Travel Oracle App Privacy Notice

This Privacy Notice explains what personal data we will collect from you, what purposes we will process it for and who we will share what data with. Healix will process personal data on behalf of your employer/insurer collected via the App. If you have any questions about your employer’s/insurer’s use of your personal data, please contact your employer’s/insurer’s Data Protection Officer and/or Travel Manager.
Last updated: 12th February 2024

Who are we?

Healix International Limited is a provider of Travel Risk Management Services elected to provide Travel Oracle App services. Healix International Limited (Healix) has a registered address at Healix House, Esher, KT10 8AB, UK and registration number 3912483. Healix will process your personal data for the purpose of delivering the Travel Oracle App services on behalf of your employer/insurer only.


What does the Travel Oracle App do?

The Travel Oracle App provides instant access to critical insight and support before and during overseas assignments. The App provides current travel safety information, advice and real-time alerts on incidents around the world and enables you to:

  • Receive breaking news alerts using location aware push notifications
  • Manage a country watchlist to receive alerts for specific destinations
  • Access travel safety and security information for over 200 countries worldwide
  • Connect directly to the Healix operations team for emergency assistance
  • Activate an emergency ‘Mayday’ function in a crisis
  • Access advice and travel safety e-learning module
  • Store key documents such as passport, insurance and travel visas.

The Healix Sentinel Version of the Travel Oracle App

If your employer uses Healix Sentinel Travel Tracker, you will have the enhanced Healix Sentinel version of the Travel Oracle App. This builds on the existing App functionality by sharing GPS location data with your employer, enabling rapid two-way communication in the event of a critical incident to ascertain your safety and to provide assistance if required. GPS data from the Healix Sentinel Travel Oracle App provides your employer with a real-time global view identifying applicable employees on an interactive map and allowing appropriate actions to be taken.

The Healix Sentinel Travel Oracle App also allows you to manually confirm your location via a ‘Check-in’ function.


How we collect Personal Information

Healix will collect information directly from you when you complete the registration process for the Travel Oracle App. During the registration process you will be asked to provide your name, email address, the name of your company/policy or scheme details (where applicable).

To receive notifications via SMS you must enter your mobile number in the App settings or within the Profile section of the App.

Usage data: We collect App crash analytics data to assist with troubleshooting technical issues, e-learning activity (where applicable) and device ID to link the user to their device.

Location data: With the Healix Sentinel Travel Oracle App, your location is identified using Global Positioning System (GPS) location data collected directly from the app. This requires you to activate the “Location Services” in the app. Subject to your applicable policies it is optional to turn GPS location tracking on and off. The GPS location setting can be changed at any point in the App settings under “Location Services”.

Where “Location Services” are enabled, background location data is used to determine when your device changes location to another country based on the GPS data allowing you to receive location based alerts. It will allow you to share accurate location data with your designated 3rd party contact in the event of a Mayday alert being triggered. Where your App is linked to the Travel Tracker your location data will be collected at regular intervals and stored (where enabled).

Location data, where activated, will be used even when the App is not open.


Your Personal Information

Healix always aims to minimise the amount of data processed. Healix has strict organisational and technical measures in place to protect your data at all times.

Healix relies on the legal basis listed below for processing your personal data for the purpose of providing the Travel Oracle services. Healix only process Personal Data where necessary in order to:

  • Comply with a legal obligation
  • Process data as may be required in the public interest, such as detecting and preventing fraud
  • Pursue the legitimate interests we have as a business in a way which may reasonably be expected as part of running our business and which does not materially impact your rights (for example to improve our services).

Healix will not process any special category data.


Personal Information, Use and Disclosure

All the personal data we collect is relevant and limited to what is necessary in relation to the purposes for which it is processed, in accordance with the data minimisation principle of the GDPR Article 5(1)(c).

The tables below list the types of personal data collected by Healix, the purposes for which it is used, retention and who it is disclosed to.

Information stored by Healix

Healix will collect the data listed below to facilitate the services.

Data typeHow is it collectedPurposeRetentionWho is it shared with
NameDuring registration processTo identify you as an eligible userUntil the end of the legal contract with Company, then deletedCompany appointed point of contact where applicable, and/or Mayday recipient
Activation info /policy numberDuring registration processTo identify you as an eligible userUntil the end of the legal contract with Company, then deletedCompany appointed point of contact where applicable
Email addressDuring registration processTo identify you as an eligible userUntil the end of the legal contract with Company, then deletedCompany appointed point of contact where applicable, and/or Mayday recipient
Device IDDuring registration processTo link a device to a userUntil the end of the legal contract with Company, then deleted

