This Privacy Notice tells members and users of the Benenden Health App (“the App”) and associated services including Mental Health, Physiotherapy, Treatment and Diagnostics, and My Benenden online (which can be accessed via the App) what to expect when Benenden Health collects, uses, retains, and discloses your personal information when interacting with us through use of the Benenden Health App. Personal information is information that (on its own or together with other information) identifies you and is about you. This includes what you tell us about yourself and what we learn by having you as a member or user of the App.
This notice was updated May 2022.
‘Benenden Health’ is a trading name of The Benenden Healthcare Society Ltd. When we refer to Benenden Health (or to ‘we,’ ‘us,’ or ‘our’), we mean:
all of which are registered at Holgate Park Drive, York, YO26 4GG.
This Privacy Notice only relates to processing of your personal information when you use the App. Information about how your personal information is processed as a Benenden Health member or Benenden Healthcare Lite user, when you use the Benenden Health website or contact Benenden Health, is available in Benenden Health’s main Privacy Notice.
To ensure that we process your personal information fairly and lawfully, this notice informs you:
The notice describes instances when Benenden Health is the data controller, (the organisation who decides what personal information is collected and how it is used). Additionally, this notice explains where we direct or commission the processing of personal information by third parties either as data controllers or on our behalf to provide services or improve our offering to you.
Benenden Health is the data controller of data collected to administer the Benenden Health Mobile App and data provided to Benenden Health throughout the course of you being a member or a Benenden Healthcare Lite user.
Benenden Health recognises the importance of protecting personal and confidential information in all that we do. We take care to meet our legal duties, and we put in place all reasonable technical, security and procedural controls required to protect your personal information for the whole of its life, in whatever format we hold that information in.
Your privacy is protected by law, which says that we can use your personal information only if we have a proper reason to do so. This includes sharing it outside of Benenden Health. The reasons why we may process your personal information are:
A legitimate interest is when we have a business or commercial reason to use your information, but this must not unfairly go against your rights or freedoms. If we rely on our legitimate interest, we will tell you what that is.
Below is a list of the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are. For further information in relation to the marketing that we undertake, please see the ‘Marketing’ section below.
|WHAT WE USE YOUR PERSONAL INFORMATION FOR
|OUR REASON(S) FOR PROCESSING
|OUR LEGITIMATE INTERESTS (WHERE APPLICABLE)
We process personal information to enable us to run Benenden Health, to support the provision of services to members and users, to maintain our own accounts and to promote our services.
The types of personal information we use include:
We may collect your personal information from the following sources:
Personal information you give to us:
Personal information provided to us by third party providers of App services:
We may need to collect personal information by law, or under the terms of a contract we have with you. The use of the App is optional (Benenden Healthcare Lite users must use the App to access all services available under Benenden Healthcare Lite), and your membership or access to such of the Benenden Healthcare Lite services as are available outside of the App can continue to be administered in accordance with the main Benenden Health Privacy Notice.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot provide you with our services. We will notify you if your choice not to give personal information to us would result in a delay or prevent us from meeting our obligations.
Any personal information that is optional will be clearly marked at the point of collection.
We may share your personal information between Benenden Healthcare Society Ltd, Benenden Charitable Trust, and Benenden Wellbeing Ltd for these reasons:
The following services are provided by third party organisations who collect and use personal information in order to provide those services to you:
For Benenden Healthcare:
For Benenden Healthcare Lite:
The providers of the services listed above are independent data controllers under data protection law and you should consult the relevant privacy notices for details on the personal data that they process when providing these services. This also means that they have a separate responsibility to protect your personal information and will keep you informed about how your personal information will be used.
Your personal information will only be shared with third party organisations when required (for example for legal obligations or regulatory requirements, in respect of the products and/or services you request as a member or user of Benenden Health or user of Benenden Healthcare Lite).
These types of organisations are:
In the usual course of our business, we may use other third-party organisations known as ‘data processors’ under data protection law to support the essential delivery of our services. These organisations process your personal information on our behalf.
These types of organisations are:
When we share your information with our approved third-party providers, our contractual relationship with them prevents them from using your information for any other purpose outside of our instructions to them. They may use their own third party data processors, but are always required to meet the same legal requirements as Benenden Health does.
Benenden Health will never sell your information or share it with external companies for their own marketing purposes.
The UK GDPR and DPA 2018 hold the UK to high standards of data protection. If we transfer information outside of the UK, we will make sure that it is protected to these standards.
We will only send your personal information to countries outside of the UK to:
We will always use one or more of these safeguards:
When you access services via the App, your membership or user record is updated to reflect your use of services. We will keep your personal information for as long as you are a member of Benenden Health or Benenden Healthcare Lite user.
After you stop being a member or Benenden Healthcare Lite user:
We may keep your personal information for up to 8 years for one of these reasons:
- To respond to questions or complaints;
- To show that we treated you fairly, or;
- To maintain records according to legal requirements and documented business need.
We may keep your personal information for longer than 8 years if we cannot delete it for legal, regulatory or technical reasons. In these circumstances, we will make sure that your privacy is protected and only use it for legal or regulatory purposes.
All users of the App can exercise their rights under data protection laws. This section explains how to contact Benenden Health to exercise any of the rights available to you.
In order to exercise your rights under data protection law, we will need to verify your identity for your security.
You can contact us by emailing email@example.com, writing to Data Protection Officer, The Benenden Healthcare Society Ltd, Holgate Park Drive, York, YO26 4GG or telephoning our main customer service telephone helpline on 0800 414 8100.
You can request a copy of your personal information, as well as why we have that personal information, who has access to that personal information and where we got that personal information from at any time. Once we have received your request, we will respond within 1 month.
You have the right to question any information we hold on you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.
If you need to update your contact details, you can do so by contacting us using the details above.
You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and the ‘right to erasure’ (or ‘right to be forgotten’).
We may be able to restrict the use of your personal information so that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.
You can ask us to restrict the use of your personal information if:
If you want to object to how we use your personal information, or ask us to restrict how we use it, please contact us using the details above.
If you feel that we should no longer be using your personal information, or that we are illegally using your data, you can request that we erase the personal information we hold on you. When we receive your request, we will confirm whether the personal information has been deleted or tell you the reason why it cannot be deleted. There may be legal reasons why we need to keep your personal information.
If you want to request that we erase your personal information, please contact us using the details above.
You have the right to get copies of your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information to other organisations. To request this, please contact us using the details above.
If you are not satisfied with our response or believe that we are not processing your personal information in accordance with the law, you can complain to the Information Commissioner’s Office (ICO) by emailing firstname.lastname@example.org or telephoning 0303 123 1113. Additional contact methods are detailed on the ICO website.
When you contact us, we will need to verify your identity for your security. Verifying identity is an important way of safeguarding against criminal activities including the prevention of illicit access to your information.
If we are unable to validate your identity, we may ask you to provide further evidence so that we can access your information.
Benenden Health and its subsidiaries are not governed by the Freedom of Information Act as neither Benenden Health nor any of its subsidiaries are a public authority.
If you have any questions about this privacy notice or our processing of information, if you wish to raise a complaint on how we have handled your personal information, or if you wish to exercise any of the rights set out in this privacy notice, please contact our Data Protection Officer by emailing email@example.com or writing to: Data Protection Officer, The Benenden Healthcare Society Ltd, Holgate Park Drive, York, YO26 4GG.