At Form Health we take data protection seriously and are committed to safeguarding all data in our possession and ensuring the privacy of our customers. We will only use information provided to us for specified and lawful purposes as provided under the General Data Protection Regulation and will handle this information both respectfully and responsibility.
We (Form Health) are an independent absence management solutions provider. We provide specialist assessment, case management, therapy treatment, diagnostic and training services using a mixture of in-house personnel, self-employed contractors and third-party partnership organisation to ensure that you are being supported by the leading specialists in their field.
The following outlines what data Form Health may collect, hold and process including the source of this information and the purpose.
Information from our website when accessing this area.
This information is collected via Cookies and includes details regarding your IP address. This is to monitor usage of our website and help enable website security by providing details to law enforcement agencies if required. Cookies themselves cannot be used to identify you. You may at any time prevent the creation of Cookies through our website by amending your internet browser settings relating to this or similarly using your settings to delete already set Cookies. If the creation of Cookies is deactivated, you will still be able to use all functions of our website.
Data will only be held and processed where it is necessary to support the legitimate interest of our business except where such action will be overridden by your interests or fundamental rights and freedoms which require protections of personal data.
Contact details when provided via our ‘Contact Us’ section of the website
When you enter and submit information via this method, we utilise this information in order for us to respond to your communication request. Your details are held temporary until this process is complete and then destroyed in their entirety unless agreed otherwise with yourself for the purpose of continuing communication.
Data will only be held and processed where it is necessary to support the legitimate interest of our business except where such action will be overridden by your interests or fundamental rights and freedoms which require protections of personal data.
Referral information
When Form Health receive a referral for provision of services we request that this be submitted in writing. Referral information typically includes but is not limited to name, address, phone number, occupational/employment and medical information. This information enables Form Health to ensure that the service provided is both safe and appropriate for the situation, source a suitable practitioner and enable delivery of the service.
The referring company is the data controller in this situation and hence will be responsible for gaining appropriate consent in order for services to be provided either directly by Form Health, by a subcontractor to Form Health or via a combination of both.
As part of service provision, Form Health may then collect data from additional sources including but not limited to professional practitioners providing the service, an employer and/or treating practitioners.
Data created by Form Health may include but not be limited to assessment findings, communication and observation notes, written reports and electronic communications.
Data collected or created as part of our service provision will be held for the duration of service provision and for 7 years thereafter (unless alternative retention dates are specified by the data controller or unless required to do so by law). Following this, information related to referral source, service requested and geographical location will be pseudonymised (i.e. amended to be unidentifiable) for the purposes for Management Information/analytics. On occasion reports may be completely anonymised for training purposes. All other data will be securely destroyed in accordance with GDPR requirements.
Data will only be held and processed where it is necessary to support the contractual agreement with the referring party (data controller) and within the scope that processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services. The except to this is where holding and/or processing data will be overridden by your interests or fundamental rights and freedoms which require protections of personal data.
Applications for job/career opportunities
When you have provided details for the purpose of consideration of working for/on behalf of Form Health, this data will be held under the basis of legitimate interests whilst discussions progress. Data may include but is not limited to contact details, social and professional profiles, education and work experience. Should additional personal and/or personal sensitive data be sought for the purpose of vetting (such as criminal offence disclosure), explicit consent will be sought prior to activity, for which you have the opportunity to opt in or decline (the latter of which may result in an application being unable to be progressed).
Should discussion lead into agreement of a working arrangement, data will be maintained, the management of which will be outlined within a mutually agreed contract.
Should discussions not lead into agreement of a working arrangement, Form Health will retain the data for 6 months unless requested otherwise, at which stage all data with exception of your name and location will be securely destroyed, this data being for future application cross-reference purposes.
Data will only be held and processed where it is necessary to support the legitimate interest of our business except where such action will be overridden by your interests or fundamental rights and freedoms which require protections of personal data.
Form Health work on a paperless basis. Where data is captured or provided in hard-copy format, the data is converted to soft-copy format at the earliest opportunity and the original hard-copy format securely destroyed. All data stored by Form Health is done so within an encrypted cloud area and all Form Health equipment utilised
to access this area is secured using anti-virus and firewall software. Access to stored information is granted on a need to know basis by Form Health personnel.
Any data transmitted by Form Health by email is sent via encrypted emails and any attachments containing personal data are password protected. Any data sent by Form Health containing personal data will be sent via secure mail requiring a signature for access.
Form Health does not transfer data/information outside of the European Economic Area except in specific circumstances where we receive instruction from a client to do so and will ensure the data subject is aware of such transfer.
Referral information
Where instruction has been received by Form Health to provide services that are delivered by a third party to Form Health, we will contact you to advise you of our intention to share information with that party for the purpose of enabling service provision (including explicit details regarding the name of that party).
Where we are providing multiple services to you, the personnel involved in your service provision will share relevant information with each other in order to enable a harmonised service for you.
Information may be shared with your treating practitioner where is may be deemed useful or critical to your ongoing medical investigations or care.
Information from interactions including reports produced by personnel providing services to you will be shared with the referring party.
Applications for job/career opportunities
Personal information may be shared with organisations utilised to vet qualifications, professional accreditations, prior work experience and/or criminal offence screening where permission has been granted by you for Form Health to conduct such activities (necessary as part of our employment screening practices).
Form Health will take reasonable steps to create an accurate record of any personal data submitted to us and created by us. Should any factual data held be noted to be incorrect, and Form Health are notified of this, we will take appropriate steps to rectify this information within one month.
You have the right to access all information held about you and/or to request partial or total erasure of your data in accordance with the General Data Protection Regulations. Where Form Health are holding data related to provision of professional services, this data may be requested by the referring party (data controller).
Alternatively, or where data is held for purposes other than provision of professional you can make a request in writing to backtoform@formhealth.com or via the postal address below for access to your data. We may require valid forms of identification in order to process your request. Please note it can take up to one month for this data to be provided.
Form Health,
Highstone House,
165 High Street,
Barnet,
EN5 5SU
As outlined above, Form Health takes management of your personal data seriously and takes all reasonable steps to appropriately secure your data. In the event that a data security breach occurs, you will be notified at the earliest opportunity (either directly or via a referring party where applicable) and information will be provided regarding the nature or the breach and action being taken. Concurrently to this, Form Health will notify relevant parties such as the ICO and/or law enforcement agencies to ensure appropriate action taken.
This policy may be updated as required to ensure its compliance with data protection legislation and to exercise best practice. We recommend regular review of this policy to ensure you are happy and in agreement with our policy and associated practices.
