Last updated: 7th May 2019
Forward Health regard your privacy and the handling of your personal data with the utmost importance. This Privacy Notice details how we collect, use and securely store any personal data submitted to us through use of our site and the Forward Health Mobile Application.
There is also an explanation of the various rights you can exercise as a data subject, as well how you can exercise those rights.
The scope of this Privacy Notice applies to https://forwardhealth.co (our site)
2. Who we are (identity of the data controller)
For the purposes of this privacy notice, FORWARD CLINICAL LIMITED (“us”, “we”, or “our” ) is the data controller and operates the Forward mobile application ( the “Service”) and https://forwardhealth.co website.
Our registered office address is: 113 Shoreditch High Street, London, E16JN.
Our company number is: 10420044
Our ICO registration is: ZA237861
3. Legal basis for data processing
We process your user data on the legal basis of explicit consent.
We process your data on the legal basis of explicit consent.
Where a contract has been signed, we process your data on the legal basis of contract.
We process your data, your name, email that you enter and any additional personal data you send us on the legal basis of legitimate interest. On submission we give you the option to opt into further marketing, on the basis of explicit consent.
Patient data is considered to be a special category of data under the General Data Protection Regulation (EU) 2016/679 (GDPR) and is processed under section 6(1)(c) “necessary for compliance with a legal obligation to which the controller is subject” and 9(2)(h) “(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or member State law pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”
Giving your explicit consent for us to process your data does not affect your rights. Details of your rights and our data retention periods are further explained below in this Privacy Notice. It should be noted that for patient’s data Forward Health is the processor and not the controller. Any queries in relation to patient data should be addressed to the hospitals/trusts as they remain the controllers of patient data.
For all individuals, users and non-user contacts we rely on separate, explicit consent for direct marketing. You may withdraw your consent for further processing, fully or for specific purposes at any time by emailing email@example.com. It is important to note that this may affect the services we are able to offer you, and we may need to continue to process data relating to your request to withdraw consent.
4. Why do we need your Personal Data?
Providing Forward Health with your personal data is an obligation of using the Service. This is because your personal data is required to confirm your identify as a user, to maintain accurate clinical records for your patients or clients, and to identify you to other users who may need to contact you.
5. Data Protection Officer (DPO)
Forward Health has duly appointed Trilateral Research Limited as the Data Protection Officer (DPO). Should you need to contact the Forward Health’s DPO directly, you can do so:
The DPO’s registered office is:
Trilateral Research Ltd, One Knightsbridge Green (5th Floor), London SW1X 7QA , United Kingdom
6. Collection and processing of personal data
While using our service, we may ask you to provide us with certain personal data that can be used to contact or identify you. This includes:
- Full name
- Email address
- Mobile number
- Place of work
Whilst using the Service, personal data is generated relating to your clinical activities. This includes user ID/time/date stamps relating to messages or files sent, tasks created and edited, patient profiles created and edited, photos taken. These are obtained by taking any action within the app and form part of the audit trail generated by the Service.
We may also collect information from individuals, users and non-users, who contact us, via email, telephone or web submission. This will include name, email address and in some cases telephone number, and details related to your place of work.
We may use your personal data for providing the Service, including to:
- Maintain and improve the Service
- Contact individuals for the purposes of preventing or addressing service, security or technical issues
- To answer queries from users directly
- Maintain the service of the platform
With your explicit consent we may use your personal data for sharing, with users and non-user contacts, details of our services and products in the form of marketing.
7. Sharing of information
We do not share your information with anyone outside Forward Health without your express permission to do so.
Under no circumstances will your information be sold or passed on to third parties for the purposes of marketing, sales or other commercial uses without your prior express consent.
We may disclose information to third-parties where it is necessary, such as where there is an overriding legal obligation, where permitted under Data Protection Legislation or for the purposes of the prevention and/or detection of fraud or crime.
8. Security measures and storage of personal data
Where you communicate to us via our site, the nature of the Internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the internet. No data transmission over the internet can be guaranteed to be 100 % secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data.
Our site uses “cookie” technology to enhance your user experience. A cookie is a small piece of text stored by your browser on your computer, at the request of our server.
10. Log Data
When you access the Service by or through a mobile device (such as a smartphone or a tablet), we may collect certain data automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use and other statistics (“Log Data”).
