ERGOFY PLATFORM END USER PRIVACY POLICY

EFFECTIVE DATE: 19 February 2019

PURPOSE

Ergofy Limited ("we", "us", "our") are committed to protecting and respecting your privacy.

This privacy policy ("Privacy Policy") and any other documents referred to herein, sets out the basis on which any personal data we collect from you, or that you or any third party provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By accessing the Ergofy Platform ("Site") to use our applications and our services ("Services") you are accepting and consenting to the practices described in this Privacy Policy.

DATA PROTECTION LAW AND YOUR RIGHTS

The collection, storage and processing of your personal information and consequently your privacy is governed by and protected by law, specifically, Regulation (EU) 2016/679 of the European Parliament ("GDPR") and the Data Protection Act 2018 (UK) (together "Data Protection Law"). We are committed to the lawful processing of your data; as such, this Privacy Policy is based on concepts from Data Protection Law.

THE DATA CONTROLLER

Under Data Protection Law, The Data Controller determines which data is used and for what purpose. In this instance, the Data Controller is the organisation or entity which has registered you as a user on the Ergofy Platform ("Organisation"). In typical (but not all) cases this will be your employer. Your Organisation is, in turn, our customer. They have engaged our Services to fulfil their obligation to conduct workplace training and risk assessments.

THE DATA PROCESSOR

Under Data Protection Law, a Data Processor processes data on behalf of a Data Controller for a specific purpose. In this instance, we are the Data Processor, providing the Site and Services to you on behalf of and at the instruction of your Organisation.

LEGAL BASIS FOR PROCESSING

We collect and use the personal data described below in order to provide you with access to our Site and Services in a reliable and secure manner. Broadly speaking, we also collect and use personal data:

  • For our legitimate business needs.

  • To fulfil our contractual obligations to your Organisation.

  • To comply with our legal obligations.

To the extent we process your personal data for any other purposes, we will ask for your consent in advance or require that our partners obtain such consent.

YOUR RIGHTS

You have the right under Data Protection Law, free of charge, to request:

  • Access to your personal data.

  • Rectification or deletion of your personal data.

  • A restriction on the processing of your personal data.

  • Object to the processing of your personal data.

  • A transfer of your personal data (data portability) in a structured, machine readable and commonly used format.

  • Withdraw your consent to us processing your personal data, at any time.

You can make a request in relation to any of the above rights by contacting us through the contact form on our website, or by emailing us at dataprotection@ergofy.co.uk. We will respond to such queries within 30 days in accordance with the provisions of Data Protection Law.

COMPLAINTS

If you have any complaints or concerns about our use of your personal data please get in touch with your Organisation as a first point of contact. If you are unsatisfied with the outcome, you may contact the following data protection supervisory authority:

  • For individuals in the UK: The Information Commissioner's Office at, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

  • For individuals located in the EU: your local data protection supervisory authority in the country in which you are located.

INFORMATION WE MAY COLLECT

In order for us, on behalf of your Organisation, to provide effective online training and risk assessments to you using our Services, we may collect and process the following information about you:

FROM OTHER PARTIES

Your Organisation will have registered you as a user on the Ergofy Platform and provided us with the following information which we collect and store:

  • Your full name;

  • Your email address - typically the email address used in the context of your relationship with the Organisation, e.g. a work email address;

  • Other information relating to your work or association with the Organisation, such as your department, job title and office location;

  • Updates (in the form of free-text notes) to issues identified during your risk assessments.

INFORMATION YOU GIVE US

While using our Services, for example receiving online training, completing self-assessments and reviewing guidance to issues, among other activities, we may collect and record the following information from you:

  • Responses and interaction with online training provided, such as when training was viewed or completed.

  • Responses to questions in assessments, including but not limited to multiple choice questions and free-text questions relating to workplace comfort and well-being, for example:

    • Your working environment, equipment and working habits;
    • Any pain or discomfort you may experience;
    • The presence of complicating health conditions relating to pain or discomfort experienced at work which may place you at a higher risk;

  • Responses to follow-up questions regarding issues identified during your assessment and any subsequent automated guidance the Site has provided you with, including whether or not the identified issues have been resolved or not.

INFORMATION WE COLLECT FROM YOU

With regard to each of your visits to our Site we may automatically collect the following information:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your browser type and version, operating system and platform;

  • Information about your visit and actions on the Site, including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and data submitted by your browser to the Site, such as HTTP headers and form data.

USES MADE OF YOUR INFORMATION

We primarily use information held about you in the following ways:

  • In provision of the Services to you, namely online training, risk assessments and provision of guidance in resolving identified issues;

  • To send you information and reminders about actions that you have taken or should take when using the Services;

  • To notify you about changes to our Site and Services;

  • To ensure that content from our Site and Services is presented in the most effective manner for you and for your computer;

  • To provide you with the information, products and services that you request from us;

  • To administer our Site and Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

  • As part of our efforts to keep our Site and Services safe and secure;

  • To carry out our obligations arising from any contracts entered into between your Organisation and us.

