We collect personal information from you through your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our websites, by post, by filling in application or other forms, through social media or face-to-face (for example, in medical consultations, diagnosis and treatment). Where you provide us with information about other people, you must make sure that they have seen a copy of this privacy notice and are comfortable with you giving us their information.
We may collect information from:
your parent or guardian, if you are under 18 years old;
a family member, or someone else acting on your behalf;
doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
sources which are available to the public, such as social media.
the main member, if you are a dependant under a family insurance policy;
your employer, if you are covered by an insurance policy your employer has taken out;
We process two categories of personal information about you and (where this applies) your dependants:
standard personal information (for example, information we use to contact you, identify you or manage our relationship with you); and
special categories of information (for example, health information).
Standard personal information includes:
identification and contact information, such as your name, username, address, email address and fixed and mobile phone numbers, country of residence, age, date of birth and national identification documents (such as National Identificantion Card or Passport number);
information about your employment;
details of any contact we have had with you, such as any complaints or incidents;
financial details, such as bank account numbers, debit/credit card numbers, either for paying your subscriptions and other financial obligations or for receiving claim reimbursements and other amounts payable to you.
Special category information includes information about your physical or mental health, including genetic information or biometric information (we may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as information about complaints or incidents, and referrals from your existing insurance provider, quotes and records of medical services you have received).
We process standard personal information about you if this is:
necessary to provide the services set out in an insurance contract you will sign or you have already signed with an insurance company we collaborate with
required or allowed by law
necessary for your information on other products or services of the insurance companies we collaborate with
required to send you questionnaires about your satisfaction and appraisal of our services as well as of the services and products offered by the insurance companies we collaborate with
necessary to provide you with top-level specialised service, ensuring promptness and quality in dealing with your requests.
We process special category information about you because:
it is necessary for insurance purposes when we:
offer you advice
explore alternative insurance solutions
request insurance quotations from insurance companies
fill-in relative application/amendment forms
assist you in claims handling – eg. Hospitalisation
we have your permission. As is best practice, we will only ask you for permission to process your personal information if there is no other legal reason to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for, and ask you to confirm your choice to give us that permission. If we cannot provide a product or service without your permission (for example, we can’t service you for a claim without health information), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with our service that relies on having your permission.
We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing and to help us improve our services to you. Legitimate interest is one of the legal reasons why we may process your personal information. Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:
to manage our relationship with you, our business and third parties who provide products or services for us (for example, to check that you have received a courier and so on);
to provide our services on behalf of a third party (for example, your employer);
to investigate complaints
to keep our records up to date and to provide you with marketing as allowed by law;
to develop and carry out marketing activities and to show you information that is of interest to you,
based on our understanding of your preferences;
to contact you about market research and analysis we are carrying out, so that we can monitor and improve our services;
to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with; and
to take part in, or be the subject of, any sale, purchase, merger or takeover of all or part of our business.
We may use your personal information to send you marketing by post, by phone, by email and by text. We can only use your personal information to send you marketing material if we have your permission or a legitimate interest as described above.
If you don’t want to receive emails or letters from us, please let us know by email, fax or post.
doctors, clinicians and other health-care professionals, hospitals, clinics and other health-care providers;
suppliers who help deliver products or services on our behalf;
the police and other law-enforcement agencies to help them perform their duties, or with others if we have to do this by law or under a court order;
if we sell or buy any business or assets, the potential buyer or seller of that business or those assets; and
the policy-holder or their agent if you are not the main member under an individual policy (we will send them all membership documents and confirmation of claims, and all people who are insured on the policy may have access to correspondence and other information we provide through our online portal)
your employer for product or service administration purposes if you are a member or beneficiary under your employer’s group scheme;
other third parties we work with to provide our services, such as solicitors, translators and interpreters, regulators, data-protection supervisory authorities, health-care professionals, healthcare providers and medical-assistance providers; and;
organisations who provide your treatment and other benefits, including travel-assistance services.
You have the following rights (certain exceptions apply).
Right of access: You have the right to make a written request for details of your personal information and a copy of that personal information.
Right to rectification: You have the right to have inaccurate information about you corrected or removed.
Right to erasure (‘right to be forgotten’): You have the right to have certain personal information about you deleted from our records.
Right to restriction of processing: You have the right to ask us to use your personal information for restricted purposes only.
Right to object: You have the right to object to us processing (including profiling) your personal information in cases where our processing is based on a task carried out in the public interest or where we have let you know it is necessary to process your information for our or a third party’s legitimate interests. You can object to us using your information for direct marketing and profiling purposes in relation to direct marketing.
Right to data portability: You have the right to ask us to transfer the personal information you have given us to you or to someone else in a format that can be read by computer.
Right to withdraw consent: You have the right to withdraw any permission you have given us to handle your personal information. If you withdraw your permission, this will not affect the lawfulness of how we used your personal information before you withdrew permission, and we will let you know if we will no longer be able to provide you with your chosen product or service.
Please note: Other than your right to object to us using your information for direct marketing (and profiling for the purposes of direct marketing), your rights are not absolute. This means they do not always apply in all cases, and we will let you know in our correspondence with you how we will be able to meet your request relating to your rights.
If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.
In order to exercise your rights, please contact us at email@example.com.