privacy policy

Healthcare Resolutions Ltd registered in England and Wales. Its registered number is 05180254 and its registered office is 923 Finchley Road London NW11 7PE.

Introduction

This policy sets out the basis on which any personal data or personal sensitive data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal and sensitive data, how we will treat it and assure our clients, partners and the public that we take security seriously and wish to respect and protect all data that is collected and processed by us.

We confirm when processing data on your behalf that we will comply with the relevant provisions of the Data Protection Legislation and the General Data Protection Regulation (GDPR). We will also ensure that any disclosure of personal data to us complies with the Data Protection Legislation and GDPR.

Information we Collect and Why we use it

Personal Data, which is described under GDPR as “any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data”, is principally collected and processed when supplied by you during our engagement with you under contract. To fulfil our obligations in respect of prevention of money laundering and other financial crime we may send your details to third party agencies for identity verification purposes.

The personal information we collect from you will vary depending on services engaged. The personal information we collect might include your name, address, telephone number, email address, your National Insurance number, bank account details, your IP address, your date of birth.

In general terms we may use your information to:

Contact you by post, portal, email, or telephone
Verify your identity where this is required
Understand your needs and how they may be met
Maintain our records in accordance with applicable legal and regulatory obligations
Process financial transactions
Prevent and detect crime, fraud, or corruption

Sensitive Information, which is described under GDPR as “data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.” Is also principally collected and processed when supplied by you during our engagement with you under contract and will be treated in accordance with the GDPR requirements and will require an individuals explicit consent or collected and processed under one of the following lawful bases:

A contract with the individual: for example, to supply goods or services they have requested, or to fulfil an obligation under an employee contract.
Compliance with a legal obligation: when processing data for a particular purpose is a legal requirement.
Vital interests: for example, when processing data will protect someone’s physical integrity or life (either the data subject’s or someone else’s).
A public task: for example, to complete official functions or tasks in the public interest. This will typically cover public authorities such as government departments, schools, and other educational institutions; hospitals; and the police.
Legitimate interests: when a private sector organisation has a genuine and legitimate reason (including commercial benefit) to process personal data without consent, provided it is not outweighed by negative effects to the individual’s rights and freedoms.
Consent: when the data subject agrees to the processing when presented with a clear explanation of the personal sensitive data that will be collected and what it will be used for.

We would like to keep you informed with regards to important updates, our related services, our opinions, and essential reading. We also like to provide you with details in advance notice of our events but will only do so once you have given your explicit consent.

Obligation on you when Passing on Personal Data

If any of the details submitted for processing change, it is your responsibility to inform us so that we can update our records as soon as is practically possible.

Your Rights

Access to your information: You have the right to request a copy of your personal information we hold.

Correcting your information: We want to ensure that your personal information is accurate, complete and up to date and you can ask us to correct any personal information about you that you believe is no longer up to date or is inaccurate.

Deletion of your information: You have the right to ask us to delete personal and personal sensitive information about you if:

You consider that we no longer require the information for the purposes for which it was obtained
You have validly objected to our use of your personal information
Our use of your personal information is contrary to law or our other legal obligations
You would like to withdraw your consent

Restricting how we may use your information: In some cases, you may ask us to restrict how we use your personal and personal sensitive information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information, but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Objecting to how we may use your information: Where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue. You have the right at any time to require us to stop using your personal information for direct marketing purposes.

Withdrawing consent to use your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Requests must be made in writing to Healthcare Resolutions Ltd at 6 Accommodation Road, London NW11 8ED or via email to info@healthcareresolutions.co.uk

Further information about the GDPR can be found by visiting the Information Commissioner’s Office website (www.ico.org.uk). The ICO regulates data protection and e-privacy in the UK so there is lots of useful guidance about this on their website.

Disclosure of your Information

We may share your personal data within the Healthcare Resolutions for the purposes of performing the services contracted and, where consented, business updates and marketing activities. We will not sell or rent your information to third parties.

We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the information that is necessary to deliver the service. Contractually information is kept secure and used only for the purposes of delivering the required service.

We will not release your information to other third parties unless you have requested that we do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption.

Security of Data

We take the security of your data seriously. All our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements. Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Retention of Records

We will retain your personal data for as long as necessary to achieve the purposes set out in this Privacy Notice. You have a legal responsibility to retain documents and records relevant to your insurance affairs. We will retain your records for the duration of our engagement with you under contract. After any termination of the contract between us we will hold your records for the legal or regulatory minimum periods required. We also reserve the right to retain data for longer than this due to the possibility that it may be required to be provided to a regulator outside of these minimum periods. Records held for the purpose of business updates are held until such time that notice of consent is revoked.

Complaints

We aim to provide you with a first-class service always. We have very high standards although we admit that occasionally, we may make a mistake.

If this happens, please inform us immediately and give us the chance to put things right. Contact us either via:

Email info@healthcareresolutions.co.uk

Telephone 020 8457 7553

Or write to us at 6 Accommodation Road, London NW11 8ED

We will acknowledge your complaint within 5 working days of receipt.

We will investigate your complaint and endeavor to send you a final response within 8 weeks of receipt of your complaint.

During this time, we will keep you informed as to the progress of your complaint.

If we are unable to provide you with a final response within 8 weeks, we will write to you with an explanation and will advise you when you can expect a final response.

If more than 8 weeks have passed from the date of receipt of your complaint and you have not received a final response (or if at any stage of this process) you are dissatisfied with the final response you have received, you can write to:

Financial Ombudsman Service Exchange Tower London E14 9SR

Or via telephone / email:

• 0800 0234 567 – calls to this number are free on mobiles and landlines

• 0300 123 9123 – calls to this number cost no more than calls to 01 or 02 numbers

• Email: complaint.info@financial-ombudsman.org.uk

If you are dissatisfied with our final response and you wish to refer your case to the Financial Ombudsman Service for consideration, you must do so within 6 months of the date on our final response.

Data Breaches

If your complaint is in response to a Data Breach or a potential Data Breach or if you have a concern about the way we are collecting or using your personal or personal sensitive data, we request that you raise your concern with us in the first instance. Requests must be made in writing to Healthcare Resolutions Ltd at 6 Accommodation Road, London NW11 8ED or via email to info@healthcareresolutions.co.uk

Reporting Data Breaches

In line with the General Data Protection Regulation (GDPR) if Healthcare solutions experiences a Data Breach which is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will inform those individuals without undue delay.

The Breach will also be reported to the supervisory authority within 72 hours.

Responding to a Personal Data Breach

We have in place a process to assess the likely risk to individuals as a result of a breach.
We have a process to inform affected individuals about a breach when their rights and freedoms are at high risk.
We know we must inform affected individuals without undue delay.
We know who the relevant supervisory authority for our processing activities is.
We have a process to notify the ICO of a breach within 72 hours of becoming aware of it, even if we do not have all the details yet.
We know what information we must give the ICO about a breach.
We know what information about a breach we must provide to individuals, and that we should provide advice to help them protect themselves from its effects.
We document all breaches, even if they do not all need to be reported.

Subject Access Requests (SAR’s)

We aim to respond to a SAR without undue delay and in any event within one month of receipt of the request. This may be extended by a further two months if the request is complex or several requests have been made by yourself, the data subject.

Complaints Procedure updated 10^th December 2020.