Privacy Policy
Version 1.6: Last updated on 10th October 2024
“Ardens” privacy policy has been created to explain to our customers how we use their personal information in line with GDPR laws. This Privacy Notice together with our Terms of Supply and use sets out the basis on which any personal data we collect from you, or that you provide to us will be processed by us.
When we collect (process) personal data about you we are required to tell you:
Our purpose for processing the personal data
Our Legal Basis (under GDPR) for processing it
Who we might share it with
How long we keep it
Your rights and how to contact us
Where and how to make a complaint
The following sections detail each process and address the above requirements.
If you are a patient, we act under contract to provide a service to your Healthcare Organisation. Please refer to your care provider to find out more about how your data is processed.
What Information Do We Collect About You and How Is It Processed?
1.1
WHEN YOU CONTACT US
When filling in any of the forms on either our main website or support desk, if you contact us by phone or if you meet us at an event, we may collect your personal information, for example your name, email address or practice details, for the following reasons:
Signing up to trial any of Ardens services
Support Desk Query
Training or Demonstration Request
Arranging a Quote or Signing Up to Ardens Manager
Other Enquiries
When we process this personal data, we consider it in the legitimate interests of Ardens for managing our relationship with our customers and clients and for running our business effectively.
Our lawful basis is therefore legitimate interests under Article 6(1)(f) of the UK General Data Protection Regulation (GDPR)
We will typically keep this personal data for one year after you are no longer a customer.
1.2
SUBSCRIPTION LISTS
We also collect your name and email address when you subscribe to our monthly updates. We will use this information to get in touch with you regarding the subject of your query or feedback and with your permission, we will add you to our mailing list. This ensures that you and your practice are kept up to date with any updates we have as well as some hints and tricks we believe will be useful to know when using Ardens. By subscribing to these emails, you consent to email activity tracking such as open rates, click rates and location. You can opt out of receiving these emails at any time by clicking on the unsubscribe link at the bottom of the email.
Our lawful basis for this processing is Article 6(1)(a) – Consent. We remove your name and email address from our mailing list when you unsubscribe.
1.3
FEEDBACK
We store any feedback we receive from you on our client database. This is to ensure that we continue to improve Ardens whilst taking your comments on board. Examples of this feedback may include comments, complaints, compliments, significant events, surveys and any other form of feedback. We may also use this information to keep our database up to date, for example, updating the status of relationship with us, invoicing details and your practices training dates.
Our lawful basis for this processing is our legitimate interests (Article 6(1)(f)) in managing our business and our services to you.
1.4
ARDENS CLINICAL
When we process personal data about you as our customer:
By using Ardens Clinical, you agree to share your anonymised data with Ardens including but not limited to anonymised analytics, product development, commercial and marketing purposes.
1.5
ARDENS MANAGER
When we process personal data about you as our customer:
We store personal data you provide when you are using Ardens Manager. This includes when you register your account, update any information about yourself, your organisation or your groups.
By using Ardens Manager, you agree to share your anonymised data with Ardens including but not limited to anonymised analytics, product development, commercial and marketing purposes.
When you use Ardens Manager and access it using your NHS Care Identity credentials, the identity access and management services are managed by NHS England. NHS England is the controller for any personal information you provide to NHS England to get a national digital identity and authenticate your claim to that identity and uses that personal information solely for that single purpose. For any personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England’s Privacy Notice and Terms and Conditions, view the NHS Care Identity Service 2 page. This restriction does not apply to the personal information you provide to us separately which is managed in accordance with our privacy policy. Our lawful basis is our legitimate interests (Article 6(1)(f)) in providing the Ardens Manager system for your use under our Terms of Supply and Use
We keep your personal data for 10 years after your organisation has finished their agreement with us.
1.5
ARDENS ACADEMY
When you sign up to take part in our Ardens Academy training system, we process your name, job title and email address for the purposes of managing the training and inviting you for further training.
Our lawful basis for this processing is our legitimate interests (Article 6(1)(f)) in providing you with the Ardens Academy training system
Protecting Your Information
We have strict protocols to ensure that your personal data is kept securely and only relevant members of staff have access to this. We also may check your identity when you get in touch with us. If you decide to discontinue using Ardens, we will keep your information for up to two years after you leave us. If you wish us to remove your data, please get in touch.
Third Parties
Where necessary and where Ardens are directly responsible for personal data (ie where we act as a Data Controller) we reserve the right to share anonymised data with third party organisations. This includes but is not limited to:
3.1
KNACK
3.2
SURVEY MONKEY
3.3
SEGMENT & MIXPANEL
3.4
ARDENS ACADEMY (WORKRAMP)
3.5
MICROSOFT TEAMS
3.6
FRESHDESK AND FRESHCHAT
If you utilise our Support service, your data (such as name, email address, job title and Organisation) may be stored and processed using Freshdesk and Freshchat software supplied by Freshworks Inc. Freshworks Inc. utilises Sub-Processors based in the US, with any international transfers to the US only occurring with the appropriate safeguards in place. Further information about Freshworks can be found on their website.
International Transfers
Unless specifically noted in section 2.3 above, we do not transfer your personal data outside the UK or European Economic Area.
Your Rights
5.1
CUSTOMERS AND SYSTEM USERS
Under the GDPR you have the following rights:
To be informed of what we do with your personal data To a copy of any personal data we hold about you To have personal data corrected To have personal data erased To restrict our processing To object To not be subject to automated individual decision-making or profiling To exercise any of these rights you can contact [email protected]
5.2
PATIENTS OF PRACTICES WHO USE OUR ARDENS MANAGER SOFTWARE
We cannot answer any requests relating to the above rights as GDPR requires that only the data controller (your registered GP practice) responds to individual rights requests. Please contact your registered GP practice in the first instance. Where we need to, we are required in contract to assist them.
Contact Us
If you have any questions about how we process your personal data, please email [email protected].
Ardens have engaged the services of Kaleidoscope Consultants Limited to provide us with Data Protection Officer services (a requirement of GDPR). You can contact them at [email protected]
Your Right To Complain
If you are dissatisfied with any of our responses relating to the processing of your personal data, under Article 13(2)(d) you have the right to complain to the UK Information Commissioner. You can do this on their website - Make a complaint | ICO.