1. WHO DOES THIS PRIVACY NOTICE APPLY TO?

This privacy notice applies to individuals who:

• Join UK Healthcare by becoming a member or purchasing a product or service.
• Agree to receiving marketing communications from us.
• Access our website.
• Visit our offices.
• Apply to work for us.

2. WHO ARE WE?

“UK Healthcare” (referred to in this policy as “we”, “us” and “our”) is:

Bolton and District Hospital Saturday Council

Westfield House

60 Charter Row

Sheffield

S1 3FZ

Company Number: 00518573

ICO Registration Number: Z5979687

3. HOW TO CONTACT US

We have appointed a Data Protection Officer (DPO), who can be contacted in the following ways should you have any questions or feedback about the way your data is processed:

Email:                            dpo@westfieldhealth.com

Mail:                                Data Protection Officer

Bolton and District Hospital Saturday Council

Westfield House

60 Charter Row

Sheffield

S1 3FZ

4. WHERE WE COLLECT YOUR PERSONAL DATA FROM

We get information about you from the following sources:

• Directly from you.
• From your employer.
• From the main policy holder.
• From practitioners who have provided services to you.
• CCTV footage and other recordings.

5. WHAT DATA DO WE COLLECT AND HOW DO WE USE IT?

We collect, use, store and process the following information, which we have categorised and grouped together as follows:

PROVIDING AND IMPROVING OUR PRODUCTS AND SERVICES

We collect or use the following information to provide and improve our products and services:

• Names and contact details (address, telephone number or email address)
• Gender
• Date of birth
• Dependents data (such as family members or other relevant parties)
• Claims information (e.g. treatments and receipts for those treatments)
• Bank account details (for us to pay our claims)
• Pre-existing medical conditions
• Information relating to compliments and complaints
• Usage data (how you interact with and use our website, products and services)
• Transaction data (details about payments and details of products and services)
• Audio recordings (e.g. calls)
• Vulnerable customer identifiers
• Website user account information and access
• Website user journeys and experiences

DEALING WITH QUERIES, COMPLAINTS OR CLAIMS

We collect or use the following personal information for dealing with queries, complaints or claims:

• Names and contact details (address, telephone number or email address)
• Account information
• Purchase or service history
• Call recordings
• Relevant information from previous investigations or reviews
• Policyholder accounts and records
• Financial transaction information
• Correspondence
• Claims information
• Pre-existing medical conditions
• Any other personal data relevant to the query, complaint or claim.

MARKETING AND RESEARCH

We collect or use the following personal information for information updates or marketing and research purposes:

• Name and contact details (address, telephone number or email address)
• Marketing preferences
• Profile information
• Survey responses
• Feedback questionnaires

PREVENTION OR DETECTION OF CRIME

We collect or use the following information for the prevention, detection, investigation and prosecution of crimes (e.g. fraud):

• Names and contact details (address, telephone number or email address)
• Account information
• Purchase or service history
• Call recordings
• Relevant information from previous investigations or reviews
• Policyholder accounts and records
• Financial transaction information
• Correspondence
• Claims information
• Pre-existing medical conditions
• Any other personal data relevant to the prevention or detection of crime.

RECRUITMENT

We collect or use the following personal information for recruitment purposes:

• Names and contact details (address, telephone number or email address)
• Curriculum Vitae (CV)
• Employment history (e.g. job application and employment references)
• Education history (e.g. qualifications)
• Right to Work Information

WHEN VISITING OUR OFFICES

We collect or use the following personal information for physical security purposes, when you visit our offices:

• CCTV footage.
• Names and contact details (e.g. name, car registration, contact number etc.)

6. LAWFUL PROCESSING CONDITIONS

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

7. YOUR DATA PROTECTION RIGHTS

The lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

YOUR DATA PROTECTION RIGHTS

• Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.

• Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.

• Your right to erasure – You have the right to ask us to delete your personal information. You can read more about this right here.

• Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information. You can read more about this right here.

• Your right to object to processing – You have the right to object to the processing of your personal data. You can read more about this right here.

• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.

• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Profiling and Automated Decision Making

We may use profiling to enable us to give you the best possible service, so that we can produce more relevant and tailored communications by having a deeper understanding of your behaviours, interests and personal preferences.

You have the right not to be subject to a decision based solely on automated processing, which has legal effects for you or affects you in any other significant way. We ensure that there are simple ways for you to request human intervention or challenge an automated decision. We also carry out regular checks to ensure that our systems and processes are working as intended.

8. DATA SHARING

We will share personal data with a limited number of third parties in the following circumstances for them to perform specific services for us:

• To provide the benefits and services for which you have applied and receive.
• To verify your identity and check your details.
• To authorise payments and any other transactions.
• To underwrite certain products offered by us, this may include personal data, such as health and medical conditions for claims processed under your plan.
• To prevent and detect fraud. This will include the recording and monitoring of Special Category data, such as health and medical conditions for all claims processed under your plan.
• To handle complaints and improve customer service.
• To provide marketing activities on behalf of UK Healthcare.
• To perform our regulatory responsibilities. This will include sharing specific information with The Financial Ombudsman Service and regulatory authorities such as the Financial Conduct Authority, the Information Commissioner’s Office and the Prudential Regulation Authority.
• To provide us with professional advice and specialist services. This includes but is not limited to: auditors, actuaries, banking, legal, insurance and accounting services.
• To provide reports to your employer. Specifically for members with policies arranged by a company or offered via an employer we may share data with that employer, where appropriate.
• To provide us with IT support and maintenance. Service providers and partners who provide IT and system administration services, support services and commissioned services.
• IT systems and cloud hosting providers (e.g. Cloud CRM providers and cloud backups).

We’ll never make your personal data available to anyone outside UK Healthcare for them to use for their own marketing purposes without your prior consent.

9. INTERNATIONAL TRANSFERS

Your information is stored and processed within the UK and Europe.

In the future, should we transfer personal data overseas, we will ensure that we comply with UK data protection legislation, ensuring appropriate safeguards are in place and appropriate transparent notification is provided to you.

10. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.

We are ISO 27001 certified and in addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction, and they are subject to a duty of confidentiality.

External Links

Please remember that if you use a link to go from our websites to another website, or you request a service from a third party, this privacy notice will no longer apply once you have left this website. Please note, your activity and interaction on any other website is subject to that website’s own rules and policies.

11. DATA RETENTION

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. Our core, documented, retention periods are:

• Membership details will be retained for a minimum period of 6 years after your membership ends.

• Claims details will be retained for a minimum period of 3 years following the claim being settled.

When assessing what retention period is appropriate for your personal data, we take into consideration:

• Any statutory or legal obligations.
• The requirements of the business.
• The purposes for which we originally collected the personal data.
• The lawful grounds on which we based our processing.
• The types of personal data we have collected.
• The amount and categories of your personal data; and
• Whether the purpose of the processing could reasonably be fulfilled by other means.

After such time, we will securely delete or destroy your personal data.

12. WHAT TO DO IF YOU ARE NOT HAPPY

Please let us know if you are unhappy with how we have used your personal data by contacting the Data Protection Officer (details can be found in section 2).

You also have a right to complain to the Information Commissioner’s Office.  You can find their contact details at www.ico.org.uk.  We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

13. DO YOU NEED A LITTLE EXTRA HELP?

If you would like this privacy notice in another format (for example: audio or large print) please contact us (see the ’Who we are’ section above).

14. CHANGES TO THIS PRIVACY NOTICE

We will keep this privacy notice up to date and notify you of any significant changes to the way we process data.

Last updated December 2024.