1. About us

In this data protection notice references to "CLICE UK" are to Cigna Life Insurance Company of Europe S.A.-N.V. - UK Branch and "CESL" is to Cigna European Services (UK) Limited. References to "we" or "us" is to CLICE UK and CESL.

Where you are receiving health benefits under a policy of insurance ("UKHB policy") CLICE UK will be the data controller of any information you provide. Where you are receiving health benefits under a trust scheme ("UKHB scheme") CESL will be the data controller of any information you provide. The relevant entity can be found in your member booklet, certificate of insurance or notice from your employer. This means that we are responsible for complying with data protection laws. This data protection notice describes what personal information we may collect from you, why we use your personal information and more generally the practices we maintain and ways in which we use your personal information.

We have appointed a data protection officer to oversee our handling of personal information. If you have any questions about how we collect, store or use your information or if you are unsure about who the data controller of your personal information is, you may contact our data protection officer using the details set out at section 10.

2. Our Processing of your personal information

Depending on our relationship with you and the nature of services we are providing you with we will collect different types of personal information about you and use it for different purposes.

From time to time we may ask you to provide or we may receive your “sensitive personal information” otherwise known in data protection laws as "special categories of personal information" (which is information relating to your health, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership). We may also need details of any unspent criminal convictions you have for fraud prevention purposes.

Where you provide personal information to us about other individuals (for example your dependants who are covered under your policy or scheme) we will also be data controller of and responsible for their personal information. You should refer them to this notice.

We have structured this notice so that you only have to click on the section below that is relevant to you and reflects your relationship with us.

2.1 Prospective UKHB scheme members and policyholders or prospective dependants under a UKHB scheme or policy

If you apply for membership of a UKHB scheme or for a UKHB policy with us, or someone applies for a membership of a UKHB scheme or a UKHB policy, which will cover you or list you as a named dependant, this section will be applicable to you and will provide key information about how we use your personal information.

What personal information will we collect?

  • Your name and title, address, telephone numbers and email addresses, date of birth and gender.
  • Where you are not the applicant, your relationship or connection to the prospective policyholder or scheme member.
  • Identity documents such as passport, driving licence and national insurance number.
  • Employment status and related information such as job title, employment history, education history and accreditations.
  • Where you are a prospective UKHB scheme member or policyholder information which is related to your application including:
    • details about previous insurance policies you have held or schemes you have been a member of and any previous claims you have made;
    • details about your family such as dependants or spouses; and
    • UKHB policy specific information e.g. details of pre-existing conditions where the scheme involves medical underwriting.
  • Where you are a prospective UKHB scheme member or policyholder financial information including:
    • your bank account and payment details;
    • details about your income; and
    • information obtained from checking sanctions lists.

 

What sensitive personal information will we collect?
  • Information about your physical and mental health if relevant to your application or an application under which you are covered.
  • In addition, the health data we collect may reveal certain other categories of sensitive personal information such as information about sex life, sexual orientation or genetic information.  Where this information is revealed we will not process it any further except with your consent.

If you provide personal information, including "sensitive personal information", to us about other individuals you agree: (a) to inform the individual about the content of this data protection notice; and (b) to obtain any consent where we indicate that it is required for the processing of that individual’s personal data in accordance with this data protection notice. 

How will we collect your personal information?

Directly from you or someone else on your behalf:

  • on your application for a UKHB policy or membership of a UKHB scheme;
  • when we provide a quotation; and
  • during any communications we have, such as by telephone or email or when you make a general enquiry.

We will also collect your personal information from:

  • The prospective policyholder or scheme member where you are a dependant.
  • Third parties involved in your UKHB policy or UKHB scheme such as your brokers, another insurer and our own business partners.
  • Other health insurance/health benefit providers where schemes or policies are transferred to CESL/CLICE UK to administer.
  • Third parties who provide sanctions checking and screening tools and services.
  • Financial crime and fraud detection agencies and other third parties who operate and maintain fraud prevention and detection registers and third parties we use to carry out credit checks.
  • Other companies in the Cigna Europe group.
  • Customer surveys.
What will we use your personal information for?

