Data Controller: Ergo at Work Limited
Data Protection Officer: Bronwyn Clifford
ICO registration number: ZA196612
To run our business competently it is necessary for us to collect special category personal data relating to individuals; only relevant and necessary data is ever collected.
Ergo at Work Ltd is the data controller. This means we decide how your personal data is processed and for what purposes.
We are committed to protecting and respecting your privacy.
What We Hold
We hold special categories personal data, as defined by the General Data Protection Regulations (GDPR). This information includes name, date of birth, home address, email address, telephone number, work address, manager details, work hours, medical history, personal history, medication history. This list is not exhaustive.
Your data is not disclosed or passed onto any individual or company but a third party, such as a Remote Receptionist or IT Support Technician, might on rare occasions see it. We do not use any form of automated decision making.
Why We Hold It
Our lawful basis for processing your special categories personal data is that it is essential for undertaking role as a physiotherapy or occupational health provider. You will have provided your informed consent prior to us obtaining this information and for any of this information to be sent to your employer or medical professionals.
ANY report sent by Ergo at Work concerning an individual(s) will be sent to a named person in a secure format and will be password protected.
Where We Hold It
All personal data is collected as either hard copy which is then scanned or electronic data; all data is stored securely on an encrypted computer. All hard copy records are securely shredded and recycled. Only those employed by Ergo at Work who have been authorised by the Data Protection Officer and issued with a password may access this data. In the unlikely event of a data breach you will be made aware as soon as possible and it will be reported to the relevant bodies within the appropriate timescale.
How Long We Hold It For
We hold data about our physiotherapy clients only for 8 years after contact with you ceases, as required by the Health and Care Professions Council (HCPC) codes of practice. We hold data about our occupational health clients for 40 years after contact with you ceases.
You have the following rights with respect to your personal data:
The right to request a copy of the personal data which we hold about you;
The right to request that we correct any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary to retain such data