AXA XL Protect & Assist App Privacy Policy
Who are we?
Healix International Limited is a provider of Travel Risk Management Services elected to provide AXA XL Protect & Assist App services. Healix International Limited (Healix) has a registered address at Healix House, Esher, KT10 8AB, UK and registration number 3912483. Healix will process your personal data for the purpose of delivering the AXA XL Protect & Assist App services on behalf of your insurer only.
What does the AXA XL Protect & Assist App do?
The AXA XL Protect & Assist app provides instant access to critical insight and support before and during overseas assignments. The app provides current travel safety information, advice and real-time alerts on incidents around the world and enables you to:
- Receive breaking news alerts using location aware push notifications
- Manage a country watchlist to receive alerts for specific destinations
- Access travel safety and security information for over 200 countries worldwide
- Connect directly to the Healix operations team for emergency assistance
- Activate an emergency ‘Mayday’ function in a crisis
- Access advice and travel safety e-learning module
- Store key documents such as passport, insurance and travel visas.
How we collect Personal Information?
Healix will collect information directly from you when you complete the registration process for the AXA XL Protect & Assist App. During the registration process you will be asked to provide your name, email address, the name of your company/policy or scheme details (where applicable).
Usage data: We collect App crash analytics data to assist with troubleshooting technical issues, e-learning activity (where applicable) and device ID to link a user to their device.
Location data: With the AXA XL Protect & Assist App, your location is identified using Global Positioning System (GPS). This requires you to activate the “Location Services” in the app. Subject to your applicable policies it is optional to turn GPS location tracking on and off. The GPS location setting can be changed at any point in the app settings under “Location Services”.
Where “Location Services” are enabled, background location data is used to determine when your device changes location to another country based on the GPS data allowing you to receive location based alerts. It will allow you to share accurate location data with your designated 3rd party contact in the event of a Mayday alert being triggered. GPS location data is only stored where the user has activated the emergency Mayday feature.
Location data will be used even when the App is not open.
Your Personal Information
Healix always aims to minimise the amount of data processed. Healix has strict organisational and technical measures in place to protect your data at all times.
Healix relies on the legal basis listed below for processing your personal data for the purpose of providing the AXA XL Protect & Assist services. Healix only process Personal Data where necessary in order to:
- Comply with a legal obligation
- Process data as may be required in the public interest, such as detecting and preventing fraud
- Pursue the legitimate interests we have as a business in a way which may reasonably be expected as part of running our business and which does not materially impact your rights (for example to improve our services).
Healix will not process any special category data.
Personal Information, Use and Disclosure
All the personal data we collect is relevant and limited to what is necessary in relation to the purposes for which it is processed, in accordance with the data minimisation principle of the GDPR Article 5(1)(c).
The tables below list the types of personal data collected by Healix, the purposes for which it is used, retention and who it is disclosed to.
Information stored by Healix
Healix will collect the data listed below to facilitate the services.
Data type: | How it is collected: | Purpose | Retention: | Who is it shared with: |
---|---|---|---|---|
Name | During registration process | To identify you as an eligible user | Until the end of the legal contract with Company, then deleted | Company appointed point of contact where applicable, and/or Mayday recipient |
Activation info /policy number | During registration process | To identify you as an eligible user | Until the end of the legal contract with Company, then deleted | Company appointed point of contact where applicable |
Email address | During registration process | To identify you as an eligible user | Until the end of the legal contract with Company, then deleted | Company appointed point of contact where applicable, and/or Mayday recipient |
Device ID | Manually entered in the ‘Settings’ or ‘Profile’ section of the App | To send Mayday contact in an emergency | Until the end of the legal contract with Company, then deleted | Company appointed point of contact, and/or Mayday recipient |
Phone number | Manually entered in the ‘Settings’ or ‘Profile’ section of the App | To send Mayday contact in an emergency | Until the end of the legal contract with Company, then deleted | Company appointed point of contact, and/or Mayday recipient |
eLearning score (where applicable) | When completing available eLearning training | To document completion of training | Until the end of the legal contract with Company, then deleted | Company appointed point of contact where applicable |
Mayday emergency information: GPS location, images, audio | If you trigger a Mayday alert, this information will be sent to Healix | To provide support as required | 30 days after the Mayday alert is triggered | Company appointed point of contact where applicable, and/or Mayday recipient |
Location (country name only) | Based on GPS location of the device | Location-based alerts functionality | Until the end of the legal contract with Company, then deleted | Not shared |
Information stored on the App
When registering with the App, you have access to the ‘Profile & Documents’ section which allows you to choose to enter personal data and upload important travel related documents such as passport and medical information for safe storage. Your profile and documents should always be secured by a PIN set by you, which can be done within the ‘App Settings’. You can update this section when you want and provide as much information as you choose.
