Follow Us
F4S Digital Health Ltd provides digital health technology designed to identify and display personalised recommendations and health information for patients as they prepare for and recover from surgery. Its goal is to optimise patients’ physical and mental health before surgery and improve the speed and extent of postoperative recovery.
F4S Digital Health Ltd is registered in the UK under company number 17036944. Our registered address is 182-184 High Street North, London, England, E6 2JA.
Our ICO registration is ZC097544 and the Data Protection Officer is Framework Genie Ltd. Contact paul@frameworkgenie.co.uk.
When we process personal data on behalf of a private or public health care organisation, we act as a Data Processor. The health care organisation using F4S Digital Health Ltd remains with the Data Controller and determines how patient data is used.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Under the UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website. Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website.
Your right of access You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about your right of access.
Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.
Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.
If you make a request, we must respond to you without undue delay and in any event within one month.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Consent - You have provided us with your consent when registering to use our services (where all the relevant information was given to you) and have taken it as implied to provide you with care, or you have given it explicitly for other uses. To be clear, you do have the right to withdraw your consent at any time.
Legitimate interests - We’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All your data protection rights may apply, except for the right to portability. Our legitimate interests are:
To provide a safe and effective service, F4S Digital Health Ltd uses limited information under our legitimate interests. This allows us to keep the platform secure, fix technical issues, and improve the experience for all users. Wherever possible, we use anonymous or pseudonymised data (where your identity is removed) for these technical checks. This processing is essential for the reliable delivery of your care and does not affect your personal rights.
For more sensitive health information, we only process data where necessary for the management of healthcare services or with your explicit consent.
Directly from you.
Your health care providers, which may be within the public and private sector.
System generated logs and analytics.
We follow the NHS Records Management which sets mandatory retention periods for clinical records. For adult records, this is 8 years following the last entry.
For more information on how long we store your personal information or the criteria we use to determine this, please contact us using the details provided above.
The public or private health care provider that controls the data.
Anyone else?
We do not sell or share data with third parties for marketing or commercial purposes.
Service Improvement and Development: We use pseudonymised and aggregated data to analyze app performance, understand user engagement, and develop new features to improve clinical outcomes for all users.
We are subject to a common law duty of confidentiality. However, there are circumstances where we will share relevant health and care information. These are where:
You’ve provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses).
We have a legal requirement (including court orders) to collect, share, or use the data.
On a case-by-case basis, the public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime).
If in England or Wales – the requirements of The Health Service (Control of Patient Information) Regulations 2002 are satisfied; or
If in Scotland – we have the authority to share provided by the Chief Medical Officer for Scotland, the Chief Executive of NHS Scotland, the Public Benefit and Privacy Panel for Health and Social Care or other similar governance and scrutiny process.
We use a range of technical and organisational measures to keep data safe, including:
Secure Logins: We use multi-factor authentication to keep your account safe from hackers.
Scrambled Data: Your information is encrypted (scrambled) so it can't be read by unauthorised people.
Constant Monitoring: We keep a record of all system activity and monitor it 24/7.
Regular Check-ups: We perform frequent security tests to ensure our defences are up to date.
Gold-Standard Servers: We host your data on Azure, which meets the highest NHS security standards.
At F4S, we are committed to protecting your privacy and respecting your choices regarding your health data.
F4S processes your health data and feedback to provide personalised pre-habilitation guidance. As this is essential for your treatment (Direct Care), it is exempt from the NHS National Data Opt-Out.
For NHS-funded patients, we strictly apply the National Data Opt-Out for any secondary purposes (like service evaluation) using the NHS MESH service. For private patients, while the NHS National Data Opt-Out does not apply, we respect your UK GDPR 'Right to Object' to any data use beyond your direct clinical care.
You can stop your confidential patient information being used for research and planning. To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.
If you're happy with your confidential patient information being used for research and planning, you do not need to do anything.
Any choice you make will not impact your individual care.
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Great Charles Street, CA 91770
Mon to Fri 9am to 6pm
Send us your query anytime!