We use your information in a number of different ways, depending on your particular circumstances. For every use, we must be able to demonstrate that there is a "legal ground" to do so. When using your "personal information", we will rely on the "legal grounds” set out below:
  • We need to use your personal information to enter into or perform the insurance contract that you have applied for. We will rely on this legal ground for all activities that are connected to your application and without using your personal information we would be unable to do, such as assessing your application against our own risk appetite and providing you with a quote.
  • We have a legal or regulatory obligation to use your personal information. For example, we have legal obligations to carry out anti-money laundering checks and our regulators require us to maintain records of all dealings with you and to carry out sanctions checks and to comply with our regulatory reporting requirements we may need to send your personal information to our regulators.
  • We have a business need to use your personal information. Such needs will include keeping business and accounting records, analysis of financial results, internal audit requirements, maintaining management information, statistical analysis, developing and testing our systems, analysing our business and improving the services we offer (including improved quality, training and security), carrying out strategic reviews of our business models, receiving professional (e.g. tax or legal advice), and will cover all activities which are needed to carry out everyday business activities. When relying on this legal ground, we are under a duty to assess your rights and to ensure that we do not use your information unless we can demonstrate a legitimate business need.

When we use your “sensitive personal information" (such as information about your health, religion or criminal offences), we need to have an additional “legal ground". When using your "sensitive personal information", we will rely on the "legal grounds” set out below:

  • We have an insurance purpose to use your sensitive personal information and there is a substantial public interest such as assessing your insurance application, arranging or administering a policy and preventing and detecting fraud.  This will apply to a limited number of our policies. 
  • We need to use your sensitive personal information to establish, exercise or defend legal rights. This will be applicable where we are involved in legal proceedings, either against us or where we want to instigate them ourselves.
  • You have given your consent. There may be some instances where we may need your consent to process sensitive personal information (e.g. health information) and without it we could not provide insurance cover. We will make it clear when these circumstances are and why your consent is necessary. 

What is the purpose for using your personal information 

 

Legal grounds for using your personal information 

Legal grounds for using your sensitive personal information 

To assess your application or an application under which you are covered and provide a quote (where applicable).

  • It is necessary to enter into or perform your insurance contract.
  • We have a business need (to assess all insurance applications against our own risk appetite).
  • In most cases we will rely on your explicit consent. In some circumstances, we will need to obtain your consent before we can provide your policy or plan membership.
  • In a limited number of policies we will rely on processing being necessary for the insurance purpose of administering an insurance policy.

To set you up as a policyholder / member (where applicable).

  • It is necessary to enter into or perform your insurance contract.

 

  • In most cases we will rely on your explicit consent. In some circumstances, we will need to obtain your consent before we can provide your policy or plan membership.
  • In a limited number of policies we will rely on the processing being necessary for the insurance purpose of administering an insurance policy.

To carry out fraud, credit and anti-money laundering checks on you.

 

  • It is necessary to enter into or perform your insurance contract.
  • We have a legal obligation.
  • We have a business need (to prevent fraud and other financial crime).

 

  • It is in the substantial public interest for us to comply with regulatory requirements relating to the prevention and defeating of unlawful acts.
  • We need to establish, exercise or defend legal rights.

To comply with our legal or regulatory obligations (e.g. FCA reporting).

 

  • We have a legal or regulatory obligation.

 

  • We need to establish, exercise or defend legal rights.

To generally communicate with you and handle any queries about your application or an application under which you are covered.

  • It is necessary to enter into or perform your insurance contract.
  • We have a business need (to respond to all communications).

 

 

For business purposes such as systems development, migration of systems and live testing, diagnosing any problems with our servers and website.

  • We have a business need (to run an efficient business).

 

 

For business purposes such as maintaining management information, internal audits, and carrying out statistical and strategic analysis.

  • We have a business need (to run an efficient business and improve our business).

 

To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys).

  • We have a business need (to develop and improve the services we offer).

 

 









Who will we share your personal information with?

We do not share or distribute your personal information other than to the following third parties and only under the limited circumstances we have set out above:

  • The policyholder or scheme member where you are a dependant.
  • Third parties who we rely on to provide insurance and handle claims such as brokers, insurers, third party claimants, defendants, witnesses and our own business partners.
  • Third parties we appoint to assist with an insurance policy or claim such as claims handlers, medical experts, investigators and loss adjusters.
  • Third parties who provide sanctions checking services.
  • Insurance industry bodies.
  • Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers and third parties we use to carry out credit checks.
  • Other companies in the Cigna Europe group.
  • Service providers we have contracted with including our subcontractors and agents, auditors, our solicitors, actuaries, IT providers and database providers, marketing mailing providers and business suppliers.
  • Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business.
  • The Financial Conduct Authority, the Prudential Regulation Authority and the National Bank of Belgium who are our regulators.
  • Law enforcement agencies such as the police, HMRC and taxation authorities.
  • Our own insurers and companies who we have appointed to assist with arranging our insurance.
  • Selected third parties in connection with the sale, transfer or disposal of our business.
  • Health insurance/health benefit providers where schemes or policies are transferred from us.

