Safe Travel by Cigna App Privacy Policy

This Privacy Policy explains what personal data we will collect from you, what purposes we will process it for and who we will share what data with. Healix will process personal data on behalf of your employer/insurer collected via the app. If you have any questions about your employer’s/insurer’s use of your personal data, please contact your employer’s/insurer’s Data Protection Officer and/or Travel Manager.

Who are we?

Healix International Limited is a provider of Travel Risk Management Services elected to provide Safe Travel by Cigna App services. Healix International Limited (Healix) has a registered address at Healix House, Esher, KT10 8AB, UK and registration number 3912483. Healix will process your personal data for the purpose of delivering the Safe Travel by Cigna App services on behalf of your employer/insurer only.

What does the Safe Travel by Cigna App do?

The Safe Travel by Cigna app provides instant access to critical insight and support before and during overseas assignments. The app provides current travel safety information, advice and real-time alerts on incidents around the world and enables you to:

  • Receive breaking news alerts using location aware push notifications
  • Manage a country watchlist to receive alerts for specific destinations
  • Access travel safety and security information for over 200 countries worldwide
  • Connect directly to the Healix operations team for emergency assistance
  • Activate an emergency ‘Mayday’ function in a crisis
  • Access advice and travel safety e-learning module
  • Store key documents such as passport, insurance and travel visas.

How we collect Personal Information

Healix will collect information directly from you when you complete the registration process for the Safe Travel by Cigna App. During the registration process you will be asked to provide your name, email address, the name of your company/policy or scheme details (where applicable).

Usage data: We collect App crash analytics data to assist with troubleshooting technical issues, e-learning activity (where applicable) and device ID to link a user to their device.

Location data: With the Safe Travel by Cigna App, your location is identified using Global Positioning System (GPS). This requires you to activate the “Location Services” in the app. Subject to your applicable policies it is optional to turn GPS location tracking on and off. The GPS location setting can be changed at any point in the app settings under “Location Services”.

Where “Location Services” are enabled, background location data is used to determine when your device changes location to another country based on the GPS data allowing you to receive location based alerts. It will allow you to share accurate location data with your designated 3rd party contact in the event of a Mayday alert being triggered. GPS location data is only stored where the user has activated the emergency Mayday feature.

Location data will be used even when the App is not open.

Your Personal Information

Healix always aims to minimise the amount of data processed. Healix has strict organisational and technical measures in place to protect your data at all times.

Healix relies on the legal basis listed below for processing your personal data for the purpose of providing the Safe Travel by Cigna services. Healix only process Personal Data where necessary in order to:

  • Comply with a legal obligation
  • Process data as may be required in the public interest, such as detecting and preventing fraud
  • Pursue the legitimate interests we have as a business in a way which may reasonably be expected as part of running our business
  • and which does not materially impact your rights (for example to improve our services).

Healix will not process any special category data.

Personal Information, Use and Disclosure

All the personal data we collect is relevant and limited to what is necessary in relation to the purposes for which it is processed, in accordance with the data minimisation principle of the GDPR Article 5(1)(c).

The tables below list the types of personal data collected by Healix, the purposes for which it is used, retention and who it is disclosed to.

Information stored by Healix

Healix will collect the data listed below to facilitate the services.

Data type: Name

How is it collected: During registration process

Purpose: To identify you as an eligible user

Retention: Until the end of the legal contract with Company, then deleted

Who is it shared with: Company appointed point of contact where applicable, and/or Mayday recipient

Data type: Activation info /policy number

How is it collected: During registration process

Purpose: To identify you as an eligible user

Retention: Until the end of the legal contract with Company, then deleted

Who is it shared with: Company appointed point of contact where applicable

Data type: Email address

How is it collected: During registration process

Purpose: To identify you as an eligible user

Retention: Until the end of the legal contract with Company, then deleted

Who is it shared with: Company appointed point of contact where applicable, and/or Mayday recipient

Data type: Device ID

How is it collected: During registration process

Purpose: To link a device to a user

Retention: Until the end of the legal contract with Company, then deleted

Who is it shared with: Not shared

Data type: Phone number

How is it collected: 

Manually entered in the ‘Settings’ or ‘Profile’ section of the App

Purpose: To send Mayday contact in an emergency

Retention: Until the end of the legal contract with Company, then deleted

Who is it shared with: Company appointed point of contact, and/or Mayday recipient

