Warning: Use of undefined constant WPLANG - assumed 'WPLANG' (this will throw an Error in a future version of PHP) in /home/customer/www/teegclients.com/public_html/onemedifund/wp-content/plugins/LayerSlider/classes/class.km.autoupdate.v3.php on line 73
Warning: session_start(): Cannot start session when headers already sent in /home/customer/www/teegclients.com/public_html/onemedifund/wp-content/plugins/wordpress-file-upload-pro/wordpress_file_upload.php on line 2
We collect and process your personal information because you are or were a member, or are or were connected to a member of the Plan. We also collect personal information if you contact us in connection with your membership of the Plan.
We collect and process the following categories of personal information about you:
personal contact details – names, titles, addresses, telephone numbers and email addresses;
information about you – dates of birth, gender, marital status, dependents and next of kin.
What sensitive personal information do we collect and process?
We usually only ask for sensitive personal information when it is required to help us make a decision in relation to your rights under the Plan. For example, we may request:
health information / medical records – we may ask you to provide health information to assess your right to benefits under the Plan. In addition to receiving this information from you, we may receive medical information from third parties such as your doctor or a third party occupational health provider; or
other sensitive personal information – we may ask you to provide other sensitive personal information (e.g. information about your personal relationships) if it is relevant to help us decide on an internal dispute resolution procedure.
How do we collect your personal information?
When you join the Plan, you and/or your employer provide personal details so that we can create your membership record.
This information is updated whilst you are a member of the Plan. Updated information may come from:
you (e.g. if you get in touch to let us know a new address);
your employer; and
other third parties (e.g. if you contact the Plan’s administrator to update your personal information.
Why do we process your personal information?
We use this information to:
set up your membership record for the Plan;
manage your membership of the Plan;
send you information that is relevant to your membership of the Plan;
calculate, pay and settle any benefits that you are entitled to;
comply with our legal and regulatory duties;
help manage risks and liabilities in the Plan in order to seek to be able to pay full benefits as far as possible;
communicate with members with information about the Plan; and
improve our information and knowledge of healthcare schemes generally.
What are our legal grounds for processing your personal information?
In order to comply with our legal obligations
As the Trustees of the Plan, we are under legal obligations to process your personal information in order to comply with the Plan’s rules. For example
the Trustee is subject to fiduciary duties under trust law to act in line with the Plan’s governing documentation.
It is necessary for us to process your personal information in order to comply with these legal obligations.
In order to fulfil our legitimate interests
Processing your personal information is also lawful if it is based on our ‘legitimate interests’. The Trustees have a legitimate interest in running and managing the Plan and managing the Plan’s risks and liabilities. In addition, certain third parties may have legitimate interests which require the processing of your personal information by the Trustees (e.g. the administrator may need information in order to pay benefits due under the Plan).
In order to rely on this legal ground, we have:
considered the impact the processing has on your interests and rights; and
implemented appropriate safeguards to ensure that your privacy is protected as far as possible.
What are our legal grounds for processing your sensitive personal information?
There is one legal ground that allows us to process your sensitive personal information (sometimes referred to as special categories of personal data). That ground is where we obtain explicit consent from you (e.g. when you sign one of the Plan’s forms which contains the appropriate consent wording).
What would happen if we did not collect and process your personal information?
If we did not collect and process your personal information then:
we would not be able to manage or administer the Plan appropriately;
we would not be able to pay the benefits that you are entitled to under the Plan; and
we would be in breach of our legal and regulatory duties.
How long do we keep your personal information for?
The Plan was set up to provide benefits during your membership. The Trustees need to maintain records in order to properly run the Plan, to determine who should receive what level of benefits and when they should receive them, and to respond to any disputes about an individual’s rights under the Plan.
As a result, the Trustees will generally keep your personal information for the lifetime of the Plan plus 2 years. Our service providers (and former service providers) may also have similar valid grounds to keep your personal information for these periods.
SECTION TWO: USING AND SHARING YOUR PERSONAL INFORMATION
How do we keep your personal information secure?
We use a range of measures to safeguard your personal information, in line with the requirements set out in the Data Protection Legislation. These apply to both paper and electronic records. We also require our third party service providers to give certain assurances and agree to contractual terms in respect of data protection and the security of your personal information.
What do we do with any personal information that is provided by third parties?
We receive personal information from sources other than directly from you. This includes information shared by your Plan employer, the Plan’s administrator, its professional advisers, service providers and other relevant third parties.
