Privacy policy

WHO WE ARE

Ergocom Ltd is a limited company registered in England and Wales, No. 06672548. Registered office: Office 5, Unit R1, Penfold Works, Imperial Way, Watford, Herts. WD24 4YY.

Postal address: 61 Bridge Street, Kington HR5 3DJ

Telephone: 01622 933703

For the purposes of the General Data Protection Regulation (EU 2016/679), Ergocom Ltd is both a ‘Data Controller’ and a ‘Data Processor’.

WHAT THIS PRIVACY NOTICE IS FOR

This policy is intended to provide information about how Ergocom will use (or "process") personal data about individuals including: its staff and associates (referred to in this policy as “staff”); its current, past and prospective future insurers, claims assessors and employers (referred to in this policy as “clients”); and their claimants or employees (referred to in this policy as "claimants").

This information is provided because Data Protection Law gives individuals rights to understand how their data is used. Staff, clients and claimants are all encouraged to read this Privacy Notice and understand Ergocom’s obligations.

This Privacy Notice applies alongside any other information Ergocom may provide about a particular use of personal data, for example when collecting data online or using a paper format.

This Privacy Notice also applies in addition to Ergocom's other relevant terms and conditions and policies, including:

· any contract between Ergocom and its staff, clients or claimants;

· Ergocom’s retention of records policy;

· Ergocom's data protection and information security policy.

Anyone who works for, or acts on behalf of, Ergocom (including staff, associates, and 3rd party service providers) should also be aware of and comply with this Privacy Notice, which also provides further information about how personal data about those individuals will be used.

RESPONSIBILITY FOR DATA PROTECTION

Ergocom’s Director Helen Valls-Russell is designated as the principal contact for with your requests and enquiries concerning Ergocom’s uses of your personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with this policy and Data Protection Law.

Sue Godby can be contacted by:

  • Post: 61 Bridge Street, Kington HR5 3DJ
  • Telephone: 01622 933703

WHY ERGOCOM NEED TO PROCESS PERSONAL DATA

In order to carry out its contractual obligations to staff, claimants and clients, Ergocom needs to process a range of personal data about individuals (including current, past and prospective staff, claimants or clients) as part of its daily operation.

Ergocom will need to carry out some of this activity in order to fulfil its legal rights, duties or obligations – including those covered by contracts with its staff, clients or claimants.

Ergocom that personal data will be processed for the following purposes to comply with relevant laws, fulfil our contractual obligations, and to protect the vital interests of data subjects:

· To provide rehabilitation services to individuals on behalf of insurers, claims assessors and employers;

· To enter into commercial arrangements with, and to administer, our network of associates;

· For the purposes of management planning and forecasting, research and statistical analysis where imposed or provided for by law (such as tax, diversity or gender pay gap analysis);

· To enable relevant authorities (such as HCPC) to monitor Ergocom's performance and to intervene or assist with incidents as appropriate;

· To monitor (as appropriate) use of Ergocom's IT and communications systems in accordance with Ergocom's policies;

  • To carry out or cooperate with any regulator or external complaints, disciplinary or investigation process; and
  • Where otherwise necessary for Ergocom's purposes, strictly either required by law, necessary to discharge our contractual duty to deliver rehabilitation services, necessary to discharge our contractual duty to our staff, clients or associates, or to protect the vital interests of data subjects.

Ergocom anticipates that the following use will fall within the category where “consent” is required:

· Access to medical history for claimants, in order to provide rehabilitation services;

· Sharing of medical information with a claimant’s employer, in order to discuss and help formulate a return to work plan;

· Sharing of medical information with insurers/claims assessors, in order to assist in validating claims and to secure the funding necessary;

· Any other use of personally identifiable information that does not fall into the categories above.

In addition, Ergocom will need to process personal and special category in accordance with rights or duties imposed on it by law, for example for the detection and prevention of fraud.

TYPES OF PERSONAL DATA PROCESSED BY ERGOCOM

This will include by way of example:

· names, addresses, telephone numbers, e-mail addresses and other contact details;

  • bank details and other financial information;

· past and present claimants' medical history, including past and current medical conditions, treatment history and other information relating to their physical and mental health and wellbeing;

· reports and notes from working with claimants, including treatment plans;

· details of staff / associates’ professional qualifications, employment history and other information to demonstrate their professional capabilities;

· where appropriate, information about individuals' health and welfare, and contact details for their next of kin (for instance to comply with lone working policy);

· correspondence with and concerning staff, claimants and clients past and present; and

· records of requests from data subjects exercising their rights under data protection law (for example, subject access requests).

HOW ERGOCOM COLLECTS DATA

Generally, Ergocom receives personal data from clients in order to provide services to claimants. Claimants’ medical information is usually supplied by clients and healthcare professionals (with the claimants’ consent).

Data may also be collected from the data subjects themselves, or from publicly available resources.

