Travel Oracle App Privacy Notice
Who are we?
Healix International Limited is a provider of Travel Risk Management Services elected to provide Travel Oracle App services. Healix International Limited (Healix) has a registered address at Healix House, Esher, KT10 8AB, UK and registration number 3912483. Healix will process your personal data for the purpose of delivering the Travel Oracle App services on behalf of your employer/insurer only.
What does the Travel Oracle App do?
The Travel Oracle App provides instant access to critical insight and support before and during overseas assignments. The App provides current travel safety information, advice and real-time alerts on incidents around the world and enables you to:
- Receive breaking news alerts using location aware push notifications
- Manage a country watchlist to receive alerts for specific destinations
- Access travel safety and security information for over 200 countries worldwide
- Connect directly to the Healix operations team for emergency assistance
- Activate an emergency ‘Mayday’ function in a crisis
- Access advice and travel safety e-learning module
- Store key documents such as passport, insurance and travel visas.
The Healix Sentinel Version of the Travel Oracle App
If your employer uses Healix Sentinel Travel Tracker, you will have the enhanced Healix Sentinel version of the Travel Oracle App. This builds on the existing App functionality by sharing GPS location data with your employer, enabling rapid two-way communication in the event of a critical incident to ascertain your safety and to provide assistance if required. GPS data from the Healix Sentinel Travel Oracle App provides your employer with a real-time global view identifying applicable employees on an interactive map and allowing appropriate actions to be taken.
The Healix Sentinel Travel Oracle App also allows you to manually confirm your location via a ‘Check-in’ function.
How we collect Personal Information
Healix will collect information directly from you when you complete the registration process for the Travel Oracle App. During the registration process you will be asked to provide your name, email address, the name of your company/policy or scheme details (where applicable).
To receive notifications via SMS you must enter your mobile number in the App settings or within the Profile section of the App.
Usage data: We collect App crash analytics data to assist with troubleshooting technical issues, e-learning activity (where applicable) and device ID to link the user to their device.
Location data: With the Healix Sentinel Travel Oracle App, your location is identified using Global Positioning System (GPS) location data collected directly from the app. This requires you to activate the “Location Services” in the app. Subject to your applicable policies it is optional to turn GPS location tracking on and off. The GPS location setting can be changed at any point in the App settings under “Location Services”.
Where “Location Services” are enabled, background location data is used to determine when your device changes location to another country based on the GPS data allowing you to receive location based alerts. It will allow you to share accurate location data with your designated 3rd party contact in the event of a Mayday alert being triggered. Where your App is linked to the Travel Tracker your location data will be collected at regular intervals and stored (where enabled).
Location data, where activated, will be used even when the App is not open.
Your Personal Information
Healix always aims to minimise the amount of data processed. Healix has strict organisational and technical measures in place to protect your data at all times.
Healix relies on the legal basis listed below for processing your personal data for the purpose of providing the Travel Oracle services. Healix only process Personal Data where necessary in order to:
- Comply with a legal obligation
- Process data as may be required in the public interest, such as detecting and preventing fraud
- Pursue the legitimate interests we have as a business in a way which may reasonably be expected as part of running our business and which does not materially impact your rights (for example to improve our services).
Healix will not process any special category data.
Personal Information, Use and Disclosure
All the personal data we collect is relevant and limited to what is necessary in relation to the purposes for which it is processed, in accordance with the data minimisation principle of the GDPR Article 5(1)(c).
The tables below list the types of personal data collected by Healix, the purposes for which it is used, retention and who it is disclosed to.
Information stored by Healix
Healix will collect the data listed below to facilitate the services.
