This policy was last updated in July 2021.
At ERGOMED, we are strongly committed to protecting your privacy. We are happy to explain our online information practices and the choices you can make about the way your information is processed. Please note that Ergomed PLC, with registered offices at 1 Occam Court, Surrey Research Park, Guildford, Surrey, GU2 7HJ, United Kingdom (hereinafter referred to as ‘ERGOMED’ and/or ‘we’), is the data controller of the personal data that we hold about you within the scope of this Policy.
This Policy applies to all personal data, whether in electronic, paper, or oral format, of visitors/users of ERGOMED’s websites and ERGOMED’s job applicants. If you are ERGOMED’s employee, contractor, and/or Client, please note that there are separate privacy policies that are regulating details of personal data processing. Relevant documents shall be always shared with you before processing takes place.
Why does ERGOMED collect personal data?
Under this Policy, ERGOMED processes personal data for the following purposes:
- to stay in touch with website visitors who contacted us directly, potential clients, and potential partners for marketing and business development purposes;
- to assess/consider candidates regarding a current and/or future job application (please see below ‘Recruiting Software – SmartRecruiters’ for additional clarification);
- to ensure ERGOMED’s IT systems are secure and robust against unauthorised access;
- for other legitimate interests that are not overruling your rights.
Please note that there may be more than one business reason for processing your personal data.
The legal basis for processing your personal data might be:
- the processing is necessary to take steps at your request before entering into a contract;
- that you have given your consent concerning one or more purposes;
- the processing is necessary to pursue a legitimate, primarily business-related, interest.
What personal data does ERGOMED collect?
ERGOMED endeavours to process personal data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the data subject. The list below identifies the categories of data subjects that ERGOMED processes under this Policy:
- visitors/users of our webpages;
- business contacts;
- job applicants.
The list below identifies the categories of personal data that ERGOMED collects:
- name and contact information;
- ICT related personal data;
- Online activity data, including browsing history, search history, clickstream data, and other information about your interactions with our services, websites, applications, social media pages, and email communications. Ergomed, Ergomed’s service providers and business partners also collect this type of information over time and across third-party websites;
- privacy regulation related personal data – consents, privacy rights requests, etc.;
- HR-related personal data for job applicants.
Human Resource data: ERGOMED collects personal data of job applicants which are relevant to decide on their employment. ERGOMED may also conduct a background check as well as collect the right to work documentation as required by law.
NOTE: Please pay attention! ERGOMED is partnering with SmartRecruiters and is using its recruitment software platform. Keep in mind that there are specifics with regards to personal data processing for job seekers using SmartRecruiters’ Recruiting Software!
Recruiting Software – SmartRecruiters
ERGOMED is using services provided by SmartRecruiters. SmartRecruiters is a technology services company that provides a recruitment software platform to other businesses. This software helps ERGOMED to publicise its roles, manage its interaction with candidates, assess suitability, and manage the offer process. It is important to note that SmartRecruiters is an external partner and it will process your personal data in a manner differently than elaborated in this Policy. Please follow the link to familiarize yourself with all details of processing by SmartRecruiters: https://www.smartrecruiters.com/legal/candidate-privacy-policy/may-14-2019/.
Please be aware that you may be required to set up a personal account (“Candidate Portal”) which allows you to manage different job opportunities and track your applications of several Employers (one of them potentially being ERGOMED). In your Candidate Portal, which is accessible on https://my.smartrecruiters.com/, you may register through the email you received after applying, or if your consent was requested. This is operated by SmartRecruiters for which it is responsible. The registration requires your email address and a password. Your profile will be made available and visible to the Employer to which you applied. You will receive job alerts from the Employers to which you applied. In order to provide world-class services to you and the Employer, SmartRecruiters uses third-party providers to help perform statistical analysis, technical support, and data hosting. Your application information will be collected by SmartRecruiters and be made available to you through the Candidate Portal. SmartRecruiters will never sell, rent, or lease the collected personal data.
Please note that SmartRecruiters will collect the following data from you:
- Data that you input during the application process or job alert creation (such as contact information, experience and education, attachments and answers to screening questions.
- Your IP Address and login information (email address and encrypted password) for your Candidate Portal; and
- Cookies, which allow SmartRecruiters to know how their services are accessed and used.
