Healix MemberZone Privacy Notice
Who are we?
Healix Health Services Limited is a provider of medical healthcare packages including flexible corporate healthcare trusts plans designed to meet the different needs of employees. Healix Health Services Limited (Healix) has a registered address at Healix House, Esher, KT10 8AB, UK and registration number 3945478.
Healix will process your personal data for the purpose of providing and improving the Healix MemberZone and ‘My Healix’ services.
What is Healix MemberZone?
Healix MemberZone is an online portal where you register and then log in or log in using Single Sign On. You will then have access to a dashboard with different tiles representing the services included in your Corporate Health Trust membership benefits. By clicking on the tile you will be taken to the different services.
What is ‘My Healix’?
‘My Healix’ is a native mobile application where you register and then log in to access services. You will have access to the following services included in your membership benefits via the ‘My Health’ section of the application as listed in the table below:
Service | Details | Provided by |
---|---|---|
Member Booklet | Information about your scheme, what is included and contact details. | Healix Health Services |
Make a Claim/ Claims Portal | Information about your scheme, what is included and contact details. | Healix Health Services |
Virtual GP Service | Book an online session with a GP. | This service is provided by Teladoc Health UK Ltd. Teladoc Health UK Ltd has a registered address at Aspect House Floor 5, 84-87 Queens Road, Brighton, England, BN1 3XE, company registration number is 05739281. |
Digital wellbeing platform | Champion Health – an online platform aimed at promoting health, reduce stress and improve contentment. | This service is provided by Champion Health Ltd. with a registered address at Physitrack PLC, 6th Floor 125 London Wall, London, United Kingdom, EC2Y 5AS, company registration number is 11456257. |
Health assessment | A series of clinical tests, measurements and examinations which aim to form a report of your current health and wellbeing status, offering helpful information on how to make positive lifestyle changes to help you achieve your goals. | You can chose between the following providers: Nuffield and Bupa. |
Perci Health Limited | 1:1 expert support for cancer patients | This service is provided by Perci Health Limited, whose registered office is 1 Vincent Square, London SW1p 2PN, UK, company registration No. 12402935. |
MyGymDiscounts scheme | Access to discounts codes on gym memberships. | This service is provided by Incorpore Limited, whose registered office is at 40 Folders Lane, Burgess Hill, West Sussex, RH15 0DR, company registration number is 03997432. |
Musculoskeletal (MSK) Triage Service | Digital MSK triage tool called Phio provided via mobile phone App or computer. | This service is provided by EQL Limited who has a registered address at Speed Medical House, Matrix Park, Chorley, Lancashire, England, PR7 7NA, company registration number 11806513. |
Mental Health Triage Service | Digital mental health triage service called Limbic provided via mobile phone App or computer. | This service is provided by MindRight Limited who has a registered address at Speed Medical House, Matrix Park, Chorley, Lancashire, England, PR7 7NA, company registration number 12880185. |
Healix will share your membership data (name, address, email, phone number and date of birth) with EQL, MindRight, Babylon, Affinity Financial Network UK and Nuffield to enable the service providers to identify you as an eligible user and facilitate a seamless customer journey. Healix will receive invoices and usage data to facilitate payments, create treatment plans and update your case notes.
Clicking the tile will take you to the service or provide you with the relevant information you need to access the service. Where the service is provided outside of the Healix domain, you will be presented with a new service-specific Privacy Notice.
You will have access to the MemberZone,‘My Healix’ App and the included service offerings 24/7 from any location.
Healix ConneX
For Healix ConneX services, please see https://healix.com/healix_conn...
How we collect Personal Information
For the purpose of setting up this scheme your employer will provide us with all of the relevant information we need to be able to identify you as a member. Your employer is the Data Controller for this information.
When you use the services we will collect usage information and if you make a claim we will collect information directly from you to ensure we have all the relevant information for the purpose of helping you and providing the best service. We may need to collect additional information from your treating medical professionals in order to process your claim. If this is necessary, we will require additional consent from you.
Legal basis
We rely on the following legal basis for processing your personal and sensitive personal data for the purpose of providing the Services:
- For the purpose of management of health systems and services;
- Where processing is necessary for the purpose of the legitimate interests pursued by Healix;
Where processing is necessary for the establishment, exercise or defence of legal claims; - Processing data may be required in the public interest, such as detection and prevention of fraud.
Healix rely on your consent to:
- Obtain additional medical records from your treating medical professional;
- Share your personal data with the employer;
- Discuss your case with a family member or friend.