11. Disclosure of your Personal Data to third parties
We disclose your Personal Data to various recipients to improve our Service, including.
- to third parties who we engage to provide services to us, such as outsourced service providers, IT service providers;
- to comply with any applicable law or regulation, a summons, search warrant, court regulatory order, or other statutory requirement.
12. How long we retain your Personal Data
We will not retain your Personal Data for longer than is necessary under the principle of data minimisation. User account details are stored for the duration of you maintaining an account. We store all clinically related data, including messages, tasks, patient details and time/date/user ID stamps for five years. It is important that as part of the Service we maintain accurate clinical records, for the purposes of any audit or legal enquiry.
13. Touch ID/Fingerprint recognition
Users may choose to use Fingerprint recognition/Touch ID as part of the Service. This data is not collected, stored or processed in any manner by Forward Health. We advise that users should review the privacy notice relating to their device and its operating system before setting up any fingerprint or facial recognition systems.
14. Data subject rights
Under the General Data Protection Regulation (GDPR), data subjects whose data is processed by Forward Health are entitled to exercise certain rights against their personal data. These rights are designed to put Data Subjects in the driving seat when it comes to how their personal data is handled by organisations.
- The right to be informed
Forward Health are obliged to ensure that any communications regarding our data processing activities between ourselves and any Data Subjects is provided is a clear and transparent manner. This is provided by this Privacy Notice.
- The right of access
You are entitled to request a copy of the all personal data currently held on you as well as the following information about your data:
- The purpose of processing;
- The categories of personal data concerned;
- The recipients to whom the personal data has been disclosed;
- The retention/envisioned retention period for that personal data;
- The source of the personal data if it has been collected from a third-party.
- The right to rectification
If you believe the personal data we hold on you is either inaccurate or incomplete, you may exercise this right to correct or complete this data. This right can be used with the right to restrict processing to ensure that any inaccurate or incomplete data is not processed until corrected.
- The right to erasure (right to be forgotten)
You may request erasure of any personal data we hold on you without undue delay where one of the following grounds apply:
- The personal data are no longer necessary in relation to the purposes they were collected or otherwise processed;
- The data subject withdraws consent and no other legal ground for processing exists;
- The data subject exercises the right to object and no overriding legitimate grounds for processing exist;
- The personal data has been unlawfully processed;
- The personal data has to be erased for compliance with an overriding legal obligation;
- The personal data have been collected in relation to the offer of information society services.
- The right to restrict processing
As an alternative to the right to erasure, you may ask us to cease processing your data, but not erase it entirely where one of the following grounds apply:
- The accuracy of the personal data is contested;
- Processing of the personal data is unlawful;
- Personal data is no longer needed for processing, but is still required as part of a legal process;
- The right to object has been successfully exercised and processing is temporarily halted pending a decision on the status of the processing.
- The right to data portability
You may request your personal data be transferred to another controller or processor in a commonly used, machine-readable format. This right can only be exercised when all of the following grounds apply:
- The processing was on the basis of consent
- The processing is by automated means
- The processing if for the fulfilment of a contractual obligation
- The right to object
You may exercise the right to object in instances where:
- Processing is based on either the performance of a public task or legitimate interest;
- Processing is for direct marketing purposes;
- Processing is for the purposes of scientific or historical research;
- Processing involves automated decision-making, including profiling.
15. How to exercise your rights
You may request to exercise any of the above rights, free of charge by contacting firstname.lastname@example.org
Any data subject request will be responded to within one month, however we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious or excessive manner. We will inform you if an administrative charge is being applied before fulfilling your request, so you can decide whether or not to proceed. Typically, in order to further one of the following requests, we will ask for you to provide a form of identification for verification purposes.
16. Questions and Complaints
Should you wish to discuss a complaint, please contact the DPO at the above email address, who will be happy to assist you. Alternatively, if you are unsatisfied with the DPO’s response to your concern, Under Article 77 of the GDPR you have the right to lodge a complaint directly with the Information Commissioner’s Office. Under Article 80, you may authorise certain third parties to make a complaint on your behalf (such as legal representation).
17. Changes to this privacy notice
We reserve the right to make changes to this Privacy Notice at any time without prior consultation. Any changes to this Privacy Notice will be posted on our site so that you are always aware of what Personal Data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use Personal Data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail.