DATA PROTECTION – PRIVACY NOTICE

The privacy and security of your information is important to us. This notice explains who we are, the types of information we hold, how we use it, who we share it with and how long we keep it. We recognise our responsibility to treat your personal information with care and to comply with all relevant legislation, in particular the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) – the “legislation”. The terms used in this Notice are based on the Information Commissioner’s Office (ICO). You can find out more about the ICO here: https://ico.org.uk/.

Who we are

Daniel Donoghue Healthcare Consultancy Limited trading as Surrey Circle Health is the “Data controller” of the information you provide us and is registered with the Information Commissioner’s Office for the products and services we provide to you. Registration number Z8663510. You can contact us for general data protection queries by email to daniel@surreycirclehealth.co.uk or in writing to the Data Protection Officer, Surrey Circle Health, 3 Warren Mews, Prairie Road, Addlestone, Surrey, KT15 2TL. Telephone number – 07831 259768. Please advise us of as much detail as possible to comply with your request.

How do we use your Personal Information?

We will use personal information to assess and provide the products or services that you have requested, arrange and administer your policy if you buy one through us, communicate with you, inform you about products or services that are closely related to those you already hold with us, to undertake statistical analysis and to comply with our legal obligations. From time to time we will need to call you for a variety of reasons relating to your products or service (for example, to update you on the progress of a claim or to discuss the renewal of your insurance contract)

Personal information includes your name, address, or phone number and other information that is not otherwise publicly available. We collect personal information about you when you contact us about products and services. The type of personal information we collect will depend on the purpose for which it is collected and includes: Contact details, your profile, information to verify your identity, family, lifestyle, health and financial information and payment details.

Some of the personal information we ask you to provide may be sensitive (special category) as defined in the legislation such as information about your medical history. We can collect such information for insurance purposes without your specific consent but it will only be used for the purpose of our service which is to provide advice on and arrange a contract of insurance which meets your demands and needs. Sensitive personal information will always be processed and stored securely. You can withdraw your consent at any time to us processing this data, however, this may mean that you can no longer access the service or product the information was gathered for. If you give us personal information about another person who is to be included on your policy, you should only do so if you have their consent. You should make this privacy policy available to any person who is included on your policy. If you give us information about another person, in doing so you confirm that they have given you permission to provide it to us and that we may use their personal data in the same way as your own as set out in this notice.

Legal Basis for processing your Personal Information

We are required to have a lawful basis (as defined) in order to process your personal data and the relevant bases which we use are show in the table below.

Purpose of processing Lawful Basis
Providing quotations; arranging and administering insurance contractsNecessary for the performance of an insurance contract
Provision of information on products and services (Marketing)Our legitimate interests or your explicit consent
To notify you of changes in our serviceOur Legal and Regulatory obligations
To prevent and detect fraud, money laundering and other financial crimesOur Legal and Regulatory obligations
To meet general legal or regulatory obligationsOur Legal and Regulatory obligations
Statistical analysisOur legitimate interests (to refine and enhance the  products and pricing which we can offer)

Marketing

We may contact you by email, text, telephone, mail or other agreed means to keep you up to date about our products and services. The legislation allows us to do this in our own commercial interests for certain communications with previous customers. In other circumstances we can only do so with your explicit consent. In all cases you can opt out from receiving such communications at any time.

When do we share your Personal Information?

As a necessary part of providing you with the services described in this notice the information you provide will be disclosed to third parties (for example: our Principal firm Santé Partners Ltd, insurers or other insurance intermediaries) for the purpose of arranging your contract of insurance and will only be used for the provision and administration of the service provided.

To help us prevent financial crime, your details may be submitted to fraud prevention agencies and other organisations where your records may be searched. We may also be obliged by law to pass on your information to the police or other law enforcement body or statutory or regulatory authority.

We may also undertake credit searches, but we will never make a search that leaves a record on your credit history. We may also use external organisations to protect customers from fraud and to verify identity.

We can supply on request further details of the databases and external organisations which we use.

How long do we keep your information for?

We will not keep your personal information longer than is necessary for the purpose for which it was provided and will be managed in accordance with our data retention policy. In most cases the period will be for a maximum of 7 years following the expiry of an insurance contract unless we are required to retain the data for a longer period due to business, legal or regulatory requirements.

Your data protection rights

You have the following rights in relation to our processing of your personal  data: –

  1. The right to be informed about how we use your personal data (This Privacy Notice)
  2. The right to see a copy of the personal information we hold about you. (In most cases this will be free of charge)
  3. The right to have personal information rectified if inaccurate or incomplete.
  4. The right of erasure of your personal information where there is no compelling reason for its continued processing.
  5. The right to restrict processing in certain circumstances, e.g. if its accuracy is being contested.
  6. The right to data portability which, subject to certain conditions, allows you to obtain and reuse your personal data across different services.
  7. The right to object to certain processing including for the purposes of direct marketing.
  8. Rights to information in relation to automated decision making and profiling.

Complaints

If you are unhappy about the way we have handled your data or upheld your rights, you can complain to the Information Commissioner’s office at any time. Further details of your rights can be obtained by visiting the ICO website: https://ico.org.uk/your-data-matters/



SCH 09.23 v2

Surrey Circle Health reserves the right to amend this notice at any time in line with legislation changes, which would be posted upon this page. This Privacy Notice was last updated in March 2024.