When we receive this information, we add it to the information we already hold about you in order to help us make sure that your details are as up to date and accurate as possible and so that we can manage your membership of the Plan and the Plan more generally.
Who do we share your personal information with?
For the purposes of administering and managing the Plan, managing its risks and liabilities, and paying benefits under it, the Trustees may need to share your personal information with third parties. This will include your employer (e.g. the payroll, finance, compliance, audit and HR teams). It will also include third parties who provide advice or services to the Trustees. These third parties may include administrators, auditors, insurers, prospective insurers, lawyers, medical advisers, and any other such third parties as may be necessary for the operation of the Plan and to enable the Trustees to carry out their duties.
We’ve set out a list of the third parties with whom we share your personal information together with links to their data protection and privacy information (see page 12).
Our suppliers and service providers who act as data processors must act in accordance with our instructions. Some of our suppliers and service providers also act as data controllers in respect of your personal information. We’ve included links to their online privacy information if you want to find out more about how they process your personal information.
We may also share your personal data with the Plan’s employers to enable them to carry out activities in their legitimate interests (this is usually in connection with managing their business from a regulatory, HR or finance perspective).
SECTION THREE: YOUR RIGHTS AND WHO TO CONTACT
What rights do you have in respect of your personal information?
In certain circumstances, you have the following rights in respect of your personal information:
the right to object to us processing your personal information;
the right to request access to personal information relating to you;
the right to request that we correct any mistakes in your personal information;
rights in relation to automated decision taking;
the right to request to restrict or prevent processing of your personal information;
the right to request to have your personal information transferred to another data controller (e.g. if you decide to transfer to another healthcare scheme); and
the right to request to have your personal information deleted.
We’ve set out more information about these rights in part two of the additional information starting on page 9.
How will we respond to your request?
We will usually respond to any request that you make in relation to your rights within a month of receiving your request. If your request is particularly complex, we will let you know that we’ve received your request and let you know when we aim to respond. You can find out more about your rights under the UK’s data protection laws at www.ico.org.uk.
Under the UK’s data protection legislation, there are exemptions which mean that, in certain circumstances, we may continue to store, process or transfer your personal information (for example where we need to comply with a legal requirement or have a legally valid legitimate interest in doing so) even if you ask us not to.
What should you do if you have any questions or complaints?
You may be entitled to compensation for damage caused by breach of the Data Protection Legislation. If you do not think that we have processed your data in accordance with this notice, please contact us in the first instance (see ‘How to contact us’ below). If you are not satisfied, you can complain to the Information Commissioner’s Office. Information about how to do this is available on their website at www.ico.org.uk/concerns or by calling their helpline on 0303 123 1113.
How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us, please send an email to email@example.com or write to us at: onemedifund, Rossmore House, Rossmore Road East, Ellesmere Port CH65 3DA. Alternatively, you can call the Plan’s helpline on 03000 70 70 70.
FURTHER INFORMATION – PART ONE
MORE ABOUT HOW AND WHY WE PROCESS YOUR PERSONAL INFORMATION
CATEGORY OF PERSONAL INFORMATION WHAT WE USE THIS INFORMATION FOR LEGAL GROUND(S) FOR PROCESSING WHERE WE GOT THIS INFORMATION FROM
Category of personal information
What we use this information for
Legal ground(s) for processing
where we got this information from
We use this information so that we can send you information about the plan. In addition, we use this information to get in touch with you when we need to in order to run the Plan. Finally, we use it to send you information that we think will be relevant to you as a member of the Plan.
We have a legit interest to send certain information to members of the Plan.
In addition, we may send additional information to fulfil our legitimate interest of running the Plan.
This information is initially provided by you or your employer when you joined the Plan.
Your employer may share updated information if you update your records with HR. In addition, you may have updated your information by contacting us or the Plan’s administrator.
If a member’s details are not kept up to date, we may lose contact with that member. In these cases, we may use a third party tracing agent to obtain up to date contact information.
Name and title
We use this information to identify you and to create and update your membership record in the Plan.
We have a legal obligation to pay the correct level of benefits to the correct individuals. This requires us to obtain and update this information.
We also have a legal obligation to properly identify individuals who receive or may receive benefits from the Plan.
Processing this information also fulfils the Trustee’s legitimate interests in running and managing the Plan.
Date of birth
We use this information to help us decide who should receive what benefits from the Plan.
