PRIVACY POLICY

1: INTRODUCTION

This Privacy Policy is for anyone who uses our services (herein referred to as “you” or “customers”, including policyholders, prospective policyholders who for example have requested a quotation or submitted an enquiry, website users and beneficiaries of any of our policies. It should be also brought to the attention of any party who is directly involved in your policy, where they have given you consent to act on their behalf.

This Privacy Policy is issued by International Private Healthcare Limited group of companies, including IPH Insurance Services (UK) Ltd, which you may know as “IPH” or “IPH Insurance”. Herein these companies will be referred to as “we”, “our”, or “us”.

We are a data controller and processor of your personal information. We want to make sure all of our customers know exactly how their personal data is being used by us, how we protect that data, and what you can do to control how we use your data.

Your broker will have their own policy for your personal data, please ask your broker if you would like more information about how they use your personal information.

2: WHAT INFORMATION DO WE COLLECT?

We collect information that identifies you, such as:

  • Personal details: Name, address, contact details, date of birth, identity documents, payment details.
  • Policy and risk details: Information relating to the things you want to insure.
  • Special Category Data: Where necessary for providing insurance services, we collect sensitive personal information (known as “Special Category Data” under data protection law), such as medical history.
  • Criminal Conviction Data: We may also collect information about criminal convictions or offences where necessary for underwriting or claims handling.
  • Technical Data: IP address, and information collected through cookies (see Section 8).
  • Other Data: Claims history, information from enquiries, proposals, and feedback forms.

3: HOW DO WE COLLECT YOUR INFORMATION?

We collect information from various sources, including:

  • Directly from you (e.g., forms, telephone, post, email).
  • Your broker.
  • Other parties involved in your policy (e.g., other insured persons, beneficiaries, witnesses).
  • Publicly available sources (e.g., social media, electoral register).
  • Third-party databases for fraud prevention (e.g., Claims and Underwriting Exchange – CUE).
  • Credit reference agencies.
  • Loss adjusters, suppliers, and third-party administrators.
  • Government or regulatory bodies (e.g., HM Treasury sanctions lists).

4: OUR LAWFUL BASES FOR PROCESSING YOUR INFORMATION

We will only use your personal information when the law allows us to. Our primary lawful bases are:

  • Performance of a Contract: To quote for, administer, and manage your insurance policy, and to handle claims.
  • Legal Obligation: To comply with our legal and regulatory requirements (e.g., anti-money laundering, financial services regulations).
  • Legitimate Interests: To develop our products, conduct marketing analysis, and prevent fraud. We have balanced these interests against your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 9).
  • Vital Interests: To protect someone’s life (e.g., in a medical emergency).

Lawful Basis for Special Category and Criminal Offence Data
Processing special category data (like health information) and criminal conviction data requires an additional lawful condition. We process this data because it is necessary:

  • For the purposes of providing insurance cover, as permitted by UK GDPR Article 9(2)(g) and Schedule 1 Part 2 of the Data Protection Act 2018.
  • For the establishment, exercise, or defence of legal claims.
  • Where we have obtained your explicit consent for a specific purpose. We will always make it clear when we are seeking your consent.

5: HOW WE USE YOUR INFORMATION

We use your personal information to:

  • Underwrite your risk and provide quotations.
  • Administer your policy and premium payments.
  • Communicate with you and your broker about your insurance.
  • Process and manage claims.
  • Prevent and detect fraud and financial crime.
  • Comply with our legal and regulatory obligations.
  • Conduct automated checks against sanctions lists and for fraud prevention purposes.
  • Where relevant, we may make automated decisions, such as automated underwriting or fraud scoring. If an automated decision is made that significantly affects you, we will inform you and explain your right to request human intervention, challenge the decision, and express your point of view.
In order to fulfil some of the purposes outlined in Section 4 we may have to send, store or process your personal information overseas. The protections given to your personal information in other parts of the world may not be the same as in the UK. Where possible, we will put in place contractual transfer agreements to ensure that your personal information is safeguarded with the same high level of protection that we commit to.

