Privacy Policy

This Privacy Policy tells you what data we collect, why we collect it and what we do with it. You can also find information on the controls you have to manage your data within these pages.

 

Contents

  1. Our Privacy Principles
  2. How do we collect your personal information?
  3. What personal information do we collect?
  4. How do we use your personal information?
  5. Who do we share your personal information with?
  6. How long do we keep records for?
  7. Your Rights
  8. Marketing
  9. Contact Details of the Data Protection Officer
  10. Medibroker Company Details
  11. Medibroker’s data privacy declaration 

 


Privacy Policy

 

Medibroker are committed to ensuring your privacy and personal information is protected.

 

The document that referred you to this notice (for example, your insurance quote) shall set out details of how Medibroker is processing your personal information; it is the data controller of your personal information and is responsible for complying with data protection laws. For the purposes of this Privacy Policy, references to "we" or "us" shall refer to Medibroker.

This Privacy Policy should be brought to the attention of any party who is included in your Policy, where they have given you consent to act on their behalf.

 

By providing your personal information or the personal information of  someone included in your policy, you acknowledge that we may use it only in the ways set out in this Privacy Policy. We may provide you with further notices highlighting certain uses we wish to make of your personal information.

 

From time to time we may need to make changes to this privacy policy, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally. You should check the Medibroker website periodically to view the most up to date privacy policy.

 

1.Our Privacy Principles

 

When we collect and use your personal information, we ensure we look after it properly and use it in accordance with our privacy principles set out below, keep it safe and will never sell it.

 

Our Privacy Principles

 

  1. Personal information you provide is processed fairly, lawfully and in a transparent manner
  2. Personal information you provide is collected for a specific purpose and is not processed in a way which is incompatible with the purpose which Medibroker collected it
  3. Your personal information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
  4. Your personal information is kept accurate and, where necessary kept up to date
  1. Your personal information is kept no longer than is necessary for the purposes for which the personal information is processed
  2. We will take appropriate steps to keep your personal information secure
  3. Your personal information is processed in accordance with your rights
  4. We will only transfer your personal information to another country or an international organisation outside the European Economic Area where we have taken the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards
  1. Medibroker do not sell your personal information and we also do not permit the selling of customer data by any companies who provide a service to us

 

 2. How do we collect your personal information?

 

Whilst there are a number of ways in which we collect your personal information, the two main ways we might collect personal information about you are from things you tell us yourself, and from things we ask other people or organisations to share with us. Things you tell us could include conversations we have on the phone, what you’ve written on an application form or if you post something on one of our forums. We might also collect information about you from other people and organisations, such as medical professionals and credit agencies. Please see below for a list of ways we collect your personal information:

 

We collect personal information directly from you:

 

  • via enquiry, registration and claim forms;
  • via feedback forms and forums;
  • when you purchase any of our products or services;
  • through quotes and application forms;
  • via cookies. You can find out more about this in our cookies policy;
  • via our telephone calls with you, which may be recorded;
  • when you provide your details to us either online or offline;

 

We also collect your personal information from a number of different sources including:

 

  • directly from an individual who has a policy with us under which you are insured, for example you are second name on your partner’s insurance policy;
  • from credit reference agencies who will supply us with information, including information from the Electoral Register and credit information. Please note that the agencies may record details of the search whether or not your application proceeds;
  • from social media where fraud is suspected; and
  • via third parties including:

o          your family members where you may be incapacitated or unable to provide information relevant to your policy;

o          medical professionals and hospitals;

o          third parties such as companies who provide consumer classification for marketing purposes e.g. market segmentation data and;

o          your Employer if you are part of an Employee Group Scheme

 

 

3. What personal information do we collect?

 

We might collect personal information, such as your contact details, information about your bank or credit cards. The information we collect depends on which product or service you’re interested in for example for medical insurance, we may ask you about you or your families' medical history. Please note, in certain circumstances we may request and/or receive "sensitive" personal information about you. For example, we may need access to health records for the purposes of securing you with a policy, or details of any court or HMRC judgments for the purposes of preventing, detecting and investigating fraud. Please see below for a more detailed list of personal information we collect.

 

The information that we collect will depend on our relationship with you.

Where other people are named on your policy, we may ask you to provide the information below in relation to those people too, if this is relevant to your insurance.

