Cambridge medical and rehabilitation center customer privacy notice
Cambridge Medical and Rehabilitation Center (“Organization”) collects and processes your personal information that is provided by you, as our customer or prospective customer, or generated by you in your use of our services. This Privacy Notice is provided to you in accordance with applicable privacy laws including, but not limited to, the General Data Protection Regulation 2016/679 (GDPR) and laws implementing the GDPR (the “Data Privacy Laws”). It applies only to residents in the European Economic Area, Switzerland and the UK who use our services and it explains what information you provide to us and how we use your information to provide our services to you. This Privacy Notice is not applicable to customers or prospective customers resident in any other territory other than in the European Economic Area, Switzerland and the UK.
The Organisation (“we” or “us”) provide the services to our customers. In this respect, we are likely to be a data controller under applicable Data Privacy Laws. We include in this Privacy Notice a summary of your rights to control how we use your personal information. The Organization is a service provider to our customers and, therefore, we aim to put you, the customer, in control of how your personal information is used by us. This Privacy Notice should be read with our Privacy Policy, both of which are updated from time to time. Your continued use of our services indicates your acceptance of the updated Privacy Notice and Privacy Policy applicable at that time.
Your personal information
Your personal information includes any information relating to you, where you are identified or from which you are identifiable. This includes your name, contact information, information about where you work and, if applicable, where you live and your use of our services.
We collect various types of personal information from different sources, including:
- Account information you provide to us when you open your account;
- Information you provide directly to us when you register to use the Organisation website or obtain services provided by us;
- Information we collect about your use of our services; and
- Information from the customer directly or subject to applicable law, other sources including, but not limited to, social media and from third party sellers of customer contact details.
Some of the personal information you provide to us may include health information or other sensitive or special categories of personal information.
What we do with your personal information
All the personal information we collect from you or generated by you is used to provide the services you have requested or for communications to which you have subscribed. The Organization will safeguard the privacy and security of special categories of personal information as required under Data Privacy Laws. You may also consent to us using your personal information for additional purposes not described in the Privacy Policy but which we consider may be of interest to you from time to time. We will not use your personal information for these additional purposes without your consent. You have the right to tell us that you do not want to be contacted by us for these additional purposes any time after you initially provide your consent. We also use your information for marketing purposes where you have consented to receive marketing communications.
We are also permitted to process your personal information to comply with our legal and regulatory obligations and/or our contractual obligations to you to provide the services to you, to manage your account with us and to manage any technical issues or support requests that may arise.
Some of your personal information is processed by us in the UAE, Saudi Arabia and any other non EEA based country and is held on servers. By using our services and providing your personal information, you expressly acknowledge and agree to the transfer of some of your personal information to the aforementioned countries. Our security measures are described below in this Privacy Notice.
We do not allow any third parties to have access to your personal information, except as required or permitted by applicable laws or in accordance with the Privacy Policy. We may disclose your personal information to our subcontractors, agents, or payment service providers (who may be located in the aforementioned countries) that we contract with to assist us in providing the services, provided that any such subcontractors or agents shall agree in writing to comply with the privacy and security standards described in this Privacy Notice. The transfer of personal data from the UK/EEA to the Organisation entities outside the EEA is governed by data transfer agreements which are in the form of the standard contractual clauses approved by the European Commission (http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915).
There may be instances when we disclose your personal information to other parties:
- To comply with the law or respond to compulsory legal process (such as a search warrant or court order) or request for information from a regulator or otherwise for legal purposes;
- To verify or enforce compliance with the policies governing the services; or
- To protect the rights, property or safety of the Organization, or any of our respective affiliates, business partners, or customers or otherwise in the legitimate business interests of the Organisation and/or our affiliates and in accordance with Data Privacy Laws.
We may share your personal information with other business entities in connection with the sale, assignment, merger or other transfer of all or a portion of the Organization’s business to that business entity.
In any instance where we need to share your personal information with third parties, such as legal or financial advisors including auditors, and we will restrict the nature and categories of personal information to that which is required to comply with our contractual obligations to you or our legal and/or regulatory requirements. We may de-identify your personal information to protect your privacy.
How we protect your personal information
- The Organization understands that storing data in a secure manner is essential.
- The Organisation stores personal information and other data using reasonable physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. Although we make good faith efforts to store the information we collect in a secure operating environment that is not available to the public, we cannot guarantee complete security. Further, while we work to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining this information.
How long we keep it
We retain your personal data relating to the use of our services for the duration of the customer relationship and for seven years after the customer account is closed for legal, regulatory, audit and tax requirements. After this period has expired, the personal information relating to your account and your use of the services will be deleted. Any personal information which you have provided to us for marketing purposes will be kept until you notify us that you no longer wish to receive this information.
Notification of other Organisation services and products
We would like to use your name and email address to inform you of our future or related services, offers and similar products and we will only do so with your consent. If you provide us with your consent to receive marketing communications, we will offer the right to unsubscribe in each electronic communication. This information is not shared with third parties and you can unsubscribe at any time via email, the Platform or through our website.
What are your rights?
You have the right to ensure your personal information is accurate. To make changes to your contact and other account information, or to opt out of receiving marketing communications, please contact us in one of the following ways:
- Send an email to us at: info@cmrc.com.
- You have the right to request that we delete your personal information. In this event, we will retain your personal information as described above in this Privacy Notice. You have the right to request that we restrict the processing of your personal information. This may compromise our ability to provide you with the services.
- If you wish to raise a complaint on how we have handled your personal information, you can contact us (details above) and we will investigate the matter and respond to you promptly.
- If you are not satisfied with our response, you can complain to any applicable data privacy authority in your country of residence.
- If you have any questions about this Privacy Notice or about the Organisation’s handling of your information, please contact info@cmrc.com.