The purpose of this policy is to explain how we collect, use, store and otherwise process your Personal Data when we provide services to you, when you use this website and other interactions that may impact your rights in relation to your Personal Data. Healix is committed to safeguarding and respecting your privacy rights by ensuring a high standard of data protection and information security as demonstrated by our ISO27001 Certification which covers all services provided by Healix as well as compliance with applicable laws (including the General Data Protection Regulation).
We aim to be transparent in our approach and make the relevant information available to you in a user friendly format. We have labelled the sections of the policy to make it easy to navigate. Please click on the subjects below to find out more details.
Healix International Ltd, Healix House, Esher Green, Esher, KT10 8AB, UK.
Healix Medical Services Ltd, Healix House, Esher Green, Esher, KT10 8AB, UK.
Healix International Risk Management Services Ltd, Esher Green, Esher, KT10 8AB, UK.
Healix New Zealand Ltd, Suite 8 40 Srrenway Drive, Rosedale, Auckland, New Zealand 0632.
Healix Assistance International Pte Ltd, 11 Collyer Quay, #09-04, The Arcade, Singapore 049317.
HX Global Inc, 101 Federal Street, Suite 1900, Boston, MA 02110, USA.
Healix Health Services Ltd, Healix House, Esher Green, Esher, KT10 8AB, UK.
Healix Insurance Services Ltd, Healix House, Esher Green, Esher, KT10 8AB, UK.
For more information please visit https://healix.com/regulatoryinfo
Healix will process your Personal Data in order to provide the following services as applicable to you:
- International Medical Assistance
- Travel Assistance, Travel Claims Management
- Third Party Medical Claims
- Medical Trust Administration
- Medical Screening Services
- Global Security and Assistance Services
- Insurance Broking Services
- Managing General Underwriting (MGU) insurance.
We will only process your Personal Data for the specific service relevant for you.
To enable us to provide the services we will collect information that is relevant for the services that you receive, enabling us to identify you as an eligible individual and the benefits you are eligible to receive.
This may include:
- Personal details and contact details: such as name, address, email address, telephone number, business email address and telephone number, date of birth, reference numbers, reasons for travelling; as required to identify you as eligible. Employment details (where the service delivery is related to your employer): employee ID, User ID, hire date, job title, termination date, work location and address, business unit and organizational information, etc.
- Benefit entitlement: such as policy reference number, scheme number or other reference information
- Banking details, where it is necessary to reimburse you
- Geo location data: Location information such as flight details, hotel reservations, hospital or clinic as necessary to manage your case and GPS location where you have agreed to share these.
In order for us to provide the services we may need to collect the following special categories of Personal Data limited to the requirement of your individual circumstances:
- Health information, medical records, and patient data: Health information including medical history, vaccination history, any current conditions, any restrictions on travel, diagnosis and prognosis, and details of medical treatment received or recommended
- Details of treating medical professionals and any relevant associated reports or information such as third party medical opinions or advice. Costs associated with medical treatment and repatriation
- Photo/Video data (images, videos) where required for performing the service, such as dental images or scans
- Religious or philosophical beliefs or political opinion: specific religious information as it pertains to appropriateness of treatments or to repatriation of mortal remains, cremation at point of death etc.
- Data concerning sex life, where it is relevant for the service provision.
When using the website or for Marketing purposes
When you access our website we will collect certain information automatically from your device that is categorised as Personal Data. This includes information such as your IP address, unique device identity numbers, device type, browser type, geographic location, pages access and links clicked.
When you use the Contact Us Now option or subscribe to our mailing list we collect such Personal Data as your name, contact details and company details and country if you wish.
We will collect Personal Data directly from you where possible but will also collect from and share data with relevant third parties such as:
- Treating medical professionals and service providers such as doctors, hospitals, ambulances, air ambulances and non-medical support staff as required to provide the relevant service
- Persons or organisations involved in providing you with services, or components of services such as airline medical clearance departments, occupational health providers, employees, agents, sub-contractors, professional advisors (and any other persons or bodies having a legal right or duty to have access to or knowledge of Personal Data)
- Relevant underwriter of the policy, their intermediaries, brokers and elected claims handlers as required
- Local agents, providing for example, translation services, evaluation of the local medical facilities, security consultation or local ground support or cost containment companies managing the financial aspects of your case
- Your GP where we need to understand previous medical conditions
- Family members, friends or other third parties, including next of kin, where appropriate and agreed with you and where you have authorised us to deal with them on your behalf
- Your employer where the service is related to your employment where the sharing of information is necessary and either based on your consent or to protect your vital interest
- Companies within the Healix Group
- Organisations providing the payment systems including financial institutions, merchants and payment organisations.
Healix may further be required to exchange Personal Data with the following third parties:
- Public authorities in order to comply with legal and regulatory obligations such as fraud and money laundering prevention and persons/organisations involved in provision of medical treatment, hospital accommodation, public health administration and disease control for the administration of public health. Information will be anonymised where possible
- Organisations involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including maintaining or upgrading our computer systems. Access is always limited by organisational and technical access controls.
