Privacy Policy

Privacy Notice

This Privacy Notice sets out how Cardinal handles, stores, uses and shares your personal information when it collects such information from you or from a third party.

The Data Controller is Cardinal Management Ltd, located at Frenkel House, 15 Carolina Way, Salford, Manchester, England, M50 2ZY

What we collect and how we use personal data

Cardinal processes personal data of individuals and these include names, addresses, telephone numbers, email addresses, financial details, employment details and educational details. Cardinal processes personal data to enable it provide health and advice services to its service users, to maintain accounts and records, promote its services and manage / support employees.

Cardinal does not sell personal information to anyone.  We will only share it with third parties who are facilitating the delivery of Cardinal’s services, or to whom you as the data subject have explicitly consented to sharing your data with.

How we share your personal information

Cardinal may need to share your personal information with other organisations. Where such sharing is necessary, we will comply with the requirements of the UK GDPR on data sharing.  The types of organisations / groups that we may share personal data with are set out below:

  • Healthcare professionals including the NHS
  • Social & welfare organisations
  • Central government
  • Business associates and approved business partners
  • Families, associates, representatives of the person whose personal data is processed
  • Suppliers and service providers
  • Financial organisations

Your rights as a Data Subject

You have the following rights in relation to your personal information which you can exercise by writing to the Data Protection Officer at the following address:

Data Protection Officer, Cardinal Management Ltd, 2A the Quadrant, Upper High Street, Epsom, KT17 4RH

  • Right to request access to your personal information and information relating to our use and processing of your personal information;
  • Right to request that we restrict our use of your personal information;
  • Right to receive your personal information in a structured commonly-used and machine-readable format or transmit the data directly to another Data Controller;
  • Right to object to the processing of your personal information for certain purposes such as direct marketing and profiling;
  • Right to request your personal information to be erased where it is no longer necessary for the purpose for which it was collected
  • Right to withdraw your consent to the use of your personal information where the processing of your data is based on consent.

How long we retain your personal information

We will retain your personal information for no longer than necessary taking

into account the following:

  • The purpose(s) for which we are processing your personal information, such as whether it is necessary to continue to store that information in order to perform our obligation under a contract;
  • Whether we have any legal obligation to continue to process your personal information such as any recordkeeping obligations imposed by an applicable law;
  • Whether we have a business reason to continue to process your personal information;

How we secure your personal information

We take appropriate technical and organisational measures to secure your personal information and protect it against unauthorised or unlawful processing as well as against its accidental loss or destruction or damage including:

  • Using secure servers to store your personal information;
  • Using Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt confidential data in transit and at rest;
  • Verifying the identity of individuals that access your personal information;
  • Providing access to the minimum personal data necessary, using appropriate restrictions and anonymisation/pseudonymisation whenever possible

Transfer of your personal information to other countries

We make every effort to store all our data within the European Economic Area (EEA), however we may need to transfer your personal information to countries outside the European Economic Area (EEA) or to an international organisation from time to time.

Our use of cookies and similar technologies

We use cookies and similar technologies on our website. For further information on how we use cookies and similar technologies, including the information we collect through our use of cookies please see our Cookies Policy. The Cookies Policy is available through this link.

Questions and Concerns

If you have any question or concern on how we collect, handle, store or secure your personal information, contact our Data Protection Officer using the details below:

Cardinal Management Ltd

2a The Quadrant
Upper High Street
KT17 4RH
Tel: 0330 043 2829

You also have the right to lodge a complaint with the Supervisory Authority and for the UK this is the Information Commissioner’s Office (ICO). Cardinal Management are registered with the ICO and our registration number is ZA149117.

The ICO’s contact details are:

Information Commissioner’s Office

Wycliffe House
Water Lane, Wilmslow
Cheshire, SK9 5AF
Tel: 0303 123 1113