The information in this section is only saved on your device. Healix has no access to this data.
Data type | How is it collected | Purpose | Retention | Who is it shared with: |
---|---|---|---|---|
Profile data including gender, DOB, address, nationality, passport details, height, weight | If you complete ‘Personal Profile’ section | For your personal use | Until you uninstall the App | Not shared |
Documents: Any documents that you chose to upload or photograph | If you complete ‘Personal Profile’ section | For your personal use | Until you uninstall the App | Not shared |
Medical: any medical information that you chose to add | If you complete ‘Personal Profile’ section | For your personal use | Until you uninstall the App | Not shared |
Mayday emergency contact where difference from PoC | If you complete ‘Mayday’ section | To enable the Mayday service | Until you uninstall the App | Not shared |
Cookies
When you use the app, Healix may collect personal data from you automatically using cookies, which are small text files that can be placed on your device that allows us to recognise who you are. For further information on cookies please see the Healix Privacy and Cookies Policies.
Transfer of personal data
Where necessary in order to provide the service, we will transfer your personal data cross border for the purposes and to the recipients outlined in the table above. This will include any country in which you or the employer is receiving the services, as applicable.
How we store data
Your personal information is held on secure servers in the UK. Healix always aim to minimise the amount of data processed and has strict organisational and technical measures in place to protect your data at all times in compliance with our ISO27001 Certification, best practice information security and the General Data Protection Regulation.
How long we keep the personal data
Healix will keep a record of the personal data for the duration of the contractual engagement with the Client. When the contractual agreement comes to an end, access to the app will be disabled, and all associated records will be securely deleted.
You have the right to delete your App account by choosing the ‘Delete your account’ option in the Settings section of the App. By deleting your App account, all information stored by Healix and all information stored on the App will be deleted with immediate effect.
Your Rights
You have the right to:
- Request to access a copy of the personal data held by Healix.
- Request correction of the information if it is inaccurate.
- Request completion or clarify the information if it is incomplete or equivocal.
- Request erasure of information if it has been collected without adherence to legal requirements.
- Complain if you consider Healix has breached its privacy obligations.
Subject Access Right
You have the right to access personal data held about you. To do so you must provide a written request to Healix including as much information as possible (reference number, dates, specific issue etc.) to enable us to comply with your request as quickly as possible. Please see contact details below.
How to make a complaint
If you have any concerns or a complaint regarding our collection and use of your personal data, or a possible breach of your privacy, please send them to: privacy@healix.com or write to us at the address listed below.
We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
If you do not believe your complaint is managed appropriately you have the right to escalate the complaint to the Data Protection Authority. In the UK you can make a complaint to the Information Commissioner, who is the UK independent regulator at: casework@ico.org.uk
Please contact the Data Protection Officer using the Contact Details below if you require any further information regarding your rights.
Contact details
Any questions, comments or requests regarding this policy should be addressed to the Data Protection Officer at: privacy@healix.com
Or by mail:
Group Data Protection Officer
Healix, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK
You can also find the regulatory information on the Healix Group of Companies here.