Cardinus Risk Management Privacy Policy

Cardinus is committed to protecting all personal data it holds irrespective of its form or where it is located.
Cardinus adheres to all data protection laws in the countries in which it operates and regularly reviews its controls and procedures to ensure continued compliance.

Cardinus offers various risk management software, services and products to organisations and individuals designed to help them identify and control their own organisational risks.

In offering these products and services, Cardinus will often need to process personal data on behalf of the instructing party (the client) with the specific aim of assisting them in understanding and reducing the risks they face.  When Cardinus collects, records or uses any personal data, all appropriate safeguards will be applied to ensure the relevant legislation is adhered to at all times.

What will we do with your information
Personal data will not be used for purposes other than those for which it was collected, except where required by law.  Personal data will only be retained for as long as is necessary to fulfil those purposes.

Who we share your information with
Cardinus do allow third parties access to certain personal data in order to fulfil their obligation in supplying certain services to its clients.  Any third parties granted access must commit to adhering to certain controls and procedures and accept joint liability with Cardinus for their actions when accessing personal data.

Direct Marketing
We have a responsible marketing policy and do not share details of our customers or related individuals to other companies. We may contact our customers by mail, e-mail or telephone with details of products and services offered by Cardinus if consent has been granted.  Consent can be withdrawn at any time by emailing [email protected] or contacting via the website https://www.cardinus.com.

Lawful Basis
The lawful basis for Cardinus processing personal data is legitimate interest and adheres to key principles of data protection as set out in GDPR regulations and UK Data Protection Act 2018.

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

Your Rights
Individuals have various rights under privacy legislation.  A summary of these rights is set out below

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

EU-US Data Privacy Framework
In 2023, the European Commission issued an adequacy decision on the EU-U.S. Data Privacy Framework (DPF). This new voluntary Framework, which replaces the Privacy Shield program, provides a mechanism for companies to transfer personal data from the EU to the United States in a privacy-protective way consistent with EU law.
Cardinus has certified to the Department of Commerce that it complies with the Data Privacy Framework principles.

Under the EU-U.S. Data Privacy Framework, Cardinus remains liable if its service provider or agent processes Personal Information received under the DPF in a manner inconsistent with its Principles, unless Cardinus was not responsible for the event giving rise to the damage.

If there is any conflict between the terms in this privacy policy and the DPF principles, the DPF principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Cardinus is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

To meet the requirements, Cardinus will:

  • observe the conditions regarding the fair collection and use of personal data
  • meet our obligations to specify the purposes for which personal data is used
  • collect and process appropriate personal data only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements
  • ensure the quality of personal data used
  • apply strict checks to determine the length of time personal data is held
  • ensure that the rights of individuals about whom the personal data is held, can be fully exercised
  • take appropriate security measures to safeguard personal data
  • ensure that personal data is not transferred abroad without suitable safeguards.

Cardinus will only disclose an individual’s non-public personal information to third parties where required to the extent necessary to meet a legal obligation, including a lawful request by public authorities and national security or law enforcement obligations and applicable law, rule, order, or regulation.

Cardinus has further committed to refer unresolved privacy queries under the EU-U.S. Data Privacy Framework to an independent dispute resolution mechanism.  If you have an unresolved privacy or data use concern that Cardinus has not satisfactorily addressed, please contact your EU Data Protection Authority for resolution.  You may also have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms.  Additional information can be found here: https://www.dataprivacyframework.gov/framework-article/G%E2%80%93Arbitration-Procedures

Questions and complaints
If you have any questions or complaints about our processing of your personal data, you can contact us in writing at the address or email below.

UK and Europe:
Data Protection Officer
Cardinus Risk Management Limited
22 Bishopsgate
London
EC2N 4BQ
United Kingdom
[email protected]
United States
Data Protection Officer
Cardinus LLC
4725 Piedmont Row Drive Ste 600
Charlotte
NC 28210
United States of America
[email protected]

Further information can be found at
https://www.ico.org.uk
https://ico.org.uk/ESDWebPages/Entry/Z658762X
https://www.dataprivacyframework.gov/Program-Overview

Last Reviewed: 14 March 2024

Start typing and press Enter to search