·         on your application for a UKHB policy or membership of a UKHB scheme;

·         when we provide a quotation; and

·         during any communications we have, such as by telephone or email or when you make a general enquiry.

2.2 Existing UKHB scheme members and policyholders or existing dependants under a UKHB scheme or policy

Where you are a UKHB scheme member or policyholder or are a dependant under a UKHB scheme or policy, this section will be applicable to you and will provide key information about how we use your personal information.

What personal information will we collect?

  • Your name and title, address, telephone numbers and email addresses, date of birth and gender.
  • Where you are not the scheme member or policyholder, your relationship or connection to the scheme member or policyholder.
  • Identity documents such as passport, driving licence and national insurance number.
  • Employment status and related information such as job title, employment history, education history and accreditations.
  • Where you are the UKHB scheme member or policyholder, information which is related to your scheme or policy including:
    • details about previous schemes you have been a member of or insurance policies you have held and any previous claims you have made;
    • details about your family such as dependants or spouses; and
    • UKHB scheme or policy specific information e.g. details of pre-existing conditions where we are handling claims. 
  • Where you are a UKHB scheme member or policyholder financial information including:
    • your bank account and payment details;
    • details about your income; and
    • information obtained from checking sanctions lists and credit checks such as bankruptcy orders, individual voluntary arrangements, office disqualifications or county court judgments.
  • Information which is relevant to any claims you make under a scheme or your policy. This could include photographic evidence you provide us with, for example if you make a claim under your travel policy, we will need information about the country you visited.
  • Information which is available publically such as internet search engines and social media where we need to investigate fraudulent claims. 

What sensitive personal information will we collect?
  • Information about your physical and mental health if relevant to your policy or scheme or a policy or scheme under which you are covered or any claims you make.
  • In addition, the health data we collect may reveal certain other categories of sensitive personal information such as information about sex life, sexual orientation or genetic information. Where this information is revealed we will not process it any further except with your consent.

If you provide personal information, including "sensitive person information", to us about other individuals you agree: (a) to inform the individual about the content of this data protection notice; and (b) to obtain any consent where we indicate that it is required for the processing of that individual’s personal data in accordance with this data protection notice. 

How will we collect your personal information?

Directly from you or someone else on your behalf:

  • when you renew a policy or your scheme membership;
  • when you make a claim on your policy or under a scheme; and
  • during any communications we have, such as by telephone or email or when you make a complaint or general enquiry.

We will also collect your personal information from:

  • The policyholder or scheme member where you are a dependant.
  • A third party who has power of attorney over you.
  • Third parties involved in your UKHB policy or UKHB scheme or claim such as your brokers, another insurer, third party claimants, defendants, witnesses and our own business partners.
  • Other health insurance/health benefit providers where schemes or policies are transferred to CESL/CLICE UK to administer.
  • Third parties we appoint to assist with an insurance policy or claim such as claims handlers, medical experts, investigators and loss adjusters.
  • Medical services providers.
  • Third parties who provide sanctions checking and screening tools and services.
  • Insurance industry bodies.
  • Financial crime and fraud detection agencies and other third parties who operate and maintain fraud prevention and detection registers and third parties we use to carry out credit checks.
  • Other companies in the Cigna Europe group.
  • Customer surveys.

What will we use your personal information for?

We use your information in a number of different ways, depending on your particular circumstances. For every use, we must be able to demonstrate that there is a "legal ground" to do so. When using your "personal information", we will rely on the "legal grounds” set out below: 

