- How we use the information you provide us
- Your consent
- How you can control cookies
- How to accept cookies
- How to delete cookies
- Disclosure of information to third parties
- Employees and employees ‘spouses or partners
- Data protection Act Marketing consent
- Amendment and retention of information
- Subject access requests
- Your choice of information
As a medical insurance broker that processes sensitive health information on behalf of our clients, we are already required under the Data Protection Act and FCA principles to process and protect data to a high standard. We have been monitoring the forthcoming GDPR and Data Protection Bill 2017 and are reviewing the ICO’s guidance.
How we use your information
We use the information we receive from you, together with the information we have obtained from our dealings with you, to provide the services that you request, to communicate with you, and to personalise information sent to you. Examples of how we may personalise information include using your information to generate an insurance quote for you.
We do not sell, trade, or rent your personal information to others.
We store all the information you provide us, including information provided via forms you may have completed and return to our offices.
Any new information you provide us may be used to update an existing record we hold for you. If you provide a work email address, we will not be responsible for third parties having access to any communications we send.
To help us prevent fraud and money laundering, your details may be submitted to fraud preventions agencies and other organisations where your records may be searched.
Information may also be shared with any company that we use to obtain quotes on your behalf.
We ask for your home and mobile phone numbers, plus your email address to enable us to contact you in relation to an enquiry you have made, to contact you if there are any issues regarding the quotes we are preparing for you or to provide help regarding a claim or a change in your personal details.
If you have more than one address or email address, please make sure to notify us with any changes to your preferences for each address or email address you have registered with us. As required by the Data Protection Act 1998, we follow strict security procedures in the storage and disclosure of information you have given to us.
If we provide information to a third party, a provider of a product or service, we will exercise the strictest control over them contractually, requiring it and any of its agents to:
- Maintain the security and confidentiality of the information and restrict access to those of its own employees
- Use the data for the agreed purpose only and prevent it being used for any other purpose by any other party
- Refrain from communicating with you other than concerning the product in question
- Return the data to us at the conclusion of any contract term and destroy or delete any copies made of all or any part of the information unless copies need to be kept to comply with regulations.
In addition, we will restrict the information disclosed to the absolute minimum necessary – for example, to provide the product or service.
In the event of phone calls from you, we also reserve the right to ask security questions (which we, at our sole discretion, deem appropriate) in order to satisfy ourselves that you are who you say you are.
Before you provide any data to us we will endeavour to make it clear why we need it. Sometimes we may need sensitive personal data, especially if you have asked us to quote for any insurances appertaining to health (Health, Critical illness, Income protection, Life policies etc.)
When this is required we will obtain your consent first. Otherwise, by providing us with information, either orally or in writing, or by using our website, you consent to the collection, use and processing of the information we obtain from or about you as a result of our dealings with you (including any data we obtain from third parties) to West Country Healthcare Ltd to provide and send you information about goods and/or services which we believe may be of interest to you.
A customer may properly give their spouses or partner’s consent over the phone or via the website providing the customer confirms they have permission to do so. If the consent is written, the spouse must independently endorse such consent.
What are cookies?
Cookies are small data files that a website will put on your device. Some of these send information back to the website. They cannot affect your device, but they can collect information that can be used to enhance the site. For example, a cookie can remember the pages that you have visited and how long you stayed on the page.
These are known as ‘session’ cookies, which expire as soon as you leave the site. Some cookies enable sites to work, while others help us learn about what people are browsing for.
These cookies collect information about your browsing habits. They remember if you have visited our website, which pages you looked at, how long you stayed on each page. They enable us to ensure that the content we provide on our site, is aligned to your browsing habits. For example, to ensure that we update the products and services that you have shown an interest in.
How you can control cookies
If cookies are disabled on your device you will still be able to use most of this site. However, it may limit what you can do.
How you manage your cookies depends on your browser. To find out which browser you use:
- PC: open your browser and go to the Help menu and then click on the About option.
