Cerebric

Introduction

This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services. It explains:

Why we are able to process your information
What purpose we are processing it for
Whether you have to provide it to us
How long we store it for
Whether there are other recipients of your personal information
Whether we intend to transfer it to another country
Whether we do automated decision-making or profiling

This privacy notice explains what personal information we collect about those who visit our website and communicate with us, how we use it, the circumstances in which we may disclose it to others, and how we keep it secure.

We are committed to protecting and respecting your privacy. If you have any questions regarding this privacy notice and our approach to privacy, please email us at: [email protected].

Who we are

CEREBRIC LTD ('Cerebric') is registered as a limited company (Companies House No. 16033558) in the United Kingdom. To enable us to offer services that process personal data in the UK, we have registered with the Information Commissioner's Office (ICO) under registration no. C1588417.

The Information We Process

We obtain information about you when you use our website, when you contact us about products and services (e.g., by email or telephone), or during business with you or an organisation you represent.

Most of the personal information we process is provided directly by you for one of the following reasons:

You have made an enquiry to us.
You have initiated or completed a commercial transaction with us.
We are providing services to you or the organisation or entity you work for or represent.
You have made a complaint to us.
You wish to attend or have attended an event we have organised or attended alongside you.
You have subscribed to our e-newsletter.
You have applied for a job with us.
You work with or for us.
You visit our website and consent to our use of cookies.

We also receive personal information indirectly in the following scenarios:

Where we are providing services to the organisation or entity you work for or represent and they have provided your information to us.
Where you have made your contact information available on your organisation's website and we use this to contact you and your organisation.
Where you have made your contact information available via a social media platform and we use this to contact you and your organisation.
You have applied for a job with us and we seek a reference from an organisation or individual you have previously worked for or with.
An employee of ours gives your contact details as an emergency contact or a referee.

In cases where we indirectly receive personal data as a data controller, we'll contact you to let you know we are processing your personal information if it is not disproportionate or prejudicial to do so.

The Lawful Basis for the Processing of Personal Data

The list below describes the personal data we collect and our lawful basis for processing this data. When we process data on the basis of legitimate interests, we apply the following test to determine whether it is appropriate:

Purpose – Is the purpose of processing personal data legitimate?
Necessity – Is the processing necessary to fulfil that purpose?
Balance – Do the individual's interests, rights, or freedoms override the legitimate interest?

The following purposes for the collection of personal data will arise via the use of our website:

When providing appropriate information via email, video conferencing, or telephone about products and services that you have requested via subscribing to our newsletter, the lawful basis that will apply is consent.
To provide further, related information via email, video conferencing, or telephone about the identified area of interest, the lawful basis that will apply is legitimate interests.
To enable data subjects to exercise their rights over personal data, the lawful basis that will apply is compliance with a legal obligation.

Organisations such as Cerebric, which provides services to the NHS, will likely seek to rely on the following lawful bases to process data:

To support the processing of data in support of the provision of NHS services, legal powers such as those provided within:
- The National Health Service and Community Care Act 1990
- The NHS Act 2006
- The Health and Social Care Act 2012
To support the processing of personal data and special categories of data in accordance with the UK GDPR:
- Art. 6(1)(e) – Public task
- Art. 9(2)(h) – Healthcare purposes
To support the processing of personal data in accordance with the Data Protection Act 2018:
- Condition 2 of Schedule 1 – Health and Social Care Purposes
To support the processing of confidential information in accordance with the Common Law Duty of Confidentiality:
- Implied consent

Automated Decision-Making or Profiling

We do not undertake any automated decision-making or profiling in relation to your personal data.

Retention

Personal and special category data processed within Cerebric will be retained for as long as necessary and, where applicable, in line with the retention periods specified in the NHS England Records Management Code of Practice.

Your Data Protection Rights

The rights available to you depend on our reason for processing your information. Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond.

You can contact us, including our Data Protection Officer (DPO), to exercise any of these rights via email: [email protected]

Sharing Your Information

We will not share your information with any third parties for the purposes of direct marketing.

We use data processors, which are third parties that provide services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information or share it with other organisations unless we have instructed them to do so. They will hold your personal data securely and retain it for the period we instruct. When it is necessary for us to transfer your personal data outside of the UK, this will only be done in accordance with the UK GDPR and the Data Protection Act 2018 (DPA 2018).

In some circumstances, we are legally obliged to share information—for example, to comply with a court order. In any scenario, we'll satisfy ourselves that we have a lawful basis on which to share the information and document our decision-making.

International Transfers

When personal data is transferred outside of the UK, appropriate technical and organisational safeguards will be in place. All international transfers will only occur if they comply with the relevant legislation.

Visitors to Our Website

We may use Google Analytics to collect information and details of visitor behaviour patterns on our website. We do this to understand things such as the number of visitors to the different areas of the website. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to discover the identities of those visiting our website. Details of Google's Privacy Policy can be found here: https://www.google.com/policies/privacy.

Where we do want to collect personally identifiable information through our website, we will make this clear at the point personal information is collected, and we will explain what we intend to do with it.

Use of Cookies

Like many other websites, our website uses cookies. Cookies are small pieces of information sent by a website to your device and stored to enable that website to recognise you when you visit in the future. They can also be used to collect statistical data about your browsing activity and patterns of behaviour but do not identify you as an individual. This helps us to understand how people who visit our website use it, enabling us to improve the layout and content for visitors.

It is possible to switch off cookies by setting your browser preferences and settings. Turning cookies off may result in a loss of functionality when using our website.

Links to Other Websites

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

How to Make a Complaint

We strive to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we may receive about this very seriously. We encourage people to inform us if they think that any collection or use of information by us is unfair, misleading, or inappropriate. We also welcome any suggestions for improving our procedures. You can do this by contacting us using one of the methods below:

Email: [email protected]

If you remain dissatisfied, you have the right to make a complaint to the Information Commissioner's Office (ICO). Please see the ICO's website for more information: www.ico.org.uk

Changes to This Privacy Notice

We reserve the right to modify this Privacy Notice at any time, so please make sure to review this frequently. Our most updated Privacy Notice is posted on our website. All changes will apply with immediate effect.