Privacy Policy

Privacy Policy

LAST UPDATED: – April 2026

At The Claim Lab (TCL), your privacy is of great importance to us. TCL is dedicated to the protection of the personal information of our clients’ employees who use our services, website visitors and other individuals whose personal information is entrusted to TCL.

Policy Contents:

  1. Accountability for Privacy Compliance
  2. Collecting Personal Information
  3. Your Consent
  4. Using Your Information
  5. Sharing Your Information
  6. Keeping Your Information Safe
  7.  Your Information – How Long Do We Keep It For?
  8. Inter-Province and International Data Transfers
  9. Your Data Rights and How to Exercise Them
  10. Our Privacy Complaint and Breach Management Process
  11. Changes to this Policy
  12. How to Contact Us

TCL is committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this notice in an alternative format, please contact us at privacy@claimlab.org

1. Accountability for Privacy Compliance

TCL takes full responsibility for the management and confidentiality of personal information. Personal information is collected, used, shared, and stored in accordance with all applicable privacy laws that apply to TCL’s clients, TCL as a separate legal entity, as well as internationally recognized Generally Accepted Privacy Principles (GAPP privacy framework).

TCL has appointed a Privacy Officer who oversees compliance with privacy laws and best practice. The Privacy Officer’s duties include:

  • Developing and, on a regular basis, reviewing TCL policies and practices to ensure consistent implementation and compliance;
  • Ensuring all staff are trained on privacy best practices and are aware of the importance of safeguarding any personal information that they are privy to;
  • Ensuring that all inquiries and complaints relating to privacy are appropriately handled; and
  • Ensuring all third parties to whom TCL provides access to personal information adhere to appropriate standards of care in managing that information.

By implementing a privacy management program that includes privacy training, up-to-date data handling policies and procedures, and vetting the privacy and data security practices of key third parties with access to personal information, you can be rest assured that any personal Information that you entrust to TCL is well managed and protected.

2. Collecting Personal Information

‘Personal information’ is any factual or subjective information, recorded or not, about an identifiable individual. This includes your name, contact information, birthdate, and any identifiable on-line activity. It also includes information such as details about your current health and wellness, which is sensitive personal information that we treat with extra care.

Aggregate and de-identified information that cannot be associated with a specific individual is not personal information.

Personal information will be collected using TCL’s on-line questionnaires completed by you or your employer as well as other information that may be provided by other third parties such as your insurance company. We collect only the personal information needed to offer and deliver our services and do so with your consent or as otherwise authorized by law.

Most of the personal information TCL gathers comes directly from you. In those instances where information is collected from your employer, or other organizations such as your insurance company, your personal information will be respected in exactly the same way as if we collected it from you personally.

3. Your Consent

TCL obtains meaningful consent for the collection, use and disclosure of personal information, unless consent is not required under applicable laws. We do so by sharing our practices with you as outlined in this Policy, as well as through our on-line forms and written procedures. Your consent may be express (that is, where we specifically ask for your consent, such as when you commence the completion of a questionnaire) or implied for non-sensitive information as permissible by law, when we can reasonably conclude that you’ve given consent by some action, or when it is obvious that you would consent if directly asked.

Note that there may be instances where the law permits the collection, use or disclosure of your Personal Information without your consent, for example in the context of fraud investigations, and where necessary to protect our legal interests or the safety of others. For example, we may be required to collect, use, disclosure or store personal information without your consent to comply with other laws, an order of a court or other legal administrative tribunal, or to respond to an authorized inquiry of a government agency.

Ensuring your consent is informed is of critical importance to TCL. If you need any assistance in understanding the scope of the consent being requested of you, contact privacy@claimlab.org

4. Using Your Information

We collect and use personal information, on behalf of your insurance provider, to help understand your needs and requirements, the impact of your symptoms on your ability to function, and to help identify if there is anything they can do to assist with your return to work.

When you use TCL’s website, we automatically receive and record information on our server logs from your browser or mobile platform, including the date and time of your visit, your IP address, unique device identifier, browser type and other device information (such as your operating system version and mobile network provider). By setting cookies, TCL is able to enhance a user’s on-line experience (e.g. we may identify you as a return visitor in order to provide you with a more meaningful visit). You can disable cookies through your website browser, however some areas of the site may not work properly with cookies disabled.

The information we collect when you visit TCL on-line is used strictly to analyze and improve the performance of our digital services.

TCL does not make any decisions that would significantly affect you based solely on processing by automated means. Should we propose doing so at any time, this would only occur with your express, written consent.

5. Sharing Your Information

Your personal information is shared with your insurance provider in accordance with our contractual relationship with them. Only authorized persons have access to your data as required by your insurance provider.

TCL will only release your personal information when we believe such release is appropriate in order to comply with the law, for example, if we receive a subpoena, court order or request from government authorities. Unless otherwise required by law, such disclosure would only take place in consultation with your insurance provider. If anyone else requests information in your file, we will only provide it if you have authorized us to release it to them.

6. Keeping Your Information Safe

TCL has implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful access to the personal information we manage and store. We have also taken steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by TCL significantly reduce the likelihood of a data security breach.

Here are some examples of the security controls we have in place:

  • The use of encryption, firewalls, anti-virus programs and robust authentication processes, including complex passwords, for electronic records; which are regularly upgraded to address new security threats;
  • Limited access to personal information by employees on a “need-to-know” basis;
  • The use of data centers with effective physical and logical data security controls;
  • Staff that are keenly aware of their data protection responsibilities; and
  • Regular reviews of privacy compliance and best practice initiatives.

7. Your Information – How long do we keep it for?

TCL retains personal information for as long as necessary to fulfill legal or business purposes as specified by your insurance provider.

Once your information is no longer required by TCL to administer services and meet contractual, legal or regulatory requirements, it is securely destroyed, erased or made anonymous. Keep in mind however that residual information may remain in back-ups for a period of time after its destruction date.

8.  Inter-Province and International Data Transfers

We may transfer personal information to third parties located in the United States and in other countries that may be outside of the jurisdiction in which you reside for storage, processing and in order to provide our services.  If we transfer data to a province/region or country that does not have data protection laws as comprehensive as your resident province, we will include contractual obligations that meet the standards of your resident province. In addition, we will have taken appropriate safeguards to protect your personal information in accordance with this Privacy Policy and applicable law wherever it is processed. These safeguards include taking reasonable steps to vet the data handling practices of third parties, conducting privacy impact assessments and implementing data protection language in our contracts with any business partners with whom we are sharing your personal information. Note that in working with third parties, personal information may be transferred to a foreign jurisdiction to be processed or stored. Such information may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws.

9.  Your Data Rights and How to Exercise Them

We respect your privacy rights related to the personal information we collect, use and disclose about you and we will comply with applicable data protection laws and regulations in the handling of your personal information. Note that the availability of certain rights depends upon your province/region of residence and when such rights come into effect. Examples of these specific rights and the ways in which you can exercise them are set out below.

Right to be Informed/Right to Access: The right to know what Personal Information we have collected about you, including the:

  • categories of personal information;
  • the specific pieces of personal information we collected about you;
  • categories of sources from which we obtained personal information about you;
  • categories of people within TCL who have access to personal information;
  • the purpose for collecting, using or sharing your personal information; and
  • the names of the third parties to whom we disclose personal information and where they are located.

TCL responds to access requests within 30 days, unless an extension of time is required. We may charge a nominal fee to cover any expenses related to responding to your access request. Note that there may be contexts where access must be refused or only partial information can be provided, for example, in the context of an on-going investigation or litigation, or if another individual’s personal information or identity must be protected.

Right to Restrict Dissemination; The right to request that we stop sharing your personal information where the dissemination (i) contravenes the law or a court order, or (ii) otherwise causes serious injury to you or your privacy.

Right to Rectification: The right to correct inaccurate personal information that we maintain about you or complete your records with additional information that may be missing.

Right to Request Deletion: The right to delete personal information we collected about you, subject to certain exceptions (for example, we may refuse your deletion request if we are permitted by law to keep the information).

Right to Withdraw Consent: The right to withdraw consent subject to legal or contractual restrictions. Upon receipt of written notice of withdrawal of consent, we will inform you of the likely consequences of withdrawing your consent before we process your request, or the inability of TCL to provide you or your insurer with certain information or services if you withdraw consent.

Right to Data Portability: The right to receive computerized personal information collected from you in a structured, commonly used and technological format and with your written direction, to have this information transferred directly to any person authorized by law to collect such information.

You may submit a request to exercise any of the rights listed above by contacting privacy@@claimlab.org

10. Our Privacy Complaint and Breach Management Process

TCL takes privacy complaints very seriously and has a procedure in place for escalating and managing any privacy related concerns to ensure that they are responded to in a timely and effective manner. Any suspected privacy breach must be escalated internally to TCL’s Privacy Officer who oversees the containment, investigation and corrective actions for the breach situation.

In the event that you are not satisfied with TCL’s resolution of a complaint or response to a privacy breach, you may escalate the matter to the relevant privacy regulator for the jurisdiction in which you reside.

11. Changes to this Policy

We may change this Privacy Policy from time to time in order to better reflect our current personal information handling practices. Thus, we encourage you to review this document frequently! The “Last Updated” date at the top of this Privacy Policy indicates when changes to this policy were published and are thus in force. Your continued use of TCL services following the posting of any changes to this Privacy Policy means you accept such changes.

12. How to Contact Us

Any inquires, concerns or complaints regarding privacy should be directed to:

Privacy Officer
The Claim Lab
P.O. Box 361 Sherborn MA 01770 USA
E-mail: privacy@claimlab.org

Your concerns will receive prompt attention. Our Privacy Office can also provide you with more detailed information about TCL’s policies and practices or assist you with completing an access to information request. Keep in mind however that e-mail or text messaging are not secure forms of communication, so never send confidential personal information to us this way.

Thank you for continued trust in The Claim Lab.

Scroll to Top