Fair Processing and Privacy Notice – Forge Health Limited

Our commitment to your privacy 

Forge Health Limited recognises the importance of protecting personal and confidential information in all that we do, and takes care to meet our legal duties.  Forge Health Limited puts in place all reasonable technical, security and procedural controls required to protect your personal information for the whole of its life, in all the formats we hold that information.

Personal information is information that on its own or together with other information identifies you and is about you.  This includes what you tell us about yourself and what we learn by having you as a customer. Processing relates to the collection, recording, storage, use, sharing, archiving and deletion of your personal data and sensitive personal data.

Data Controller

Forge Health Limited is a company controlled by Leicestershire Fire and Rescue Service (LFRS). In compliance with the Data Protection Act 2018 and General Data Protection Regulations 2016 (GDPR), LFRS is the Data Controller for your personal data recorded by us and processed in Forge Health systems.

Why do we collect information about you?

We collect personal information from you for the following purposes:

  • To support businesses in the management of health issues at work such as sickness absence, new starter health assessments, return to work assessments and ill-health reviews by providing access to impartial, specialist support
  • Referral to other health professionals with your consent
  • Administration of Occupational Health appointments

The categories of the information that we collect, process, hold and share include:

  • Personal details such as names, addresses, telephone numbers, dates of birth
  • Employment details, national insurance number
  • Health information
  • Sickness absence details
  • Any consents which you have given us in relation to the processing of your information including obtaining from, and sharing with other third parties 

Where do we get your information from?

We may collect your personal information from the following sources:

  • When you contact Forge Health Limited (for example by phone, email, social media or letter)
  • When you use our services or are referred via your employer
  • With consent to obtain information from other health professionals

Disclosure of personal information

Your privacy is protected by law, which says that we can use your personal information only if we have your consent (permission) or other lawful reason to do so.  This includes sharing it outside of Forge Health Limited.  The reasons why Forge Health Limited may process your personal information are:

  • When you consent to it
  • To fulfil a contract we have with you or your employer
  • When it is in our legitimate interest
  • In accordance with relevant Legal and regulatory compliance
  • Referral onto other health professionals, such as physiotherapist/counselling services

Forge Health Limited will never share or sell your information to external companies for marketing purposes.

How long do we keep your personal information for?

We will keep your information in line with the:

Information Government Alliance “Records Management Code of Practice for Health and Social Care 2016” which recommends:

  • OH records 6 years, after your leaving date or until the age of 75, whichever is sooner
  • Health surveillance 40 or 50 years from date of last entry, or 75th birthday, whichever is longer.
  • We may keep your personal information for longer than 6 years if we cannot delete it for legal, regulatory or technical reasons. In these circumstances, we will make sure that your privacy is protected and only use it for legal or regulatory purposes.

Requesting access to your personal data and your rights

Under data protection legislation, you have rights in relation to your personal data. There are:

  • To ask us what personal data we hold about you
  • To request to see or have a copy of personal data relating to you.
    Note: This is called a Subject Access Request (SAR). Such requests should be made in writing to us. Before disclosing information we will need to verify your identity.
  • To restrict how we process it
  • To object to us using it and ask us to stop processing
  • To question any information we hold about you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.
  • To have it permanently and securely deleted (where there isn’t a legal requirement for us retain it)
  • To ask that we transfer it into a portable format (in certain circumstances)
  • Where we process your personal data based on your consent, you have the right to withdraw that consent at any time

Contacting us – Data protection information

If you have any concerns about how we are using your personal information, you can contact us by writing to:

Forge Health Limited, Forge House, Bull Head Street, Wigston, Leicester LE18 1PB or telephoning on 0116 2203232

LFRS is a registered Data Controller with the Information Commissioner’s Office, you can contact our Data Protection Officer via:

0116 287 2241 (Switchboard)


In writing to:
Leicestershire Fire and Rescue Service HQ, 12 Geoff Monk Way, Birstall LE4 3BU.

You can obtain further information about your rights; or exercise your right to complain, to the Information Commissioner’s Office (ICO):

Changes to this privacy notice

We will review this notice annually and reserve the right to update and republish at any time.

Skip to content