How personal data will be collected?
Under this Policy, your personal data will be collected as:
- Information you give us – through the online forms (e.g. Contact Us Form) or paper forms, emails, phone calls, application/recruitment process and others.
- Information we receive about you from other sources – we may possibly receive your personal data from a third party too (for example from a recruitment company). Further information will be obtained directly from you during the course of your engagement with us, for example through communication with you.
The use of the cookies, Google Analytics & plugins
ERGOMED uses analytical cookies for web research and statistics. Cookies are small text files that are placed on your computer, smartphone, or other devices when you access the internet. We want to understand how visitors use our websites and this helps us to improve the website’s content. We may use third parties to serve advertisements on other websites that may be of interest to you, based on information collected about your use of our Sites and other websites. To do so, these companies may place or recognize a unique cookie on your browser (including through the use of pixel tags and web beacons). Furthermore, we use functional cookies that are necessary for the proper function of our websites. ERGOMED collects anonymized statistical data only through Google Analytics, such as which sections you have visited and for how long you have been in our environment. This in turn allows optimisation of the content and pages and the marketing programs that drive traffic to the website. Google Analytics does not store any personal information about website visitors, but does use persistent cookies to identify repeat visitors. You may universally opt-out of all Google Analytics tracking used by all websites by visiting the following url – https://tools.google.com/dlpage/gaoptout. The information generated by Cookies about your use of the website (including your IP address) will be directly transmitted and stored by Google on servers in the United States. Google will use this information on our behalf for the purpose of keeping track of your use of the website, compiling reports of website activity, and providing other services related to website activity and internet use. Google will not associate your IP address with any other data available to Google. Google may also collect information about domain visitors’ use of other websites. For more information about Google Analytics, or to opt out of Google Analytics, please go to: https://analytics.google.com
We use Email Marketing Post-Click Tracking Cookies. These cookies are used to report on the pages that have been viewed by visitors to the site who have followed links from our email marketing campaigns. This analysis helps us to understand additional content that is viewed by the contacts in our database and therefore allows us to improve and tailor future campaigns to those contact’s specific areas of interest.
Finally, we use Beacons/Pixels. On our website and in our e-mails, we use web beacons. When we send emails to Customers, we may track behaviour such as who opened the emails, who clicked the links and which pages of our website they have visited. This allows us to measure the performance of our email campaigns and to improve our Service and website. To do this, we include single pixel, also called web beacons, in emails we send. Web beacons allow us to collect information about when you open the email, your IP address, your browser or email client type, and other similar details. We also include Web Beacons in the emails we deliver for you. We use the data from those Web Beacons to create reports about how your email campaign performed and what actions your Contacts took. Reports are also available to us when we send email to you, so we may collect and review that information.
Please note that you can find sharing buttons on our websites (for Facebook, Twitter, etc.). Once you use these buttons you will be linked to the social media websites with their own privacy policies (they are not our personal data processors).
ERGOMED uses a variety of security measures (physical, organizational, electronic, and technical) to enhance the security of personal data processing – both internally and on webpages to secure any personal information from loss, misuse, unauthorized access or disclosure, alteration, or destruction. ERGOMED operates in compliance with detailed policies and procedures. We put in place appropriate, industry-accepted controls and measures to mitigate and manage the risk, including but not limited to security policy, physical and logical security, access control, firewalls including intrusion prevention system, data encryption, anti-malware scanners, security patching, backups & disaster recovery plans, and staff training.
Disclosure and transfer of personal data
ERGOMED shall NOT trade in any way with your personal data. All information collected through our websites will be sent through to company mailboxes and further processed in the company’s internal network. We use selected contract-based processors for processing your personal data which assure the same level of your personal data security as we do.
We may disclose personal data to our subsidiaries and affiliates Ergomed is the party responsible for the management of the jointly-used personal data. All companies within the ERGOMED Group have executed the Intercompany Personal Data Processing Agreement and adhere to the Ergomed Group Personal Data Protection Policy with the purpose to create common policies and procedures for all the ERGOMED Group and to comply with data protection legislation while processing and transferring personal data between themselves and with third parties.
