eReports UK is committed to protecting your privacy and providing services in a confidential and safe manner. In doing so, eReports complies with UK GDPR regulations with regard to the usage of personal information and how eReports may use it.
From time to time, eReports may collect certain personal information in connection with the purpose for which it was collected, as being reasonably necessary for, or related to eReports’ business. The kind of information we collect will depend on your relationship with eReports (for example as an examinee, client, business partner, or employee.
Generally, the only personal information eReports collect about you is that which you choose to tell us about or which you authorise eReports to obtain. The type of information eReports collect may include:
- Examinees: your name, gender, address, email addresses, telephone number, demographic data (non-sensitive information only), health and/or disability information (including history), medical claims history.*
- Clients (referring party or examinees engaging services in their own right):your name, address, email address, telephone number, billing information (if purchasing products) history.
- Consultants/Medical Examiners: your name, gender, address, telephone numbers, email addresses, employment history, billing information, professional associations, qualifications, accreditations, professional registration information, professional indemnity insurance details, provider number, health and/or disability information (including history), emergency contact details.
- Other (including employees/potential employees):your name, address, email address, telephone number, employment history, medical history and billing information.
* Examinees include persons being considered for employment by a client who engages eReports to carry out pre-employment checks.
Where possible, eReports will collect your personal information directly from you but information may also be collected via:
- Health records provided to us (including as part of psychological or medical assessments (examinees only).
- Inquiries that we might make of your employer or treating practitioners (examinees only.
- Other pre-employment checks (employees and examinees only).
- Insurers, employers and other parties who may have introduced you to eReports.
Personal and sensitive information may be collected from you when you provide it to eReports directly. eReports has established appropriate physical, electronic and managerial procedures to safeguard any information eReports collects. This helps prevent unauthorised access, maintains data accuracy and ensures that the information is used correctly.
All data transferred to and from the eReports servers is securely stored and is encrypted in transit and at rest, and a firewall is in place to prevent intrusion. All data stored within the eReports’ systems is designed to only be able to be accessed by authorised staff members and the hosting facility.
eReports collects personal information that eReports considers relevant, and which is outlined in your written consent, for the purpose of providing eReports’ services. Sensitive information, in most cases, can only be disclosed with your written consent.
Any personal information collected about an individual will not be used or disclosed for the purposes of direct marketing unless the individual has given eReports consent to do so. Any personal information provided to ERUK will not be disclosed to any overseas individuals or bodies, unless the individual has given eReports consent to do so.
Some of the ways eReports uses personal information include to:
- Communicate with you and others as part of eReports’ business.
- Enable eReports to provide a service.
- Personalise the eReports experience.
- Send you information regarding changes to eReports’ policies, other terms and conditions, online services, and other administrative issues.
- Prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks.
- Verify information given to eReports.
- Carry out market research and analysis using anonymised data, including satisfaction surveys.
- Manage eReports’ infrastructure and business operations and comply with internal policies and procedures, including those relating to auditing, accounting, billing and collections, IT systems data and website hosting, business continuity and records, document, and print management.
- Resolve complaints, and handle requests for data access or correction.
- Comply with applicable UK laws and regulatory obligations (including relevant laws and regulations outside your country of residence), such as those relating to anti-money laundering, sanctions and anti-terrorism.
- Comply with UK legal process and respond to requests from public and governmental authorities (outside your country of residence).
- Establish and defend legal rights, protect eReports’ operations or those of any of eReports’ group companies or insurance business partners, eReports’ rights or property and/or that of eReports’ group companies, you or others, and pursue available remedies or limit eReports’ damages.
- All of the above.
- Assess your suitability and continued suitability for employment.
eReports may disclose your personal information to:
- Government Authorities (where required by law, including workers compensation laws).
- Third parties involved in court action (where required by law).
- Business partners/clients.
- Medical partners.
For examinees only, depending on the nature of the services we provide for you, to collect from and disclose your personal/sensitive information to the following third parties:
- Your nominated, treating doctor.
- Anyone who, by agreement, is deemed necessary.
- Your employers (e.g., return to work coordinator).
- Referring agency.
- Medical Consultants and Examiners and any other treating practitioner or other health providers that eReports may deal with on your behalf.
If you do not provide some or all the information requested, eReports may not be able to provide you with the requested services.
Due to the nature of eReports’ services the use of a pseudonym anonymity is not acceptable.
eReports does not retain bank account details in the eReports’ system except in respect of relevant account details required for Consultants and Medical Examiners fee settlement. Relevant details will be passed to the payment gateway as soon as they have been collected. Account details are stored by eReports’ using all appropriate security measures.
A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie, and this will provide you with an opportunity to either accept or reject it in each instance. eReports may gather your IP address as part of eReports’ business activities and to assist with any operational difficulties or support issues with eReports’ services. This information does not identify you personally.
eReports’ website may contain links to other websites. When you access these links, eReports recommends that you read the website owner’s privacy statement before disclosing your personal information. eReports does not accept responsibility for inappropriate use, collection, storage or disclosure of your personal information collected outside eReports’ website.
If an individual wishes to exercise their rights to access their personal information held by eReports, or alternatively, has any questions or believes that any personal information held by eReports is incorrect or incomplete, the individual can write (or email) the eReports’ Data Protection Officer at the address below. Except in the case of compliance with the law (including requested by subpoena), personal information will only be released to the individual directly, unless eReports has written consent by the individual concerned to provide such information to a third party.
You may ask eReports to update, correct or delete the personal information eReports hold about you at any time by contacting the Data Protection Officer (DPO) as specified below. eReports will take reasonable steps to verify your identity before granting access or making any corrections to or deletion of your information. eReports will, upon request, take all reasonable steps within its powers to correct the information in its possession or, if necessary, discuss alternative actions with the individual.
In cases where the information was provided by a third party, eReports may not be able to correct information and you may have to contact the third-party that gave information to us. eReports also has obligations to take reasonable steps to correct personal information eReports holds when eReports is satisfied that it is inaccurate, out-of-date, incomplete, irrelevant, or misleading for the purpose for which it is held.
If you would like to make further inquiries in relation to data issues or submit a notification about a breach of the UK GDPR Regulations that may relate to eReports’ business, you can contact the eReports’ Data Protection Officer (DPO) via the below means:
- Email: [email protected]
Data Protection Officer
The Powerhouse, High Street,
Ardington, Wantage, Oxfordshire OX12 8PS
eRep0rts take all enquiries and complaints regarding data and privacy of information seriously. eReports will respond to any requests, questions, or complaints as soon as possible in a reasonable time frame. eReports also has obligations to take reasonable steps to correct personal information eReports holds when eReports is satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading for the purpose for which it is held.