Privacy Policy - Policy Holders
MY HEALTH XTRAS PRIVACY POLICY
- POLICY HOLDERS
Your information and how we use it
My Health Xtras Limited collects and uses information from you when you apply for or hold one of our insurance policies.
My Health Xtras Limited is a limited company registered in England and Wales number 11742197. Our registered office is at 2 Charlesworth Court, Knights Way, Battlefield Enterprise Park, Shrewsbury, SY1 3AB.
You can contact us:
In writing: at our office at 2 Charlesworth Court, Knights Way, Battlefield Enterprise Park, Shrewsbury, SY1 3AB or by email at customerservices@myhealthxtras.co.uk
By telephone: on 03300 242 280.
The insurer of the policies also controls the information which we collect and process. Details of their privacy policies are available in your policy document.
We are committed to protecting your personal information. We keep your data safe and confidential, we use it only for the purposes we have told you about and we will never sell it.
We are bound by the General Data Protection Regulations and the Data Protection Act [2018] (‘‘DPA’’) as amended which govern how we may use your personal information and provides you with certain rights in respect of your information.
This Privacy Policy explains what personal details we collect or receive - from you or a third party - how we may use that information and why and your choices and rights in respect of the personal information you have given us.
It applies where we collect or receive your personal details from websites including sub-domains of mystaffshop.co.uk and any other top level domain that serves the My Staff Shop platform (online services)
The type of personal data we collect and use
We may collect the following about you:
- Contact details: your address telephone number and email address
- Personal information such as your age, gender, family relationships, health and employment details
- Details of our correspondence and discussions
- Bank account or payment card details
- Information relevant to your insurance policy
In certain circumstances we may request and/or receive "sensitive" personal information about you. For example, we may need information about your health for the purpose of providing you with a policy.
How do we collect this information
We might collect your personal data from various sources including:
From you:
We'll collect your personal information directly from you during our relationship with you, for instance is you ask us for a quote or submit an application for an insurance policy.
From other sources
We may also collect information from other sources such as:
- Your family members: for example:
- from someone who applies to add you to an insurance policy or makes claims for you under that policy
- where you may be incapacitated or unable to provide information
- Where your financial circumstances are connected to a family member seeking financial advice, such as your spouse or partner.
- Other third parties such as:
- Brokers who submit your application on your behalf
- Medical professionals and hospitals
- Group companies who host our online services
Online services
When you use our online services, we may collect details of visits made to our online services including but not limited to the volume of traffic received via cookies.
How and why we use your information : the legal basis and purpose
We mainly use personal information to provide you with the services you have requested from us but there are other reasons why we use your personal information.
Under data protection laws we are required to have a legal ground to use and process your personal information and to tell you what that is. Where we process information which is sensitive we must have an additional legal ground or apply a specific exemption for insurance purposes (this applies where we need to process your information as an essential part of insurance cover, for example, health data).
Some of the rights you have - see below - depend on the legal ground we have to use your personal information..
To provide our services: performing our contract with you
The primary reason for using your personal information, is to provide a product or service for you.
We will use your personal data to:
- Communicate with you
- Provide you with information
- Respond to your queries or complaints
- Provide you with quotes and payment options.
To improve our services : our own legitimate business interests
We also use your information for our own legitimate business interests including:
- To improve our services and their delivery, including by recording and monitoring telephone calls.
- For good governance, accounting and managing our business operations.
- To comply with our contractual obligations, for example our relationship with insurers of policies which we issue as My Health Xtras.
Where we do so we ensure that our processing does not interfere with your rights and freedoms and does not cause you harm.
To comply with legal obligations
We also use or disclose your personal information for the purposes of legal obligations with which we must comply including:
- Keeping records required by our regulators.
- The establishment and defence of legal claims: we may use your personal information to establish, exercise or defend our legal rights, for example when we are faced with any legal claims or where we want to pursue any legal claims ourselves.
When you give us your consent
In certain circumstances and to the extent necessary to provide our services, we may need to process information about you which the DPA classes as "special category data", such as information about your health.
We process special category data when you provide consent or when we need to:
- Protect, investigate, and defend legal claims
- Process data for reasons of substantial public interest.
If we need consent we will make this clear to you when you we ask for the information. If you give us consent you are free to withdraw this at any time by contacting us using the details set out above. If you do withdraw consent we will not be able to process the information you gave us for this purpose.
This does not apply to our use of information where consent in not required.
For more information see below.