| Data type | How is it collected | Purpose | Retention | Who is it shared with |
|---|---|---|---|---|
| Name | During registration process | To identify you as an eligible user | Until the end of the legal contract with Company, then deleted | Company appointed point of contact where applicable, and/or Mayday recipient |
| Activation info /policy number | During registration process | To identify you as an eligible user | Until the end of the legal contract with Company, then deleted | Company appointed point of contact where applicable |
| Email address | During registration process | To identify you as an eligible user | Until the end of the legal contract with Company, then deleted | Company appointed point of contact where applicable, and/or Mayday recipient |
| Device ID | During registration process | To link a device to a user | Until the end of the legal contract with Company, then deleted | Not shared |
| Phone number | Manually entered in the ‘Settings’ or ‘Profile’ section of the App | To send Mayday contact in an emergency | Until the end of the legal contract with Company, then deleted | Company appointed point of contact where applicable, and/or Mayday recipient |
| eLearning score (where applicable) | When completing available eLearning training | To document completion of training | Until the end of the legal contract with Company, then deleted | Company appointed point of contact where applicable |
| GPS location | Automatically collected if your employer uses Sentinel Tracking and you have Location Services enabled | To enable your employer to identify your location and contact you to establish if you require assistance. To enable Healix to automatically send you alerts for the country you are currently in without having to sign up for the country specific alerts | 12 months* from collection then anonymised *12 months is the standard retention timeframe however your employer may wish to change this | Company appointed point of contact where applicable, and/or Mayday recipient |
| Travel itinerary data | Automatic data feeds from travel providers to Healix | To enable your employer to identify your location and contact you to establish if you require assistance. To enable Healix to automatically send you alerts for the country you are currently in without having to sign up for the country specific alerts | 12 months* from collection then anonymised *12 months is the standard retention timeframe however your employer may wish to change this | Company appointed point of contact where applicable |
| Mayday emergency information: GPS location, images, audio | If you trigger a Mayday alert, this information will be sent to Healix | To provide support as required | 30 days after the Mayday alert is triggered | Company appointed point of contact where applicable, and/or Mayday recipient |
| Location (country name only) | Based on GPS location of the device | Location-based alerts functionality | Until the end of the legal contract with Company, then deleted | Not shared |
Information stored on the App
When registering with the App, you have access to the ‘Profile & Documents’ section which allows you to choose to enter personal data and upload important travel related documents such as passport and medical information for safe storage. Your profile and documents should always be secured by a PIN set by you, which can be done within the ‘App Settings’. You can update this section when you want and provide as much information as you choose.
The information in this section is only saved on your device. Healix has no access to this data.
| Data | How is it collected | Purpose | Retention | Who is it shared with |
|---|---|---|---|---|
| Profile data including gender, DOB, address, nationality, passport details, height, weight | If you complete ‘Personal Profile’ section | For your personal use | Until you uninstall the App | Not shared |
| Documents: Any documents that you chose to upload or photograph | If you complete ‘Personal Profile’ section | For your personal use | Until you uninstall the App | Not shared |
| Medical: any medical information that you chose to add | If you complete ‘Personal Profile’ section | For your personal use | Until you uninstall the App | Not shared |
| Mayday emergency contact where difference from PoC | If you complete ‘Mayday’ section | To enable the Mayday servic | Until you uninstall the App | Not shared |
Cookies
When you use the App, Healix may collect personal data from you automatically using cookies, which are small text files that can be placed on your device that allows us to recognise who you are. For further information on cookies please see the Healix Privacy and Cookies Policies.
Transfer of personal data
Where necessary in order to provide the service, we will transfer your personal data cross border for the purposes and to the recipients outlined in the table above. This will include any country in which you or the employer is receiving the services, as applicable.
How we store data
Your personal information is held on secure servers in the UK. Healix always aim to minimise the amount of data processed and has strict organisational and technical measures in place to protect your data at all times in compliance with our ISO27001 Certification, best practice information security and the General Data Protection Regulation.
How long we keep the personal data
Healix will keep a record of the personal data for the duration of the contractual engagement with the Client and will anonymise GPS location data, travel itinerary data and usage data after 12 months*. When the contractual agreement comes to an end. the access to the App will be disabled, and all associated records will be securely deleted.
*12 months is the standard retention timeframe however your employer may wish to change this.
You can delete the App from the mobile device at any time, however this will not result in deletion of the App account. Please contact your employer to request deletion of the App account, which will result in all information stored by Healix and all information stored in the App to be deleted with immediate effect.
Your Rights
You have the right to:
- Request to access a copy of the personal data held by Healix.
- Request correction of the information if it is inaccurate.
- Request completion or clarify the information if it is incomplete or equivocal.
- Request erasure of information if it has been collected without adherence to legal requirements.
- Complain if you consider Healix has breached its privacy obligations.
Subject Access Right
You have the right to access personal data held about you. To do so you must provide a written request to Healix including as much information as possible (reference number, dates, specific issue etc.) to enable us to comply with your request as quickly as possible. Please see contact details below.
How to make a complaint
If you have any concerns or a complaint regarding our collection and use of your personal data, or a possible breach of your privacy, please send them to: privacy@healix.com or write to us at the address listed below.
We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
If you do not believe your complaint is managed appropriately you have the right to escalate the complaint to the Data Protection Authority. In the UK you can make a complaint to the Information Commissioner, who is the UK independent regulator at: casework@ico.org.uk
Please contact the Data Protection Officer using the Contact Details below if you require any further information regarding your rights.
Contact details
Any questions, comments or requests regarding this policy should be addressed to the Data Protection Officer at: privacy@healix.com
Or by mail:
Group Data Protection Officer
Healix, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK
You can also find the regulatory information on the Healix Group of Companies here.