The cross-border transfer of personal data to a third country (a country which is neither an EU member nor an EEA member and which do not ensure an adequate level of data protection as per GDPR) will be carried out by ensuring compliance with all the formalities and procedures reasonably required by the GDPR, such as the execution of Standard Contractual Clauses obtaining the written explicit consent of data subjects, etc.
Please note that Ergomed may release personal data when we believe that release is necessary or appropriate
- under applicable law, including laws outside your country of residence;
- to comply with legal process;
- to respond to requests from public and government authorities including public and government authorities outside your country of residence;
- to enforce or apply our conditions of use and other agreements;
- to protect our operations or those of any of our affiliates;
- to allow us to pursue available remedies or limit the damages that we may sustain; and
- to protect the rights, privacy, property, or safety of Ergomed, our employees, our affiliates, our users, or any other person or entity. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
For how long does ERGOMED store personal data?
We will retain your personal data during the statutory (including fiscal) retention periods and limitation periods. If such periods do not apply to the relevant personal data, we will keep your personal data for no longer than is necessary for the purposes for which the personal data is processed, unless the law requires us to hold your personal data for a longer period, or delete it sooner, or unless you exercise your right to have your data erased and we do not need to hold it in connection with any of the reasons permitted or required by law.
Your IP-address, collected during your website visits, will be deleted as soon as possible, unless there are legitimate security reasons for keeping it. Please note that when you unsubscribe from our marketing communication, we will keep a record of your email address to ensure that we do not send you marketing emails in future. At the end of the retention period, your data will be reviewed and deleted, unless there is a specific legitimate reason for keeping it.
What are your privacy rights?
Please note that you have the right to:
- be informed– this means that you will be informed that ERGOMED is processing your personal data;
- access– this means that you have the right to access the personal data ERGOMED keeps about you;
- rectification– should any data ERGOMED keeps about you be incomplete or inaccurate, you have the right to request ERGOMED to correct it;
- erasure– you have the right to ask ERGOMED to erase your personal data from ERGOMED’s systems;
- restriction of processing– in certain cases you have the right to request ERGOMED to refrain from processing your personal data;
- object to processing– in certain cases you have the right to object to processing of your personal data by ERGOMED;
- portability– this means that you have the right to request the transfer of your personal data in a structured, commonly used, and machine-readable format to another party.
- withdraw the consent given– this means that you can withdraw your consent (if previously given) at any time, without affecting the lawfulness of any processing based on consent before its withdrawal;
- not to be subject to the decision based solely on automated processing– this means that ERGOMED may not make any decision based solely on automated processing. Please note that ERGOMED does not process personal data in this way.
You need to be aware that there are exceptions/limitations to the above rights. For example, access to personal data may be denied in some circumstances if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information. Also, deletion of data will not be possible during the applicable retention periods based on labour and other relevant laws. Furthermore, you have the right to lodge a complaint with your national data protection authority.
If you wish to exercise your rights, it is required to make a request in writing to the Data Protection Officer. You shall be asked to complete a specific request form available upon written request to the Data Protection Officer. You must properly identify yourself to enable the fulfilling of the right.
What if you do not want to provide us with your personal data?
Providing appropriate personal data is a precondition for specific services, such as the performance of an executed contract, the possibility to apply successfully for a job, or where there is a legal obligation to process the personal data. Failure to provide specific personal data may affect ERGOMED’s ability to enter into a contract with you, to contact you, and/or to proceed with the selection procedure (e.g. job applicant).
Amendment of this Policy
We reserve the right to change this Policy from time to time, consistent with the requirements of the privacy regulation and best practices. If we decide to change this Policy, we will announce it by publishing our amended Policy online.
Contact, questions and further information
ERGOMED appointed the group Data Protection Officer for all ERGOMED group companies. Should you have any questions regarding this Policy or the processing of your personal data, please send an email to DPO@ergomedplc.com.
If you are located in the EU/EEA, and you would like to contact us or exercise any privacy right elaborated above, you might directly contact our dedicated EU GDPR Representative: Ergomed istraživanja Zagreb d.o.o.
- by sending an email to GDPRREP@ergomedplc.com or
- via post: Oreškovićeva 20A, 10010 Zagreb, Croatia.