How can we help you?

Close

Please enter a search term above.

Privacy and Cookies Policy

The purpose of this policy is to explain how we collect, use, store and otherwise process your Personal Data when we provide services to you, when you use this website and other interactions that may impact your rights in relation to your Personal Data. Healix is committed to safeguarding and respecting your privacy rights by ensuring a high standard of data protection and information security as demonstrated by our ISO27001 Certification which covers all services provided by Healix as well as compliance with applicable laws (including the General Data Protection Regulation).

What is Included in our Privacy Policy?

We aim to be transparent in our approach and make the relevant information available to you in a user friendly format. We have labelled the sections of the policy to make it easy to navigate. Please click on the subjects below to find out more details.    

  1. What is included in our Privacy Policy?
  2. Who is collecting your Personal Data?
  3. What Service do we perform where we need to process your data?
  4. What Personal Data do we collect?
  5. How do we collect and share Personal Data?
  6. What will we use the Personal Data for?
  7. What is the legal basis for processing your Personal Data?
  8. How your Personal Data is secured, stored and transfer of Personal Data overseas?
  9. How long is Personal Data stored?
  10. Automated Decision Making
  11. Children
  12. Applying for a Job at Healix
  13. Cookies, Analytics and Traffic Data
  14. What are your Rights?
  15. Changes to our Privacy Policy
  16. Healix Insurance Services Limited
  17. Contacting Healix or make a complaint

Who is collecting your Personal Data?

This privacy policy applies to Healix Health Services Limited, Healix House, Healix House, Esher Green, Esher, KT10 8AB, UK.

References in this Privacy Policy ‘we’, ‘our’, ‘us’ refers to Healix Health Services Limited.

References to ‘you’ or ‘your’ in this Privacy Policy refers to anyone whose Personal Data we may collect.

For the purposes of the Data Protection laws that apply, such as the GDPR, we are the ‘Controller’. Our Privacy Policy applies where we are acting as a data controller with respect to the Personal Data we process.

What Service do we perform where we need to process your data?

Healix will process your Personal Data in order to provide the following services as applicable to you:

  • Medical Trust Administration;
  • Third Party Medical Claims;

We will only process your Personal Data for the specific services relevant for you.

What Personal Data do we collect?

To enable us to provide the services we will collect information that is relevant for the services that you receive, enabling us to identify you as an eligible individual and the benefits you are eligible to receive.

This may include:

  • Personal details and contact details: such as name, address, email address, telephone number, business email address and telephone number, date of birth, reference numbers as required to identify you as eligible. Employment details (where the service delivery is related to your employer): employee ID, User ID, hire date, job title, termination date, work location and address, business unit and organizational information, etc.;
  • Benefit entitlement: such as policy reference number, scheme number or other reference information;
  • Banking details, where it is necessary to reimburse you.

In order for us to provide the services we may need to collect the following special categories of Personal Data limited to the requirement of your individual circumstances:

  • Health information, medical records, and patient data: Health information including medical history, vaccination history, any current conditions, diagnosis and prognosis, and details of medical treatment received or recommended.
  • Details of treating medical professionals and any relevant associated reports or information such as third party medical opinions or advice. Costs associated with medical treatment.
  • Photo/Video data (images, videos) where required for performing the service, such as dental images or scans.
  • Religious or philosophical beliefs or political opinion: specific religious information as it pertains to appropriateness of treatments.
  • Data concerning sex life, where it is relevant for the service provision.

When using the website or for Marketing purposes

When you access our website we will collect certain information automatically from your device that is categorised as Personal Data. This includes information such as your IP address, unique device identity numbers, device type, browser type, geographic location, pages access and links clicked.

We collect this information to better understand how the website is used, how visitors arrive at our website and what content is of most interest. This information enables us to improve the relevance and the user experience on our website. We use cookies and tracking technology to collect and analyse this information. You can find more detailed information in the heading “Cookies” below.

When you use the Contact Us Now option or subscribe to our mailing list we collect such Personal Data as your name, contact details and company details and country if you wish.

How do we collect and share Personal Data?

We will collect Personal Data directly from you where possible but will also collect from and share data with relevant third parties such as:

  • Treating medical professionals and service providers such as doctors, hospitals, ambulances, and non-medical support staff as required to provide the relevant service;
  • Persons or organisations involved in providing you with services, or components of services such as occupational health providers, employees, agents, sub-contractors, professional advisors (and any other persons or bodies having a legal right or duty to have access to or knowledge of Personal Data);
  • PMI providers for the limited purpose of making you aware of the time dependent continuous medical cover.
  • Relevant underwriter of the policy, their intermediaries, brokers and elected claims handlers as required;
  • Your GP where we need to understand previous medical conditions;
  • Family members, friends or other third parties, including next of kin, where appropriate and agreed with you and where you have authorised us to deal with them on your behalf;
  • Your employer where the service is related to your employment where the sharing of information is necessary and either based on your consent or to protect your vital interest;
  • Companies within the Healix Group;
  • Organisations providing the payment systems including financial institutions, merchants and payment organisations;

Healix may further be required to exchange Personal Data with the following third parties:

  • Public authorities in order to comply with legal and regulatory obligations such as fraud and money laundering prevention and persons/organisations involved in provision of medical treatment, hospital accommodation, public health administration and disease control for the administration of public health. Information will be anonymised where possible.
  • Organisations involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including maintaining or upgrading our computer systems. Access is always limited by organisational and technical access controls.