Next of kin
National Insurance number
We use this information to identify you and to create and update your membership record in the Plan. Your National Insurance number is also needed so that we can receive the correct information from HMRC and so that we can deduct the correct level of tax from your benefits.
Plan reference number
The Plan’s administrators may create a unique reference number so that your records can be easily identified.
Bank account details
We use this information in order to pay your benefits under the Plan directly to you.
Your bank details provided by you when you make a claim under the Plan.
As Trustees of the Plan, we have a legal obligation to make decisions and pay benefits in line with trust law and the strict benefit qualification provisions of the trust deed.
Medical information (including medical records and doctors’ opinions)
We use this information as part of our decision making process when deciding benefits under the Plan.
Medical information relating to you may be provided directly by you, by the Plan employer, your doctor or by a third party providing health assessments / reports.
Information about your personal relationships
This information is used to determine who is entitled to benefits in relation to your membership of the Plan.
This information is usually provided by you. In certain circumstances, we may also need to obtain information from relevant third parties.
FURTHER INFORMATION – PART TWO
MORE ABOUT YOUR RIGHTS UNDER THE GDPR
As a data subject, you have a range of rights under the Data Protection Legislation. These rights are explained in more detail below. If you have any comments, concerns or complaints about our use of your personal information, please contact us directly.
You can email firstname.lastname@example.org or write to us at: Onemedifund, Rossmore House, Rossmore Road East, Ellesmere Port CH65 2DA. Alternatively, you can call the Plan’s helpline on 03000 70 60 60.
Right to object to our processing of your personal information
You may object to us processing your personal information where we are relying on a legitimate interest as our legal grounds for processing. Our legal grounds for processing are set out in section one of this data protection notice (see page 3) and part one of the further information (see page 7).
If you have the right to object to processing (i.e. for personal information that we process in order to fulfil our legitimate interests or the legitimate interests of a third party) and you exercise this right, we will no longer be able to process your personal information unless we can demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds as set out in section one of this data protection notice (see page 3) and in part one of the further information (see page 7).
The key point to note is that, if we cannot continue to process your personal information, we would be unable to ensure that we are providing the correct level of benefits in respect of your membership of the Plan. As we are legally required to pay the correct level of benefits to the right people at the right time, in these circumstances we may have to delay or even stop payments / requests until we have sufficient information.
Right to access personal data relating to you
You can ask us to confirm whether we are processing your personal information. If we are, you may ask us to provide the following:
a copy of your personal information (please note that, if you want more than one copy of your personal information, we reserve the right to charge a reasonable fee based on our administrative costs for the provision of such further copies);
details of the purpose for which your personal information is being, or is to be, processed;
details of the recipients or classes of recipients to whom your personal information is, or might be, disclosed, including, if the recipient is based in a country outside of the European Union, what protections are in place in relation to the transfer to that recipient;
the period for which your personal information is held (or the criteria we use to determine how long it is held);
any information available about where we obtained your personal information; and
confirmation as to whether we carry out any automated decision-making (including profiling) and, where we do, information about the logic involved and the envisaged outcome or consequences of that decision or profiling.
Requests for your personal information must be made to us in writing (see ‘How can you contact us?’ below). A copy of your request will be kept on your membership record. To help us find the information easily, please give us as much information as possible about the type of information you would like to see.
If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person if possible.
There are certain types of information which we are not obliged to disclose to you, which include personal information which records our intentions in relation to any negotiations with you where disclosure would be likely to prejudice those negotiations.
Right to correct any mistakes in your information
You can require us to correct any mistakes (including adding missing information) in any of the personal information concerning you which we hold. Please contact us using the contact details set out at the beginning of this section.
Rights in relation to automated decision taking/making
The Trustees do not generally use automated decision making or profiling.
Automated decision making occurs when decisions are taken solely on automated processes. Under the Data Protection Legislation, you have the right to ask that, if you are being evaluated (for example, when a bank carried out credit checks before making decisions on issuing loans or credit cards), any decisions are not solely based on automated processes and to have any decision reviewed by a member of staff.
These rights will not apply in all circumstances, for example where the decision is authorised or required by law and steps have been taken to safeguard your interests.
