Fair processing notice
As a provider of quality healthcare around the world, our customers and clients expect us to carefully handle and protect the personal information they share with us.
If you or your employer have signed an agreement with the Data Controller (as defined below) to benefit from health insurance or other health services provided by the Data Controller or by related parties (hereafter referred to as the "Agreement"), the present Privacy Notice is applicable. It explains how we collect and use your data (as defined below) in accordance with the applicable Data Protection standards and legislation.
Information we collect about you
"Information" is the data that identifies and relates to you, or to other individuals such as your dependants. Your information may be provided to us by yourself or by a third party entitled to provide us with such information (e.g. your healthcare professionals, your employer). There are two types of information which we may collect about you – personal information such as your name and address, and sensitive information such as your medical condition and health status.
By providing your information to us, or authorising a third party to provide us with your information, you signify your explicit consent to your information being processed as explained in this notice.
Depending on the specific terms and conditions of the agreement you or your employer has signed, your information will be collected by:
- Cigna Life Insurance Company of Europe S.A.-N.V, private limited liability company under the Belgian law, with its registered office in Belgium, Avenue de Cortenbergh 52, 1000 Brussels, authorised by the National Bank of Belgium and subject to limited regulation by the UK Financial Conduct Authority and Prudential Regulation Authority
- Cigna Life Insurance Company of Europe S.A.-N.V, UK Branch, with its registered office in Chancery House, 1st Floor, St Nicholas Way, Sutton, Surrey SM1 1JB, UK Branch of Cigna Life Insurance Company of Europe S.A.-N.V.
- Cigna European Services (UK) Limited, a service company registered in England with its registered office address in Chancery House, 1st Floor, St Nicholas Way, Sutton, Surrey SM1 1JB.
The company collecting your information depends on the entity which provides your insurance cover or health service, and can be found in your member booklet, certificate of insurance, or notice from your employer. The corresponding entity will hereafter be referred to as the "Data Controller". Additional information about the Data Controller is available on request (see "CONTACT US" section below).
Purpose and use of information
Your information is collected in order to provide health benefits or services, to administer your health plan, or to conduct general insurance business, in line with the insurance cover or other services you are entitled to under the Agreement.
We use your information to:
- Communicate with you and others as part of our business;
- Send you important information about changes to our policies or services, other terms and conditions and other administrative information;
- Make decisions about whether to provide insurance cover;
- Provide, where relevant, insurance and assistance services, including claim assessment, processing and settlement; and, where applicable, handle claim disputes;
- Provide, where relevant, occupational health services, which include obtaining medical information from your general practitioner (GP) or specialist in order to advise your employer on your fitness for work;
- Provide improved quality, training and security (e.g. with respect to recorded or monitored telephone calls to our contact numbers);
- Carry out market research and analysis, including satisfaction surveys, to be able to continuously improve the quality of our business and the insurance cover or other services provided to you;
- Protect, detect, and prevent fraud, which may include searching claims or fraud registers. Your information may be put on registers of claims and shared with other insurers;
- Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; business continuity; and records, document and print management;
- Resolve complaints, and handle requests for data access, correction or removal;
- Comply with applicable laws and regulatory obligations such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities and litigation; and
- Establish and defend legal rights; protect our operations or those of any of our group companies or insurance business partners, our rights, privacy, safety or property, and that of our group companies, you or others; and pursue available remedies or limit our damages.
Confidential, unpublished property of Cigna. Do not duplicate or distribute. Use and distribution limited solely to authorized personnel. © 2016 Cigna
- Your information will only be used for the above mentioned purposes and will never be sold or rented.
Sharing of information
If deemed necessary for providing you with the insurance cover or health services you are entitled to under the Agreement, the Data Controller may make your information available to:
- Cigna group companies. You can find permanently updated information about Cigna on the following website: cigna.co.uk. Access to information within Cigna is restricted to those individuals and entities who have a need to access the information for the purposes set forth in this Notice;
- Other insurance and distribution parties, such as other insurers; reinsurers; reinsurance brokers and other intermediaries and agents; and appointed representatives;
- External third-party service providers, such as medical professionals, accountants, actuaries, auditors, experts, lawyers and other outside professional advisors; travel and medical assistance providers; IT systems, support and hosting service providers; analysis service providers; banks and financial institutions that service our accounts; third-party claim administrators; document and records management providers; claim investigators and adjusters; translators; and similar third-party vendors and outsourced service providers that assist us in carrying out business activities;
- Governmental authorities and third parties involved in court actions, including, but not limited to, courts, law enforcement, tax authorities and criminal investigations agencies; third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate:
(a) to comply with applicable law, including laws outside your country of residence;
(b) to comply with legal process;
(c) to respond to requests from public and government authorities;
(d) to enforce our terms and conditions;
(e) to protect our operations or those of any of our group companies;
(f) to protect our rights, privacy, safety or property, and/or that of our group companies, you or others; and
(g) to allow us to pursue available remedies or limit our damages.
- Other third parties, such as emergency providers (fire, police and medical emergency services); medical networks, organizations and providers; travel carriers; and other people involved in an incident that is the subject of a claim.
Right to access and right to rectify
You have the right of access to and, if applicable, the right to rectify your information held by the Data Controller. You can exercise these rights by writing the Data Controller's Data Protection Officer (see "CONTACT US" section below).
The Data Controller will take appropriate technical, physical, legal and organisational measures, which are consistent with applicable privacy and data security laws. When providing information to a service provider, the service provider will be selected carefully and required to use appropriate measures to protect the confidentiality and security of such information.
Data Protection Officer / Cigna
Riverside Business Park
22 Pottery Street
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 5th February 2014.