We process your personal data according to the UK's Data Protection Act (the “Data Protection Act”) and other applicable UK data protection legislation.
Cognitant Group Ltd is registered with the UK Information Commissioner's Office (ICO) under the data registration number “ZA339486” in the UK's data controller register. For the purposes of the Data Protection Act, Cognitant Group Ltd. is the Data Controller.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
We may collect, store and use the following kinds of personal information:
Information that you provide to us for the purpose of subscribing to email notifications and/or newsletters
Information about your computer and about your visits to and use of the site.
Cognitant is the data controller of all personal information collected within the Healthinote platform except in the case of information provided to us by NHS login. Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us outside of that provided via use of NHS login.
In addition, we may disclose your personal information:
To the extent that we are required to do so by law
In connection with any legal proceedings or prospective legal proceedings
Your personal data will not be passed to third parties without your permission, other than as set out in this policy.
We may contact you about our services if you choose to sign up to receive notifications from us. You do have the right at any time to opt out of being contacted in this way.
Cognitant Group Ltd. has implemented the required technical and organisational security measures to prevent the loss, misuse or alteration of your personal information. For example, we will store all the personal information that you provide on secure (encrypted, password- and firewall-protected) servers and send it only over encrypted transmission links. While the internet is inherently insecure and we cannot guarantee the security of data sent across the internet, we will take all meaningful steps to ensure it's as secure as appropriately possible.
Except for the operations listed below, your data is kept exclusively within physically secure ISO-27001 compliant data-centers located within the European Union.
Backups: we keep backups of all our data in our backup service provider's SOC 2 Type II certified and HIPAA compliant data-centers, hosted in the USA. The legal basis under the GDPR for this processing is specified by GDPR-compliant Model Clauses, a GDPR Data Processing Addendum and a standard Data Processor agreement, in line with the EU-US Privacy Shield agreement.
This Section sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Notwithstanding the other provisions of this Section, we will retain documents (including electronic documents) containing personal data:
to the extent that we are required to do so by law;
if we believe that the documents may be relevant to any ongoing or prospective administrative or legal proceedings;
to transfer to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
Individuals have the right to access, correct, cancel or object to the processing of their personal data. If you want to exercise any of those rights, please contact firstname.lastname@example.org.
You may instruct us to provide you with any personal information that we hold about you. Provision of such information will be subject to the supply of appropriate evidence of your identity.
We may withhold such personal information to the extent permitted by law.
We must keep your personal data accurate and up to date. If you become aware of any errors or inaccuracies please let Cognitant know by contacting email@example.com.
Cognitant Group Ltd, 41 Cornmarket St, Oxford, Oxfordshire OX1 3HA UK.
Cognitant Group Ltd is a company registered in England and Wales under number 11282547.