Ardens store any information you provide when you are using Ardens Manager. This includes when you register your account, update any information about yourself, your organisation or your groups. 

We also store and automatically process data you upload to Ardens Manager which may include clinical reporting data from your clinical system or any organisational data such as audits, receipts or meeting notes. Data may also be processed to convert patient counts to income and point values when applied to a contractual setting. Full details of these calculations are provided as information popups throughout the application. 

We do not store or process any patient identifiable data however psuedoanonymised patient data is processed if your organisation has signed up for automatic uploads. 

As a Processor, Ardens does not have a statutory duty to complete a DPIA but Ardens have completed an 'Ardens Manager Information Governance Review' which can be adopted by Controllers (i.e. GP Practices) as their DPIA.

Data Processing & Storage FAQs

  1. Do you provide any guidance to practices on how to utilise the Ardens Manager to reduce risks of uploading PID data?
    Within Ardens Manager there are warning messages which are displayed at instances where a practice has the potential to upload any PID. However, we do also outline that it is the users responsibility to ensure that they do not send us any patient identifiable data in our Privacy Policy.
  1. Has Ardens Manager been penetration tested in the last 12 months?
    Our initial penetration test was carried out recently by JUMPSEC. We regularly review this requirement and carry out further penetration tests when necessary. If you would like more information on this please let us know. 

  2. Where are the servers (including back ups) located?
    We use Amazon S3 servers located in London. For more information on Amazon S3 servers, please see here.

  3. Your Privacy Policy states 'Ardens reserves the right to share any anonymised data with third party organisations'. What is the the nature of these purposes and what third parties the data may be shared with?
    The data shared will only be anonymous aggregate and for the purpose of identifying largescale healthcare trends to benefit the NHS. No third parties currently have access to any data on Ardens Manager nor have been planned to but if and when they do we will identify these on our Privacy Policy.

  4. Does the benchmarking data you provide to other practices or CCG or any other third party allow other practices to be identified?
    The practice has to consent to sharing their data with the other organisations before the practice can be identified.

  5. How are my video conferencing meetings processed and stored?
    Video conferencing on Ardens Manager is hosted by Jitsi and are encrypted on the network using DTLS-SRTP. Meetings are not recorded or stored by Ardens Manager or Jitsi. If a user wishes to record a meeting they can store the recording on a separate Dropbox account. All participants are notified if the meeting is recorded.
    Data such as chats and speaker stats are stored for the duration of the meeting and then destroyed once the meeting ends. For more information on Jitsi Security, please see their website.