We take the privacy of our members very seriously. We’re committed to safeguarding, protecting and maintaining the confidentiality of your personal and financial information.
Health Shield is ISO 27001:2013 accredited for information security management. ISO 27001: 2013 is clarification to all our members, Clients and customers that we have defined and documented practices in place to ensure that all aspects of information technology and data security are covered.
What information do we hold about you?
For the day-to-day administration of your membership plan, we’ll have to collect some personal data such as your name, address and date of birth. We’ll also need your telephone number and email address, so we can get in touch with you.
- If you pay your contributions via your employer, we’ll keep a record of your National Insurance number and possibly your payroll number.
- If you pay all or some of your membership contributions to us by Direct Debit, we’ll also keep the bank details you supply.
- If you choose to receive your claims payments by direct transfer, we’ll keep your bank details, so we can pay your claims straight into your account.
Sensitive personal data
We’ll also collect some information about your physical and mental health, which we use purely for the processing of your claims. This information is gathered from the information you supply with your claims and sometimes from your health practitioners. We keep your information and any associated files securely during and after processing.
How do we use your information?
We only use your data to process claims and administer your membership plan. However, we may combine some of your data anonymously with information from other sources for valuation or statistical purposes. We also use recordings of telephone conversations for quality control purposes and during the investigation of complaints and other issues.
How do we keep your information secure?
We store all personal information electronically in a secure database that has restricted access. The information we hold about you in manual files is kept securely in locked drawers when being worked on. It is later stored in a secure location at Head Office until it is securely destroyed in accordance with our Data Retention Policy.
Sharing your information with others
If you’re a Health Shield member via your employer, we may share basic details with your employer or another authorised intermediary to enable the day-to-day administration of your membership plan.
We’ll never share any information relating to your claims, health or wellbeing with your employer or intermediary without your explicit consent to do so.
We won’t share your personal or sensitive personal data with anyone else except as required by the law, our regulator, or under strictly controlled arrangements with appropriate organisations for the purpose of detecting and preventing financial crime or for the review of your scheme.
You can get basic information from our website without disclosing any personal data. However, to access information specific to your membership plan, you’ll need to log into the secure Members’ Area using your password.
Any information you submit during the course of an online application is transmitted and stored securely. It’s not stored on our website and isn’t accessible by anyone else.
We’ve closed-circuit television at our Head Office solely for security purposes. Access to our CCTV system is restricted and we don’t routinely share any images, sound or video recorded by our CCTV system with any third party.
However, we may choose to share recordings with the police or other authorised security organisations if we believe it necessary to detect or prevent crime against our colleagues, premises, assets or other innocent third parties.
We’re part of the Health Insurance Counter Fraud Group UK, an industry initiative that aims to prevent and detect fraud within healthcare and the insurance industry. When fraudulent activity has been confirmed we share intelligence with other members of the Group to protect the best interest of our members.
If fraud is detected, we may share certain information with other third parties who have a legitimate interest or if we’re legally or morally obliged to do so.
How long do we keep your data?
We’ll only keep your data for as long as we need it to administer your membership plan and meet our legal and regulatory obligations.
We keep paper copies of your claim forms and associated documents for up to 12 months before securely destroying them at our site. Information stored electronically is routinely destroyed when our legal and regulatory obligations expire.
What are your data protection rights?
You have the right to ask for a copy of some or all of the information we hold about you (a small fee may apply). If you wish to do so, please write to us at the address below.
If you believe that any of the information we hold about you is wrong, you have the right to ask us to correct it. You can also change your preferences to stop us from sending you information about other products or services.
Other information we collect
If you register a partner or dependent child as part of your membership plan we will collect their personal and sensitive personal data to allow us to administer your membership. By supplying us with their data on either an application or claim, you give implied consent for us to use their data in the same way we use yours.
We treat all of the information you supply to us with the same care and respect and we process it according to the same controls.
Get in touch
If you’ve got any questions about how we use your personal information or have any data protection questions, please contact:
The Compliance Manager
Health Shield Friendly Society Limited
Crewe Business Park