In some cases we might need to share information to carry out the services we have promised to carry out, for example if you require urgent medical assistance abroad. In such an urgent situation we may not always have the time to put in place the type of agreement we would normally want to.

6: SHARING YOUR INFORMATION

We may share your personal information with third parties for the purposes outlined above, always ensuring appropriate safeguards are in place. We may share with:

  • Your authorised representatives.
  • Insurers, reinsurers, and reinsurance brokers.
  • Your broker.
  • Fraud prevention agencies and industry databases (e.g., CUE, Motor Insurance Database).
  • Law enforcement, regulatory bodies, and government agencies.
  • Medical and health service providers.
  • Credit reference agencies.
  • Third-party suppliers necessary for administering your policy or claim (e.g., loss adjusters, legal advisors).

International Transfers
To fulfil our services, your information may be transferred outside the UK. Where we do this, we will ensure it is protected by using approved transfer mechanisms, such as UK International Data Transfer Agreements or UK Addenda to the EU Standard Contractual Clauses. In urgent situations, such as a medical emergency abroad, a transfer may be necessary to protect your vital interests, and we may not have time to put a formal agreement in place, but we will always seek to protect your data.

7: HOW LONG WE KEEP YOUR INFORMATION FOR

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. Our standard retention period for policy and claims information is 7 years after the end of our relationship or the settlement of a claim, in line with FCA regulatory requirements. However, retention periods may be longer if necessary for legal actions or disputes.

8: MARKETING, COOKIES AND DIGITAL DATA

Marketing
We may use your information to analyse our services and for marketing purposes. We will only send you direct marketing communications where we have your consent or a legitimate interest (which you can opt-out of). You can opt-out of marketing emails by clicking “unsubscribe” or contact us to stop postal marketing. Opting out of marketing will not stop essential service communications.

Cookies and Digital Data
Our website uses cookies to distinguish you from other users. This helps us provide you with a good experience and improve our site.

  • Strictly Necessary Cookies: Essential for the website to function. They do not require consent.
  • Analytical/Performance Cookies: Allow us to recognise and count visitors and see how they navigate. This helps us improve the site. We require your consent for these cookies.
  • You can manage your cookie preferences at any time by clicking on the “Cookie Settings” link in our website footer. For detailed information on the categories of cookies we use, please see our separate Cookie Policy.

9: YOUR RIGHTS

Under data protection law, you have the following rights. To exercise any of them, please contact us using the details in Section 11.

  • Access: You can request a copy of your personal data.
  • Rectification: You can ask us to correct inaccurate or incomplete data.
  • Erasure: You can ask us to delete your data (the “right to be forgotten”).
  • Restrict Processing: You can ask us to suspend the use of your data.
  • Data Portability: You can ask for your data in a machine-readable format.
  • Object: You can object to processing based on legitimate interests or for direct marketing.
  • Rights in relation to automated decision-making: You have the right not to be subject to a decision based solely on automated processing which significantly affects you, as described in Section 5.
  • Withdraw Consent: Where we rely on your consent, you can withdraw it at any time.

We will respond to all legitimate requests within one month. Please note that these rights are not absolute and may be subject to exemptions.

Complaint: If you are unhappy with how we handle your data, please contact us first. You also have the right to complain to the Information Commissioner’s Office (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or visit https://www.ico.org.uk.

10: CHANGES TO THIS PRIVACY POLICY

We may update this policy from time to time. The latest version will always be available on our website. If we make significant changes, we will notify you directly.

11: HOW TO CONTACT US

If you have any questions about this privacy policy or wish to exercise your rights, please contact us:

  • Email: info@iphinsurance.com
  • Post: The Data Protection Officer, IPH House, Stirling Way, Borehamwood, Hertfordshire, WD6 2BT, United Kingdom
  • Telephone: +44 (0)20 8905 2888

IPH Hub

To access your policy documents, please enter your policy password below, which can be found with your policy schedule.

 

Please note the password is case sensitive.