  • We need to use your personal information to enter into or perform the insurance contract that you have taken out with us. We will rely on this legal ground for all activities that are connected to your insurance contract and without using your personal information we would be unable to do, such as providing you with a quote, providing insurance cover, handling claims and responding to complaints.
  • We have a legal or regulatory obligation to use your personal information. For example, we have legal obligations to carry out anti-money laundering checks and our regulators require us to maintain records of all dealings with you and to carry out sanctions checks and to comply with our regulatory reporting requirements we may need to send your personal information to our regulators.
  • We have a business need to use your personal information. Such needs will include keeping business and accounting records, analysis of financial results, internal audit requirements, maintaining management information, statistical analysis, developing and testing our systems, analysing our business and improving the services we offer (including improved quality, training and security), carrying out strategic reviews of our business models, receiving professional (e.g. tax or legal advice), and will cover all activities which are needed to carry out everyday business activities. When relying on this legal ground, we are under a duty to assess your rights and to ensure that we do not use your information unless we can demonstrate a legitimate business need.
When we use your “sensitive personal information" (such as information about your health, religion or criminal offences), we need to have an additional “legal ground". When using your "sensitive personal information", we will rely on the "legal grounds” set out below:
  • We have an insurance purpose to use your sensitive personal information and there is a substantial public interest such as assessing your insurance application in particular against our own risk appetite, arranging or administering a policy, handling claims and preventing and detecting fraud. This will apply to a limited number of policies.

  • We need to use your sensitive personal information to establish, exercise or defend legal rights. This will be applicable where we are involved in legal proceedings, either against us or where we want to instigate them ourselves or when we are investigating a legal claim that a third party brings against you.

  • You have given your consent. There may be some instances where we may need your consent to process sensitive personal information (e.g. health information) and without it we could not provide insurance cover or handle any claims you have. We will make it clear when these circumstances are and why your consent is necessary.

What is the purpose for using your personal information 

 

Legal grounds for using your personal information 

Legal grounds for using your sensitive personal information 

To provide a policy or scheme with appropriate cover.

  • It is necessary to enter into or perform your insurance contract.
  • We have a business need (to provide insurance cover which is in line with our own risk appetite).
  •  In most cases we will rely on your explicit consent. In some circumstances, we will need to obtain your consent before we can provide your policy or plan membership.
  • In a limited number of policies we will rely on the processing being neccessary for the insurance purpose of administering an insurance policy.

To handle any claims you make under  a policy or scheme.

  • It is necessary to enter into or perform your insurance contract.
  • We have a business need (to investigate claims, respond and conclude all claims).
  • In most cases we will rely on your explicit consent. In some circumstances, we will need to obtain your consent before we can provide your policy or plan membership.
  • In a limited number of policies we will rely on the processing being necessary for the insurance purpose of administering an insurance policy. We need to establish, exercise or defend legal rights.

Providing, where relevant, occupational health services, which include obtaining fitness information from your GP or specialist in order to advise your employer on your fitness to work.

  • Where you are a policyholder, it is necessary to perform your insurance contract.
  • We have a business need (to pay claims).
  • UKHB Policy it is necessary for the insurance purpose of administering a claim under an insurance policy.
  • UKHB Scheme We have your explicit consent. In some circumstances, we will need to obtain your consent before we can handle and pay out on your claim.
  • We need to establish, exercise or defend legal rights.

To carry out fraud, credit and anti-money laundering checks on you when you enter into a policy and to prevent any fraudulent claims.

 

  • It is necessary to enter into or perform your insurance contract.
  • We have a legal obligation.
  • We have a business need (to prevent fraud and other financial crime).

 

  • It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).
  • We need to establish, exercise or defend legal rights.

To comply with our legal or regulatory obligations.

 

  • We have a legal obligation.

 

  • We need to establish, exercise or defend legal rights.

To handle any complaints you may have and generally communicate with you.

  • It is necessary to enter into or perform your insurance contract.
  • We have a business need (to respond to all communications and complaints and investigate and resolve complaints).

 

  • We need to establish, exercise or defend legal rights.

 

To apply for and claim on our own insurance.

 

  • We have a business need (to have our own insurance cover in place).
  • We need to establish, exercise or defend legal rights.
 

For business purposes such as systems development  migration of systems and live  testing, diagnosing any problems with our servers and website.

  • We have a business need (to run an efficient business).

 

Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice)

  • We have a business need (to run an efficient business and improve our business).

 

Monitoring applications, reviewing, assessing, tailoring and improving our products and services and similar products and services offered by the Cigna Europe group.

  • We have a business need (to improve our product offering).

 

To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers).

  • We have a business need (to develop and improve the services we offer).
  • It is necessary for the insurance purpose of administering an insurance policy.

 

 

Tracing and recovering debt.

  • We have a business need (to trace and recover debt).
  •  We need to establish, exercise or defend legal rights.



