One HMG Healthline Privacy Notice
Who we are
The One HMG HealthLine Team is the contracted provider for the One HMG contract managed by the FCDO on behalf of the FCDO and other Partners across Government (the employer), elected to manage the overseas healthcare of staff and dependants. The One HMG HealthLine is managed by Healix International Limited (Healix) with registered address at Healix House, Esher, KT10 8AB, UK. Healix will process your personal data, as a Data Controller, for the purpose of overseeing overseas healthcare.
Your personal information
In order to provide the services Healix will collect personal data such as, but not limited to, contact-, identification and location information and sensitive personal data such as your health information.
Healix always aim to minimise the amount of data processed and in particular the sensitive personal data. Healix has strict organisational and technical measures in place to protect your data at all times.
Healix rely on the following legal basis for processing your personal and sensitive personal data for the purpose of overseeing overseas healthcare. Healix only process Personal Data where necessary in order to:
- Comply with a legal obligation;
- Process data as may be required in the public interest, such as detecting and preventing fraud;
- Pursue the legitimate interests we have as a business in a way which may reasonably be expected as part of running our business and which does not materially impact your rights (for example to improve our services).
Healix will process special category data when:
- Processing is necessary for the purpose of the management of health or social care systems and services.
- You have provided explicit consent;
- Processing is necessary to protect your vital interests or those of another individual and you are not physically or legally capable of giving consent;
- Processing is necessary for the establishment, exercise or defence of legal claims;
- Processing data may be required in the public interest, such as detection and prevention of fraud.
Sharing your personal information
When you complete the medical screening, Healix staff will use this information to assess the risk associated with your posting or duty travelling. The result of the medical clearance, but no details of the medical information, will be shared with the employer.
In certain circumstances, it may be necessary to share additional information to support the assessment or the ongoing management of overseeing overseas healthcare. Where possible, Healix will obtain your explicit consent before sharing any medical information with the employer. In very rare cases there may be a need to share minimal case specific information with the FCDO as the lead Partner Across Government.
Healix rely on your consent to:
- Obtain additional medical records from your GP;
- Share your personal data with the employer;
- Share your personal data with the FCDO;
- Discuss your case with a family member or friend.
The consent may be obtained verbally over the phone or by written communication. Consent can be withdrawn at any time up until the moment the personal data is collected/ disclosed. You can withdraw your consent verbally or by sending an email containing the relevant information to privacy@healix.com or sending a letter to Healix Group Data Protection Officer as detailed below.
Personal information, use and disclosure
The following table lists the main types, but not all, of personal data collected by Healix, the
purposes for which it is used and who it is disclosed to.
Personal Data
| What is it used for?
(Purpose) | Who is it disclosed to? |
Contact information such as name, address, email address, telephone number, date of birth, reference numbers, other contact or identification information | To positively identify you, confirm eligibility and communicate with you in order to provide the service. | Persons or organisations involved in providing you with services, or components of services, including occupational health provider, medical professionals such as doctors, nurses and non-medical support staff as necessary. Agents working with local medical providers or on our behalf to, for example, arrange translation services or evaluation of the local medical facilities. |
Health information including your medical history, prescriptions, dental information, NHS referrals, any current conditions you may be suffering, any restrictions on travel, your diagnosis and prognosis, and details of medical treatment received or recommended. | To enable Healix to provide the requested service including safeguarding and security. | Persons or organisations involved in providing you with services, or components of services, including occupational health provider, medical professionals such as doctors, nurses and non-medical support staff as necessary. |
Costs associated with medical treatment. | To enable Healix to provide the requested service. | Organisations involved in the payments systems including financial institutions, merchants and payment organisations. |
Healix may furthermore disclose limited personal data to:
- Public authorities in order to comply with legal and regulatory obligations such as fraud and money laundering prevention.
- Organisations involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including maintaining or upgrading our computer systems. Access is always limited by organisational and technical access controls.
Collection
Whenever it is reasonable or practicable to do so, Healix will collect your personal data directly from you. Healix will also collect information from the treating medical professional as necessary to manage any medical cases for the purpose of overseeing overseas healthcare.
International transfer
Where necessary in order to provide the service, we will transfer your personal data cross border for the purposes and to the recipients outlined in the table above. This will include any country in which you or the employer is receiving the services, as applicable.
Children
Healix will collect personal data from dependants under the age of 16 but will only do so with the consent of the holder of parental responsibility over the child. If we learn that we have collected personal data from a child under the age of 16 without the appropriate consent, we will take action to delete that information as quickly as possible.
Your rights
You have the right to:
- Request access to a copy of the personal data held by Healix.
- Request to correct information if it is inaccurate.
- Request completion or clarification of the information if it is incomplete or equivocal.
- Request erasure of the information if it has been collected without adherence to legal requirements.
- Complain if you consider Healix has breached its privacy obligations.
Subject access right
You have the right to request access to personal data held about you. The preferred method is for you to provide a written request to Healix including as much information as possible (reference number, dates, specific issue etc.) to enable us to comply with your request as quickly as possible. Please see contact details below.
How to make a complaint
If you have any concerns or a complaint regarding our collection and use of your personal data, or a possible breach of your privacy, please send them to: privacy@healix.com or write to us at the address listed below.
We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
If you do not believe your complaint is managed appropriately you have the right to escalate the complaint to the Data Protection Authority. You can make a complaint to the Information Commissioner, who is the UK independent regulator at casework@ico.org.uk. Please contact the Data Protection Officer using the Contact Details below if you require any further information regarding your rights.
Contact Details
Any questions, comments or requests regarding this policy should be addressed to the Data
Protection Officer at: privacy@healix.com
Or by mail:
Group Data Protection Officer Healix, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK
You can also find the regulatory information on the Healix Group of Companies here.
Website Traffic
In order to improve our website structure and functionality, we count the number of visitors and how visitors move around the website. More specifically, we are tracking the following fully anonymised information:
- Masked 2 byte(s) IPs - e.g. 192.168.xxx.xxx
- Date and time of a page request
- Title of the page being viewed (Page Title)
- URL of the page being viewed (Page URL)
- URL of the page that was viewed prior to the current page (Referrer URL)
- Screen resolution being used
- Time in local user’s timezone
- Files that were clicked and downloaded (Download)
- Links to an outside domain that were clicked (Outlink)
- Pages generation time/Page speed (the time it takes for webpages to be generated by the webserver and then downloaded by the user)
- Main Language of the browser being used (Accept-Language header)
- User Agent of the browser being used (User-Agent header)
We are not collecting personal data