This site uses cookies that store non-personal information to help us improve our site.

Home   >   Privacy Policy

Privacy policy

This notice outlines your rights as a member or customer of Welsh Hospitals & Health Services Association (WHA), or as a visitor to our website, under General Data Protection Regulation (GDPR).

This notice comes into effect on 25th May 2018.

This privacy notice tells members and customers of WHA what to expect when WHA collects, uses, retains and discloses your personal information.

Personal information is information that (on its own or together with other information) identifies you and is about you. This includes what you tell us about yourself and what we learn by having you as a member or customer.

Who we are

WHA is a Healthcare Cash Plan provider. WHA is a trading name of Welsh Hospitals & Health Services Association, which is registered at 60 Newport Road, Cardiff CF24 OYG.

When we refer to WHA (or to ‘we’, ‘us’, or ‘our’), we mean Welsh Hospitals & Health Services Association.

To ensure that we process your personal information fairly and lawfully, this notice informs you:

  • Why we need your personal information;
  • How it will be used;
  • With whom it will be shared; and
  • What rights you have in relation to the personal information we collect.

Within this notice we describe instances where WHA is the ‘data controller’ (the organisation who decides what personal information is collected and how it is used).

There may be situations where WHA processes data on the instructions of another organisation (known as acting as a ‘data processor’), but in those circumstances our use of data would be governed by that organisation.

Our commitment to your privacy

WHA recognises the importance of protecting personal and confidential information in all that we do and takes care to meet our legal duties. WHA puts in place all reasonable technical, security and procedural controls required to protect your personal information for the whole of its life, in whatever format we hold that information.

How the law protects you

Your privacy is protected by law, which says that we can use your personal information only if we have a proper reason to do so. This includes sharing it outside of WHA.

The reasons why WHA may process your personal information are:

  • To fulfil a contract we have with you;
  • When it is in our legitimate interest;
  • When it is our legal duty; or
  • When you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information, but this must not unfairly go against your rights or freedoms.

What types of personal information do we process

We process personal information to enable WHA to support the provision of our services to members and customers, to maintain our own accounts and to promote our services.

The types of personal information we use include:

  • Personal details such as names, addresses, telephone numbers, dates of birth;
  • Your relationship to other individuals on your WHA membership;
  • Employment and work details for individuals who pay for membership through their salary or pension;
  • Financial details, including payments to WHA by members and customers and payments made by WHA for services provided to members;
  • Details of how you use our website, and where you have accessed it from;
  • Details of when you contact us and when we contact you (including telephone calls and copies of written communications such as emails or letters);
  • Details of which WHA products you have purchased;
  • Any consents which you have given us in relation to the processing of your information;
  • Physical or mental health details in relation to requests by members for access to our services. Such information requires special protection by law – we will always explain what information we require and why it is needed when collecting this information. It will always be processed and stored securely.

Where do we collect your personal data from?

We may collect your personal information from the following sources:

  • When you apply for our products and services either on-line via our website or completing an application form.
  • When you join via another policyholder on their policy.
  • From your employer who is providing WHA Healthcare cash plan for you and they have authorisation to share your data with us.
  • When you communicate with us via telephone or e-mail.

Cookies

For more information on how we use cookies please see our website cookie policy at www.whahealthcare.co.uk/cookies

How we use your personal data.

Below is a list of the ways that we may use your personal information and which of the reasons we rely on to do so.

How we may use your personal information

Where applicable our legitimate interests

Reasons we rely on for processing

To administer payments relating to membership.

Being efficient about how we fulfil our legal and contractual duties.

Complying with regulations that apply to us.

Fulfilling contracts.

Our legitimate interests.

Our legal duty.

To process your benefit claims.

To process any claims submitted by you so that we can fulfil our contractual obligations regarding any repayments.

Fulfilling contracts.

Our legitimate interests.

Our legal duty.

To communicate with you about your membership or WHA products you have purchased.

To manage our relationship with you.

To conduct analysis and research activities to improve and develop our products and services.

To analyse our advertising activity.

To create anonymised pen portraits for marketing purposes.

Keeping our records up to date.

Determining which of our products may be of interest to you and informing you about them.

Defining audiences to market our products to.

Seeking your consent when we need it to contact you.

Being efficient about how we fulfil our legal and contractual duties.

Fulfilling contracts.

Our legal duty.

Our legitimate interests.

