This Privacy Policy explains how Oria CM collects, uses, shares, and protects personal data when you use our website and services. Because Oria CM supports rehabilitation case management, we may process health and other sensitive information, which we treat with particular care.
Oria CM is operated by Oria Group Ltd (Company No. 16209392), registered at 3 Brindley Place, Birmingham, B1 2JB. For the purposes of UK data protection law, Oria Group Ltd is the data controller for the personal data described in this policy, except where we act as a processor on behalf of an instructing funder or client. [CONFIRM controller/processor split with adviser.]
We may collect identity and contact details, professional details, account and usage information, communications you send us, and information you provide when you enquire about or use our services. [LIST actual categories captured across Oria One, Oria CM, and the website forms.]
Where we manage rehabilitation cases, we may process special category data, including health and medical information about injured people. We only process this data where a lawful basis and an Article 9 condition apply. [CONFIRM the specific Article 9 condition(s) relied upon.]
We use personal data to provide and administer our services, coordinate rehabilitation and care, communicate with you, meet legal and regulatory obligations, and improve our services. [DESCRIBE the actual processing activities.]
We rely on one or more lawful bases under UK GDPR, which may include contract, legal obligation, legitimate interests, and consent. [MAP each processing purpose to its lawful basis.]
We may share personal data with instructing funders, legal representatives, clinicians and care providers involved in a case, and our service providers, in each case subject to appropriate safeguards. [LIST recipient categories.]
We use trusted third parties to host and operate our services. [LIST processors, for example hosting, email delivery, and care-recording providers, and confirm data processing agreements are in place.]
Where personal data is transferred outside the UK, we put appropriate safeguards in place, such as adequacy regulations or standard contractual clauses. [CONFIRM whether any transfers occur.]
We keep personal data only for as long as necessary for the purposes described in this policy and to meet legal, regulatory, and clinical record-keeping obligations. [SET retention periods.]
Subject to certain conditions, you have rights to access, rectify, erase, restrict, and object to the processing of your personal data, and to data portability. To exercise any of these rights, please contact us using the details below.
Our website uses cookies and similar technologies. Please see our Cookies page for details of the cookies we use and how to manage your preferences.
We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. [SUMMARISE key safeguards.]
We may update this policy from time to time. When we do, we will revise the date at the top of this page and, where appropriate, notify you.
If you have questions about this policy or wish to exercise your rights, please contact us at [INSERT contact email]. If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
