At TERC Ltd, we store your data in line with contractual and legal requirements. For litigation and operational purposes, this means retaining both clinical and non-clinical data for seven years after the cancellation of a contract with your employer and for up to seven years for clinical data. For training and accreditation purposes, the retention period is six years. We are committed to storing all of your data securely for the full duration of its retention. TERC Ltd are committed to protecting your data and complying with our obligations under all relevant data protection law. TERC Ltd is the data controller. This means that TERC Ltd is responsible for deciding how your personal data is held and used. This statement sets out what personal data we process, how and why. It also explains your rights as a data subject. You can get further general information around your rights from the website of the UK Regulator, the Information Commissioners Office at https://ico.org.uk/for-the-public/. Your Data Matters. Our contact details You can contact us in the following ways; By post or in person at our offices: TERC Ltd, The Malthouse Business Centre, 48 Southport Road, Ormskirk, Lancashire, England, L39 1QR By email to: customerservice@tercltd.co.uk By phone on: 03303 800975 Via the web at: https://www.tercltd.co.uk/ We have a Data Protection Officer. Her name is Catherine Watson and she can be contacted by phone on: 03303 800975 and email at: dpo@tercltd.co.uk
What this Notice applies to; Where we refer to Data Protection Law this means;
The UK General Data Protection Regulation (Regulation (EU) (2016/679) ('UK GDPR') and the Data Protection Act 2018 ('the Act'), and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK, and then any successor legislation to the GDPR or the Data Protection Act 2018
What type of information we have This Privacy Notice relates to Existing, former and prospective clients. If you are a Former, existing or prospective employee you will receive a separate privacy notice prior to our processing your data. Existing, former and prospective clients We collect the following types of personal data for you for the following reasons. We have to have a lawful basis to process your data and the lawful basis that applies is noted in the section below. How we get the information and why we have it. We collect your information in the following ways from the following sources. We collect your data by; Electronic Mail, Phone (voice and text), Post, Through our website(s). We collect your data from: Yourself directly, Your GP, a referral from your employer/manager or employer Occupational Health referral. We hold; Your personal details (name, address, date of birth, email address and telephone number). Our lawful basis for processing this data is; Consent Your employment records which could include; your contract, performance, absence, disputes at work, recruitment records, training and personal development records, electronic and paper file notes relating to any conversations that have taken place between the client and the individual(s) working for or representing TERC Ltd. Our lawful basis for processing this data is; Consent We also process what is called Special Category Data. This is data that is considered particularly sensitive thereforeadditional measures are taken to protect that data. We process the following Special Category data;
Our additional condition as required under Article 9 of the GDPR for processing the above special categories of data is; (a) Explicit consent When you visit the TERC website at https://www.tercltd.co.uk/ the following information may be collected; We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analysing the use of the website and services. Further information can be found at https://www.tercltd.co.uk/cookie-policy/ Our lawful basis for processing this data is Legitimate Interest. You have the right to withdraw your consent to specific processing at any time. Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, once we have received notification by your contacting us in one of the ways outlined in the Our Contact Details section of this Privacy Notice, that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis to do so in law (see below, What we do with the information) What we do with the information Will we share your data with anyone? In order to provide you with a broad range of services, some services are facilitated through our approved partners. At TERC Ltd we only work with trusted suppliers who have agreed to the terms of our Data Processor Agreement, so as to safeguard your information and in accordance with the requirements of all relevant data protection law. How long will we keep your data for? At TERC Ltd, we store your data in line with contractual requirements. For litigation and operational purposes, this means retaining non-clinical data for seven years after the cancellation of a contract with your employer and for up to seven years for clinical data. We are committed to storing all of your data securely for the full duration of its retention. Will we use your data to make automated decisions? No. How we store your information We store your data in secure UK locations to enable us to provide support to you. Data is stored in the following locations; Office365 platform, CORE, CLIVE CRM system, Proofpoint AntiSpam Email Filter. All data is held in the UK. We only retain your data for as long as it is legally or commercially necessary to do so and in accordance with your rights as a Data Subject. Our Retention Schedule details along with how data will be securely destroyed or disposed of once no longer being processed. For more information on destruction/disposal contact our Data Protection Officer. Your data protection rights Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. Your right of access You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Your right to rectification You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. Your right to erasure You have the right to ask us to erase your personal information in certain circumstances. Your right to restriction of processing You have the right to ask us to restrict the processing of your information in certain circumstances. Your right to object to processing You have the right to object to processing if we are using your data for;
Your right to data portability This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Whilst we do not process data for criminal law enforcement purposes, there may be instances where our obligation to safeguard exempts you from some of the above rights. If you wish to discuss our Safeguarding and Confidentiality Policies please contact us. You are not required to pay any charge for exercising your rights. We have one month to respond to you. Please contact us on dpo@tercltd.co.uk If you wish to make a request, or contact us on 03303 800975 Your rights may differ depending upon the lawful basis for processing. For example, some rights will not apply, see the table below from the regulator, the ICO (https://ico.org.uk/media/images/graphics/2258510/lawful-basis-table.png);
Statement on Anonymous Data Collection for Client Feedback Surveys To ensure we provide the best possible service to all our clients we send out a feedback form link at certain points in the client journey. To ensure we receive both candid feedback and process personal data only when required, all such feedback submissions are completely anonymous and configured to ensure that we have no way of being able to link any respondents to clients or identify any clients from the responses. How to complain At TERC Ltd we make every endeavour to protect your data. In the unfortunate circumstance that you are not happy with the manner in which we process your data, you may wish to make a complaint. In the first instance, please contact the TERC Ltd Data Protection officer in writing, stating your name, date of birth, contact details and the nature of your complaint against TERC Ltd. If you are not happy with the response you receive you may also wish to contact the UK data protection regulator, the Information Commissioner, whose contact details are below; Location Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone: 0303 123 1113 To receive a response via email complete the contact form at https://ico.org.uk/global/contact-us/
