Watch Live

Data Handling Policy cardinal

Data Handling Policy
Cardinal Broadcast
Effective Date: 25.06.2026

________________


1. Purpose
This policy sets out how Cardinal Broadcast collects, stores, processes, shares, and deletes data in compliance with the General Data Protection Regulation (GDPR), and other applicable data protection laws. Our goal is to protect the privacy and rights of individuals while ensuring secure and lawful handling of data.
________________


2. Scope
This policy applies to:
* All employees, contractors, and third-party vendors handling data on behalf of Cardinal Broadcast
* All data types, including personal, sensitive, confidential, and business data.
* All processing activities, whether digital or physical.
________________


3. Data Classification
* Public Data: Information intended for public use.
* Internal Data: Operational information restricted within the organization.
* Confidential Data: Business-critical data requiring strict access control.
* Personal Data (GDPR): Any information relating to an identifiable individual
* Sensitive Personal Data (GDPR): Includes racial/ethnic origin, health data, biometric data, political opinions, etc.
________________


4. Lawful Basis for Data Collection
In compliance with GDPR (Art. 6), personal data shall only be processed when there is a lawful basis, including:
* Consent of the data subject.
* Contract performance.
* Compliance with legal obligations.
* Legitimate business interests (balanced against individual rights).
________________


5. Data Subject / Consumer Rights
We will respect and respond to data rights requests within legally required timelines:
GDPR Rights
* Right to Access
* Right to Rectification
* Right to Erasure (“Right to be Forgotten”)
* Right to Restrict Processing
* Right to Data Portability
* Right to Object
* Right not to be subject to Automated Decision-Making
________________


6. Data Collection, Use & Sharing
* Personal data will be collected only for specified, explicit, and legitimate purposes.
* Data will not be used for purposes beyond those disclosed without additional consent.
* Sharing with third parties will only occur under written agreements ensuring GDPR compliance.
* Do Not Sell Data:
________________


7. Data Storage & Security
* Data must be stored securely.
* Physical records must be stored in access-controlled environments.
* Employees are required to follow IT security protocols.
________________


8. Data Retention & Disposal
* Personal data will be retained only as long as necessary to fulfill the purpose of collection or comply with legal obligations.
* Once data is no longer required, it will be destroyed.
________________
9. Data Breach Notification
* In the event of a breach, the Data Protection Officer (DPO) will be notified immediately.
* Under GDPR: Supervisory authorities will be notified within 72 hours if required.
________________


10. Employee & Vendor Responsibilities
* Employees must adhere to this policy.
________________
11. Compliance & Review
* This policy will be reviewed as required by changes in law.
* Violations of this policy may result in disciplinary action, including termination of employment or contracts.
________________


Approved by: Andrew Macaulay
Position: Owner
Date: 24.06.26