Who will we share your personal information with?

We do not share or distribute your personal information other than to the following third parties and only under the limited circumstances we have set out above:

  • A third party who has power of attorney over you.
  • Third parties who we rely on to provide insurance and handle claims such as brokers, insurers, third party claimants, defendants, witnesses and our own business partners.
  • A third party who processes, on our behalf, invoices from medical services providers in respect of treatment we are covering.
  • Third parties we appoint to assist with an insurance policy or claim such as claims handlers, medical experts, investigators and loss adjusters.
  • Medical services providers.
  • Third parties who provide sanctions checking services.
  • Insurance industry bodies.
  • Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers and third parties we use to carry out credit checks.
  • Other companies in the Cigna Europe group.
  • Service providers we have contracted with including our subcontractors and agents, auditors, our solicitors, actuaries, IT providers and database providers, marketing mailing providers and business suppliers.
  • Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business.
  • The Financial Conduct Authority, the Prudential Regulation Authority and the National Bank of Belgium who are our regulators.
  • Law enforcement agencies such as the police, HMRC and taxation authorities.
  • Our own insurers and companies who we have appointed to assist with arranging our insurance.
  • Selected third parties in connection with the sale, transfer or disposal of our business.
  • Health insurance/health benefit providers where schemes or policies are transferred from us.
Where you are a UKHB scheme member or policyholder or are a dependant under a UKHB scheme or policy, this section will be applicable to you and will provide key information about how we use your personal information.
2.3 Business contacts at employers

This section will apply if you are our point of contact at an employer. 

What personal information will we collect?

  • General information such as your name, address, contact details and company name.
What special categories of information will we collect?

None.

How will we collect your personal information?

As well as obtaining information directly from you, we will collect information from:

  • Invoices, contracts, policies, correspondence and business cards.
  • Other group companies.

What will we use your personal information for?

We may process your information for a number of different purposes. For each purpose we must have a legal ground for such processing and we will rely on the following legal grounds:

  • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
  • We have an appropriate business need to use your personal information. We will rely on this for activities such as maintaining our business records, training and quality assurance, and developing and improving our products and services.

When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "sensitive personal information":

  • We need to use your sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
  • You have provided your consent to our use of your sensitive personal information.
Please click below for further details of the different ways we use your personal information and the legal grounds we rely on when doing so.

Purpose for processing 

Legal grounds for using your personal information 

Legal grounds for using your sensitive personal information 

To comply with our legal or regulatory obligations.

 

  • We need to use your information in order to comply with our legal obligations, for example to process and to pay your invoices.

 

  • We need to use your information in order to establish, exercise or defend legal rights.

For relationship and business development purposes.

  • We have an appropriate business need (relationship management and business analysis).

 

To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers).

 

  • We have an appropriate business need (to develop and improve the products and services we offer).

 

 

To manage and handle any queries you may have.

  • We have an appropriate business need (to effectively manage our business and respond to queries).

 

 

To provide marketing information to you (including information about other services offered and events that might be of interest to  you) and to undertake customer satisfaction surveys.

  • We have an appropriate business need (to send you selected communications about other services we offer or events we host).

 





Who will we share your personal information with?

From time to time, we may share your personal information between our internal departments and with other companies in the Cigna Europe group or with the following third parties for the purposes set out above:

  • Third parties who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as document management providers, back office system providers, secure login and email providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax advisers.
  • Third parties who undertake analysis for the purposes of product improvement and third parties who perform NPS surveys on our behalf (as further detailed at section 3 below).
  • Selected third parties in connection with any sale, transfer or disposal of our business; or
  • Where necessary, courts and other alternative dispute resolution providers (such as arbitrators, mediators and the Financial Ombudsman Service). 
If you would like further information regarding the disclosures of your personal information, please see the "Contact us" section below for our contact details.
2.4 Users of the Cigna UKHB website

If you use or access the Cigna UKHB website, this section will be applicable to you and will provide key information about how we use your personal information.

What personal information will we collect?

  • Name, contact details, IP address and company name (where available).
  • Information obtained through our use of cookies. You can find more information about this in our cookies policy here.
How will we collect your personal information?

We collect your information directly from our website and where you have submitted any information on our website. 

What will we use your personal information for?