Personal information we process | Why we need it | Legal grounds for processing |
Your contact details. | To communicate with you. | In order to provide you with our financial services. |
Your contact details, your age (and the age of other family members included on the policy)and sensitive personal information about your health or family members health. | To review your insurance application and provide you with a quote. | In order to provide your insurance policy. In relation to your sensitive personal information about your health or relations health where appropriate we rely on an exemption for insurance purposes applies or we ask you to consent to the processing. |
Your contact details, your age (and the age of other family members included on the policy)and sensitive personal information about your health or family members health. | To administer, provide and service your insurance policy.
| In order to provide your insurance policy. In relation to your sensitive personal information about your health or relations health where appropriate we rely on an exemption for insurance purposes applies or we ask you to consent to the processing. |
Details about you and other related parties, your product and service, meetings and conversations between you and our representatives. | Providing improved quality training: for example with respect to recorded or monitored phone calls to our contact numbers. We also use this information to help us deal with any query or complaint you have about the service you received. | We have a legitimate business interest to provide quality services which also comply with our regulatory obligations. We have a legitimate business interest to resolve complaints and to comply with regulatory obligations. |
Information about you, other related parties, your product or service. | We need to retain business records for our own management information purposes including operations such as maintaining accounting and financial records, internal audit requirements, the reporting requirements of our regulators and obtaining insurance cover for our business. | We have a legitimate business need to use this personal information to maintain appropriate records, understand our business and monitor performance. Where possible we will anonymise this information. |
Information about you, other related parties, your product or service. | To comply with legal or regulatory obligations. | It is necessary for us to comply with legal and regulatory obligations applicable to our business. Where possible we will anonymise this information. |
Your contact details, your age (and the age of other family members included on the policy) and sensitive personal information about your health or family members health including in relation to claims you have made. | We use this information to assess the performance of our products so that we can make improvements. | We have a legitimate business need to improve our services and comply with industry best practice. In relation to your sensitive personal information about your health or relations health where appropriate we rely on an exemption for insurance purposes applies or we ask you to consent to the processing. |
Who has access to it
Generally we will only use your information within My Health Xtras Limited. However there are circumstances when we need to disclose some information to third parties.
We will share your information within our group of companies in order to provide services to you. For example:
- My Staff Shop Limited hosts websites on which we offer services;
- My Staff Shop will provide email communication services to enable us to contact you about a My Health Xtras policy;
- My Staff Shop will provide a dedicated Policy Administration Account to enable us to store your policy information for your convenience.
Where you hold a My Health Xtras product we will share your information with payment processors, including your employer where you have agreed to pay your premiums by payroll deduction
We use third parties who provide us with services such as promotional email distribution.
We use third-party services or providers, such as gmail by Google, to communicate with you and store your personal data. Your personal data may, therefore, be indirectly transferred to these third parties for the purposes identified above.
We may also disclose your personal information to regulatory and ombudsman services such as the Information Commissioner's Office, the Financial Conduct Authority and the Financial Ombudsman Service.
If we sell or buy any business or assets, we may disclose personal information held by us about our customers to the prospective seller or buyer. If we are acquired, or substantially all of our assets are acquired by a third party (or subject to a reorganisation within our corporate group), personal information held by us about our customers will be one of the transferred assets and no further consent shall be sought in making such a transfer.
Processing outside the UK
Our websites are hosted in England. We also use outsourced services in countries outside the EU from time to time in other aspects of our business. Accordingly data obtained within the UK may be "processed" outside the UK and data obtained in any other country may be processed within or outside that country.
However, third-party providers or third parties, such Google, may have their servers located outside the UK in which case your personal data may be transferred outside the UK in compliance with the applicable data protection legislation. For more information, please refer to https://privacy.google.com/businesses/compliance/ in the case of Google, or contact us directly.
If you have any questions regarding the privacy policy, please contact us through the contact page.
How long do we keep hold of your information
The following criteria are used to determine how long we keep your personal data:
- Retention in case of queries: we’ll retain your personal information as long as necessary to deal with your queries.
- Retention in case of claims: we’ll retain your personal data for as long as you are entitled to bring legal claims against us.
- Retention in accordance with legal and regulatory requirements: we’ll retain your personal data based on our legal and regulatory requirements.
What are your rights
You have the following rights (free of charge) under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018:
- A right of access: you can ask us what personal data that we hold about you at any time;
- The right to rectification: you can ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge;
- The right to erasure: you can request deletion or removal of personal data
- The right to restrict processing: in certain circumstances you can ask us to stop processing your personal data, for example if you think the personal data is inaccurate or that we no longer need to your personal data.
- The right to portability: ask for the data you provided to us to be moved to another organisation
You may object to us processing any information which we carry out for our own legitimate interests or for direct marketing purposes.
All such requests must be referred to the Compliance Officer at My Health Xtras Limited using the contact details above.
Complaints about the use of personal data
Our complaints procedure
1. If you are not satisfied by our actions, you can seek recourse through our internal complaints procedure.
2. If you remain dissatisfied, you have the right to refer the matter to the Information Commissioner. The Information Commissioner can be contacted at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 01625 545 745
Fax: 01625 524 510
Their website address is https://ico.org.uk/your-data-matters/raising-concerns/