WHO HAS ACCESS TO PERSONAL DATA AND WHO ERGOCOM SHARE IT WITH

Ergocom Ltd. shares personal data on a need-to-know basis with its network of associates. Where an associate is providing rehabilitation services to a claimant on Ergocom’s behalf, that associate is:

  • Directly subcontracted by Ergocom;
  • Processes personal data only with Ergocom’s permission;
  • Ensures the security of the data to industry-recognised standards;
  • Only has access to the personal data necessary for providing the service;
  • Returns or securely destroys the personal data when they are no longer providing services to the claimant (except where required by law to retain information).

Occasionally, Ergocom will need to share personal information relating to its staff, clients and claimants with third parties, such as:

  • professional advisers (e.g. Ergocom’s lawyers, insurers, PR advisers and accountants);
  • government authorities (e.g. HMRC, police or the local authority); and
  • appropriate regulatory bodies (e.g. HCPC, the Information Commissioner).

For the most part, personal data collected by Ergocom will remain within Ergocom, and will be processed by appropriate individuals only in accordance with access protocols (i.e. on a ‘need to know’ basis). Particularly strict rules of access apply to medical records, which will be held and accessed only by the Director of Ergocom and the individual staff providing the service to the claimant.

Finally, in accordance with Data Protection Law, some of Ergocom’s processing activity is carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with Ergocom’s specific directions.

HOW LONG WE KEEP PERSONAL DATA

Ergocom will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Typically, the legal recommendation for how long to keep ordinary records is up to 8 years following the service provided by Ergocom. However, other personal data may be kept longer in line with statutory guidance.

If you have any specific queries about how our retention policy is applied, or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the Director. However, please bear in mind that Ergocom will often have lawful and necessary reasons to hold on to some personal data, despite such a request (and you will be informed if this is the case).

A limited and reasonable amount of information will be kept for archiving purposes, for example; and even when you have requested that we no longer process or erase your data, we will need to keep a record of that fact in order to fulfil our obligations under law (called a "suppression record").

YOUR RIGHTS

Rights of access, etc.

Individuals have various rights under Data Protection Law to access and understand personal data about them held by Ergocom, and in some cases ask for it to be erased or amended or have it transferred to others, or for Ergocom to stop processing it – but subject to certain exemptions and limitations.

Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the Director.

Ergocom will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits (which is one month in the case of requests for access to information). Ergocom will not charge a fee, except in the following case:

Ergocom will be better able to respond quickly to smaller, targeted requests for information. If the request is manifestly excessive or difficult, or is made by a data subject who has made numerous similar requests, this period can be extended by a further two months and a proportionate fee requested from the data subject (where allowed by law). You will be notified within the initial month of us receiving your request if we intend to extend the deadline or charge a fee. If the data subject objects to our decision, then they can refer this to the Information Commissioner who will make a judgment.

Requests that cannot be fulfilled

You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals, or information which is subject to legal privilege (for example legal advice given to or sought by Ergocom, or documents prepared in connection with a legal action).

You may have heard of the "right to be forgotten". However, we will sometimes have compelling reasons to refuse specific requests to amend, delete or stop processing your personal data: for example, a legal requirement, or where we cannot perform our contractual duties without it. All such requests will be considered on their own merits.

Consent

Where Ergocom is relying on consent as a means to process personal data, any person may withdraw this consent at any time. An example of where we do rely on consent would include access to medical records. Please be aware however that Ergocom may not be relying on consent but have another lawful reason to process the personal data in question even without your consent.

Whose rights?

The rights under Data Protection Law belong to the individual to whom the data relates. However, Ergocom will often rely on clients’ authority or notice for the necessary ways it processes personal data relating to claimants – for example, under the terms of a contract with the client and acting as a data processor. Claimants should be aware that this is not necessarily the same as Ergocom relying on strict consent (see section on Consent above).

Where consent is required, it may in some cases be necessary or appropriate – given the nature of the processing in question – to seek the claimant's consent.

Staff are required to respect the personal data and privacy of others, and to comply with all Ergocom's relevant policies, (e.g. our Information Security and Data Protection policies) and Ergocom rules. Staff are also under a professional obligation to do so.

DATA ACCURACY AND SECURITY

Ergocom will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must please notify the Head Office (or, for claimants, their Consultant) of any significant changes to important information, such as contact details, held about them.

An individual has the right to request that any out-of-date, irrelevant or inaccurate information about them is erased or corrected (subject to certain exemptions and limitations under Data Protection Law) - please see above for details of why Ergocom may need to process your data, or who you may contact if you disagree.

Ergocom will take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to Company systems. All staff will be made aware of this policy and their duties under Data Protection Law and receive relevant training where appropriate.

THIS POLICY

Ergocom will update this Privacy Notice from time to time. Any substantial changes that affect your rights will be provided to you directly as far as is reasonably practicable.

QUERIES AND COMPLAINTS

Any comments or queries on this policy should be directed to the Director, Sue Godby, using the details above.

If an individual believes that Ergocom has not complied with this policy or acted otherwise than in accordance with Data Protection Law, they should utilise Ergocom’s Complaints procedure and should also notify the Data Protection Officer. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with Ergocom before involving the regulator.

Ergocom Ltd.
Data Protection Policy
Updated – 14/01/2021

Kind words from our clients