 

As the data controller of your personal information, we may collect the following information about you:

 

  • Personal information

o          contact details such as name, email address, postal address and telephone number

o          details of any other persons included on the policy where they are named on your policy and the relationship to you as policyholder

o          lifestyle and social circumstances for example; your interests, such as whether you play a sport, your housing status and number of dependents

o          identification information such as your date of birth, passport and driving licence

o          financial information such as bank details, credit card details and information obtained as a result of our credit checks

o          information obtained through our use of cookies. You can find out more about this in our cookies policy

o          information relevant to your claim or your involvement in the matter giving rise to a claim

o          details of bankruptcies and other financial sanctions such as HMRC investigations

o          your marketing preferences

 

  • Sensitive personal information

o          details of your current or former physical or mental health

o          details concerning sexual life or sexual orientation, for example marital status

o          details regarding criminal offences, including alleged offences, criminal proceedings, outcomes and sentences (previous criminal convictions, bankruptcies and other financial sanctions such as County Court Judgements)

 

 

4. How do we use your personal information?

 

We mainly use your personal information to secure you with an insurance policy or benefits and to provide you with the right services based on your situation. So, if you have a problem, we make sure the right network of providers and specialists are in place and keep you safe from fraud. However,

there are a number of other reasons why we use your personal information;

please see below for a more detailed list of how we use your personal information.

 

We may process your personal information for a number of different purposes and these are set out in more detail in the below sub-sections. Under data protection laws we need a reason to use and process your personal information and this is called a legal ground. We have set out below the main

reasons why we process your personal information and the applicable circumstances when we will do so. When the personal information we process about you is classed as sensitive personal information (now known as ‘Special Categories’) (such as details about your health, sexual orientation or criminal offences) we must have an additional legal ground for such processing, or where appropriate, we apply a specific exemption for Insurance purposes.

 

  • Processing is necessary in order for us to secure your insurance policy and provide our services, such as assessing and submitting your application to an insurer to set you up as a policyholder, administering and managing your insurance policy, providing all related services, providing a quote and communicating with you. In these circumstances, if you do not provide such information, we will be unable to secure you a policy.

 

  • Where we have a legal or regulatory obligation to use such personal information, for example, when our regulators, the Financial Conduct Authority (FCA) and our data protection regulator, the Information Commissioner's Office (ICO) wish us to maintain certain records of any dealings with you.

 

  • Where we need to use your personal information to establish, exercise or defend our legal rights, for example when we are faced with any

legal claims or where we want to pursue any legal claims ourselves.

 

  • Where we need to use your personal information for reasons of substantial public interest, such as investigating fraudulent claims and carrying out fraud, credit and anti-money laundering checks.

 

  • Where we have a specific legal exemption to process sensitive personal data for insurance purposes. This exemption applies where we need to process your information as an essential part of the insurance cover, for example health data.

 

  • Where you have provided your consent to our use of your personal information. We will usually only ask for your consent in relation to processing your sensitive personal information (such as health data) or when providing marketing information to you (including information about other products and services). This will be made clear when you provide your personal information. If we ask for your consent we will explain why it is necessary. Without your consent in some circumstances, we may not be able to secure you with cover under the policy or you may not be able to benefit from some of our services. Where you provide sensitive personal information about a third party (such as a second person on your policy) we will ask you to confirm that the third party has provided his or her consent for you to act of their behalf.

 

  • Where we have appropriate legitimate business need to use your personal information such as maintaining our business records, developing and improving our services, providing you with information about our services, all whilst ensuring that such business need does not interfere with your rights and freedoms and does not cause you any harm.

 

  • Where we need to use your sensitive personal information such as health data because it is necessary for your vital interests, this being a life or death matter.

 

 

How does Medibroker use your information for Management Information purposes?

 

We use your personal information to help us understand our business and monitor our performance.

 

If you are a member of a group scheme, we may provide reports to your employer, or a parent company on the performance of the scheme and on the health of the workforce. The information we provide is anonymised which means you cannot be identified from the information.

 

 

How does Medibroker use your information for analytical purposes and to improve our products and services?

 

We may use your personal information for research and statistical analysis including general research into health-related areas and research about the services we provide. Where possible, we will anonymise such information. However, sometimes we may need to use your health information to do this and where we do, we will obtain your consent beforehand.

 

By analysing the information you provide we can tailor and improve our services to better suit our customer's needs.