COOKIES

We use cookies on our Site and within the Services to distinguish you from other users of our Site and Services and to remember any preferences you select while using the Site. This is necessary to ensure your data privacy is protected and it also helps us to provide you with a good experience when you browse our Site. Furthermore, it allows us to improve the Site and Services for all users.

WHAT ARE COOKIES?

Cookies are small text files that are placed on your computer by websites that you visit. The content of cookies is updated by the websites as you browse those websites. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the Site. Cookies can be "persistent" or "session" cookies.

PERSISTENT COOKIES

A persistent cookie is stored on a user's device in between browser sessions (i.e. opening and closing of a browser) and can be accessed by a website when you access the website again at a later date.

SESSION COOKIES

Unlike persistent cookies, session cookies are only stored while your browser is open and are deleted from your computer by your browser when you log off from the Site or Services and subsequently close your browser.

COOKIES WE USE

We use the following cookies on our Site in order to provide our Services to you:

Type Storage Purpose
Ergofy user session Session Cookie This cookie stores a long text "key" that the Ergofy Platform uses to uniquely identify you as a user. This is crucial to the operation of the Site. It allows the Site to uniquely identify your browser as belonging to you and thus serves as our means of identifying you and authenticating you to access your data while you use the Services. It is encrypted and tamper-proof for security purposes.

You can set up your browser options, to stop your computer accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you will not be able to use the whole of the Site or all functionality of the Services, as we use them as an integral part of our data security strategy.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

TRANSFER AND DISCLOSURE OF YOUR INFORMATION

There are instances where we may transfer to or share your information with third parties. Please note, however: we will never sell or rent your personal data to anyone, ever.

TRANSFER TO AND PROCESSING BY THIRD PARTIES

We may transfer your information to selected third parties including:

  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;

  • Business partners, suppliers and sub-contractors for the performance of our duties to your Organisation in supplying access to the Site and Services, such as our mail hosting providers, CRM system and server hosting providers.

DISCLOSURE TO THIRD PARTIES FOR OTHER REASONS

We may disclose your personal information to third parties:

  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and/or any other agreements; or to protect our rights, property, safety, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;

  • As directed by your Organisation for purposes they deem fit, for example engaging our Services in resolving identified risk issues through the use of external contractors.

WHERE WE STORE AND HOW WE PROTECT YOUR PERSONAL DATA

Our Services, being provided mostly online, are global and your information (including personal data) may be stored and processed in any country where we have operations or where we engage service providers, and we may transfer your information to countries outside of your country of residence, which may have data protection rules that are different from those of your country of residence.

The personal data that we collect from you may therefore be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or partners. Such staff or subcontractors would be performing services to us necessary for us to provide you access to the Site and Services. By submitting your personal data, you agree to this transfer, storing or processing outside of the EEA.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. In particular, this means that your personal data will only be transferred to a country that provides an adequate level of protection (for example, where the European Commission has determined that a country provides an adequate level of protection) or where the recipient is bound by standard contractual clauses according to conditions provided by the European Commission ("Standard Contractual Clauses").

Our Site and Services are accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the Site or Services from outside the EEA. This means that where you chose to post your data on our Site or within the Services, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.

PROTECTION OF YOUR INFOMRATION

All information you provide to us is stored on secure servers and encrypted at rest and in transit. Where we have given you (or where you have chosen) a password or a secure link (e.g. via email) which enables you to access certain parts of the Site or Services, you are responsible for keeping that password or link confidential. We ask you not to share any password, link or email from the Site with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will endeavour to protect your personal data, we cannot guarantee the security of the connection and technology you use to transmit data to our Site or the Services. Any transmission where you use an insecure network or technology (e.g. insecure public Wi-Fi or public computer) is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

DATA RETENTION

We retain personal data for as long as necessary for the relevant activity for which it was provided or collected. This will be for as long as we provide access to the Site or Services to you, your Organisation's account with us remains open or any period set out in any relevant contract your Organisation has with us.

After your Organisation has closed their account with us, we will delete or completely anonymise your personal data in line with our contractual and legal obligations, however we may retain personal data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our Terms and Conditions or fulfil any request to "unsubscribe" from further messages from us.

MISCELLANEOUS

LINKS TO OTHER WEBSITES

Our Site and Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

AGE OF USERS

This Site and the Services are not intended for and shall not be used by anyone under the age of 16.

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to your Organisation by email. Please check back frequently to see any updates or changes to our Privacy Policy.