Who we are
Our website address is: www.hcigroupglobal.com
HCI Group is committed to protecting the privacy of our customers and those we interact with in the course of our business activities.
We may change this policy from time to time by updating this page. This policy was last updated in August 2021.
This policy also covers how we collect and process personal data through other means, such as over the telephone and in writing.
This page explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) and the PECR (Privacy and Electronic Communications Regulations). It also explains how and why we process, collect, manage and store information about you and how your rights under the GDPR, DPA & PECR are adhered to.
Our contact information is provided if you have any questions.
We may collect the following information when:
- you request a quote by telephone, online or using an intermediary
- you apply for a policy
- you make a claim in relation to a policy
- you submit any query to us, for example, by telephone, email, blog replies, or social media
- you participate in any marketing activity
We may also collect personal information about you in the following instances:
- We may obtain medical reports or obtain information from other insurers you have previously had insurance with in order to carry out fraud and sanctions checks while processing an application or a claim
- When we are liaising with your legal guardians, employer, or treatment or other benefit providers, where you are unable to liaise with us, have given your consent, or where there is a legitimate legal basis for doing so
- If you are named in an application or a policy as a dependent under that policy, which may be an individual or a corporate policy.
HCI will need to collect certain types of information in order to provide you with insurance services. Failure to provide information we need will result in an inability to provide you with cover. The data we collect will be limited to what is necessary and reasonable.
What Information Will We Collect?
We may add your information to our systems so we can identify you as an individual, to manage our relationship with you as a HealthCare International customer or prospective customer.
Our customer database may record the following information about you:
- name, address and contact details
- age and date of birth
- country of residence
- a copy of your passport
- details of queries you have made
- information from customer surveys, competitions and marketing activities
- quotes you have requested
- policy applications made by you
- policy applications where you are included as a dependent
- your HealthCare International policies
- your HealthCare International policies where you have been included as a dependent, including corporate policies
- Recordings of telephone conversations you have with our members of staff, and records of any written correspondence including emails
If you have had a HealthCare International policy (or been included as a dependent on a policy) or have made or been included in an application for a HealthCare International policy, our customer database may record information relating to:
- payment details
- anti-fraud and sanctions checks
- your medical history and medical reports
- your claims history
- Your status on various Government databases such as OFAC and HRRC
HealthCare International may use your personal information:
- to consider and process policy applications
- to respond to your queries, including providing quotations
- to administer your policy, including offering renewal terms and any claims you may make
- to provide you with our services, including medical advice, travel assistance services, and support with your medical treatment and other benefits
- to provide you with updates on HealthCare Internationals products and services
- to respond to requests where we have a legal or regulatory obligation to do so
- for internal record keeping and administration
- for any competitions or other marketing activities
- to conduct and analyse customer surveys and research and development, which may be with anonymised data
HCI may store payment information on file, only for as long as you remain a policyholder. This is so that we can exercise the automatic renewal of your health insurance, where applicable. For non-renewable policies, your payment information will be used once and not stored. We will never take payment from your account without your prior knowledge and consent. Whilst our policies renew automatically, you will be reminded in good time before the renewal date should you not wish to proceed.
Automated Decision Making
Under the GDPR, we must have a legitimate purpose for processing your personal data. There are some categories of data that are particularly sensitive and are therefore subject to even greater protections. This is known as ‘special category data’. This section sets out the basis on which we will process your personal data, including special categories.
The legal grounds on which HCI will process non-sensitive personal data are as follows:
- Necessity; Processing personal data is necessary for the performance of insurance contracts which we enter into with our policyholders, and to fulfil legal and regulatory obligations.
- Controllers’ interests; Processing is necessary for our insurers’ legitimate interests
HCI processes ‘special category data’ because we may obtain, either pre-sale or at the point of claim, information relating to policyholders’ health. The basis for this processing is set out below:
Necessity; Processing personal data is necessary for medical underwriting and the claims process. Specifically it is needed for the timely provision of treatment or care and to assist with confirming a medical diagnosis.
Sharing Your Personal Information
HealthCare International will not sell, distribute or lease your personal information to parties or any other organisations to use for their own purposes unless we have your permission or are permitted by law to do so. We will hold your information in the UK, but it may also be shared with relevant third parties as set out in this section. These third parties are not always based in the UK, and in some cases are based outside the European Economic Area.