Not shared

Phone numberManually entered in the ‘Settings’ or ‘Profile’ section of the AppTo send Mayday contact in an emergencyUntil the end of the legal contract with Company, then deletedCompany appointed point of contact where applicable, and/or Mayday recipient
eLearning score (where applicable)When completing available eLearning trainingTo document completion of trainingUntil the end of the legal contract with Company, then deletedCompany appointed point of contact where applicable
GPS locationAutomatically collected if your employer uses Sentinel Tracking and you have Location Services enabledTo enable your employer to identify your location and contact you to establish if you require assistance. To enable Healix to automatically send you alerts for the country you are currently in without having to sign up for the country specific alerts

12 months* from collection then anonymised

*12 months is the standard retention timeframe however your employer may wish to change this

Company appointed point of contact where applicable, and/or Mayday recipient
Travel itinerary dataAutomatic data feeds from travel providers to HealixTo enable your employer to identify your location and contact you to establish if you require assistance. To enable Healix to automatically send you alerts for the country you are currently in without having to sign up for the country specific alerts

12 months* from collection then anonymised

*12 months is the standard retention timeframe however your employer may wish to change this

Company appointed point of contact where applicable
Mayday emergency information: GPS location, images, audioIf you trigger a Mayday alert, this information will be sent to HealixTo provide support as required30 days after the Mayday alert is triggeredCompany appointed point of contact where applicable, and/or Mayday recipient
Location (country name only)Based on GPS location of the deviceLocation-based alerts functionalityUntil the end of the legal contract with Company, then deletedNot shared

Information stored on the App

When registering with the App, you have access to the ‘Profile & Documents’ section which allows you to choose to enter personal data and upload important travel related documents such as passport and medical information for safe storage. Your profile and documents should always be secured by a PIN set by you, which can be done within the ‘App Settings’. You can update this section when you want and provide as much information as you choose.

The information in this section is only saved on your device. Healix has no access to this data.

DataHow is it collectedPurposeRetentionWho is it shared with
Profile data including gender, DOB, address, nationality, passport details, height, weightIf you complete ‘Personal Profile’ sectionFor your personal useUntil you uninstall the AppNot shared
Documents: Any documents that you chose to upload or photographIf you complete ‘Personal Profile’ sectionFor your personal useUntil you uninstall the AppNot shared
Medical: any medical information that you chose to addIf you complete ‘Personal Profile’ sectionFor your personal useUntil you uninstall the AppNot shared
Mayday emergency contact where difference from PoCIf you complete ‘Mayday’ sectionTo enable the Mayday servicUntil you uninstall the AppNot shared

Cookies

When you use the App, Healix may collect personal data from you automatically using cookies, which are small text files that can be placed on your device that allows us to recognise who you are. For further information on cookies please see the Healix Privacy and Cookies Policies.


Transfer of personal data

Where necessary in order to provide the service, we will transfer your personal data cross border for the purposes and to the recipients outlined in the table above. This will include any country in which you or the employer is receiving the services, as applicable.


How we store data

Your personal information is held on secure servers in the UK. Healix always aim to minimise the amount of data processed and has strict organisational and technical measures in place to protect your data at all times in compliance with our ISO27001 Certification, best practice information security and the General Data Protection Regulation.


How long we keep the personal data

Healix will keep a record of the personal data for the duration of the contractual engagement with the Client and will anonymise GPS location data, travel itinerary data and usage data after 12 months*. When the contractual agreement comes to an end. the access to the App will be disabled, and all associated records will be securely deleted.

*12 months is the standard retention timeframe however your employer may wish to change this.

You can delete the App from the mobile device at any time, however this will not result in deletion of the App account. Please contact your employer to request deletion of the App account, which will result in all information stored by Healix and all information stored in the App to be deleted with immediate effect. 


Your Rights

You have the right to:

  • Request to access a copy of the personal data held by Healix.
  • Request correction of the information if it is inaccurate.
  • Request completion or clarify the information if it is incomplete or equivocal.
  • Request erasure of information if it has been collected without adherence to legal requirements.
  • Complain if you consider Healix has breached its privacy obligations.

Subject Access Right

You have the right to access personal data held about you. To do so you must provide a written request to Healix including as much information as possible (reference number, dates, specific issue etc.) to enable us to comply with your request as quickly as possible. Please see contact details below.


How to make a complaint

If you have any concerns or a complaint regarding our collection and use of your personal data, or a possible breach of your privacy, please send them to: privacy@healix.com or write to us at the address listed below.

We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

If you do not believe your complaint is managed appropriately you have the right to escalate the complaint to the Data Protection Authority. In the UK you can make a complaint to the Information Commissioner, who is the UK independent regulator at: casework@ico.org.uk

Please contact the Data Protection Officer using the Contact Details below if you require any further information regarding your rights.


Contact details

Any questions, comments or requests regarding this policy should be addressed to the Data Protection Officer at: privacy@healix.com

Or by mail:

Group Data Protection Officer
Healix, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK

You can also find the regulatory information on the Healix Group of Companies here.

A new version of this website is available.