WHO WE ARE
1. Who are Westfield Health?
1.1. “Westfield Health” (referred to in this policy as “we”, “us” or “our”) is a trading name of:
Westfield Contributory Health Scheme Ltd
60 Charter Row
Registered company number: 0303523
ICO registration number: Z5678949
Westfield Health & Wellbeing Ltd
60 Charter Row
Registered company number: 9871093
ICO registration number: ZA153170
Westfield Employment Services Ltd
60 Charter Row
Registered company number: 09870326
ICO registration number: ZA153161
Bolton and District Hospital Saturday Council Trading as UK Healthcare
60 Charter Row
Registered company number: 00518573
ICO registration number: Z5979687
2. Our Data Protection Team
2.1. “Westfield Health” have a Data Protection Team, who can be contacted in the following ways should you have any questions, complaints or feedback about your privacy:
Mail: Data Protection Team
60 Charter Row
WHAT PERSONAL DATA WE COLLECT AND HOW WE USE IT
3. What data we need and why we need it:
This section tells you what personal data we may collect from you and why we need it when you use our services and what other personal data we may receive from other sources. 3.1. When you register for our services, you may provide us with:
- Your personal details, including your title, name, postal and billing addresses, email addresses, phone numbers, title and date of birth;
- Your payment details;
- Information in relation to your health, including any pre-existing medical conditions;
- Details in relation to your partner, friends or dependents for the purposes of adding them to your plan/policy or in order to create their own. Where customers have provided information about another person the customer should ensure that they have their approval to do so.
3.2. When you contact us, or we contact you or you take part in promotions, competitions, surveys or questionnaires about our services, we may collect:
- Personal data you provide about yourself anytime you contact us about our services (for example, your name, username and contact details), including by phone, email or post or when you speak with us via social media.
- Details of the emails and other digital communications we send to you that you open, including any links in them that you click on.
- Information collected using cookies stored on your device(s) about the use of our online services.
- Your feedback and contributions to customer surveys and questionnaires.
3.3. We will record, and monitor telephone calls made to and from Westfield Health’s sales and customer service teams. We do this in order to continuously improve our service to customers and for training purposes. This will also include the recording and monitoring of Special Category Data; such as data relating to health and medical conditions. We do not record the segment of telephone calls where any form of payment is being made.
4. Marketing & Market Research
Here we explain the choices you have when it comes to receiving marketing communications and being invited to take part in market research.
4.1. We will send you relevant offers and news about our products and services in a number of ways including by email, but only if you have previously agreed to receive these marketing communications.
4.2. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices online via our marketing preference centre, in My Westfield, over the phone or in writing at any time.
4.3. We also like to hear your views to help us to improve our services, so we may contact you to invite you to take part in market research, called Westfield Insiders. You always have the choice about whether to take part in our market research.
5. Understanding our Customers
5.1. We may make use of profiling to produce more relevant and tailored communications by having a deeper understanding of your interests, behaviours and personal preferences. This information helps us provide a better experience for our customers.
5.2. Profiling can help us target our resources more effectively through gaining an insight into the background of our customers and helping us to build relationships that are appropriate to their interests.
5.3. To do this we may use additional external sources of data to increase and enhance the information we hold about you. This may include obtaining details of changes of address, date of birth, telephone numbers and other contact details, information related to your consumption and demographic data generated through software tools such as Cameo or Acorn.
5.4. If you have any questions in relation to how your information is processed, then please contact us using the information in point 13.
6. Processing your data using our Legitimate Interests.
We have a number of lawful reasons that we can use (or 'process') your personal data. One of these lawful reasons is called 'legitimate interests'. Broadly speaking legitimate interests means that we can process your personal information if:
- We have a genuine and legitimate reason and we are not harming any of your rights and interests.
The following are some examples of when and why we would use this approach during our normal course of business:
6.1. To improve and enhance our services: When we do process your data, we will use it to benefit you and to make your experience better and to improve our products and services.
6.2. Your best interest: Processing your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.
6.3. Personalisation: Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customers.
6.4. Analytics: To process your personal data for the purposes of customer analysis, assessment, profiling and direct marketing, on a personalised or aggregated basis, to help us with our services and to provide you with the most relevant information as long as this does not harm any of your rights and interests.
6.5. Research: To determine the effectiveness of promotional campaigns and advertising and to develop our products, services, systems and relationships with you.
6.6. Due Diligence: We may need to conduct investigations on existing customers, potential customers and business partners to determine if those companies and individuals have been involved or convicted of offences such as fraud, bribery and corruption.
