This Data Privacy Notice describes the practices of ComPsych Corporation and its affiliates, including ComPsych International, Inc., (collectively “Company”) with respect to the collection, use, storage, and disclosure (“processing”) of Personal Information covered by the General Data Protection Regulation (“GDPR”) of the European Union (“EU”) and the Data Protection Act of 2018 of the United Kingdom (“UK”) (collectively referred to as the “Data Protection Regulations” for purposes of this Notice), about customers or potential customers in the European Economic Area (“EEA”) and the UK. Company is a leading provider of employee assistance programs and behavioral health, work-life, wellness and HR administration services. Please also see our Data Privacy Framework Policy and Privacy and Terms of Use for additional information related to data privacy.
“Personal Information,” as used in this Notice, means any information that can be used to identify you, whether directly or indirectly, including by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
The Information We Process About You
We process the information we collect from you directly when you inquire about and access services, and indirectly from third parties, such as other service providers.
Company minimizes access to Personal Information so that only as much information is shared as is needed. When giving a referral, for instance, we use only a first name and initial with a reference number and do not share other personal information. We only collect enough information to clearly identify each individual so that they will not be confused with others and a short summary of the individual’s issue so that we can make a proper referral. The Personal Information is never used to profile individuals and is never shared with employers or anyone else who is not involved in providing the services requested unless we have obtained your explicit consent to share Personal Information or as required or allowed under law.
Purposes and Legal Basis for Processing Your Data
The Personal Information held by Company is collected and processed solely to provide the information and services offered by our employee assistance programs. We also use this data to: (a) to manage and administer employee assistance programs, behavioral health programs, work-life services, and health and wellness programs; (b) to communicate with you; (c) to provide customer service or technical support; (d) to assess and improve the quality of our website, products, services and business operations; (e) to satisfy governmental reporting and tax requirements; (f) to address security, health, and safety concerns; (g) to plan and implement potential acquisitions and mergers; and (h) for other business-related purposes permitted or required under applicable local laws and regulations.
In the case of Sensitive Personal Information (which means Personal Data that discloses a data subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation or trade union membership), we process information either (i) because we have your consent to do so, (ii) because we are required to process the information to comply with applicable laws, or (iii) because processing is necessary for the provision of services to you.
Company may process Personal Information and/or Sensitive Personal Information where such processing: (a) is based on the consent of the data subject; (b) is in the vital interests of the data subject or another person; (c) is necessary for the establishment of legal claims or defenses, to obtain legal advice, or for the purposes of establishing, exercising or defending Company’s legal rights; (d) is required to provide behavioral and medical care or diagnosis; (e) is necessary to carry out Company’s obligations under applicable employment, workers’ compensation, public health or other laws; (f) is necessary for specified public health activities and purposes; (g) is data manifestly made public by the data subject; (h) is required by law enforcement officials or public authorities in response to a lawful request made pursuant to national security interests or law enforcement requirements; or (i) as otherwise required or permitted by law.
When we process your Personal Information and Sensitive Personal Information on the basis of your consent, you may withdraw that consent at any time by contacting our Privacy Official. If you withdraw your consent, we may still be required to process your Personal Information and Sensitive Personal Information to comply with applicable law, but we will explain to you at the time your consent is withdrawn what processing activities will continue for legal compliance purposes.
You may obtain additional information about the processing of your Personal Information, including Sensitive Personal Information, by contacting our Privacy Official at [email protected]
Recipients of Your Personal Information
Your Personal Information will be received and processed by Company, including third parties who provide services in connection with the purposes of processing described above.
Retention
Personal Information will be retained only for as long as accounts are active or retention is required as a matter of contract or law.
Data Subject Rights
You have the right to the following information regarding Company’s processing of your Personal Information:
- the purposes of the processing,
- the categories of Personal Information collected,
- the recipients or categories of recipients to whom the Personal Information has been or will be disclosed,
- where possible, the predicted period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period.
- This Notice is intended to provide this information. Any questions about these details may be directed to our Privacy Official.
You may also have the following additional rights with respect to your Personal Information processed by Company:
- The right to request access to the Personal Information that Company has collected about you
- The right to request rectification of any data that is inaccurate or incomplete.
- The right to request a copy of your Personal Information in electronic format so that you can transmit the data to third parties, or to request that Company directly transfer your Personal Information to one or more third parties.
- The right to object to the processing of your Personal Information for certain purposes.
- The right to erasure of your Personal Information when it is no longer needed for the purposes for which you provided it, as well as the right to restriction of processing of your Personal Information to certain limited purposes, where erasure is not possible.
- The right to lodge a complaint with the supervisory authority for the country where you live or work or where you believe that your rights have been violated.
- Company does not operate any automated decision-making systems, so the right to opt-out of such is not applicable.
Contact Company’s Privacy Official at [email protected] for additional information related to your rights or to make a request. When contacting the Privacy Official, be sure to provide enough information for us to identify your records and contact you if we need to clarify or discuss your request.
ComPsych Corporation is the Controller of data collected from those who contact us. The company’s corporate headquarters are located at:
ComPsych Corporation
455 N. Cityfront Plaza Drive, 13th Floor
Chicago, IL 60611
USA
Questions or Complaints
Our Company welcomes communication from you related to this Notice, your rights and any comments or complaints you may have related to the privacy of the Personal Information we process about you. If you are not satisfied with our response or believe that we are not processing your data in accordance with the law, you may file a complaint with the data protection authority in the UK or in any EEA Member State where you habitually work, live, or believe an infringement of the Data Protection Regulations occurred.
- Please find a list of data protection authorities in the EEA at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
- In the United Kingdom, the data protection authority is:
The Information Commissioner’s Office
Tel. +0303 123 1113
Website: https://ico.org.uk/
Company reserves the right to revise this Notice to ensure compliance with applicable law and regulatory guidance at any time. Revised notices will be posted on our website.
Revised August 2023