You should know that consent can be withdrawn at any time by sending an email containing the relevant information to the Healix Claims Team. We will endeavour to stop the processing activity but you should be aware that where a claim has been opened or where information has been disclosed the processing activity cannot be reversed or stopped. We will retain a copy of your data for evidence and compliance with applicable legal obligations.
What Information, Purpose and Disclosure
The following table lists the types of personal information collected by us, the purposes for which it is used and who it is disclosed to.
Personal information | Purpose | Who it is disclosed to |
---|---|---|
Contact information such as name, address, email address, telephone number, date of birth, reference numbers, other contact or identification information. | To positively identify and communicate with you in order to provide and improve the service requested. | Persons or organisations involved in providing you with services, or components of services, employees, agents, sub-contractors, professional advisors (and any other persons or bodies having a legal right or duty to have access to or knowledge of personal data). |
Health information including your medical history, vaccination history, any current conditions you may be suffering, your diagnosis and prognosis, and details of medical treatment received or recommended. | To enable us to provide the requested service and to confirm applicable cover where required. | Persons or organisations involved in providing you with services, or components of services, employees, agents, sub-contractors, professional advisors (and any other persons or bodies having a legal right or duty to have access to or knowledge of personal data). |
Details of treating medical professionals, any associated reports or information. | To enable us to provide the requested service and to confirm eligibility of services or applicable cover where required. | Persons or organisations involved in providing you with services, or components of services, employees, agents, sub-contractors, professional advisors (and any other persons or bodies having a legal right or duty to have access to or knowledge of personal data). |
Healix may furthermore disclose limited personal data to:
Public authorities in order to comply with legal and regulatory obligations such as public health, fraud and money laundering prevention.
Organisations involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including maintaining or upgrading our computer systems. Access is always limited by organisational and technical access controls.
Sharing Personal Information
We will only share personal information with third parties for the purposes described in the table above. We will not disclose medical information about you or your dependants to your employer or Trustee without your consent. Only in exceptional circumstances where there is a legal requirement will we disclose medical information to third parties or family members without explicit consent.
International Transfer
We will not transfer your data outside of the UK.
How we store data
Personal information is held on our secure servers in the UK.
We always aim to minimise the amount of data processed and in particular sensitive personal data. We have strict organisational and technical measures in place to protect your data at all times in compliance with our ISO27001 Certification, best practice information security, the UK GDPR and Medical Confidentiality Guidelines.
Cookies
When you use the app, Healix may collect personal data from you automatically using cookies, which are small text files that can be placed on your device that allows us to recognise who you are. For further information on cookies please see the Healix Cookies Policies.
Your Rights
You have the right to:
- Request access to a copy of the personal information held by us.
- Request the correction of the information if it is factually inaccurate.
- Request the completion or clarification of the information if it is incomplete or
equivocal. - Request the erasure of your personal data if it has been collected in breach of the Principles of the Data Protection or if it is irrelevant or excessive.
- Complain if you consider Healix has breached its privacy obligations.
Subject Access Right
You have the right to access Personal Information held about you. To do so you must provide a written request to us including as much information as possible (reference number, dates, specific issue etc.) to enable us to comply with your request as quickly as possible. Please see contact details below.
How to Make a Complaint
If you have any concerns or a complaint regarding our collection and use of your personal data, or a possible breach of your privacy, please send them to: privacy@healix.com or write to us at the address listed below.
We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your request to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your request is resolved in a timely and appropriate manner.
If you do not believe your request is managed appropriately you have the right to escalate the request to the Data Protection Authority. In the UK you can make a complaint to the Information Commissioner, the UK independent regulator at casework@ico.org.uk
Please contact the Data Protection Officer using the Contact Details below if you require any further information regarding your rights.
Contact details
Any questions, comments or requests regarding this policy should be addressed to the Data Protection Officer at: privacy@healix.com
Or by mail:
Group Data Protection Officer
Healix, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK
You can also find the regulatory information on the Healix Group of Companies here.
Website Traffic
In order to improve our website structure and functionality, we count the number of visitors and how visitors move around the website. More specifically, we are tracking the following fully anonymised information:
- Masked 2 byte(s) IPs - e.g. 192.168.xxx.xxx
- Date and time of a page request
- Title of the page being viewed (Page Title)
- URL of the page being viewed (Page URL)
- URL of the page that was viewed prior to the current page (Referrer URL)
- Screen resolution being used
- Time in local user’s timezone
- Files that were clicked and downloaded (Download)
- Links to an outside domain that were clicked (Outlink)
- Pages generation time/Page speed (the time it takes for webpages to be generated by the webserver and then downloaded by the user)
- Main Language of the browser being used (Accept-Language header)
- User Agent of the browser being used (User-Agent header)
We are not collecting personal data