Data type: eLearning score (where applicable)

How is it collected: When completing available eLearning training

Purpose: To document completion of training

Retention: Until the end of the legal contract with Company, then deleted

Who is it shared with: Company appointed point of contact where applicable

Data type: Mayday emergency information: GPS location, images, audio

How is it collected: If you trigger a Mayday alert, this information will be sent to Healix

Purpose: To provide support as required

Retention: 30 days after the Mayday alert is triggered

Who is it shared with: Company appointed point of contact where applicable, and/or Mayday recipient

Data type: Location (country name only)

How is it collected: Based on GPS location of the device

Purpose: Location-based alerts functionality

Retention: Until the end of the legal contract with Company, then deleted

Who is it shared with: Not shared

Information stored on the App

When registering with the App, you have access to the ‘Profile & Documents’ section which allows you to choose to enter personal data and upload important travel related documents such as passport and medical information for safe storage. Your profile and documents should always be secured by a PIN set by you, which can be done within the ‘App Settings’. You can update this section when you want and provide as much information as you choose.

The information in this section is only saved on your device. Healix has no access to this data.

Data type: Profile data including gender, DOB, address, nationality, passport details, height, weight

How is it collected: If you complete ‘Personal Profile’ section

Purpose: For your personal use

Retention: Until you uninstall the App

Who is it shared with: Not shared

Data type: Documents: Any documents that you chose to upload or photograph

How is it collected: If you complete ‘Personal Profile’ section

Purpose: For your personal use

Retention: Until you uninstall the App

Who is it shared with: Not shared

Data type: Medical: any medical information that you chose to add

How is it collected: If you complete ‘Personal Profile’ section

Purpose: For your personal use

Retention: Until you uninstall the App

Who is it shared with: Not shared

Data type: Mayday emergency contact where difference from PoC

How is it collected: If you complete ‘Mayday’ section

Purpose: To enable the Mayday service

Retention: Until you uninstall the App

Who is it shared with: Not shared

Cookies

When you use the app, Healix may collect personal data from you automatically using cookies, which are small text files that can be placed on your device that allows us to recognise who you are. For further information on cookies please see the Healix Privacy and Cookies Policy: https://healix.com/privacy-and-cookies/

Transfer of personal data

Where necessary in order to provide the service, we will transfer your personal data cross border for the purposes and to the recipients outlined in the table above. This will include any country in which you or the employer is receiving the services, as applicable.

How we store data

Your personal information is held on secure servers in the UK. Healix always aim to minimise the amount of data processed and has strict organisational and technical measures in place to protect your data at all times in compliance with our ISO27001 Certification, best practice information security and the General Data Protection Regulation.

How long we keep the personal data

Healix will keep a record of the personal data for the duration of the contractual engagement with the Client. When the contractual agreement comes to an end the access to the app will be disabled and all associated records will be securely deleted.

Your Rights

You have the right to:

  • Request to access a copy of the personal data held by Healix.
  • Request correction of the information if it is inaccurate.
  • Request completion or clarify the information if it is incomplete or equivocal.
  • Request erasure of information if it has been collected without adherence to legal requirements.
  • Complain if you consider Healix has breached its privacy obligations.

Subject Access Right

You have the right to access personal data held about you. To do so you must provide a written request to Healix including as much information as possible (reference number, dates, specific issue etc.) to enable us to comply with your request as quickly as possible. Please see contact details below.

How to make a complaint

If you have any concerns or a complaint regarding our collection and use of your personal data, or a possible breach of your privacy, please send them to: privacy@healix.com or write to us at the address listed below.

We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

If you do not believe your complaint is managed appropriately you have the right to escalate the complaint to the Data Protection Authority. In the UK you can make a complaint to the Information Commissioner, who is the UK independent regulator at: casework@ico.org.uk

Please contact the Data Protection Officer using the Contact Details below if you require any further information regarding your rights.

Contact details

Any questions, comments or requests regarding this policy should be addressed to the Data Protection Officer at: privacy@healix.com

Or by mail:

Group Data Protection Officer
Healix, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK

You can also find the regulatory information on the Healix Group of Companies at https://healix.com/regulatoryinfo.

This Privacy Policy is subject to regular review and was last updated January 2022.