Terms and conditions
The following terms and conditions form an amendment to the agreement between your organisation and Posturite Limited with respect to the delivery of the WorkRite service. You are required to read and accept them as part of the execution of a legal contract to provide your organisation with a service as defined by article 6 of GDPR. Please read them carefully and only accept them if you are certain you have the authority to do so. If you choose to decline the amendment, because you are unsure or require further information, please contact firstname.lastname@example.org. Under the GPDR Regulations, we are required to inform you by way of a Privacy Information Notice that we (Posturite Limited), are the Data Processor who is collecting this data on behalf of your employer/organisation who is the Data Controller. This data will be personal data and may additionally contain special category data as defined under article 9 of GDPR. It will include the name, employment location, email address(es), and the results of any tests or modules completed. If a DSE self-assessment questionnaire is undertaken, users are invited to describe any musculoskeletal and workstation issues they may be experiencing. This could potentially include information that the organisation/employer was not previously aware of and could potentially be disclosed in the reports provided to them. This data will be seen by the WorkRite Client Administrators and others as defined by your employer. It could be potentially viewed by a small number of WorkRite Support and Service Delivery personnel within Posturite Limited for the monitoring of quality and service delivery to your organisation in the execution of the contract. We (Posturite Limited) do not own this data, your organisation does as the Data Controller thus we (Posturite Limited) operate under the specific direction of your organisation’s Data Controller as to what data we collect and how we should process it. Posturite Limited as a Data Processor to your organisation have in place many policies and procedures to the data and these policies and procedures include but are not limited to ISO 27001 certification, Data Protection Policies and Procedures as well as a fully externally UKAS audited and certified Information Security Management System (ISMS). Posturite Limited has in place a number of technical measures to protect your data, multilevel firewalls, AES256 encrypted databases, physical and logical access controls, Role Based Access Controls (RBAC) with least privilege used, no shared accounts and multi-factor logins. Our cloud service provision uses a state of the art facility with 24hr guards, CCTV, physical and biometric access controls and other undisclosed systems. The data is housed within the EU, backed up in the UK and is NOT exported outside the EU. We (Posturite Limited) do not share the data with any other party unless instructed to by your organisation. If you require any further information, please contact your organisation’s Data Controller.