This Privacy Policy explains what personal data we will collect from you, what purposes we will process it for and who we will share what data with. Healix will process personal data on behalf of your employer/insurer collected via the app. If you have any questions about your employer’s/insurer’s use of your personal data, please contact your employer’s/insurer’s Data Protection Officer and/or Travel Manager.
Who are we?
Healix International Limited is a provider of Travel Risk Management Services elected to provide Travel Oracle App services. Healix International Limited (Healix) has a registered address at Healix House, Esher, KT10 8AB, UK and registration number 3912483. Healix will process your personal data for the purpose of delivering the Travel Oracle App services on behalf of your employer/insurer only.
What does the Travel Oracle App do?
The Travel Oracle app provides instant access to critical insight and support before and during overseas assignments. The app provides current travel safety information, advice and real-time alerts on incidents around the world and enables you to:
- Receive breaking news alerts using location aware push notifications
- Manage a country watchlist to receive alerts for specific destinations
- Access travel safety and security information for over 200 countries worldwide
- Connect directly to the Healix operations team for emergency assistance
- Activate an emergency ‘Mayday’ function in a crisis
- Access advice and travel safety e-learning module
- Store key documents such as passport, insurance and travel visas.
The Healix Sentinel Version of the Travel Oracle App
If your employer uses Healix Sentinel Travel Tracker, you will have the enhanced Healix Sentinel version of the Travel Oracle App. This builds on the existing app functionality by sharing GPS location data with your employer, enabling rapid two-way communication in the event of a critical incident to ascertain your safety and to provide assistance if required. GPS data from the Healix Sentinel Travel Oracle App provides your employer with a real-time global view identifying applicable employees on an interactive map and allowing appropriate actions to be taken.
The Healix Sentinel Travel Oracle App also allows you to manually confirm your location via a ‘Check-in’ function.
How we collect Personal Information
Healix will collect information directly from you when you complete the registration process for the Travel Oracle App. During the registration process you will be asked to provide your name, email address, the name of your company/policy or scheme details (where applicable).
To receive notifications via SMS you must enter your mobile number in the app settings or within the Profile section of the app.
Usage data: We collect App crash analytics data to assist with troubleshooting technical issues, e-learning activity (where applicable) and device ID to link the user to their device.
Location data: With the Healix Sentinel Travel Oracle App, your location is identified using Global Positioning System (GPS) location data collected directly from the app. This requires you to activate the “Location Services” in the app. Subject to your applicable policies it is optional to turn GPS location tracking on and off. The GPS location setting can be changed at any point in the app settings under “Location Services”.
Where “Location Services” are enabled, background location data is used to determine when your device changes location to another country based on the GPS data allowing you to receive location based alerts. It will allow you to share accurate location data with your designated 3rd party contact in the event of a Mayday alert being triggered. Where your App is linked to the Travel Tracker your location data will be collected at regular intervals and stored (where enabled).
Location data will be used even when the App is not open.
Your Personal Information
Healix always aims to minimise the amount of data processed. Healix has strict organisational and technical measures in place to protect your data at all times.
Healix relies on the legal basis listed below for processing your personal data for the purpose of providing the Travel Oracle services. Healix only process Personal Data where necessary in order to:
- Comply with a legal obligation
- Process data as may be required in the public interest, such as detecting and preventing fraud
- Pursue the legitimate interests we have as a business in a way which may reasonably be expected as part of running our business
- and which does not materially impact your rights (for example to improve our services).
Healix will not process any special category data.
Personal Information, Use and Disclosure
All the personal data we collect is relevant and limited to what is necessary in relation to the purposes for which it is processed, in accordance with the data minimisation principle of the GDPR Article 5(1)(c).
The tables below list the types of personal data collected by Healix, the purposes for which it is used, retention and who it is disclosed to.
Information stored by Healix
Healix will collect the data listed below to facilitate the services.
