Privacy Policy

Version 1.6: Last updated on 10th October 2024

Ardens” privacy policy has been created to explain to our customers how we use their personal information in line with GDPR laws. This Privacy Notice together with our Terms of Supply and use sets out the basis on which any personal data we collect from you, or that you provide to us will be processed by us.  

When we collect (process) personal data about you we are required to tell you: 

  • Our purpose for processing the personal data 

  • Our Legal Basis (under GDPR) for processing it 

  • Who we might share it with 

  • How long we keep it 

  • Your rights and how to contact us 

  • Where and how to make a complaint 

The following sections detail each process and address the above requirements. 

If you are a patient, we act under contract to provide a service to your Healthcare Organisation. Please refer to your care provider to find out more about how your data is processed.

  1. What Information Do We Collect About You and How Is It Processed? 

1.1

WHEN YOU CONTACT US

When filling in any of the forms on either our main website or support desk, if you contact us by phone or if you meet us at an event, we may collect your  personal information, for example your name, email address or practice details, for the following reasons: 

  • Signing up to trial any of Ardens services 

  • Support Desk Query 

  • Training or Demonstration Request 

  • Arranging a Quote or Signing Up to Ardens Manager 

  • Other Enquiries 

When we process this personal data, we consider it in the legitimate interests of Ardens for managing our relationship with our customers and clients and for running our business effectively. 

Our lawful basis is therefore legitimate interests under Article 6(1)(f) of the UK General Data Protection Regulation (GDPR) 

We will typically keep this personal data for one year after you are no longer a customer. 

1.2

SUBSCRIPTION LISTS 

We also collect your name and email address when you subscribe to our monthly updates. We will use this information to get in touch with you regarding the subject of your query or feedback and with your permission, we will add you to our mailing list. This ensures that you and your practice are kept up to date with any updates we have as well as some hints and tricks we believe will be useful to know when using Ardens. By subscribing to these emails, you consent to email activity tracking such as open rates, click rates and location.  You can opt out of receiving these emails at any time by clicking on the unsubscribe link at the bottom of the email. 

Our lawful basis for this processing is Article 6(1)(a) – Consent. We remove your name and email address from our mailing list when you unsubscribe. 

1.3

FEEDBACK 

We store any feedback we receive from you on our client database. This is to ensure that we continue to improve Ardens whilst taking your comments on board. Examples of this feedback may include comments, complaints, compliments, significant events, surveys and any other form of feedback. We may also use this information to keep our database up to date, for example, updating the status of relationship with us, invoicing details and your practices training dates.  

Our lawful basis for this processing is our legitimate interests (Article 6(1)(f)) in managing our business and our services to you. 

1.4

ARDENS CLINICAL

When we process personal data about you as our customer: 

By using Ardens Clinical, you agree to share your anonymised data with Ardens including but not limited to anonymised analytics, product development, commercial and marketing purposes. 

1.5

ARDENS MANAGER

When we process personal data about you as our customer:  

  • We store personal data you provide when you are using Ardens Manager. This includes when you register your account, update any information about yourself, your organisation or your groups.  

  • By using Ardens Manager, you agree to share your anonymised data with Ardens including but not limited to anonymised analytics, product development, commercial and marketing purposes. 

  • When you use Ardens Manager and access it using your NHS Care Identity credentials, the identity access and management services are managed by NHS England. NHS England is the controller for any personal information you provide to NHS England to get a national digital identity and authenticate your claim to that identity and uses that personal information solely for that single purpose. For any personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England’s Privacy Notice and Terms and Conditions, view the NHS Care Identity Service 2 page. This restriction does not apply to the personal information you provide to us separately which is managed in accordance with our privacy policy. Our lawful basis is our legitimate interests (Article 6(1)(f)) in providing the Ardens Manager system for your use under our Terms of Supply and Use 

  • We keep your personal data for 10 years after your organisation has finished their agreement with us. 

1.5

ARDENS ACADEMY

When you sign up to take part in our Ardens Academy training system, we process your name, job title and email address for the purposes of managing the training and inviting you for further training. 