 

 

How does Medibroker use your personal information to prevent, detect and investigate fraud?

 

To help keep premiums and costs down we work with insurers, healthcare providers, anti-fraud bodies and law enforcement agencies to protect ourselves and our clients.from fraudulent behaviour and medical malpractice. This may mean disclosing personal information, including health information, to these bodies. In some cases, we provide your personal information to insurance fraud databases, such as that run by the Health Insurance Counter Fraud Group, which are accessible by some or all of these bodies. We are obliged to report suspicions of medical malpractice to the relevant regulatory body such as the General Medical Council. In some cases, we are required by law to report crime and suspected crime and other matters to law enforcement and government agencies

 

5. Who do we share your personal information with?

 

We might share your personal information with two types of organisation,

companies inside the April Group, and other third parties outside the Group. For further details of disclosures, please see below. We won’t share any of your personal information other than for the purposes described in this Privacy Policy. If we share anything outside the Group, it will be kept

strictly confidential and will only be used for reasons that we’ve described.

 

Disclosures within our group

 

In order to provide our services your personal information is shared with other companies in the April Group. Your personal information might be shared for our general business administration, efficiency and accuracy purposes.

 

Disclosures to third parties

 

We also disclose your information to the third parties listed below for the purposes described in this Privacy Policy. This might include:

 

  • Your relatives, guardians (on your behalf where you are incapacitated or unable) or other people or organisations connected to you such as your insurance broker, your patients (if you are a healthcare practitioner) or your solicitor.

 

  • Your current, past or prospective employers

 

  • Your medical, social and welfare advisers, or practitioners

 

  • Our insurance providers

 

  • Our third-party services providers such as IT suppliers, actuaries, auditors, solicitors, marketing agencies, document management providers and tax advisers

 

  • Our suppliers and providers of goods or services that we make available to you

 

  • Financial organisations and advisers

 

  • Central and local Government (for example if they are investigating fraud or because we need to contact them regarding international sanctions)

 

  • The Financial Ombudsman Service and regulatory authorities such as the Financial Conduct Authority and the Information Commissioner’s Office

 

  • Other insurance companies, the General Medical Council, the police, National crime agency, other law enforcement agencies and organisations that maintain anti-fraud or other crime databases where reasonably necessary for the prevention or detection of crime

 

  • Selected third parties in connection with the sale, transfer or disposal of our business. Disclosure of your personal information to a third party outside of the April Group will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them.

 

We may also disclose your personal information to other third parties where:

 

  • we are required or permitted to do so by law or by regulatory bodies

such as where there is a court order, statutory obligation or Financial Conduct Authority or Information Commissioners Office request; or

 

  • we believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest.

 

Some of the recipients set out above may be in countries outside of the EEA

Where we make a transfer of your personal information outside of the EEA we will take the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring

Information to under contractual obligations to protect it to adequate standards.

 

 

6. How long do we keep records for?

 

In most cases, we only keep your information for as long as the regulations say we have to. This is usually between three and ten years after our relationship with you ends but it will vary depending on what data we hold, why we hold it and what we’re obliged to do by the regulator or the law. We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. The time period we retain your personal information for will differ depending on the nature of the personal information and what we do with it. How long we keep personal information is primarily determined by our insurance providers and regulatory obligations. We typically keep quote information for 2 years, and policy and claims records for up to10 years from the end of our relationship with you. In some cases, such as if there is a dispute or a legal action we may be required to keep personal information for longer.

 

 

7. Your Rights

 

You can ask us to do various things with your personal information. For example, at any time you can ask us for a copy of your personal information, ask us to correct mistakes, change the way we use your information, or even delete it. We’ll either do what you’ve asked, or explain why we can’t - usually because of a legal or regulatory issue. For further details about your rights

please see below:

 

You have the following rights in relation to our use of your personal information.

 

The right to access your personal information:

 

You are entitled to a copy of the personal information we hold about you and certain details of how we use it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.

 

The right to rectification:

 

We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us by using the details shown in your documentation and

you can ask us to update or amend it.

 

The right to erasure:

 

In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors, for example according to the type of personal information we hold about you

and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.

 

Right to restriction of processing:

 

In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.

 

Right to data portability:

 

In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your personal information.

 

Right to object to direct marketing:

 

You can ask us to stop sending you marketing messages at any time. Please see the Marketing section for more information.

