Privacy Notice

We at Crossborder Health Partners Ltd (CHP) are committed to protecting your privacy when dealing with your personal information. This privacy provides details about the information we collect about you, how we use it and how we protect it. It also provides information about your rights. The information we process, and the reasons why we process it, may be different across our products and services. For example, the information we process to provide insurance services may be different to the information we process to provide you with assistance services or other healthcare coordination services.
We are registered with the Information Commissioner’s Office under registration number ZA454674.
If you have any questions about how we process your information, please contact us at compliance@crossborderhp.com.

Information about us

Depending on which of our products and services you ask us about, buy or use, different companies within our organisation will process your information. 

Crossborder Health Partners Ltd

6 London Street, London EC3R 7LP, United Kingdom

CHP-CBI SAS

13 Bis Avenue de la Motte Picquet. 75 007 Paris, France

 

What this privacy notice covers

This privacy notice applies to anyone who interacts with us about our products and services (‘you’, ‘your’), in any way (for example, by email, through our website, by phone, through our app). We will give you further privacy information if necessary for specific contact methods or in relation to specific products or services. For example, if you use our apps we may give you privacy notices which apply just to a particular type of information which we collect through that app.
 If you have any questions about this, please contact us at compliance@crossborderhp.com.

How we collect personal information

  • We collect personal information from you and from third parties (anyone acting on your behalf, for example, brokers, health-care providers and so on). Please see below for more information. Where you provide us with information about other people, you must make sure that they have seen a copy of this privacy notice and are comfortable with you giving us their information.
  • We collect personal information from you: through your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our websites, through our apps, by post, by filling in application or other forms, by entering competitions, through social media or face-to-face (for example, in medical consultations, diagnosis and treatment).
  • We also collect information from other people and organisations.
  For all our customers, we may collect information from:
  • your parent or guardian, if you are under 18 years old;
  • a family member, or someone else acting on your behalf;
  • doctors, other clinicians and healthcare professionals, hospitals, clinics and other healthcare providers;
  • any service providers who work with us in relation to your product or service, if we don’t provide it to you directly, such as providing you with apps, medical treatment, dental treatment or health assessments;
  • organisations who carry out customer-satisfaction surveys or market research on our behalf, or who provide us with statistics and other information (for example, about your interests, purchases and type of household) to help us improve our products and services;
  • fraud-detection and credit-reference agencies; and
  • sources which are available to the public, such as the edited electoral register or social media.
  If we provide you with insurance products and services, we may collect information from:
  • the main member, if you are a dependant under a family insurance policy;
  • your employer, if you are covered by an insurance policy your employer has taken out;
  • brokers and other agents (this may be your broker if you have one, or your employer’s broker if they have one); and
  • other third parties we work with, such as agents working on our behalf, other insurers and reinsurers, actuaries, auditors, lawyers, translators and interpreters, tax advisers, debt-collection agencies, credit-reference agencies, fraud-detection agencies (including health-insurance counter-fraud groups), regulators, data-protection supervisory authorities, health-care professionals, other health-care providers and medical-assistance providers.
  If we provide you with assistance services, we may collect information from:
  • your employer, if you are covered by a contract for services your employer has taken out or if we are providing occupational health services;
  • brokers and other agents (this may be your broker if you have one, or your employer’s broker if they have one); and
  • those paying for the products or services we provide to you, including other insurers, public-sector commissioners and embassies.

Categories of personal information

For all our services, we process the following categories of personal information about you and (where this applies) your dependants:
  • standard personal information (for example, information we use to contact you, identify you or manage our relationship with you);
  • special categories of information (for example, health information, information about your race, ethnic origin and religion that allows us to tailor your care); and
  • information about criminal convictions and offences (we may get this information when carrying out anti-fraud or anti-money-laundering checks, or other background screening checks to prevent crime).
For more information about these categories of information, see below.
Standard personal information includes:
  • contact information, such as your name, username, address, email address and phone numbers;
  • the country you live in, your age, your date of birth and national identifiers (such as your National Insurance number, national identification number or passport number);
  • information about your employment;
  • details of any contact we have had with you, such as any complaints or incidents;
  • financial details, such as details about your payments and your bank details;
  • the results of any credit or any anti-fraud checks we have made on you;
  • information about how you use our products and services, such as insurance claims; and
  • information about how you use our website, apps or other technology, including IP addresses or other device information.
Special category information includes:
  • information about your physical or mental health, including genetic information or biometric information (we may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as information about complaints or incidents, and referrals from your existing insurance provider, quotes and records of medical services you have received);
  • information about your race, ethnic origin and religion (we may get this information from your medical preferences to allow us to provide care that is tailored to your needs).

