PRIVACY NOTICE (GENERAL)
Note: if you are not a Customer or potential Customer of Corporé or person receiving case management services or treatment from Corporé only those sections relating to our website are relevant to you.
Last updated on: 12th February 2020
Welcome to Corpore Limited “Corporé” Privacy Notice.
Corporé takes data protection seriously and is committed to respecting and protecting your personal data. Your personal data is data which by itself or with other data available to us can be used to identify you.
This Privacy Notice explains how we will collect, store and use any personal data you provide via our website, email or networks and when you otherwise communicate with us (including in the course of the services we provide or the running of our business) and which we may collect about you during the provision of our services to you, via our website, email or networks and when you otherwise communicate with us.
If you have any questions you can contact our Data Protection Officer at:
E-mail – firstname.lastname@example.org
Post – Corpore Ltd, 6th Floor, Tithebarn House, Liverpool, L2 2NZ
Registration Number: 09087974, ICO Registration Number: ZA066016
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This Privacy Notice may change from time to time and, if it does, the up-to-date version will be available on our website and becomes effective immediately.
Please take the time to read this Privacy Notice, which contains important information about the way in which Corporé processes personal data.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance.
For the purposes of this Privacy Notice, "Data Protection Legislation" is defined as the General Data Protection Regulation (Regulation (EU) 2016/670) (“GDPR”), the Data Protection Act 2018 (“DPA 2018”) or any equivalent legislation amending, supplementing or replacing the GDPR or DPA 2018.
We may collect, or be provided with, and process information about you, your personnel and clients through various means, including:
• in the course of carrying out work for or providing services to you (or your business);
• via our website (for example, on our ‘Contact Us’ page);
• by email or other electronic correspondence;
• by telephone;
• networking (e.g. conferences, customer events and/or other meetings or events either hosted or attended by us);
• otherwise through providing our services or operating our business.
The personal data you give to us may include:
• your name and title;
• contact information, including telephone number, postal address and email address;
• information relating to your location, preferences and/or interests;
• photographic identification;
• where we provide our case management or treatment services to you, information relating to your health and the injury we are treating (which we acknowledge is special category personal data;
• the content of any enquiry submitted over our website;
• any other personal data we collect (such as the customer and client reference numbers which may be assigned to you) in the context of providing our services or in the course of operating our business.
Each time you visit our website, we may automatically collect the following information:
• Web usage information (e.g. IP address);
• Information about your visit, including the full uniform resource locators (URLs) clickstream to, through and from our website.
• We may ask you for information when you report a problem with our website.
If you contact us, we may keep a record of that correspondence or conversation for a limited period, this is for our compliance, training and monitoring purposes, and may be collected by our recording of telephone conversations. Any personal data collected in this way, will be dealt with in accordance with this Privacy Notice.
The personal data described above may relate to any of the following categories of person:
• injured parties treated by us;
• our customers and your clients;
• our prospective customers;
• those who submit enquiries through our website or whose details are otherwise entered into our marketing management system.
We may use your information for the following purposes:
• to respond to any query that you may submit to us;
• to manage our relationship with you (and/or your business), including by maintaining databases of customers and other third parties for administration, accounting and relationship management purposes;
• to provide our case management and/or treatment services to you;
• to complete our contractual obligations to you;
• where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests;
• where we need to comply with a legal or regulatory obligation (for example any relevant anti-money laundering law or regulation);
• to send you any relevant information on our services and events that may be of interest to you using the email and/or postal address which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable Data Protection Legislation. You can withdraw your consent to marketing activity at any time using the unsubscribe link located in any of our marketing emails or by emailing us at email@example.com;
• to determine what is most effective about our website, and to help identify ways to improve it, and to tailor it to be more effective;
• to comply with any other professional, legal and regulatory obligations which apply to us or policies that we have in place;
• as we consider necessary to prevent illegal activity or to protect our interests;
• to share with companies in our group for the purpose of them sending to you any relevant information about their products/services that may be of interest to you.
We will rely on the following legal bases under Data Protection Legislation for processing your personal data:
• Performance of, or entry into, a contract;
• Compliance with a legal obligation to which we are subject;
• We have a legitimate interest in doing so as a services provider;
• In certain circumstances, where we have express consent to do so. Where we collect consent, we will explain that it may be withdrawn at any time in accordance with the information we provide at that time.
Where we are relying on your consent to process your special category personal data (including information relating to your health), if you do not provide this consent, we will not be able to provide our case management or treatment services to you.
Unless otherwise agreed, where you are our client, we will process your client’s personal data as a Data Processor in accordance with the terms of the contractual arrangements in place between us until such time as we have accepted an instruction from you, at which point we will become a Data Controller in respect of such personal data (and any other personal data we collect during the course of our provision of case management or treatment services to such individual).
We may share your details with third parties instructed by us in accordance with your instructions to enable us to fulfil our contractual obligations to you and/or your clients in the course of business.
We will only share your personal data in compliance with Data Protection Legislation.
We may disclose your information to third parties when:
• you specifically request this or it is necessary to provide our services to you, for example disclosure to expert medical providers;
• we consider other companies’ products and services in our group of companies may interest you;
• if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation.
• necessary for us to receive professional advice from our insurers, insurance brokers, auditors, accountants, solicitors and other professional advisers.
• you have consented to us sharing your information with any party who is funding your case management or treatment.
We will not sell your information.
We may also share your personal data, where necessary, with our carefully selected service providers who provide IT and system administration services.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will procure that any third parties we engage to provide services in satisfaction of any contract between us will keep your data and that of your clients stored on their systems for as long as is necessary to provide the services to you, and to comply with applicable legal requirements.
We will not store your information for longer than is reasonably necessary or required by law, and/or as needed for the duration of our contractual relationship.
Following the completion of any contract between us, we may also need to retain your personal data for legal and regulatory purposes, including
• pursuing any outstanding payments,
• for the establishment, exercise and defence of legal claims, and
• for HMRC audit purposes following payment of an invoice.
If we need to share your personal data with a recipient outside the United Kingdom we will ensure we do so in compliance with Data Protection Legislation and having obtained your consent, where appropriate.
Data Protection Legislation gives you the right to access information held about you.
We will aim to respond to any requests relating to your rights without undue delay and in any case within one month of receipt of your request.
We may ask you to confirm your identity so that we can validate a request. If you would like to make a request, please email or write to the DPO using the contact details provided above.
You have the right to:
• Request access to your personal data and check that we are lawfully processing it.
• Request correction of the personal data that we hold about you if you consider that it is inaccurate.
• Request the transfer of your personal data to you or to a third party.
• Request erasure of your personal data. This includes where you have been successful in exercising your right to object to processing (see below). However we may not be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Request restriction of processing of your personal data. This may be the case if you want us to establish the data’s accuracy or where our use of the personal data is unlawful but you do not want us to erase it.
• Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms.
Where you exercise your rights to request erasure, or request a restriction in the processing of your personal data or to object to processing of your personal data, we may still need to keep basic contact information about you if you are already or will shortly be an active customer as we will require this for contractual purposes.