: 2 hours
This is set by the server for to determine the user’s current session identity.
GA Cookies
Further information regarding the cookies used by Google Analytics can be found at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
_ga
Expires: 2 years
Used to distinguish visitors to site
_gid
Expires: 1 day
Used to distinguish visitors to site
_gat_gtag_{TRACKING ID}
Expires: 1 minute
Used to help identify the visitors by either age, gender, or interests by DoubleClick - Google Tag Manager.
Infinity Cloud
Expires 10 years unless deleted from browser history / cookies
Shares a unique telephone number to the website visitor and allows analysis of website usage.
When you complete an online enquiry form, this information is shared only with Fortius Clinic. We do not share your information with any third parties, unless you have given us permission to do so.
When you send an email or complete a referral form, Fortius will not share your email address with anyone outside the clinic, with the exception of those directly involved with providing the services about which you are enquiring. If you sign up for one of our emailing lists, and opt in to receive communication from us, we will only send you information in the format you have requested.
Although every reasonable effort is made to ensure that files are free of defects and viruses, no warranty or guarantee is given by Fortius Clinic regarding files downloaded or accessed.
If you have any comments, queries or feedback about this privacy notice please email datasecurity@fortiusclinic.com
This section of our Privacy Notice sets out important details about information that Fortius Clinic may collect and hold about you as a Job Applicant, how that information may be used and your legal rights. Applicants should take time to read this Privacy Notice carefully and contact us if you have any questions about its content.
We have information about you which you have supplied to us as part of the recruitment process, either through uploading of information to our website, by sending information to us by post or by email, or by providing this information to us over the telephone. We will also hold information about you and your suitability for the role which you have provided to us during an interview. On occasion, we may have been provided this information via a recruitment agency.
The information we hold includes:
In order for us to process your application, we ask that you provide as much information to us as you can. You are of course free not to disclose information to us and you should only provide it where you feel comfortable in so doing. Please bear in mind, however, that if you are only willing to share limited information, we may not be able to take forward your application.
It is necessary for us to use information about you as described above in order to pursue our legitimate interest of considering whether or not you are suitable to be appointed to the role for which you have applied.
We may use more sensitive information to indicate if any reasonable adjustments need to be made so you can attend an interview, to confirm your fitness to work and to judge whether any reasonable adjustments may need to be made to enable you to carry out the role.
Where the role for which you are applying entitles or requires us to do so, we carry out a disclosure and barring service (DBS) check. The level of check will depend on the particular role and we have in place appropriate safeguards, which we are required by law to maintain when processing such information.
We may also use information about you to:
• ensure meaningful equal opportunities monitoring and reporting
• contact you in relation to your application
• maintain our business records, improve our recruitment processes and monitor outcomes
• where there is a legal or regulatory obligation on us to do so. In particular cases, it may be necessary for us to use more sensitive information about you in order for us to establish, exercise or defend our legal rights
• where you have provided your consent to us doing so
We do not carry out automated decision making or profiling. Please see more detailed information in the sections below.
In some instances we will need to share information about you:
Information about you is held securely in the United Kingdom in electronic format, and on our secure servers or those of our third party information technology provider. Where required for the reasons given above, we may transfer information about you to a referee, previous employer, educational establishment or professional body based overseas. We will take all reasonable steps necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
We retain your application records in our recruitment system for one year, after which information for successful candidates is transferred to our employment records and other records are securely destroyed. These timeframes are to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including to support our legitimate interests, and to meet legal requirements. They may be extended in the event of a complaint, legal proceedings or where we are required to do so by a regulatory body.
If you ask us to retain your information in case of a future suitable vacancy, we will do so for a further period of one year.
The law provides you and other candidates with certain rights in relation to the information about you that we hold, please refer to the rights section in the Privacy notice for patients above. You may exercise these at any time by contacting our Data Protection Officer (contact details below) or as otherwise noted below.
There will not usually be a charge for handling a request to exercise your rights and if we cannot comply with your request, we will usually tell you why. If you make a large number of requests or it is clear it is not reasonable for us to comply with a request, then we do not need to respond and we may charge for doing so.
For further questions or to exercise any rights set out in this Privacy Notice, please contact Fortius Clinic’s Data Protection Officer:
Data Protection Officer
Fortius Clinic
17 Fitzhardinge Street
London
W1H 6EQ
Email: datasecurity@fortiusclinic.com