Healix Insurance Services Privacy Notice
How do we process your personal data?
We will only use your personal data to administer your insurance; to provide the products and services you have requested from us; to offer renewal terms; and for research or statistical purposes. We will also use your data to safeguard against fraud and money laundering and to comply with a legal or regulatory obligations.
Sensitive personal data
Some of the personal data, such as data relating to your health, may be required by us for the specific purposes of underwriting or as part of the claims handling process and as such is processed on the condition that it is necessary for an insurance purpose.
How do we keep your personal data secure?
Security is a high priority for us and to protect the personal data that we collect we have implemented appropriate organisational, technical, administrative and physical safeguards to protect the data from loss, misuse, and unauthorised access, disclosure, alteration and destruction. Personal data held by us is stored on our secure servers. Access controls are applied to limit access to personal data to those individuals with a need to know and a legitimate business requirement.
How do we share and disclose data to third parties?
We do not sell your personal data to anyone. We only use and disclose personal data for the purposes for which it was collected, and for purposes which are directly related to one of our functions or activities. This includes disclosing your personal data to third parties involved in any part of the administration of your insurance. We may also share and disclose data (including personal data) in the following limited circumstances:
- Where you have specifically asked or agreed for us to do so
- If it is required in order to respond to your request
- If it is required by law or regulation.
We do not share your data with any third party for marketing purposes and we never sell your data.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
How long do we keep your personal data?
Your data will not be retained for longer than is necessary to fulfil the purposes we collected it for and it will be managed in accordance with our data retention policy. In most cases, the retention period will be for a period of seven (7) years following the expiry of a contract unless we are required to retain the data for a longer period due to business, legal or regulatory requirements. In all circumstances you can ask us to delete your data.
Transferring your data outside of Europe
As part of the services offered to you, the data which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. Whenever we transfer your personal data to countries outside the EU, we will ensure that at least one of the following safeguards is implemented:
- Countries that have been deemed by the European Commission to provide an adequate level of protection for personal data;
- Where we use certain service providers, we may use specific codes of conduct, contracts or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- Transfer mechanism based on approved UK Standard Contractual Clauses or EU Standard Standard Contractual Clauses as appropriate.
Your rights and your personal data
In all circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- request a copy of your personal data which we hold about you;
- request that we correct any personal data if it is found to be misleading, inaccurate or out of date;
- request your personal data is erased Object to processing of your personal data;
- request restriction of processing of your personal data;
- request transfer of your personal data;
- withdraw consent.
You can obtain more information about these rights at https://ico.org.uk/
If you would like to exercise any of the rights set out above, please contact us using the contact details below.
Subject access right
You have the right to access personal data held about you. To do so, please contact the Data Protection Officer (details below) and provide us with the following information as a minimum:
- Your full name, address and contact telephone number;
- Any information used by us to identify or distinguish you from others with the same or similar name;
- Details of the specific information you require and any relevant dates to which that information relates.
You will not need to pay a fee to access your personal data (or exercise your other rights). However, we may charge a reasonable fee or refuse to comply with your request, if your request is repetitive or excessive.
We may ned to request further specific information from you to help us confirm your identity and ensure your right to access your personal data. We would do this as a security measure to ensure your data is not disclosed to anyone who does not have the right to receive it. We may also need to contact you to ask you for further information in relation to your request.
We aim to respond to all legitimate requests within one month. If it does take us longer, due to your request being particularly complex or you have made a number of requests, then we will let you know and keep you updated.
How to make a complaint
If you have any concerns or a complaint regarding our collection and use of your personal data, or a possible breach of your privacy, please contact the Data Protection Officer (details below).
We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
Alternatively you can complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
The Data Protection Officer at: HISPrivacy@healix.com
Or by mail: Data Protection Officer, Healix Insurance Services Limited, Healix House, Esher Green, Esher, Surrey, KT10 8AB
You can also find the regulatory information on the Healix Group of Companies at http://healix.com/regulatoryinfo