What we use your personal information for and our legal reason for doing so

We process your personal information for the purposes set out in this privacy notice. We have also set out some legal reasons why we may process your personal information (these depend on what category of personal information we are processing). We normally process standard personal information if this is necessary to provide the services set out in a contract, it is in our or a third party’s legitimate interests or it is required or allowed by any law that applies. Please see below for more information about this and the reasons why we may need to process special category information.
 By law, we must have a lawful reason for processing your personal information. We process standard personal information about you if this is:
  • necessary to provide the services set out in a contract − that is, to provide you and your dependants with our products and services);
  • in our or a third party’s legitimate interests − details of these legitimate interests are set out in more detail in the ‘Legitimate interest’ section below. or
  • required or allowed by law.

We process special category information about you because:

  • it is necessary for an insurance purpose (for example, advising on, arranging, providing or managing an insurance contract, dealing with a claim made under an insurance contract, or relating to rights and responsibilities arising in connection with an insurance contract or law);
  • it is necessary to establish, make or defend legal claims;
  • it is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for example, investigations in response to a safeguarding concern, a member’s complaint or a regulator (such as the Care Quality Commission or the General Medical Council) telling us about an issue);
  • it is information that you have made public; or
  • we have your permission. As is best practice, we will only ask you for permission to process your personal information if there is no other legal reason to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for and ask you to confirm your choice to give us that permission. If we cannot provide a product or service without your permission (for example, we can’t manage a health insurance programme without health information), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with a product or service that relies on having your permission.
  • We may process information about your criminal convictions and offences (if any) as a result of anti-fraud and anti-money-laundering checks or to check other unlawful behaviour or carry out investigations with other insurers and third parties for the purpose of detecting fraud. We do this if it is necessary to prevent or detect a crime.

Legitimate Interest

We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing, to help us improve our services and products and in order to exercise our rights or handle claims. More detailed information about our legitimate interests is set out below.
 Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:
  • to manage our relationship with you, our business and third parties who provide products or services for us (for example, to check that you have received a service that you’re covered for, to validate invoices and so on);
  • to arrange for health-care services on behalf of a third party (for example, your insurer);
  • to make sure that claims are handled efficiently and to investigate complaints (for example, we may ask your treatment provider for information to make sure we receive accurate information and to monitor the quality of your treatment and care);
  • to keep our records up to date and to provide you with marketing as allowed by law;
  • to develop and carry out marketing activities and to show you information that is of interest to you, based on our understanding of your preferences (we combine information you give us with information we receive about you from third parties to help us understand you better);
  • for statistical research and analysis so that we can monitor and improve products, services, websites and apps, or develop new ones;
  • to contact you about market research we are carrying out;
  • to monitor how well we are meeting our performance expectations in the case of assistance or administration services;
  • to enforce or apply our website terms of use, our policy terms and conditions or other contracts, or to protect our (or our customers’ or other people’s) rights, property or safety;
  • to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with; and
  • to take part in, or be the subject of, the insurance, or reinsurance of your insurance contract or any sale, purchase, merger or takeover of all or part of the Crossborder Health Partners business.

Marketing and preferences

We may use your personal information to send you marketing by post, by phone, through social media, by email and by text.
We can only use your personal information to send you marketing material if we have your permission or a legitimate interest as described above.
If you don’t want to receive emails from us, you can click on the ‘unsubscribe’ link that appears in all emails we send. If you don’t want to receive texts from us you can tell us by contacting us at any time. Otherwise, you can always contact us to update your contact preferences.

Sharing your information

We share your information within the Crossborder Health Partners group of companies, with relevant policyholders (including your employer if you are covered under a group scheme), with funders arranging services on your behalf, with people acting on your behalf (for example, brokers and other agents) and with others who help us provide services to you (for example, health-care providers and medical-assistance providers) or who we need information from to allow us to handle or confirm claims or entitlements (for example, professional associations). We also share your information in line with the law. For more information about who we share your information with and why, please see below.
 We sometimes need to share your information with other people or organisations for the purposes set out in this privacy notice. The exact information we share depends on the reason we are sharing it. For example, if we need to share information in order to provide health care, we will share special categories of information, such as medical details, with the treatment provider.
 For all our customers, we share your information with:
  • other members of the Crossborder Health Partners group of companies in order to provide our products and services to you;
  • other organisations you belong to, or are professionally associated with, in order to confirm your entitlement to claim discounts on our products and services;
  • doctors, clinicians and other health-care professionals, hospitals, clinics and other health-care providers so that they can provide treatment and we can monitor the quality of your treatment and care;
  • suppliers who help deliver products or services on our behalf;
  • people or organisations we have to, or are allowed to, share your personal information with by law (for example, for fraud-prevention or safeguarding purposes);
  • the police and other law-enforcement agencies to help them perform their duties, or with others if we have to do this by law or under a court order;
  • organisations that carry out surveys on our behalf;
  • if we (or any member of the Crossborder Health Partners group of companies) sell or buy any business or assets, the potential buyer or seller of that business or those assets; and
  • a third party who takes over any or all of the Crossborder Health Partners group of companies’ assets (in which case personal information we hold about our customers or visitors to the website may be one of the assets the third party takes over).
If we provide insurance or assistance services, we share your information with:
  • the policyholder or their agent if you are not the main member under an individual policy (we will send them all membership documents and confirmation of how we have dealt with a claim, and all people who are insured on the policy may have access to correspondence and other information we provide through our online portal);
  • your employer (or their broker or agent) for product or service administration purposes if you are a member or beneficiary under your employer’s group scheme;
  • your broker or agent (or both);
  • other third parties we work with to provide our products and services, such as agents working on our behalf, other insurers and reinsurers, actuaries, auditors, solicitors, translators and interpreters, tax advisers, debt-collection agencies, credit-reference agencies, fraud-detection agencies (including health-insurance counter-fraud groups), regulators, data-protection supervisory authorities, health-care professionals, health-care providers and medical-assistance providers; and
  • organisations who provide your treatment and other benefits, including travel-assistance services.
 