When will we collect your Personal Data?

  • We will collect Personal Data from you when you contact us to notify us of a claim, create an account or register for our services. We may collect Personal Data from a third party if they are managing the claim on your behalf (for example if you authorised the person to act on your behalf).  

What will we use the Personal Data for?

We may use your Personal Data for the following activities:

  • To set you up as a user/member/patient and open a case, a claim or an account.
  • To provide the actual services referred to in the section: “What Service do we perform where we need to process your data?”
  • To communicate with you about the services including responding to your enquiries, concerns and complaints;
  • To comply with our legal and regulatory obligations;
  • To defend or prosecute legal claims;
  • To investigate or prosecute fraud; and/or
  • When you sign up for marketing communications.

Using Personal Data to improve our Services

As part of our ongoing efforts to improve our services we would like to ask your opinion on how well we did by sending a short customer satisfaction survey. This will enable us to identify what part of the services works well for you and what areas can be improved so that we can develop systems, upskill staff, streamline processes and hopefully as a result improve customer satisfaction. The surveys are managed by our internal Quality Teams using Survey Monkey.

It is voluntary to complete the customer survey and only minimum data will be collected to identify the scheme or service offering.

What is the legal basis for processing your Personal Data?

Healix only process Personal Data where necessary in order to:

  • Comply with any applicable contractual obligations;
  • Comply with a legal obligation;
  • Process data as may be required in the public interest, such as detecting and preventing fraud;
  • Pursue the legitimate interests we have as a business in a way which may reasonably be expected as part of running our business and which does not materially impact your rights (for example to improve our services). This may include using your Personal Data to send you marketing information and your cookie data to identify and analyse trends on our website.

Healix will also process special category data when:

  • You have provided explicit consent;
  • For the purpose of administration of a claim and as necessary for reasons of substantial public interest, such as management of an insurance or trust policy.
  • For the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services;
  • Processing is necessary to protect your vital interests or those of another individual and you are not physically or legally capable of giving consent;
  • Processing is necessary for the establishment, exercise or defence of legal claims;
  • Processing data may be required in the public interest, such as detection and prevention of fraud.

How your Personal Data is secured, stored and transfer of Personal Data overseas?

We take appropriate technical, organisational, administrative and physical precautions to secure your Personal Data and to prevent unauthorised access, loss, misuse or alteration and preserve data integrity.

Your Personal Data is stored on secure servers in the UK. We always aim to minimise the amount of data processed and have strict measures in place to protect your Personal Data at all times in compliance with our ISO27001 Certification, best practice information security, the General Data Protection Regulation and with regard to medical information, in accordance with Confidentiality: Good Practice in Handling Patient Information issued by the UK General Medical Council.

Access controls are applied to limit access to Personal Data to those with a “Need to Know” and for legitimate business requirements. We regularly monitor our system for possible vulnerabilities and attacks, carrying out penetration testing to identify methods to further strengthen the security of our systems.

Healix will transfer your Personal Data to the relevant third parties as needed in order to provide the required services. We have to share relevant Personal Data with the treating medical professional and other third party recipients in the location where you are receiving the service and as required.

How long is Personal Data stored?

Our data protection and retention policies and procedures are designed to ensure we comply with our legal obligations. We will only retain your Personal Data for as long as is reasonably necessary for the purposes referred to in the section: “What will we use the Personal Data for?” There may be circumstances where we will have to retain your Personal Data for longer periods of time where for example we are required to do so to comply with legal and regulatory obligations including tax or accounting requirements.

We will always keep your Personal Data securely and will apply our data retention policy to ensure it is not kept for longer than is required.

Automated Individual Decision Making and Profiling

Healix uses technology to provide a quicker and more consistent service for certain processing activities including invoice processing. You have certain rights when an organisation is making a decision using technology, without a person being involved. You have the right:

  • not to be subject to a decision that is based solely on automated processing if the decision affects your legal rights or other equally important matters (eg automatic refusal of an online credit application, and e-recruiting practices without human intervention);
  • to understand the reasons behind decisions made about you by automated processing and the possible consequences of the decisions; and
  • to object to profiling in certain situations, including for direct marketing.

You can exercise your rights by contacting Healix – please see the contact information in the section “Contacting Healix or make a complaint”.

Children

Healix recognises the need to provide further privacy protection with respect to children under the age of 13 Personal Data. The services we provide are not directly aimed at children but children as a family member of an eligible individual may require the benefit of the services. Children under the age of 13 are not permitted to create accounts or provide Healix with their Personal Data without the permission of their parent or legal guardian. Healix does not knowingly collect Personal Data from anyone under the age of 13 without the knowledge and approval of the parent or legal guardian.

Applying for a Job at Healix

When you apply for a role or provide your information for future consideration, Healix will process your personal data as described in this section.

Purpose

The Purpose for processing your information is to assess your suitability for the role you have applied for or any other related roles that may suit your capabilities/experience.

Legal Basis

The legal basis we rely on for this processing of your personal data is GDPR Art 6(1)(b); processing is necessary for the performance of a contract or to take steps at your request, before entering into a contract.

The legal basis we rely on for the processing of special categories of personal data such as health, religious or ethnic information is GDPR Art 9(2)(b) processing is necessary for the purpose of carrying out our obligations in employment and safeguarding your fundamental rights and freedoms. The Data Protection Act 2018 Schedule 1 part 1(1) and (2)(a) and (b) relating to processing for employment, the assessment of your working capacity and preventative or occupational medicine applies.  

What information do we ask you for?

We only collect the information needed to fulfil our stated purposes. You do not have to provide all the information we ask for but it may affect your application if you don’t.

Application information

This information will include;

  • Contact and identification information; such as name, email and phone number.
  • Experience; education, work experience, referees and role specific information.

This information will be shared with HR employees and hiring managers. Hiring managers will only have access to shortlisted applications.

Equal Opportunities

We will also collect equal opportunities information (optional); such as age, sex, race, disability, religion or belief, sexual orientation and pregnancy/maternity. This information will only ever be accessed by HR employees and will be used to produce and monitor equal opportunities statistics.

Shortlisting

We may ask you to participate in telephone interviews or attend an interview in the office.

For some roles psychometric assessments may be required which include personality and aptitude assessments.

If you are not successful we will ask if you would like us to retain your information for consideration for other opportunities. 

How will we use the information?

We will use all the information you provide during the recruitment process to assess your suitability for the role, progress your application with a view to offering you an employment contract with us, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide with any third parties for marketing purposes.

How long do we keep it?

We will maintain a copy of your application and associated documents for a period of one year after you are registered on our recruitment portal. Any data held after this point will require your consent. For successful applicants relevant data will be transferred to your HR file. When you leave employment with us we will retain information in line with statutory requirements and best practice.

Cookies, Analytics and Traffic Data

 Cookies are small text files containing a string of alphanumeric characters that are stored on the hard drive of your computer, which are transferred from our website and stored on your device. Our website uses other similar tracking technologies such as ‘web beacons’ or ‘pixels’ which are used to manage the interaction between you and our website, which allow us to assess the effectiveness of this communication.

We may also use clear gifs in HTML-based emails sent to our users to track which emails are opened by recipients. This information is used to enable more accurate reporting and improve the effectiveness of our marketing and website.

We will always ask for your consent to our use of cookies in accordance with this Privacy Policy when you first visit our website. After your session is cancelled the information contained in the cookies is no longer available to us. Please ensure that your computer settings reflect whether you will accept cookies.

Different types of Cookies

Strictly Necessary Cookies: These are essential for the effective operation and delivery of our website. For example to allow us to respond to your actions on the website or to retain your cookie preferences so that analytics cookies are not set for you where you opt out of this tracking.

Performance Cookies: These collect information about how you make use of the website. Our website uses web analytic cookies provided by Google Analytics. We only use trusted web analytics platforms that provide statistical insight into our users’ behaviours and interactions with our website e.g. which pages you visit regularly.

What do we use cookies for?

We use cookies for system administration purposes to recognise your computer when you visit our website.  Cookies allow the website to remember choices you make, such as language or region and they provide improved features to enhance your user experience on our website such as remembering and honouring preferences and settings, including marketing preferences.

We use cookies to track you as you navigate our website and use its features otherwise content and services cannot be provided. For example: positioning information on a screen’s device so that you can see the website to use its functionality; to analyse the use of our website and improve its usability, cookies and similar technologies help us to tailor our website to suit our users’ needs. These technologies improve our understanding of users’ behaviours, allow us to analyse trends, to administer the website, improve our website’s functionality and gather demographic information about our user base as a whole.  

Analytics cookies are used to gather this information, which is grouped with other user information obtained from cookies. This allows us to view the overall patterns of usage, to improve how our website pages work. Information obtained from cookies is used to assist with our promotional and marketing efforts, to fulfil our legitimate business interests.