Your consent.

To manage how we work with other companies that provide services to us and our members or customers.

Being efficient about how we fulfil our legal and contractual duties.

Fulfilling contracts.

Our legal duty.

Our legitimate interests.

To detect, investigate, report and seek to prevent financial crime.

To manage risk for WHA and our members or customers.

To comply with regulations that apply to us.

To respond to complaints and seek to resolve them.

Developing and improving how we deal with financial crime.

Complying with regulations that apply to us.

Being efficient about how we fulfil our legal and contractual duties.

Fulfilling contracts.

Our legal duty.

Our legitimate interests.

To run WHA in an efficient and proper manner. This includes managing our financial position, business capability, planning, communications, corporate governance and audit.

Complying with regulations that apply to WHA.

Being efficient about how we fulfil our legal and contractual duties.

Our legal duty.

Our legitimate interests.

To exercise our rights as set out in agreements or contracts.

Being efficient about how we fulfil our legal and contractual duties.

Fulfilling contracts.

Our legal duty.

Our legitimate interests.

The types of personal sensitive information we use include:

Type of personal sensitive information

Where applicable our legitimate interests

Reasons we rely on for processing

Pre-Existing Medical Condition.

To establish whether the benefit would be covered on the policy when joining.

Fulfilling contracts.

Our legal duty.

Our legitimate interests.

Medical Conditions.

To establish whether you would be covered on the new policy or when changing policy or increasing your cover.

Fulfilling contracts.

Our legal duty.

Our legitimate interests.

Medical information is required to support: Hospital In-patient or Specialist Consultation claims.

To allow us to assess and process benefit claim for Hospital In-patient or Specialist Consultation in line with policy documents issued at the time of joining.

Fulfilling contracts.

Our legal duty.

Our legitimate interests.

Further information from the relevant practitioner/hospital.

In some instances, following consent given by you we would contact the practitioner/hospital to further information in order for us to assess and process benefit claim to establish eligibility for payment.

Fulfilling contracts.

Our legal duty.

Our legitimate interests.

If you choose not to provide personal information

We may need to collect personal information by law, or under the terms of a contract we have with you.

If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot provide you with services under your membership. We will notify you if your choice not to give personal information to us would result in a delay or prevent us from meeting our obligations.

Who we share your personal information with

WHA may share your data with regulatory bodies when it is a legal requirement to do so for the purpose of monitoring and enforcing our compliance, organisations include:

  • Financial Ombudsman Service;
  • Information Commissioners Office;
  • Fraud prevention agencies.

We may also share aspects of your information on occasion with organisations to enable continuity of service, these include:

  • Organisations that introduce you to us;
  • IT Support.

In the usual course of our business, we may use other third-party organisations known as ‘data processors’ under data protection law to support the essential delivery of our services. These organisations process your personal information on our behalf.

These types of organisations are:

  • Mailing, email, SMS messaging, and/or print fulfilment organisations (to enable us to communicate with you efficiently);
  • Providers of business services such as auditors, consultants, solicitors and/or insurers (to enable us to run WHA efficiently);
  • Providers of records management services such as secure disposal suppliers, and IT storage providers (to enable us to secure data efficiently);
  • Providers of IT systems or services (to enable us to run WHA efficiently);
  • Market researchers (to help us to improve the services we offer);
  • Companies you ask us to share your personal information with (upon request).

When we share your information with our approved third-party providers, our contractual relationship with them prevents them from using your information for any other purpose outside of our instructions to them. They may use their own third-party data processors but are always required to meet the same legal requirements as WHA does.

WHA will never share or sell your information to external companies for their own marketing purposes.

Where is your data stored?

All of your data is located in the UK.

Marketing

We may use your personal information to tell you about relevant products offered by WHA. This is what we mean when we talk about ‘marketing’.

We can only use your personal information to send you marketing messages if we either have your consent or a ‘legitimate interest’. Legitimate interest is when we have a business reason to use your information for marketing purposes (which will not unfairly go against your rights and freedoms). In other words, we will not market to you based on legitimate interest if you have told us that you do not want to receive such marketing or are registered on a preference services list.

We have a legitimate interest to:

  • Send you the WHA magazine/newsletter by post;
  • Send you marketing messages about WHA by post;
  • Contact you via telephone to welcome you to WHA, or to discuss your membership if you decide to leave WHA; and
  • Send you marketing messages by email about products offered by WHA which are similar to those which you have already purchased from us (if you have provided us with an email address).

