Cardinus is committed to protecting the privacy of our employees and those who do business with us.
Cardinus develop and supply a variety of risk management software programs designed to identify risk and allow employers to mitigate that risk to comply with any relevant laws and policies. As such we collect and use personal data about people including employees; prospective customers; customers; customers’ employees in order to carry on its business and meet its customers’ requirements effectively. We recognise that the lawful and correct treatment of personal data is very important to successful operations and to maintaining our customers’ confidence in ourselves.
Any personal data which we collect, record or use in any way whether it is held on paper, on computer or other media will have appropriate safeguards applied to it to ensure that we comply with the Data Protection Act 1998 and the Safe Harbor program.
In Europe, Cardinus endorses and adheres to the eight principles of Data Protection as set out in the Data Protection Act 1998. These principles state that personal data must be :-
- fairly and lawfully processed
- processed for limited purposes and not in any other way which would be incompatible with those purposes
- adequate, relevant and not excessive
- accurate and kept up to date
- not kept for longer than necessary
- processed in line with the data subject’s rights
- kept secure
- not transferred to a country which does not have adequate data protection laws.
In the United States, Cardinus is a participant in the Safe Harbor program developed by the U.S. Department of Commerce in consultation with the European Union and Switzerland. Cardinus complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. We have certified that we adhere to the Safe Harbor Privacy Principles with regard to our use of certain personal data.
Our purpose for holding personal data and a general description of the categories of people and organisations to whom we may disclose it are listed in the Data Protection register.
You may inspect this or obtain a copy from the Information Commissioner’s Office. In order to meet the requirements of the principles, we will:
- observe the conditions regarding the fair collection and use of personal data
- meet our obligations to specify the purposes for which personal data is used
- collect and process appropriate personal data only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements
- ensure the quality of personal data used
- apply strict checks to determine the length of time personal data is held
- ensure that the rights of individuals about whom the personal data is held, can be fully exercised under the Act
- take appropriate security measures to safeguard personal data
- ensure that personal data is not transferred abroad without suitable safeguards.
When we collect any personal data from you, we will inform you why we are collecting your data and what we intend to use it for.
Where we collect any sensitive data, we will take appropriate steps to ensure that we have explicit consent to hold, use and retain the information. Sensitive data is personal data about an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, details of the commission or alleged commission of any offence and any court proceedings relating to the commission of an offence.
We have a responsible marketing policy and do not give details of our customers or related individuals to any other company. We may contact customers by mail or telephone with details of products and services offered by Cardinus. If they do not wish to be marketed to in this way they can write to the Chief Information Officer at Cardinus Risk Management Limited.
Under the Data Protection Act and the principles of Safe Harbor, any individual may write to the Chief Information Officer at Cardinus to request a copy of the information which we hold about them. We reserve the right to charge the maximum fee payable in terms of the Data Protection Act for providing this information. If the details are inaccurate you can ask us to amend them.
The address for such submission is:
Chief Information Officer,
4725 Piedmont Row Drive, #600
Charlotte, NC 28210
UK and Europe:
Chief Information Officer,
Cardinus Risk Management Limited,
3 East Grinstead House,