You agree that we may share your personal information as follows:
- your treatment and other benefit providers, including travel assistance services, with your authority, or as we reasonably consider to be appropriate in the circumstances
- your employer or an appointed intermediary where you are insured under a corporate scheme, for product or service administration purposes
- with your intermediary, with your authority
- where you are not the policyholder under an individual policy, we will send all membership documents and confirmation of how we have dealt with a claim to the policyholder
- with HealthCare International group companies or one of our insurance partners, where you would like to move to one of their insurance products – sometimes these companies will be located outside your jurisdiction, in countries which do not provide the same protection as your own, in which case we ensure they are subject to contractual restrictions with regard to confidentiality and security obligations
- With our insurers/underwriters and intermediaries based overseas for the purposes of our or their obligations in the provision of insurance. These third parties are based all around the world and are not limited to the European Economic Area. Information will only be shared where there is a clear and specific purpose.
- With our third party service providers and partners, to the extent that sharing information is necessary to provide services to our policyholders. These third parties are based overseas and are in some cases outside of the European Economic Area. Access to information will only be allowed where there is a clear and specific purpose.
- with other insurers and third parties for the purpose of fraud detection
- with Government or other official agencies to verify you are not on any sanctions lists
- where we are under a duty to disclose or share your personal data in order to comply with any legal obligation
- with third parties where we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets
- we may use the information to improve our products and services
The DPA and GDPR (May 2018)
We and this website complies to the DPA (Data Protection Act 1998) and already complies to the GDPR (General Data Protection Regulation) which comes into effect from May 2018.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. As set out in this policy, we sometimes use third party service providers in the course of executing our responsibilities to our policyholders. In order to maintain the security and integrity of our customers’ data we take the following steps:
- Restrict third parties from making changes to personal information
- Ensure that selected partners uphold high standards in respect of data protection and data security
- Conduct monitoring of third party providers to ensure that their access to and use of personal data is appropriate and necessary
- Ensure that IT systems used to store customer data are properly maintained
Website Visitor Tracking
This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
Links to Other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
- Your rights
The UK GDPR provides the following rights for individuals:
- The right to be informed: You have the right to be informed about the collection and use of your personal data.
- The right of access: You have the right to receive a copy of the personal data we hold about you, subject to certain exemptions.
- The right to rectification: You have the right to ask us to correct your personal data if it is incorrect or incomplete.
- The right to erasure: You have the right to ask us to erase all personal data we hold about you; this is commonly known as the ‘right to be forgotten’. This right is not absolute and there are some instances where it will not apply. This is distinct from the process of unsubscribing from marketing.
- The right to restrict processing: In some instances you have the right to ask us to suspend the use of your personal data.
- The right to data portability: You have the right to obtain your personal data in a format which allows you to move it to another organisation, subject to certain exemptions.
- The right to object: You have the right to object to the use of your personal data in certain circumstances.
- Rights in relation to automated decision making and profiling: You have the right not to be subject to automated decisions. However, objecting to this might mean we are not able to enter into a contract with you.
We operate an email mailing list program, used to inform subscribers about products, services and/or news we supply/publish. Users can subscribe by providing their explicit permission. In line with legal requirements, we will not assume that you wish to be contacted with marketing and promotional information. You will be asked for your active and explicit consent before submitting your personal data.
Subscribers’ personal details are collected, processed, managed and stored in accordance with the regulations named in this policy. If you have previously agreed to HealthCare International using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing HealthCare International.
Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
Contact and Communication With Us
Users contacting us through this website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time no longer required or has no use.
Where we have clearly stated and made you aware of the fact, and where you have given your express permission, we may use your details to send you products/services information through a mailing list system.
Exercising your data rights
If you wish to exercise any of your rights as data subject as outlined above in ‘Your Rights’ – please inform us via any means and make clear what your request is. We will respond to you without delay, and make sure that we take the appropriate action within one month.
Downloads and Media Files
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti virus software or similar applications.
Social Media Policy and Usage
We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.
Important Notice Regarding Data Erasure
Please note, the financial services regulator, the Financial Conduct Authority (FCA) and Information Commissioner’s Office (ICO), have issued guidance where a request for the ‘right to be forgotten’ conflicts with the Financial Services and Markets Act 2000.
In line with this guidance HCI may refuse to comply with a request for data erasure if the data we hold is for the “exercise or defence of legal claims” for example, investigating a complaint.
Where a request for ‘data erasure’ is received HCI will consider each request on its own merits before making a decision. We will confirm in writing our decision whether or not to delete any data and, if applicable, the reason why we have retained any data.
You have the right to make a complaint about HCI’s information practices. The ICO can be contacted via the following link:
Additionally, HCI has its own complaints process that you may also use. Our email address is: