This Privacy Notice sets out how Cardinal handles, stores, uses and shares your personal information when it collects such information from you or from a third party.
The Data Controller is Cardinal Management Ltd, located at Bailey House, 4-10 Barttelot Road, Horsham, West Sussex, RH12 1DQ.
What we collect and how we use personal data
Cardinal processes personal data of individuals and these include names, addresses, telephone numbers, email addresses, financial details, employment details and educational details. Cardinal processes personal data to enable it provide health services to its service users, to maintain accounts and records, promote its services and manage / support employees.
Cardinal does not sell personal information to anyone. We will only share it with third parties who are facilitating the delivery of Cardinal’s services, or to whom you as the data subject have explicitly consented to sharing your data with.
How we share your personal information
Cardinal may need to share your personal information with other organisations. Where such sharing is necessary, we will comply with the requirements of the GDPR on data sharing. The types of organisations / groups that we may share personal data with are set out below:
- Healthcare professionals including the NHS
- Social & welfare organisations
- Central government
- Business associates and approved business partners
- Families, associates, representatives of the person whose personal data is processed
- Suppliers and service providers
- Financial organisations
Your rights as a Data Subject
You have the following rights in relation to your personal information which you can exercise by writing to the Data Protection Officer at the following address:
Data Protection Officer, Cardinal Management Ltd, Bailey House, 4-10 Battelot Road, Horsham, West Sussex, RH12 1DQ.
- Right to request access to your personal information and information relating to our use and processing of your personal information;
- Right to request that we restrict our use of your personal information;
- Right to receive your personal information in a structured commonly-used and machine-readable format or transmit the data directly to another Data Controller;
- Right to object to the processing of your personal information for certain purposes such as direct marketing and profiling;
- Right to request your personal information to be erased where it is no longer necessary for the purpose for which it was collected
- Right to withdraw your consent to the use of your personal information where the processing of your data is based on consent.
How long we retain your personal information
We will retain your personal information for no longer than necessary taking
into account the following:
- The purpose(s) for which we are processing your personal information, such as whether it is necessary to continue to store that information in order to perform our obligation under a contract;
- Whether we have any legal obligation to continue to process your personal information such as any recordkeeping obligations imposed by an applicable law;
- Whether we have a business reason to continue to process your personal information;
How we secure your personal information
We take appropriate technical and organisational measures to secure your personal information and protect it against unauthorised or unlawful processing as well as against its accidental loss or destruction or damage including:
- Using secure servers to store your personal information;
- Using Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt confidential data in transit and at rest;
- Verifying the identity of individuals that access your personal information;
- Providing access to the minimum personal data necessary, using appropriate restrictions and anonymisation/pseudonymisation whenever possible
Transfer of your personal information to other countries
We make every effort to store all our data within the European Economic Area (EEA), however we may need to transfer your personal information to countries outside the European Economic Area (EEA) or to an international organisation from time to time.
Questions and Concerns
If you have any question or concern on how we collect, handle, store or secure your personal information, contact our Data Protection Officer using the details below:
Cardinal Management Ltd
4-10 Barttelot Road
West Sussex, RH12 1DQ
You also have the right to lodge a complaint with the Supervisory Authority and for the UK this is the Information Commissioner’s Office (ICO). Cardinal Management are registered with the ICO and our registration number is ZA149117.
The ICO’s contact details are:
Information Commissioner’s Office
Water Lane, Wilmslow
Cheshire, SK9 5AF
Tel: 0303 123 1113