When will we collect your Personal Data?
- We will collect Personal Data from you when you contact us to notify us of a claim, create an account or register for our services. We may collect Personal Data from a third party if they are managing the claim on your behalf (for example if you authorised the person to act on your behalf).
We may use your Personal Data for the following activities:
- To set you up as a user/member/patient and open a case, a claim or an account
- To provide the actual services referred to in the section: “What Service do we perform where we need to process your data?”
- To communicate with you about the services including responding to your enquiries, concerns and complaints
- To comply with our legal and regulatory obligations
- To defend or prosecute legal claims
- To investigate or prosecute fraud; and/or
- When you sign up for marketing communications.
Healix only process Personal Data where necessary in order to:
- Comply with any applicable contractual obligations
- Comply with a legal obligation
- Process data as may be required in the public interest, such as detecting and preventing fraud
- Pursue the legitimate interests we have as a business in a way which may reasonably be expected as part of running our business and which does not materially impact your rights (for example to improve our services). This may include using your Personal Data to send you marketing information and your cookie data to identify and analyse trends on our website.
Healix will also process special category data when:
- You have provided explicit consent
- For the purpose of administration of a claim and is necessary for reasons of substantial public interest, such as management of an insurance policy
- Processing is necessary to protect your vital interests or those of another individual and you are not physically or legally capable of giving consent
- Processing is necessary for the establishment, exercise or defence of legal claims
- Processing data may be required in the public interest, such as detection and prevention of fraud.
We take appropriate technical, organisational, administrative and physical precautions to secure your Personal Data and to prevent unauthorised access, loss, misuse or alteration and preserve data integrity.
Your Personal Data is stored on secure servers in the UK. We always aim to minimise the amount of data processed and have strict measures in place to protect your Personal Data at all times in compliance with our ISO27001 Certification, best practice information security, the General Data Protection Regulation and with regard to medical information, in accordance with Confidentiality: Good Practice in Handling Patient Information issued by the UK General Medical Council.
Access controls are applied to limit access to Personal Data to those with a “Need to Know” and for legitimate business requirements. We regularly monitor our system for possible vulnerabilities and attacks, carrying out penetration testing to identify methods to further strengthen the security of our systems.
Healix will transfer your Personal Data to the relevant third parties as needed in order to provide the required services. We have to share relevant Personal Data with the treating medical professional and other third party recipients in the location where you are receiving the service and as required. If you are located abroad when requesting our services, this will mean that we will transfer your Personal Data cross border to meet your requirements.
Our data protection and retention policies and procedures are designed to ensure we comply with our legal obligations. We will only retain your Personal Data for as long as is reasonably necessary for the purposes referred to in the section: “What will we use the Personal Data for?” There may be circumstances where we will have to retain your Personal Data for longer periods of time where for example we are required to do so to comply with legal and regulatory obligations including tax or accounting requirements.
We will always keep your Personal Data securely and will apply our data retention policy to ensure it is not kept for longer than is required.
We do not use your Personal Data for any processing activities that may result in automated decisions being taken that legally affect you or can significantly affect you. Any decisions made about you will always require the involvement of a human being.
Healix recognises the need to provide further privacy protection with respect to children under the age of 13 Personal Data. The services we provide are not directly aimed at children but children as a family member of an eligible individual may require the benefit of the services. Children under the age of 13 or equivalent minimum age in the relevant jurisdiction are not permitted to create accounts or provide Healix with their Personal Data without the permission of their parent or legal guardian. Healix does not knowingly collect Personal Data from anyone under the age of 13 without the knowledge and approval of the parent or legal guardian.
When you apply for a role or provide your information for future consideration, Healix will process your personal data as described in this section.
Purpose and Legal Basis for processing
- The purpose for processing your information is to assess your suitability for the role you have applied for or any other related roles that may suit your capabilities/experience.
- The legal basis we rely on for this processing of your personal data is GDPR Art 6(1)(b); processing is necessary for the performance of a contract or to take steps at your request, before entering into a contract.
- The legal basis we rely on for the processing of special categories of personal data such as health, religious or ethnic information is GDPR Art 9(2)(b) processing is necessary for the purpose of carrying out our obligations in employment and safeguarding your fundamental rights and freedoms. The Data Protection Act 2018 Schedule 1 part 1(1) and (2)(a) and (b) relating to processing for employment, the assessment of your working capacity and preventative or occupational medicine applies.
What information do we ask you for?
We only collect the information needed to fulfil our stated purposes. You do not have to provide all the information we ask for but it may affect your application if you don’t.
This information will include:
- Contact and identification information; such as name, email and phone number.
- Experience; education, work experience, referees and role specific information.
This information will be shared with HR employees and hiring managers. Hiring managers will only have access to shortlisted applications.
We will also collect equal opportunities information (optional); such as age, sex, race, disability, religion or belief, sexual orientation and pregnancy/maternity. This information will only ever be accessed by HR employees and will be used to produce and monitor equal opportunities statistics.
We may ask you to participate in telephone interviews or attend an interview in the office.
For some roles psychometric assessments may be required which include personality and aptitude assessments.
If you are not successful we will ask if you would like us to retain your information for consideration for other opportunities.
How will we use the information?
We will use all the information you provide during the recruitment process to assess your suitability for the role, progress your application with a view to offering you an employment contract with us, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide with any third parties for marketing purposes.
How long do we keep it?
We will maintain a copy of your application and associated documents for a period of one year after you are registered on our recruitment portal. Any data held after this point will require your consent. For successful applicants relevant data will be transferred to your HR file. When you leave employment with us we will retain information in line with statutory requirements and best practice.
What are cookies?
Cookies are small text files containing a string of alphanumeric characters that are stored on the hard drive of your computer, which are transferred from our website and stored on your device. When you visit the site again, the cookie allows that site to recognise your browser. This can make the site more efficient.
How can I control cookies?
How can you manage your cookie settings?
The ‘Help’ menu in the toolbar of most web browsers will offer guidance on how to change your browser cookie settings. For more information about cookies and instructions on how to adjust your browser settings, please see the http://www.aboutcookies.org or https://ico.org.uk/for-the-public/online/cookies.
Analytics cookies are used to gather this information, which is grouped with other user information obtained from cookies. This allows us to view the overall patterns of usage, to improve how our website pages work. Information obtained from cookies is used to assist with our promotional and marketing efforts, to fulfil our legitimate business interests.
Types of cookies
Strictly necessary cookies: These are essential for the effective operation and delivery of our website. For example, to allow us to respond to your actions on the website or to retain your cookie preferences so that analytics cookies are not set for you if you choose not to accept this tracking.
Analytics cookies: Our website uses web analytic cookies provided by Google Analytics and HubSpot, both trusted web analytics platforms. These cookies collect information that is used in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are.
Social networking cookies: These cookies are used to enable you to share pages and content that you find interesting on our website through third party social networking and other websites.
Other tracking technologies
We employ a technology called clear gifs (also known as Web Beacons or Pixels) which help us to better manage the website and our email service by checking performance. Small image files with unique identifiers are embedded invisibly on pages and emails, which web browsers and email readers automatically download when accessed which allows the tracking of online movements. We may also use clear gifs in HTML-based emails sent to our users to track which emails are opened by recipients. This information is used to enable more accurate reporting and improve the effectiveness of our marketing and website.
Disclaimer for website
We make every effort to ensure that the information contained on our website is complete and accurate, but shall not be liable for any errors, omissions or misleading statements on our websites pages or any site to which these pages connect. Anything on our website is for information purposes only and to provide a method to communicate with users. We reserve the right to make amendments and changes to the information on our website at any time.
Under Data Protection legislation, you have rights in regards to your Personal Data. You can exercise your rights at any time by contacting the Healix Group Data Protection Officer (details are provided at the end of this policy). You have the right to:
- Withdraw consent. Where we are relying on your consent to process your Personal Data, you have the right to change your mind and withdraw that consent
- Request rectification of your Personal Data held by us if it is inaccurate
- Request that we erase the Personal Data if it has been collected without adherence to legal requirements or is no longer needed, in accordance with this policy
- Request restrictions to the data processing activity in situations where you believe we no longer need to process your Personal Data
- Complain if you consider we have breached our privacy obligations (see “Contacting Healix or making a complaint”, below).
You have the right to stop the use of your Personal Data for direct marketing activity. You can opt out of receiving promotional or marketing communication from us at any time by using the ‘Unsubscribe’ function provided in all promotional material sent to you.
Alternatively, you can contact us at firstname.lastname@example.org with the word “UNSUBSCRIBE” in the subject field of the email. If you make such objection, we will cease to process your Personal Data for this purpose. Please allow 5 working days for the changes to take effect.
Subject Access Right
You have the right to access Personal Data held about you. To exercise this right we would prefer that you provide a written request to us including as much information as possible (dates, specific issue etc.) to enable us to comply with your request as quickly as possible. You can however also make a verbal request. In responding to your access request we will confirm what data we process and what we use it for, who we share it with, how we collected it and how long we keep it.
To make an access request please contact us using the contact details below under the section “Contacting Healix or make a complaint”.
Please contact us if you have any questions about anything in this document or think that your Personal Data has been misused or mishandled:
- Email: email@example.com, or
- Letter: Healix Group Data Protection Officer, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK.
We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your communication to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
If you do not believe your complaint is managed appropriately you have the right to escalate the complaint to your national data protection supervisory authority if you do not believe Healix has addressed your concerns. If you are located in the UK the independent regulator is the Information Commissioners Office: firstname.lastname@example.org