85 Great Portland St.
Phone: 020 33973712
Website: Home | Fortesium
Personal Information we Process
We currently process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details, DOB, address, registration PIN / PRN etc)
- Gender data
- Ethnicity / ethnic origin data
- Criminal convictions / legal data and data related to fitness to practice
- Medical data
- Qualifications and CPD data
- Work history / employee data
- Financial information – limited to information on payment schedules and fees paid/unpaid (not bank details)
How & why we Obtain Personal Information
Most of the personal information we process is provided directly by you to the regulator using our services for one of the following reasons:
- To process an application to register with a regulatory body
- To maintain your information on a regulatory register to allow you to practice as a registered professional / practitioner
We also receive personal information indirectly, from the following sources in the following scenarios:
- From new clients engaging our services to establish registration processes that are fit for purpose and to maintain an accurate register of professionals to support public safety
- Data is provided by universities / Higher Education settings to regulators of applicable newly qualified professionals / practitioners
- Legal information may be provided by solicitors, the police, a member of the public or other regulatory bodies pertaining to fitness to practice concerns / proceedings
- Medical professionals may provide medical information with your consent relating specifically to fitness to practise cases
- Previous employers or regulators may provide information on employment history or CCPS
We use the information that you have provided in order to process an application for registration with a regulatory body and to support the maintenance of a register as per the unique regulations pertaining to each professional regulator.
In all circumstances the request to share information would be directed to or managed by the data controller. In most instances this will be the regulatory body responsible for collecting and maintaining your data.
We will only ever act to amend or delete any member data at the express written request of the data controller. Each client is required to nominate 2 named authorisers permitted to raise such requests.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
- Your Consent. You are able to remove your consent at any time. You can do this by contacting the relevant regulatory body to which you originally provided the information.
- We have a contractual obligation.
Storing your Personal Information
Your information is securely stored.
We keep all the personal information listed above in secure cloud based environments hosted by Microsoft Azure. Each client has a separate environment which is only accessible by the appropriate regulator and designated Fortesium employees with privileged access to allow them to undertake the necessary support functions. Retention periods for data is determined by each regulator based on the legal requirements of the regulations under which they were established. Fortesium take no responsibility for deletion of data, for retention and disposal information please see the Privacy Notice published by the relevant regulatory body.
Your Data Protection Rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to data portability – you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you and in most instances we will pass requests to the data controller to process.
Please contact us at email@example.com if you wish to make a request.
How to Complain
If you have any concerns about our use of your personal information, you can make a complaint to us at
You can also complain to the ICO if you are unhappy with how we have used your data, at:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk