LAST UPDATED: – April 2021
At The Claim Lab (TCL), your privacy is of great importance to us. TCL is dedicated to the protection of the personal information of our clients’ employees who use our services, website visitors and other individuals whose personal information is entrusted to TCL.
- Accountability for Privacy Compliance
- Collecting Personal Information
- Your Consent
- Using Your Information
- Sharing Your Information
- Keeping Your Information Safe
- Access to Your Personal Information
- Your Information – How Long Do We Keep It For?
- Our Privacy Complaint and Breach Management Process
- Changes to this Policy
- How to Contact Us
1. Accountability for Privacy Compliance
TCL takes full responsibility for the management and confidentiality of personal information. Personal information is collected, used, shared, and stored in accordance with all applicable privacy laws that apply to TCL’s clients, TCL as a separate legal entity, as well as internationally recognized Generally Accepted Privacy Principles (GAPP privacy framework).
TCL has appointed a Privacy Officer who oversees compliance with privacy laws and best practice. The Privacy Officer’s duties include:
- Developing and, on a regular basis, reviewing TCL policies and practices to ensure consistent implementation and compliance;
- Ensuring all staff are trained on privacy best practices and are aware of the importance of safeguarding any personal information that they are privy to;
- Ensuring that all inquiries and complaints relating to privacy are appropriately handled; and
- Ensuring all third parties to whom TCL provides access to personal information adhere to appropriate standards of care in managing that information.
2. Collecting Personal Information
‘Personal information’ is any factual or subjective information, recorded or not, about an identifiable individual. This includes your name, contact information, birthdate, and any identifiable on-line activity. It also includes information such as details about your current health and wellness, which is sensitive personal information that we treat with extra care.
Aggregate and de-identified information that cannot be associated with a specific individual is not personal information.
Personal information will be collected using TCL’s on-line questionnaires completed by you or your employer as well as other information that may be provided by other third parties such as your insurance company. We collect only the personal information needed to offer and deliver our services and do so with your consent or as otherwise authorized by law.
Most of the personal information TCL gathers comes directly from you. In those instances where information is collected from your employer, or other organizations such as your insurance company, your personal information will be respected in exactly the same way as if we collected it from you personally.
3. Your Consent
We obtain your consent when you commence the completion of a questionnaire. We always obtain your express consent when you provide information to TCL. Your consent is only implied for non-sensitive information when we can reasonably conclude that you’ve given consent by your actions, or when it is obvious that you would consent if directly asked.
Note that there may be instances where the law permits the collection, use or disclosure of your personal information without your consent, for example in the context of fraud investigations, and where necessary to protect our legal interests or the safety of others. In other contexts, your consent can be withdrawn at any time, subject to legal or contractual restrictions, by providing us with written notice. Upon receipt of notice of withdrawal of consent, we will inform you of the likely consequences of withdrawing your consent before we process your request, which may include the inability of TCL to provide you or your insurer with particular services.
4. Using Your Information
We collect and use personal information, on behalf of your insurance provider, to help understand your needs and requirements, the impact of your symptoms on your ability to function, and to help identify if there is anything they can do to assist with your return to work.
When you use TCL’s website, we automatically receive and record information on our server logs from your browser or mobile platform, including the date and time of your visit, your IP address, unique device identifier, browser type and other device information (such as your operating system version and mobile network provider). By setting cookies, TCL is able to enhance a user’s on-line experience (e.g. we may identify you as a return visitor in order to provide you with a more meaningful visit). You can disable cookies through your website browser, however some areas of the site may not work properly with cookies disabled.
The information we collect when you visit TCL on-line is used strictly to analyze and improve the performance of our digital services.
5. Sharing Your Information
Your personal information is shared with your insurance provider in accordance with our contractual relationship with them. Only authorized persons have access to your data as required by your insurance provider.
TCL will only release your personal information when we believe such release is appropriate in order to comply with the law, for example, if we receive a subpoena, court order or request from government authorities. Unless otherwise required by law, such disclosure would only take place in consultation with your insurance provider. If anyone else requests information in your file, we will only provide it if you have authorized us to release it to them.
6. Keeping Your Information Safe
TCL has implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful access to the personal information we manage and store. We have also taken steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by TCL significantly reduce the likelihood of a data security breach.
Here are some examples of the security controls we have in place:
- The use of encryption, firewalls, anti-virus programs and robust authentication processes, including complex passwords, for electronic records; which are regularly upgraded to address new security threats;
- Limited access to personal information by employees on a “need-to-know” basis;
- The use of data centers with effective physical and logical data security controls;
- Staff that are keenly aware of their data protection responsibilities; and
- Regular reviews of privacy compliance and best practice initiatives.
7. Access to Your Information
We make every effort to ensure that the personal information we hold is accurate, complete and up-to-date for the purposes for which we collect it. You can make a written request for access to your personal information at any time, and also request that it be corrected if there are any inaccuracies. You will need to provide as much information as you can to help us process your request and locate the information you require.
If you need assistance in preparing your request, please contact us and we would be pleased to help you. Upon your written request, TCL will also inform you of how your personal information has been or is being used, and who your personal information has been shared with. If we have obtained information about you from other people, we will let you know who we got it from, upon your request.
TCL responds to access requests within 30 days, unless an extension of time is required. We may charge a nominal fee to cover any expenses related to responding to your access request. Note that there may be contexts where access must be refused or only partial information can be provided, for example, in the context of an on-going investigation or litigation, or if another individual’s personal information or identity must be protected.
8. Your Information – How long do we keep it for?
TCL retains personal information for as long as necessary to fulfill legal or business purposes as specified by your insurance provider.
Once your information is no longer required by TCL to administer services and meet contractual, legal or regulatory requirements, it is securely destroyed, erased or made anonymous. Keep in mind however that residual information may remain in back-ups for a period of time after its destruction date.
9. Our Privacy Complaint and Breach Management Process
TCL takes privacy complaints very seriously and has a procedure in place for escalating and managing any privacy related concerns to ensure that they are responded to in a timely and effective manner. Any suspected privacy breach must be escalated internally to TCL’s Privacy Officer who oversees the containment, investigation and corrective actions for the breach situation.
In the event that you are not satisfied with TCL’s resolution of a complaint or response to a privacy breach, you may escalate the matter to the relevant privacy regulator for the jurisdiction in which you reside.
10. Changes to this Policy
11. How to Contact Us
Any inquires, concerns or complaints regarding privacy should be directed to:
The Claim Lab
P.O. Box 361 Sherborn MA 01770 USA
Your concerns will receive prompt attention. Our Privacy Office can also provide you with more detailed information about TCL’s policies and practices or assist you with completing an access to information request. Keep in mind however that e-mail or text messaging are not secure forms of communication, so never send confidential personal information to us this way.
Thank you for continued trust in The Claim Lab.