Cardinus Risk Management Privacy Policy

Cardinus is committed to protecting all personal data it holds irrespective of its form or where it is located.
Cardinus adheres to all data protection laws in the countries in which it operates and regularly reviews its controls and procedures to ensure continued compliance.

Cardinus offers various risk management software, services and products to organisations and individuals designed to help them identify and control their own organisational risks.

In offering these products and services, Cardinus will often need to process personal data on behalf of the instructing party (the client) with the specific aim of assisting them in understanding and reducing the risks they face.  When Cardinus collects, records or uses any personal data, all appropriate safeguards will be applied to ensure the relevant legislation is adhered to at all times.

What will we do with your information
Personal data will not be used for purposes other than those for which it was collected, except where required by law.  Personal data will only be retained for as long as is necessary to fulfil those purposes.

Who we share your information with
Cardinus do allow third parties access to certain personal data in order to fulfil their obligation in supplying certain services to its clients.  Any third parties granted access must commit to adhering to certain controls and procedures and accept joint liability with Cardinus for their actions when accessing personal data.

Direct Marketing
We have a responsible marketing policy and do not give details of our customers or related individuals to other company. We may contact our customers by mail, e-mail or telephone with details of products and services offered by Cardinus if consent has been granted.  Consent can be withdrawn at any time by emailing [email protected] or contacting via the website https://www.cardinus.com.

Lawful Basis
The lawful basis for Cardinus processing personal data is legitimate interest and adheres to key principles of data protection as set out in GDPR regulations and UK Data Protection Act 2018.

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

Your Rights
Individuals have various rights under privacy legislation.  A summary of these rights is set out below

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

US & Privacy Shield
Historically Cardinus LLC have complied with the Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from Europe to the United States.   However, since July 2020 the Court of Justice European Union deemed this mechanism as no longer suitable for transferring data under the GDPR regulations.

As result Cardinus now use standard contractual clauses with individual client when they are requested to do so and where it is deemed appropriate.  This is in place to ensure personal data can legally continue to flow to and from the United States.

Questions and complaints
If you have any questions or complaints about our processing of your personal data, you can contact us in writing at the address or email below.

UK and Europe:
Data Protection Officer
Cardinus Risk Management Limited
22 Bishopsgate
London
EC2N 4BQ
United Kingdom
[email protected]sglobalrisks.com
United States
Data Protection Officer
Cardinus LLC
4725 Piedmont Row Drive Ste 600
Charlotte
NC 28210
United States of America
[email protected]

Further information can be found at
https://www.ico.org.uk
https://ico.org.uk/ESDWebPages/Entry/Z658762X

https://www.privacyshield.gov/welcome

 

Last Reviewed: 17 February 2021

Start typing and press Enter to search