We will ask for your explicit consent to send you any other marketing messages.

You can withdraw your consent or ask us to stop sending you any marketing messages at any time. If you want to do so, please contact us by:

  • Calling our Customer Service Team on 029 2048 5461;
  • E-mail us at mail@whahealthcare.co.uk;
  • Write to us at WHA, 60 Newport Road, Cardiff CF24 OYG;
  • Following the unsubscribe link on the relevant email.

How long we keep your personal information

We will keep your personal information for as long as you are a member or customer of WHA.

After you stop being a member or customer we may keep your personal information for up to 8 years for one of these reasons:

  • To respond to questions or complaints;
  • To show that we treated you fairly; or
  • To maintain records according to legal requirements and documented business need.

We may keep your personal information for longer than 8 years if we cannot delete it for legal, regulatory or technical reasons. In these circumstances, we will make sure that your privacy is protected and only use it for legal or regulatory purposes.

Your rights

In order to exercise your rights under data protection law, we will need to verify your identity for your security.

How to obtain a copy of your personal information

You can request a copy of your personal information, as well as why we have that personal information, who has access to that personal information and where we got that personal information from at any time. Once we have received your request we will respond within 30 days.

Updating your personal information

You have the right to question any information we hold on you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.

If you need to update your contact details (and/or the details of others, for example if you pay for other people on your membership), you can do so by:

  • Writing to us at WHA, 60 Newport Road, Cardiff CF24 OYG;
  • Calling our Customer Service Team on 029 2048 5461;
  • E-mail us at mail@whahealthcare.co.uk.

If you want us to stop using your personal information

You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and the ‘right to erasure’ (or ‘right to be forgotten’).·

We may be able to restrict the use of your personal information so that it can only be used for certain things, such as legal claims or to exercise legal rights.

In this situation, we would not use or share your information in other ways while it is restricted.

You can ask us to restrict the use of your personal information if:

  • It is not accurate;
  • It has been used unlawfully but you don’t want us to delete it;
  • It is not relevant any more, but you want us to keep it for use in legal claims; or
  • You have already asked us to stop using your personal information but you are waiting for us to assess your request and confirm whether we are permitted to continue using the personal information under data protection law.

If you want to object to how we use your personal information, or ask us to restrict how we use it, please contact us by:

  • Writing to us at WHA 60 Newport Road, Cardiff CF24 OYG;
  • Calling our Customer Service Team on 029 2048 5461;
  • E-mail us at mail@whahealthcare.co.uk.

If you would like us to erase your personal information

If you feel that we should no longer be using your personal information, or that we are illegally using your data, you can request that we erase the personal information we hold on you. When we receive your request, we will confirm whether the personal information has been deleted or tell you the reason why it cannot be deleted. There may be legal reasons why we need to keep your personal information.

If you want to request that we erase your personal information, please contact us by:

  • Writing to us at WHA 60 Newport Road, Cardiff CF24 OYG;
  • Calling our Customer Service Team on 029 2048 5461;
  • E-mail us at mail@whahealthcare.co.uk.

Data portability

You have the right to obtain copies of your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information to other organisations. To request this, please contact us:

  • Writing to us at WHA, 60 Newport Road, Cardiff CF24 OYG;
  • Calling our Customer Service Team on 029 2048 5461;
  • E-mail us at mail@whahealthcare.co.uk.

Your right to complain

If you are not satisfied with our response or believe that we are not processing your personal information in accordance with the law, you can complain to the Information Commissioner’s Office (ICO) by:

Changes to this privacy notice

We regularly review our privacy notice and we will place any updates on the WHA Website. The notice was last updated in May 2018.

Contacting us

When you contact us, we will need to verify your identity for your security. Verifying identity is an important way of safeguarding against criminal activities including the prevention of illicit access to your information.

If we are unable to validate your identity, we may ask you to provide further evidence so that we can access your information.

Questions about this privacy notice

If you have any questions about this privacy notice or our processing of information, if you wish to raise a complaint on how we have handled your personal information, or if you wish to exercise any of the rights set out in this privacy notice, please contact us by:

  • Writing to WHA 60 Newport Road, Cardiff CF24 OYG;
  • Calling our Customer Service Team on 029 2048 5461;
  • E-mail us at mail@whahealthcare.co.uk.