Right to request that we restrict the processing of your personal information
You may request that we restrict the processing of your personal information in any of the following circumstances:
where you do not think that your personal information is accurate. In this case, we will start processing again once we have checked whether or not your personal information is accurate;
where the processing is unlawful, but you do not want us to erase your information;
where we no longer need the personal information for the purposes of our processing, but you need the information to establish, exercise or defend legal claims; or
where you have objected to processing because you believe that your interests should override our legitimate interests. In this case, we will start processing again once we have checked whether or not our legitimate interests override your interests.
If our processing is restricted in any of the circumstances described above, we will inform you in advance if that restriction is to be lifted.
Right to request that we delete your personal information
You can ask us to delete your personal information where your personal information is being processed on a legal ground other than for complying with a legal obligation and:
you believe that we no longer need to process it for the purposes set out in this privacy notice;
you had given us consent to process it, but you withdraw that consent and there is no other legal ground upon which we can process it;
you have successfully objected to our processing it; or
it has been processed unlawfully or has not been erased when it should have been.
Right to request transfer of your personal information
You may, in specified circumstances, ask a data controller to provide you with an electronic copy of personal information that you have provided to it, or to have such a copy transmitted directly to another data controller.
Those circumstances do not, however, generally apply in relation our processing of your personal information in connection with the Plan. This is because:
our legal grounds for processing will not normally be that you have consented to the processing; and
we do not carry out processing by automated means.
Right to withdraw consent
We usually only request your consent when we ask you for sensitive personal data. You have the right to withdraw any consent you have given us at any point.
However, as highlighted above, the Trustees only request sensitive personal data that is required to make decisions in respect of specific member benefits or complaints. If you withdraw your consent for us to process this information, we may have to delay or even stop payments / requests until we have sufficient information.
What will happen if your rights are breached?
You may be entitled to compensation for damage caused by breach of the Data Protection Legislation. If you do not think that we have processed your information in accordance with this notice, please contact us in the first instance.
If you are not satisfied, you can complain to the Information Commissioner’s Office. Information about how to do this is available on their website at www.ico.org.uk/concerns or by calling their helpline on 0303 123 1113.
FURTHER INFORMATION – PART THREE
THIRD PARTIES AND TRANSFERS
For the purposes of administering the Plan and paying benefits under it, the Trustees may need to share your personal information with certain third parties. This section lists the key third party service providers with whom we share your personal information.
List any other key third party service providers who receive the Scheme’s Personal Data
Acutec Ltd & Teeg Ltd
Transfers of your personal information out of the EU
Your information may be transferred out of the European Union. Our service providers have confirmed that they either:
do not transfer the Plan’s data outside of the European Union; or
do or may transfer the Plan’s data outside of the European Union, but only when certain protections that are approved by the European Commission are applied. These protections aim to ensure the security of your personal information, safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms.
FURTHER INFORMATION – PART FOUR
KEY TERMS AND PHRASES
means the natural or legal person or other body who, alone or jointly with others, determines the purposes and means of the processing of personal data. This means that the data controller exercises overall control over the ‘why’ and ‘how’ of a data processing activity.
Data Protection Act 1998
is the legislation that currently applies to the processing of personal data in the UK. The Data Protection Bill 2017 – 19 will repeal the Data Protection Act 1998.
Data Protection Legislation
means the Data Protection Act 1998, the Data Protection Bill 2017 – 19 and the General Data Protection Regulation, together with regulatory guidance issued by the European Commission (via the Article 29 Working Party) and the Information Commissioner’s Office.
Data protection principles
means the principles that are set out in the Data Protection Legislation relating to the processing of personal data. In the General Data Protection Regulation, there are six principles:
lawfulness, fairness and transparency;
storage limitation; and
integrity and confidentiality.
In addition, there is an overarching principle of accountability.
means a natural or legal person or other body who processes personal data on behalf of the data controller.
means the identified or identifiable living individual to whom personal data relates.
General Data Protection Regulation (GDPR)
is the primary EU legislation that, on and from 25 May 2018, will apply to the processing of personal data in all member states of the EU.
Information Commissioner’s Office (ICO)
is the UK’s national data protection authority. It is a public body that is charged with regulating information rights, public sector transparency and individual’s privacy in the UK.
Personal data or Personal information
means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number etc.
means the information that is provided to inform individuals about what you do with personal data. Under the Data Protection Legislation, data controllers must provide accessible information to individuals about the use of their personal data.
means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Special categories of personal data
(also referred to as sensitive personal data) means:
personal data that is personal data which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership;
the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person;
data concerning health; or
data concerning a natural person’s sex life or sexual orientation.