How can you manage Cookies settings?

Through your browser settings, you can accept or decline cookies or configure your browser to notify you before accepting a cookie from our website. However if you disable cookies, this may affect your ability to use certain parts of our website. Otherwise by continuing to use our websites you agree to the use of cookies as described in this Privacy Policy.

The ‘Help’ menu in the toolbar of most web browsers will offer guidance on how to change your browser cookie settings. For more information about cookies and instructions on how to adjust your browser settings, please see the http://www.aboutcookies.org or https://ico.org.uk/for-the-public/online/cookies 

Disclaimer for website

We make every effort to ensure that the information contained on our website is complete and accurate, but shall not be liable for any errors, omissions or misleading statements on our websites pages or any site to which these pages connect.  Anything on our website is for information purposes only and to provide a method to communicate with users. We reserve the right to make amendments and changes to the information on our website at any time.

Hyperlinks may be used to link to other websites for your convenience (the “Linked Sites”). Healix is not responsible for, and this Privacy Policy does not apply to, the privacy practices of any Linked Sites of any third parties that we do not own or control. Linked Sites may collect information in addition to that which we collect through our websites. We advise you to read the privacy policy of each Linked Site.

What are your Rights?

Under Data Protection legislation, you have rights in regards to your Personal Data. You can exercise your rights at any time by contacting the Healix Group Data Protection Officer (details are provided at the end of this policy). You have the right to:

  • Withdraw consent. Where we are relying on your consent to process your Personal Data, you have the right to change your mind and withdraw that consent.
  • Request access to your Personal Data and be informed and provided with clear, transparent and easily understandable information about how we process your Personal Data (please see “Subject Access Right” below). This Privacy Policy is provided for this purpose.
  • Request rectification of your Personal Data held by us if it is inaccurate.
  • Request that we erase the Personal Data if it has been collected without adherence to legal requirements or is no longer needed, in accordance with this policy.
  • Request restrictions to the data processing activity in situations where you believe we no longer need to process your Personal Data. 
  • Complain if you consider we have breached our privacy obligations (see “Contacting Healix or making a complaint”, below).

Using Personal Data to improve our Services

As part of our ongoing efforts to improve our services we would like to ask your opinion on how well we did by sending a short customer satisfaction survey. This will enable us to identify what part of the services works well for you and what areas can be improved so that we can develop systems, upskill staff, streamline processes and hopefully as a result improve customer satisfaction. The surveys are managed by our internal Quality Teams using Survey Monkey.

It is voluntary to complete the customer survey and only minimum data will be collected to identify the scheme or service offering.

Direct Marketing

You have the right to stop the use of your Personal Data for direct marketing activity. You can opt out of receiving promotional or marketing communication from us at any time by using the ‘Unsubscribe’ function provided in all promotional material sent to you.

Alternatively, you can contact us at privacy@healix.com with the word “UNSUBSCRIBE” in the subject field of the email. If you make such objection, where possible we will cease to process your Personal Data for this purpose. Please allow 5 working days for the changes to take effect.

Subject Access Right

You have the right to access Personal Data held about you. To exercise this right we would prefer that you provide a written request to us including as much information as possible (dates, specific issue etc.) to enable us to comply with your request as quickly as possible. You can however also make a verbal request. In responding to your access request we will confirm what data we process and what we use it for, who we share it with, how we collected it and how long we keep it.

To make an access request please contact us using the contact details below under the section “Contacting Healix or make a complaint”.

Changes to our Privacy Policy

We may update this Privacy Policy from time to time. You should check our Privacy Policy occasionally to ensure you are happy with changes to our Privacy Policy (the ‘last updated’ reference tells you when we last updated this Privacy Policy). If we make significant changes to the Policy that materially change our privacy practices, we may also notify you by other means, such as posting a notice on the main website or via email if you have joined our mailing list. This Privacy Policy was last updated April 2020.

Healix Insurance Services Limited

Healix Insurance Services Limited is regulated by the Financial Conduct Authority. Please look here for more information including the Healix Insurance Services Limited Privacy Notice.

Contacting Healix or make a complaint

Please contact us if you have any questions about anything in this document or think that your Personal Data has been misused or mishandled:

  • Email:   privacy@healix.com, or
  • Letter: Healix Group Data Protection Officer, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK.

We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your communication to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner. If you do not believe your complaint is managed appropriately and you do not believe Healix has addressed your concerns you have the right to escalate the complaint to the Information Commissioners Office: casework@ico.org.uk

Contact us

If you have a query about Healix Health Services or would like to know more about our flexible healthcare solutions, leave a message for our team of experts below.

Call us

We’re here to help you Monday - Friday, 9am - 5pm.
Get in touch today to discuss your healthcare priorities.