healthcare rm are committed to ensuring your privacy and personal information is protected.
When we collect and use your personal information, we ensure we look after it properly and use it in accordance with our privacy principles set out below, keep it safe and will never sell it.
- Personal information you provide is processed fairly, lawfully and in a transparent manner;
- Personal information you provide is collected for a specific purpose and is not processed in a way which is incompatible with the purpose for which healthcare rm collected it;
- Your personal information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- Your personal information is kept accurate and, where necessary kept up to date;
- Your personal information is kept no longer than is necessary for the purposes for which the personal information is processed;
- We will take appropriate steps to keep your personal information secure
- Your personal information is processed in accordance with your rights;
- We will only transfer your personal information to another country or an international organisation outside the European Economic Area where we have taken the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards;
- healthcare rm does not sell your personal information and we do not permit the selling of customer data by any companies who provide a service to us.
How do we collect your personal information?
Whilst there are a number of ways in which we collect your personal information, the two main ways we might collect personal information about you are from things you tell us yourself, and from things we ask other people or organisations to share with us. Things you tell us could include conversations we have on the phone or information you send us by post or email. We might also collect information about you from other people and organisations, such as your employer and medical professionals. Please see below for a list of ways we collect your personal information:
We collect personal information directly from you:
- via our telephone calls with you, which may be recorded;
- when you provide your details to us either online or offline;
- during any health surveillance medicals
We also collect your personal information from a number of different sources including:
- via third parties including:
- your employer as part of a daily download of sickness absence;
- your employer as part of a referral to our case management service;
- medical professionals and hospitals;
- network therapists
What personal information do we collect?
We might collect personal information, such as your contact details. The information we collect depends on which service provision you have access to via your employers. For example, if you have a private healthcare plan we may ask you about you or your families’ medical history. Please note, in certain circumstances we may request and/or receive “sensitive” personal information about you. For example, we may need access to health records for the purposes of processing claims or assessing fitness for work. Please see below for a more detailed list of personal information we collect.
- Personal information
– contact details such as name, email address, postal address and telephone number
– details of any other persons included on your benefits where they are named on your plan and the relationship to you as the main member
– identification information such as your date of birth, employee number or information relevant to your claim or your involvement in the matter giving rise to a claim
- Sensitive personal information
– details of your current or former physical or mental health
– details concerning sexual life or sexual orientation, for example marital status
How do we use your Personal Information?
We mainly use your information for the purposes of preventative or occupational medicine, to assess your fitness for work for your employer, provision of health benefits and / or the management of health care services. In this regard we will share information with your employer on the basis outlined below. However, there are other reasons why we use your personal information. Please see below for a more detailed list of how we use your personal information. We may process your personal information for a number of different purposes as you may have access to several of our services via your employer. Under data protection laws we need a reason to use and process your personal information and this is called a legal ground. We have set out below the main reasons why we process your personal information and the applicable circumstances when we will do so. When the personal information we process about you is classed as sensitive personal information, such as details about your health, (now known as ‘Special Categories’), we must have an additional legal ground for such processing, or where appropriate, we apply a specific exemption for Insurance purposes
- Processing is necessary for us to case manage a referral made to us by your employer and assess fitness for work;
- Processing is necessary to carry out health surveillance assessments to comply with legal requirements;
- Processing is necessary in order for us to provide your healthcare plan and or psychological services, such as assessing your claim and setting you up as a member, administering and managing your healthcare plan, providing all related services, handling and paying claims and communicating with you. In these circumstances, if you do not provide such information, we will be unable to administer your plan or process your claim;
- Where we need to use your personal information to establish, exercise or defend our legal rights, for example when we are presented with a legal claim or where we wish to pursue a legal claim;
- Where we have a specific legal exemption to process sensitive personal data for insurance purposes. This exemption applies where we need to process your information as an essential part of your benefits provision, for example health data;
- Where you have provided your consent to our use of your personal information. We will usually only ask for your consent in relation to processing your sensitive personal information (such as health data). This will be made clear when you provide your personal information. If we ask for your consent, we will explain why it is necessary. Without your consent in some circumstances, we may not be able to handle claims or you may not be able to benefit from some of our services. Where you provide sensitive personal information about a third party (such as a dependent on your plan) we will ask you to confirm that the third party has provided his or her consent for you to act on their behalf;
- Where we have appropriate legitimate business need to use your personal information such as maintaining our business records, developing and
improving our products and services, all whilst ensuring that such business need does not interfere with your rights and freedoms and does not cause you any harm;
- Where we need to use your sensitive personal information such as health data because it is necessary for your vital interests, this being a life or death matter.
Who do we share your personal information with?
We will share elements of your information with your employer on the following basis:
- We will provide your employer (normally your Line Manager) with an outline of your fitness to work when managing any sickness absence or health condition which affects your ability to work in your normal duties. We will only share any health information with your verbal consent to do so. Where you cannot perform your normal duties then we will provide your manager with an understanding of what work you can or cannot perform and over what time period;
- We may need to share information with your employer where there is a possibility that the work you are performing is causing you harm. We will only share this information with your consent;
- We do not share any information with your employer if you access the Careline services unless there is a safety critical reason to do so and only when we have agreed with you that we will notify your manager;
- We may need to share information with the Trustees of the healthcare plan/s if you are a member. However, this is normally where you have requested to make a claim where the rules are not clear and we need authorisation from the Trustees to either pay or decline a claim or where you have specifically requested that this is submitted to the Trustees. Normally this Trustee Referral is anonymous unless you request that they are made aware of your name.
- On occasions an individual will make a claim against their employer where we are allowed in law to share information under an exemption clause. In such circumstances we would inform you that such an exemption applies and why.
How long do we keep records?
Telephone calls are only recorded for training and quality purposes; these are randomly selected and deleted after five days. No transcripts of these calls are kept and only brief notes retained on the system
In relation to case notes and medical information, these are only kept for as long as the regulations say we have to. This is usually between 1 – 40 years dependent on the type of data held and what we are obliged to do by the regulator or the law.
You can ask us to do various things with your personal information. For example, at any time you can ask us for a copy of your personal information, ask us to correct mistakes, change the way we use your information, or even delete it. We’ll either do what you’ve asked, or explain why we can’t – usually because of a legal or regulatory issue.
You have the following rights in relation to our use of your personal information:
The right to access your personal information:
You are entitled to a copy of the personal information we hold about you and certain details of how we use it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.
The right to rectification:
We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us at email and you can ask us to update or amend it.
The right to erasure:
In certain circumstances, you have the right to ask us to erase your personal information, for example, where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors, for example according to the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.
Right to restriction of processing:
In certain circumstances, you are entitled to ask us to stop using your personal information, for example, where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.
Right to data portability:
In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your personal information.
The right to withdraw consent:
For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. Please note in some cases we may not be able to process your claim if you withdraw your consent.
The right to lodge a complaint:
You have a right to complain to the Information Commissioner’s Office (ICO) at any time if you object to the way in which we use your personal information. More information can be found on the ICO website: https://ico.org.uk/
You can make any of the requests set out above by contacting us. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we can’t comply with your request, we will tell you why.
healthcare rm Company contact details
Ashchurch Business Centre,
Tewkesbury, GL20 8NB
0333 577 8776
healthcare rm’s Data Privacy Declaration
Your personal information can help us give you a better, more personalised service. However, looking after that data is a big responsibility. We take our responsibilities seriously, so we’ve introduced internationally recognised data privacy rules to protect you. We keep your data safe, confidential and will never sell it, and, if you ask us to, we will tell you exactly what information we have so you can be sure it’s up-to-date and accurate.