6.7. Direct Marketing: We may send postal marketing. We will also make sure our postal marketing is relevant for you and tailored to your interests. You also have the right to opt-out of receiving this information at anytime. 6.8. When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
SHARING YOUR PERSONAL DATA
7. Third Parties
7.1. In order to provide you with our services, we only share your data with 3rd parties and other organisations within the Westfield Health Group, in the following circumstances:
- To fulfil your order;
- To provide the benefits and services for which you have applied;
- To verify your identity;
- Authorising debit/credit card payments and any other transactions authorised by the customer;
- To manage and maintain the accuracy of your records;
- To manage the underwriting and/or claims handling procedures (inclusive of your dependents claims) this may include Special Category Data, such as health and medical conditions for all claims processed under your plan;
- To prevent and detect fraud. This will include the recording and monitoring of Special Category data, such as health and medical conditions for all claims processed under your plan;
- To handle complaints and improve customer service; and
- To administer marketing on behalf of Westfield Health.
7.2. We may also disclose information to third parties or individuals when obliged to by law, for purposes of national security, taxation and criminal investigations.
7.3. We’ll never make your personal data available to anyone outside Westfield Health for them to use for their own marketing purposes without your prior consent.
8. Your data outside Europe
8.1. All the personal data we process is processed by our staff in the UK and stored on servers located inside the European Economic Area (EEA).
8.2. We have ensured that appropriate protections are in place to make sure your personal data always remains adequately protected and is treated in line with relevant Data Protection laws.
9. How we look after your data.
We will protect the data that you entrust to us via appropriate security measures and controls. We’ll also ensure that other businesses we work with are just as careful with your data.
9.1. We will always take appropriate technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
9.2. The Westfield Health website is encrypted and secure. 9.3. We will continually test, audit and monitor our compliance with Information Security standards and relevant Data Protection regulations.
RETENTION OF DATA
10. How long we hold your data
10.1. We hold your information only as long as necessary for each purpose we use it, we will provide detailed information about our retention in this section before 25th May 2018 to give you an understanding of how long we hold your information for.
WHAT CAN I DO?
11. Your rights
11.1. Right to be Informed We will always be transparent in the way we use your personal data. You will be fully informed about the processing through relevant privacy notices.
11.2. Right to Access You have a right to request access to the personal data that we hold about you and this should be provided to you, under the Data Protection Act 1998, within 40 days. We are able to charge a small fee of £10. If you would like to request a copy of your personal data, please contact us via point 13.
11.3. Right to rectification We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them. You can also visit the “My Westfield” section of the website and update your details at any time.
11.4. Right to erasure You have the right to have your data ‘erased’ in the following situations:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed.
- When you withdraw consent.
- When you object to the processing and there is no overriding legitimate interest for continuing the processing.
- When the personal data was unlawfully processed.
- When the personal data has to be erased in order to comply with a legal obligation.
If you would like to request erasure of your personal data, please contact us via point 13. Please note that each request will be reviewed on a case by case basis and where we have a lawful reason to retain the data, it may not be erased.
11.5. Right to restrict processing You have the right to restrict processing in certain situations such as:
- Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data.
- Where you have objected to processing and we are considering whether Westfield Health's legitimate grounds override your legitimate grounds.
- When processing is unlawful and you oppose erasure and request restriction instead.
- Where Westfield Health no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
11.6. Right to data portability You have the right to data portability in certain situations. You have the right to obtain and reuse your personal data for your own purposes via a machine-readable format, such as a .CSV file. If you would like to request portability of your personal data, please contact us via point 13, this only applies:
- To personal data that you have provided to us;
- Where the processing is based on your consent or for the performance of a contract; and
- When processing is carried out by automated means.
11.7. Right to object You have the right to object to the processing of your in the following circumstances:
- Direct marketing (including profiling). Remember you can opt out at any time from marketing communications via our Marketing Preferences, available in “My Westfield”; and
- Where the processing is based on legitimate interests;
- Processing for purposes of scientific/historical research and statistics.
11.8. Rights in relation to automated decisions making including profiling You have the right to not be subject to a decision when it is based on automated processing. If you have any questions in relation to how your information is processed in this way, then please contact us using the information in point 13.
12. The Regulator
12.1. If you feel that “Westfield Health” has not upheld your rights, we ask that you contact our Data Protection Team whose details can be found in point 2.1 so that we can try and help.
12.2. If you are not satisfied with our response, or believe we are not processing your data in accordance with the law you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Their details are supplied below:
Address: Information Commissioner's Office
Telephone: 0303 123 1113
13. How to contact us
Address: Westfield Health
60 Charter Row
Telephone: 0114 250 2000