The privacy and security of your information is important to us. This notice explains who we are, the types of information we hold, how we use it, who we share it with and how long we keep it. It also informs you of certain rights you have regarding your personal information under the General Data Protection Regulation (GDPR).
Who are we?
DataHealth Consultancy Ltd is authorised and regulated by the Financial Conduct Authority (‘FCA’), registration number 307598.
DataHealth Consultancy is registered as a data controller on the Data Protection Register held by the Information Commissioner’s Office (‘ICO’), registration number Z4999130.
What information we collect?
To enable us to provide you with the right advice or product to meet your needs, we will collect personal information which may include your name, phone number, email address, postal address, date of birth, etc.
We may need to collect sensitive information such as medical history for us to provide you with the product or to assist you with a claim.
We only collect and process sensitive personal data where it is essential for the delivery of a product or service and without which the product or service cannot be provided. Therefore, we will not ask your explicit consent to process this information as it is required by us to provide the product or service you have requested and it is necessary by its criticality to the service provided. If you object to use of this information, we will be unable to offer you the product or service.
How do we use your personal information?
Your privacy is protected by data protection law which says we are only allowed to use personal information if we have a legal basis for doing so. We have explained below the main reasons why we process personal information and the legal basis we rely on.
- To provide an insurance quote
- Administer an insurance policy
- Communicate with you
We have a regulatory duty to process personal information. For example, the Financial Conduct Authority and the Information Commissioner’s Office require us to keep customer records.
From time to time we will need to call you for a variety of reasons relating to your products or service. For example, to discuss the renewal of your insurance policy and other matters related to your policy.
We follow strict security procedures in the storage and disclosure of your personal information in line with industry practices, including storage in electronic and paper formats.
Steps are taken to ensure the data we hold is accurate, kept up to date and not kept for longer than is necessary. Measures are taken to safeguard against unauthorised or unlawful processing and accidental loss or damage to the data.
All the personal data we process is processed by us in the UK. However for the purposes of IT hosting and maintenance this information is located on servers within the European Union. No third parties have access to your personal data unless the law allows them to do so.
Who do we share your information with?
We will not sell, distribute or lease any data to third parties or any other organisations to use for their own commercial purposes unless we have your permission or are required to do so by law.
In order to provide our services, personal information may be shared with third parties, for example, to obtain quotations from a range of insurance companies.
How long do we keep your information for?
We only keep personal information for as long as it is reasonably necessary but it will depend on what information we hold, why we hold it and what our wider regulatory obligations are.
We will normally keep information for no more than 6 years after termination or cancellation of a product or service we provide.
What are your rights?
You can change or withdraw your consent. If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Privacy & Compliance Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).