Our lawful basis for this processing is our legitimate interests (Article 6(1)(f)) in providing you with the Ardens Academy training system 

  1. Protecting Your Information

We have strict protocols to ensure that your personal data is kept securely and only relevant members of staff have access to this. We also may check your identity when you get in touch with us. If you decide to discontinue using Ardens, we will keep your information for up to two years after you leave us. If you wish us to remove your data, please get in touch. 

  1. Third Parties

Where necessary and where Ardens are directly responsible for personal data (ie where we act as a Data Controller) we reserve the right to share anonymised data with third party organisations. This includes but is not limited to: 

3.1

KNACK

We store our entire client database on our custom app built on a databasing software called Knack. This includes data such as information on training sessions, survey responses, contact details and EMIS installation versions. 
If you access Knack as a client, we may ask you to enter personal details so that you can login to the client group portal or download our resources. Data on Knack is fully encrypted and is stored on Amazon Web Servers.  
If you sign up for an Ardens EMIS training webinar details such as Organisation, Name, and email address will be stored on Knack as well as the webinar hosting platform Microsoft Teams.  
If you sign up for an Ardens EMIS training webinar details such as Organisation, Name, and email address will be stored on Knack. Knack is our online database system. 
You can find the privacy notice here: Knack Privacy Terms 

3.2

SURVEY MONKEY

We collect and store responses from any of our surveys on Survey Monkey. This allows us to analyse your feedback to provide you with the best possible service and to give all potential Ardens customers case study examples to why they should sign up too. We do not take any responsibility for the Survey Monkey’sterms and conditions, privacy or security policy. 

3.3

SEGMENT & MIXPANEL

If you use Ardens Manager, we use two softwares called Segment and Mixpanel to collect anonymised data on user activity to understand how you use our application so we can improve its design and functionality. For more information, please see the Segment Security information page and Mixpanel Security information page. 

3.4

ARDENS ACADEMY (WORKRAMP)

If you use Ardens Academy your data (such as name, email address and job title) will be hosted on our supplier WorkRamp who provide the Learning Management Platform. WorkRamp utilise Sub-Processors based in the US, with any international transfers to the US only occurring with the appropriate safeguards in place. Further information about WorkRamp can be found on their website. 

3.5

MICROSOFT TEAMS

If you sign up for an Ardens SystmOne or Ardens Manager Webinar, your details such as Organisation, Name, and email address will be stored on Microsoft Teams. 

3.6

FRESHDESK AND FRESHCHAT

If you utilise our Support service, your data (such as name, email address, job title and Organisation) may be stored and processed using Freshdesk and Freshchat software supplied by Freshworks Inc. Freshworks Inc. utilises Sub-Processors based in the US, with any international transfers to the US only occurring with the appropriate safeguards in place. Further information about Freshworks can be found on their website.

  1. International Transfers

Unless specifically noted in section 2.3 above, we do not transfer your personal data outside the UK or European Economic Area.   

  1. Your Rights

5.1

CUSTOMERS AND SYSTEM USERS

Under the GDPR you have the following rights: 

To be informed of what we do with your personal data To a copy of any personal data we hold about you To have personal data corrected To have personal data erased To restrict our processing To object  To not be subject to automated individual decision-making or profiling  To exercise any of these rights you can contact [email protected] 

5.2

PATIENTS OF PRACTICES WHO USE OUR ARDENS MANAGER SOFTWARE

We cannot answer any requests relating to the above rights as GDPR requires that only the data controller (your registered GP practice) responds to individual rights requests.  Please contact your registered GP practice in the first instance.  Where we need to, we are required in contract to assist them. 

  1. Contact Us

If you have any questions about how we process your personal data, please email [email protected].  

Ardens have engaged the services of Kaleidoscope Consultants Limited to provide us with Data Protection Officer services (a requirement of GDPR).  You can contact them at [email protected] 

  1. Your Right To Complain

If you are dissatisfied with any of our responses relating to the processing of your personal data, under Article 13(2)(d) you have the right to complain to the UK Information Commissioner.  You can do this on their website - Make a complaint | ICO