 

 

Right not to be subject to automated-decision making:

 

Some of our decisions may be made automatically by inputting

your personal information into a system or computer and the decision is calculated using certain automatic processes rather than our employees/agents making those decisions.

 

You have a right not to be subject to automated decision-making in the circumstances described above and where automated decision-making used in the assessment of your application or fraud prevention, you can contact us to request that any declined decision is reconsidered.

 

If you want to opt out of automatic decision-making, let us know, although in some circumstances it may mean we can’t offer you a quote or policy as some automated decisions are necessary to provide your insurance policy.

 

The right to withdraw consent:

 

For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. Please note in some cases we may not be able to process your insurance if you withdraw your consent.

 

The right to lodge a complaint:

 

You have a right to complain to the ICO at any time if you object to the way in which we use your personal information.

 

More information can be found on the Information Commissioner’s Office

website: https://ico.org.uk/

 

You can make any of the requests set out above using the contact details

provided to you in your policy documentation.

 

Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or

regulatory requirements. However, we will always respond to any request you make and if we can't comply with your request, we will tell you why. In some circumstances exercising some of these rights will mean we are unable to continue providing you with cover under your insurance policy and may

therefore result in the cancellation of the policy. You will therefore lose the right to bring any claim or receive any benefit under the policy, including in relation to any event that occurred before you exercised your right, if our ability to handle the claim has been prejudiced. Your policy terms and

conditions set out what will happen in the event your policy is cancelled.

 

 

8. Marketing

 

You’re in control of how we use your information for marketing.

To keep you informed with our services we would like to use your personal information to contact you, we may do this by mail, email, telephone or other electronic methods such as text message. You have the right to ask us not to process your personal data for marketing purposes. Before collecting your data we will always tell you if we intend to use it for marketing reasons. You can exercise your right to stop us using your data by checking boxes on the forms we use to collect it, by unsubscribing from emails sent by us, you may do so at any time by following the unsubscribe instructions that appear in all emails. Otherwise you can always contact us using the details set out in your documentation to update your contact preferences. In such circumstances, we will continue to send you service related (non-marketing) communications where necessary.

 

We may share information between the April Group to inform you of other products and services that may be of interest to you or members of your

family, but we will only do this where you have provided your consent.

 

You can always change your mind by contacting us using the details shown in your documentation and telling us you no longer wish to be contacted.

 

From time to time we may run specific marketing campaigns through social

media and digital advertising that you may see which are based on general demographics and interests. Individual personal information is not used for these campaigns. If you do not want to see any campaigns then you will need to adjust your preferences within social media settings and your cookie browser settings.

 

Please note that we may retain any data provided to us on our websites for a limited period, even if you do not complete your quote. The information may be used to enquire as to why you did not complete your quote or for us to better understand your needs but only if you have agreed for us to contact you.

 

 

9. Contact Details of the Data Protection Officer

 

If you wish to contact the Data Protection Officer the details are below:

 

The Data Protection Officer:

April Medibroker Ltd

April House

Almondsbury Business Centre

Bradley Stoke

Bristol

BS32 4QH

 

 

10. Medibroker Company Details

 

Medibroker

Wherever the name “Medibroker” is used on the Website, this means April Medibroker Ltd a public company limited by shares incorporated in England and Wales with company number 3673450 and whose registered office is at April House, Almondsbury Business Centre, Bradley Stoke, Bristol, BS32 4QH, who is authorised and regulation by the Financial Conduct Authority, registered number 304773

 

 

11. Medibroker’s data privacy declaration

 

Your personal information can help us give you a better, more personalised service. Looking after that data is a big responsibility and we take our responsibilities seriously. We keep your data safe, confidential and will never sell it. And, if you ask us to, we’ll tell you exactly what information we have so you can be sure it’s up-to-date and accurate.

 

Medibroker’s mission is to help you, our customers, live your lives with more peace of mind by protecting your family, your property and your lifestyle against risks. Doing so involves the collection of data so that we understand the nature of these risks that we cover for you, and that we may provide you with the right products and services to meet your needs. It also allows us to enhance your experience through tailor-made protection, more relevant information and simplified, efficient procedures. We believe that protecting your personal information is essential. This is why we share with you the principles that will follow with regard to the treatment of personal information.

 

 

Terms and Conditions