Data type: Name
How is it collected: During registration process
Purpose: To identify you as an eligible user
Retention: Until the end of the legal contract with Company, then deleted
Who is it shared with: Company appointed point of contact where applicable, and/or Mayday recipient
Data type: Activation info /policy number
How is it collected: During registration process
Purpose: To identify you as an eligible user
Retention: Until the end of the legal contract with Company, then deleted
Who is it shared with: Company appointed point of contact where applicable
Data type: Email address
How is it collected: During registration process
Purpose: To identify you as an eligible user
Retention: Until the end of the legal contract with Company, then deleted
Who is it shared with: Company appointed point of contact where applicable, and/or Mayday recipient
Data type: Device ID
How is it collected: During registration process
Purpose: To link a device to a user
Retention: Until the end of the legal contract with Company, then deleted
Who is it shared with: Not shared
Data type: Phone number
How is it collected:
Manually entered in the ‘Settings’ or ‘Profile’ section of the App
Purpose: To send Mayday contact in an emergency
Retention: Until the end of the legal contract with Company, then deleted
Who is it shared with: Company appointed point of contact, and/or Mayday recipient
Data type: eLearning score (where applicable)
How is it collected: When completing available eLearning training
Purpose: To document completion of training
Retention: Until the end of the legal contract with Company, then deleted
Who is it shared with: Company appointed point of contact where applicable
Data type: GPS location
How is it collected: Automatically collected if your employer uses Sentinel Tracking and you have Location Services enabled
Purpose: To enable your employer to identify your location and contact you to establish if you require assistance. To enable Healix to automatically send you alerts for the country you are currently in without having to sign up for the country specific alerts
Retention: 12 months* from collection then anonymised
*12 months is the standard retention timeframe however your employer may wish to change this
Who is it shared with: Company appointed point of contact where applicable, and/or Mayday recipient
Data type: Travel itinerary data
How is it collected: Automatic data feeds from travel providers to Healix
Purpose: To enable your employer to identify your location and contact you to establish if you require assistance. To enable Healix to automatically send you alerts for the country you are currently in without having to sign up for the country specific alerts
Retention: 12 months* from collection then anonymised
*12 months is the standard retention timeframe however your employer may wish to change this
Who is it shared with: Company appointed point of contact where applicable
Data type: Mayday emergency information: GPS location, images, audio
How is it collected: If you trigger a Mayday alert, this information will be sent to Healix
Purpose: To provide support as required
Retention: 30 days after the Mayday alert is triggered
Who is it shared with: Company appointed point of contact where applicable, and/or Mayday recipient
Data type: Location (country name only)
How is it collected: Based on GPS location of the device
Purpose: Location-based alerts functionality
Retention: Until the end of the legal contract with Company, then deleted
Who is it shared with: Not shared
Information stored on the App
When registering with the App, you have access to the ‘Profile & Documents’ section which allows you to choose to enter personal data and upload important travel related documents such as passport and medical information for safe storage. Your profile and documents should always be secured by a PIN set by you, which can be done within the ‘App Settings’. You can update this section when you want and provide as much information as you choose.
The information in this section is only saved on your device. Healix has no access to this data.
Data type: Profile data including gender, DOB, address, nationality, passport details, height, weight
How is it collected: If you complete ‘Personal Profile’ section
Purpose: For your personal use
Retention: Until you uninstall the App
Who is it shared with: Not shared
Data type: Documents: Any documents that you chose to upload or photograph
How is it collected: If you complete ‘Personal Profile’ section
Purpose: For your personal use
Retention: Until you uninstall the App
Who is it shared with: Not shared
Data type: Medical: any medical information that you chose to add
How is it collected: If you complete ‘Personal Profile’ section
Purpose: For your personal use
Retention: Until you uninstall the App
Who is it shared with: Not shared
Data type: Mayday emergency contact where difference from PoC
How is it collected: If you complete ‘Mayday’ section
Purpose: To enable the Mayday service
Retention: Until you uninstall the App
Who is it shared with: Not shared
Cookies
When you use the app, Healix may collect personal data from you automatically using cookies, which are small text files that can be placed on your device that allows us to recognise who you are. For further information on cookies please see the Healix Privacy and Cookies Policy: https://healix.com/privacy-and-cookies/
Transfer of personal data
Where necessary in order to provide the service, we will transfer your personal data cross border for the purposes and to the recipients outlined in the table above. This will include any country in which you or the employer is receiving the services, as applicable.
How we store data
Your personal information is held on secure servers in the UK. Healix always aim to minimise the amount of data processed and has strict organisational and technical measures in place to protect your data at all times in compliance with our ISO27001 Certification, best practice information security and the General Data Protection Regulation.
How long we keep the personal data
Healix will keep a record of the personal data for the duration of the contractual engagement with the Client and will anonymise GPS location data, travel itinerary data and usage data after 12 months*. When the contractual agreement comes to an end the access to the app will be disabled and all associated records will be securely deleted.
*12 months is the standard retention timeframe however your employer may wish to change this.
Your Rights
You have the right to:
- Request to access a copy of the personal data held by Healix.
- Request correction of the information if it is inaccurate.
- Request completion or clarify the information if it is incomplete or equivocal.
- Request erasure of information if it has been collected without adherence to legal requirements.
- Complain if you consider Healix has breached its privacy obligations.
Subject Access Right
You have the right to access personal data held about you. To do so you must provide a written request to Healix including as much information as possible (reference number, dates, specific issue etc.) to enable us to comply with your request as quickly as possible. Please see contact details below.
How to make a complaint
If you have any concerns or a complaint regarding our collection and use of your personal data, or a possible breach of your privacy, please send them to: privacy@healix.com or write to us at the address listed below.
We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
If you do not believe your complaint is managed appropriately you have the right to escalate the complaint to the Data Protection Authority. In the UK you can make a complaint to the Information Commissioner, who is the UK independent regulator at: casework@ico.org.uk
Please contact the Data Protection Officer using the Contact Details below if you require any further information regarding your rights.
Contact details
Any questions, comments or requests regarding this policy should be addressed to the Data Protection Officer at: privacy@healix.com
Or by mail:
Group Data Protection Officer
Healix, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK
You can also find the regulatory information on the Healix Group of Companies at https://healix.com/regulatoryinfo.
This Privacy Policy is subject to regular review and was last updated January 2022.