If we share your personal information, we will make sure appropriate protection is in place to protect your personal information in line with data-protection laws.
 

Transferring information outside the UK and European Economic Area (EEA)

Some companies that we work in partnership with, or that provide services to us (such as health-care providers, other Crossborder Health Partners companies and IT providers) are located in, or run their services from, countries across the world. As a result, we may transfer your personal information to many different countries. This may include transferring information from within the UK to outside the UK, and from within the EEA (the EU member states plus Norway, Liechtenstein and Iceland) to outside the EEA, for the purposes set out in this privacy notice.
 We take steps to make sure that when we transfer your personal information to another country, appropriate protection is in place, in line with global data-protection laws. Certain countries are considered to provide an adequate level of protection because of the data-protection laws in place in those countries. If this is not the case, the protection may be set out under our contract with the organisation who receives the information.
 For more information about this protection, please contact us at compliance@crossborderhp.com
 

How long we keep your personal information

We keep your personal information in line with set periods calculated using the following criteria.
How long you have been a customer with us, the types of products or services you have with us, and when you will stop being our customer.
  • How long it is reasonable to keep records to show we have met the obligations we have to you and by law.
  • Any time limits for making a claim.
  • Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
  • Any relevant proceedings that apply.

If you would like more information about how long we will keep your information for, please contact us at compliance@crossborderhp.com 

Your rights

You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer information you have provided, to withdraw permission you have given us to use your information and to ask us not to use automated decision-making which will affect you. For more information, see below.
 You have the following rights (certain exceptions apply).
  • Right of access: you have the right to make a request for details of your personal information and a copy of that personal information
  • Right to rectification: you have the right to have inaccurate information about you corrected or removed
  • Right to erasure (‘right to be forgotten’): you have the right to have certain personal information about you deleted from our records
  • Right to restriction of processing: you have the right to ask us to use your personal information for restricted purposes only
  • Right to object: you have the right to object to us processing (including profiling) your personal information in cases where our processing is based on a task carried out in the public interest or where we have let you know it is necessary to process your information for our or a third party’s legitimate interests. You can object to us using your information for direct marketing and profiling purposes in relation to direct marketing.
  • Right to data portability: you have the right to ask us to transfer the personal information you have given us to you or to someone else in a format that can be read by computer.
  • Right to withdraw consent: you have the right to withdraw any permission you have given us to handle your personal information. If you withdraw your permission, this will not affect the lawfulness of how we used your personal information before you withdrew permission, and we will let you know if we will no longer be able to provide you with your chosen product or service.
  • Right in relation to automated decisions: you have the right not to have a decision which produces legal effects which concern you or which have a significant effect on you based only on automated processing, unless this is necessary for entering into a contract with you, it is authorised by law or you have given your permission for this. We will let you know if we make automated decisions, our legal reasons for doing this and the rights you have.
Please note: Other than your right to object to us using your information for direct marketing (and profiling for the purposes of direct marketing), your rights are not absolute. This means they do not always apply in all cases, and we will let you know in our correspondence with you how we will be able to meet your request relating to your rights.
 If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. We have 21 days to respond to requests relating to automated decisions. For all other requests we have one month from receiving your request to tell you what action we have taken. 
If we do not meet your request, we will explain why. In order to exercise your rights, please contact us at compliance@crossborderhp.com

Data protection contacts

If you have any questions, comments, complaints or suggestions relating to this notice, or any other concerns about the way in which we process information about you, please contact our Privacy Team at compliance@crossborderhp.com. You can also use this address to contact our Data Protection Officer.
 You also have a right to make a complaint to your local privacy supervisory authority. Our main establishment is in the UK, where the local supervisory authority is the Information Commissioner:
 
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, United Kingdom
SK9 5AF
 
 You can also make a complaint with another supervisory authority which is based in the country or territory where:
  • you live;
  • you work; or the matter you are complaining about took place.