We use your information in a number of different ways, depending on your particular circumstances. For every use, we must be able to demonstrate that there is a "legal ground" to do so. When using your "personal information", we will rely on the "legal grounds” set out below:

  • We have a business need to use your personal information, such as developing and testing our systems, analysing our business and improving the services we offer, diagnosing any problems with our website and assessing usage of our website. When relying on this legal ground, we are under a duty to assess your rights and to ensure that we do not use your information unless we can demonstrate a legitimate business need.

What is the purpose for using your personal information ►

Legal grounds for using your personal information►

Legal grounds for using your sensitive personal information ►

Monitoring usage of UKHB website.

 

  • We have a business need (monitor the use of our website).

 

Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems.

 

  • We have a business need (managing our systems).

 

To respond to any enquiries you make.

  • We have a business need (to respond to all enquiries made on our website).

 



Who will we share your personal information with?

We do not share or distribute your personal information other than to the following third parties and only under the limited circumstances we have set out above: 

  • Other companies in the Cigna Europe group.
  • Service providers we have contracted with relating to the website such as our subcontractors and agents and website providers.
3. What marketing activities do we carry out?

As set out above, where you are our business contact at an employer, we may also use your personal information to send you satisfaction surveys and to provide you with information about our products or services or events which may be of interest to you.

We are committed to only sending you marketing communications that you have clearly expressed an interest in receiving.  If you wish to unsubscribe from emails sent by us, you may do so at any time by clicking on the "unsubscribe" link that appears in all emails.  Otherwise you can always contact us using the details set out in section 10 to update your contact preferences.

Please note, however, that we will continue to send you service related (non-marketing) communications.

4. Customer satisfaction surveys

We aim to continuously improve the services we offer to our customers.  Occasionally we carry out customer satisfaction surveys which may be for our own benefit or for more general interest, and we may need to collect further information about you in connection with them.  Surveys will usually be carried out by us but in some circumstances we will use an external firm who will carry out the survey on our behalf.  We may share information collected through surveys with our partners.

Your participation in such survey is entirely optional but your help and feedback would be appreciated.  You can opt out of being contacted in connection with such surveys at any time by clicking on the "unsubscribe" link that appears in all survey emails.  Otherwise you can always contact us using the details set out in section 10 to update your contact preferences.

5. Automated Decision-Marketing

We make some decisions automatically inputting your personal information into a system and computer and the decision is reached using certain processes and algorithms, rather than our employees making the decisions themselves. This is called 'automated decision making' and we will sometimes use this at claims stage such as for dental treatment, to help get your claims paid as quickly as possible.

We use your personal information including your scheme or policy details (or those under which you are covered) and details of your treatment determine your eligibility for particular cover under a policy or scheme and make payment automatically.

You have a right not to be subject to the automated decision-making described above and you can contact us, using the details set out in section 10, to request that any declined decision is reconsidered.  If you want to opt out of automatic decision-making, let us know, although in some circumstances it may mean we can’t offer you a quote or policy as some automated decisions are necessary to provide benefits under or pay a claim under insurance policy or scheme.

 

6. How long do we keep your personal information for?

We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this data protection notice and in order to comply with our legal and regulatory obligations.

We keep details related to a scheme or policy for 10 years from the end of a scheme or policy.

If you would like further information regarding the periods for which your personal information will be stored, please see section 10 below for our contact details.  

7. What is our approach to sending your personal information overseas?

We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the European Economic Area ("EEA"). This may include transfers to the US for the purposes of data storage.  It may also be processed by staff operating outside the EEA.  Where we make a transfer of your personal information outside of the EEA we will take the required steps to ensure that your personal information is protected. Such steps may include:

Where such a transfer takes place, we will take the appropriate safeguarding measures to ensure that your personal information is adequately protected. We will do so in a number of ways including:

  • entering into data transfer contracts and using specific contractual provisions that has been approved by European data protection authorities otherwise known as the "standard contractual clauses";
  • only transferring personal data to companies in non-EEA countries who have been deemed by European data protection authorities to have adequate levels of data protection for the protection of personal information. You can find out more about this here.

We are also entitled under European data protection laws to transfer your personal information to countries outside the EEA in the following circumstances:

  • it is necessary for the performance of the contract we have with you
  • it is necessary to protect your vital interests i.e. it is a life or death situation.

We have a network of group companies with which we share personal information.  These companies are based both within the EEA and outside the EEA.  We have appropriate data transfer contracts in place between all such group companies.

If you would like further information regarding our data transfers and the steps we take to safeguard your personal information, please contact us using the details set out in section 10.  