- Apple Macintosh: open your browser and go to the Apple menu and then click on the About option.
- Mobile device: check your settings.
If you would prefer to restrict or block cookies and/or delete any you may already have then to learn out how to accept/view/delete cookies you can visit www.allaboutcookies.org which explains in detail how they can work and can be managed.
Disclosure of information to third parties
As previously mentioned, we do not sell, trade or rent your information, and will never disclose information about you (including information obtained from our dealings with you) to third parties, except:
a) where we have a legal interest in a company
b) to fulfil your specific orders for a product or service or information in the event that third parties deliver the relevant product or service or information. If you take out an insurance policy provided by a third party, they will need your details in order to administer the policy, verify the quote given to you and process any claims;
c) where third parties administer part or all of the product or service;
d) for underwriting, pricing, insurance rating analysis and testing purposes, and to maintain management information for business analysis.
We may of course be obliged by law to pass on your information to the police or any other statutory or regulatory authority and in some cases, exemptions may apply under the Data Protection Act 1998, whereby we can legitimately release personal data e.g. to prevent or detect crime or in connection with legal proceedings.
See also How we use the information you provide us above for information on how we may exchange personal data with third parties to help us prevent fraud and money laundering, to assist us in providing a quote, or to check which payment options we can make available to you.
Employees and employees’ spouses or partners
Personal and/or sensitive personal data of an employee and his or her spouse or partner who take out a product and/or service may be shared to any group company for the purpose of operation of the product or service or for administrative reasons (including but not limited to claim administration, which may be assisted by the employee’s department personnel). By accepting or purchasing the product or service the employee and his or her spouse or partner provide the necessary consent for this transfer of data.
Data Protection Act consent
- We already have privacy policies in place as part of our Information Security Management System which we will be reviewing and updating to comply with the GDPR bill. At West Country Healthcare Ltd we are aware of all the data that we hold and use, where that data came from, how we use and protect it and with whom we share it.
- We have identified the lawful purposes for processing our clients’ personal data – legitimate interest; consent; performance of contract. The processing of personal data will only be lawful if it satisfies at least one of six processing conditions. In this case the two applicable are:
(a) Consent- the individual has given consent to the processing for one or more specific purposes. Consent will be much harder to obtain under the Regulation:
(b) Necessary for performance of a contract- The processing is necessary for the performance of a contract with the individual or in order to take steps at the request of the individual prior to entering into a contract
- We are reviewing our mechanisms for obtaining consent to process sensitive personal data.
- We are already reviewing and updating our internal procedures to process requests from individuals, including Subject Access Requests, and comply with these requirements to the standard required under the GDPR and the 2017 Bill.
- Together with our security team we are updating our Data Breach Policy and Procedure, along with a Data Breach Register to help manage data security risks.
- At WCHC we will collect and process personal data from our clients who have policies in place with insurance providers either under an individual or corporate policy, so that we can manage their policy (eg assisting in claims/renewals/changes to the policy). In the event of cancellation or expiry of a policy we will be required to retain personal data for legal regulatory and statutory purposes, such as fraud detection and prevention and as required by the FCA.
Amendment and retention of information
Please advise us in writing as to any changes in your circumstances. Obviously, it is preferable for us to retain up to date information. We will amend details as required. We are, however, obliged and permitted by law and regulation to retain certain types of data for a minimum period of time. The minimum period of time tends to be for six years but can be longer if the statute or regulation requires.
Subject access requests
You have a statutory right of access to accessible personal and/or sensitive personal data that we hold about you. In order to exercise this right, your application must be in writing for security reasons. Please write to the Data Protection Officer at West Country Healthcare Ltd for requests relating to information held by the company.
Please refer to the information you wish to see, giving dates if possible.
We will not administer Subject Access Requests by a third party unless accompanied by a written authority of the individual who is the subject of the request.
Your choice of information
As your needs change you may require additional policy information. West Country Healthcare Ltd will help you select which products are relevant to the quotation that you have requested and forward them either electronically or by post depending on your preference.