8. Your rights

You have several data protection rights which entitle you to request information about your personal information, to dictate what we do with it or to stop us using it in certain ways. If you wish to exercise the rights set out below, please contact us at any time using the details set out in section 10. There will not normally be a charge for this.

Please note:

  • In some cases we may not be able to comply with your request (e.g. we might not be able to delete your data) for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we can't comply with your request, we will tell you why.
  • In some circumstances exercising some of these rights (including the right to erasure, the right to restriction of processing and the right to withdraw consent) will mean we are unable to continue providing you with benefits under a UKHB policy or membership to a UKHB scheme. This may therefore result in the cancellation of your membership or policy. You (or your employer's) UKHB policy or UKHB scheme terms and conditions set out what will happen in the event your membership or policy is cancelled. 

Your rights include:

The right to access your personal information

You can request a copy of the personal information we hold about you and certain details of how we use it.

Your personal information will normally be provided to you in writing unless you request otherwise or where you have made a request by electronic means such as email, we will provide such information in electronic form where possible. 

The right to withdraw your consent

Where we rely on consent as the legal ground to use your personal information, you are entitled to withdraw that original consent.

Please note that for certain uses of your personal information, we need your consent in order to provide your policy. If you exercise this right and withdraw your consent and you are the policyholder or scheme member we may need to cancel your policy or we may not be able to pay your claim where you are a dependant, policyholder or scheme member. We will inform you of these consequences when you withdraw your consent. 

The right to rectification 

We make reasonable efforts to keep your personal information where necessary up to date, complete and accurate. We encourage you to ensure that your personal information is accurate so please regularly let us know if you believe that the information we hold about you may be inaccurate or not complete. We will correct and amend any such personal information and notify any third party recipients of necessary changes. 

The right to restriction of processing

Subject to the circumstances in which you exercise this right, you can request that we stop using your personal information, such as where you believe that we no longer need to use your personal information.

The right to data portability

Subject to the circumstances in which you exercise this right, you can request that we port across personal information you have provided to us to a third party in a commonly used and machine-readable format. 

The right to erasure

You can request that we delete your personal information. For example, where we no longer need your personal information for the original purpose we collected it for or where you have exercised your right to withdrawn consent.

Whilst we will assess every request, this request is subject to legal and regulatory requirements that we are required to comply with.

The right to object to direct marketing 

You can request that we stop sending you marketing messages at any time by clicking on the "unsubscribe" button in any emails that we send to you or by contacting us using the details set out in section 10.

Please note that even if you exercise this right because you do not want to receive marketing messages, we may still send you service related communications where necessary.

Rights relating to automated decision-making

You have a right to not be subject to a decision based solely on automated means.  As set out at section 5 there may be automated decision making in respect of certain types of claims.

Please note that personal data including sensitive personal data may be used in the context of auto-renewal of certain types of schemes or policies which involves automated decision making to determine what the cost of renewing the scheme or policy will be. We will ask you when you purchase your UKHB policy if you would like to opt into auto-renewal. However, even if you opted in at this point, you have the right to opt out at any point.

If you have been subject to an automated decision and do not agree with the outcome, you can contact us using the details set out in section 10 and ask us to review the decision.

The right to withdraw consent

For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. 

The right to make a complaint with the ICO

Where you believe that we have breached data protection laws when using your personal information, you can complain to the Information Commissioner's Office (ICO). For more information visit the ICO's website at https://ico.org.uk/.  Please note that exercising this right and lodging a complaint will not affect any other legal rights or remedies that you have.

9. How we protect your information

We use a range of organisational and technical security measures to protect your information. 

Firewalls are used to block unauthorised traffic to the servers and the actual servers are located in a secure location which can only be accessed by authorised personnel and our internal procedures cover the storage, access and disclosure of your information.

10. Contacting us

If you have any questions about how we collect, store or use your personal information, or anything referred to in this notice you may contact our data protection officer at:

Data Protection Officer

Cigna

52 Avenue de Cortenbergh/Kortenberglaan 52B

1000 Brussels

Belgium

EuropeanCompliance@Cigna.com

11. Updates to this notice

We are continually improving our methods of communication and alongside with changes in the law and the changing nature of technology, our data practices and how we use your data will change from time to time. If and when our data practices change, we will notify you and we will provide you with the most up-to-date notice. You can view it by checking our website.

This notice was last updated on 14th May 2018.