home > privacy policy

Privacy notice

To be read in conjunction with the website terms of use.

This privacy notice tells members and customers of Benenden Health what to expect when Benenden Health collects, uses, retains and discloses your personal information. Personal information is information that (on its own or together with other information) identifies you and is about you. This includes what you tell us about yourself and what we learn by having you as a member or customer. This notice was last updated in June 2026.

What is this Privacy Notice for?

This privacy notice explains how Benenden Health collects, uses, stores, and shares your personal information.

What does "personal information" mean?

It's anything that can identify you - on its own or combined with other details. This includes what you tell us and what we learn about you as a member or customer.

We take your privacy seriously. Keeping your information safe matters to us. We follow the law and use strong security to protect your details from the moment we collect them until they're no longer needed, no matter the format.

Please read this notice along with our website's terms of use and/or our Online Community Terms of Use if you are a current member.

Who is this privacy notice for?

This privacy notice is for:

  • People who are members of Benenden Health (now or in the past)

  • Anyone who has bought Benenden Health for their team or workplace

  • Brokers who help sell our products

  • Anyone who has shown an interest in Benenden Health

 

↑ Back to top

 

Who we are

Benenden Health is a mutual, not-for-profit organisation. This means we're run for our members and not profit. Our mission is simple: to help improve the nation’s health. We offer affordable access to private healthcare and have been supporting our members since 1905.

When we say "Benenden Health", "we", "us" or "our", we mean:

  • The Benenden Healthcare Society Ltd

  • Benenden Wellbeing Limited

  • The Benenden Charitable Trust

  • The Benenden Hospital

All of these are registered at Holgate Park Drive, York, YO26 4GG.

Benenden Hospital and Benenden Charitable Trust have their own privacy notices. If you've been a patient at Benenden Hospital or applied to the Charitable Trust, please read their privacy notices too.

 

↑ Back to top

 

Who processes my personal information?

Most of the time, Benenden Health decides what personal information to collect and how to use it. This makes us the 'data controller'.

Sometimes, we handle personal information for another organisation. When that happens, we follow their rules on how to use it. In those cases, we're the 'data processor'.

The types of personal information we collect

We collect different kinds of personal information so we can support our members and customers and share our services. This includes:

  • Your basic personal details – like your name, address, phone number, and date of birth

  • Identification details – such as your National Insurance number

  • Your relationship to others – for example, if you have family members on your membership (including children)

  • Work or pension details – such as, if you pay through your employer or pension

  • Payment information – where you have paid us or we have paid for services you have accessed

  • Health details – like physical or mental health information when you ask for services (we'll explain why we need it)

  • Vulnerability information – like health or life events, so we can meet your needs

  • Records of contact – when you contact us and when we contact you (including call recordings, letters and emails)

  • How you use our website, the Online Community and app – and where you access them from

  • Online Community interactions – the posts you make and your use of the platform

  • How you interact with us on social media

  • Your wellbeing interests – for example, topics you’ve shown interest in

  • CCTV images – if you visit our offices, for security

  • Products you've bought from us – like a Benenden Health membership or Benenden Health Cash Plan

  • Permissions you've given us – such as marketing preferences

  • How you use our services – namely the services you have accessed

  • Business contact details –for example your name, job title, phone number, and email if you're a business contact

  • Complaint details

  • Research and feedback responses – like when you enter a prize draw

  • Where you live – general area information

 

↑ Back to top

 

Using children's personal information

Sometimes we need to collect and use information about children. This usually happens when a child is added to a membership.

We only collect what we need to provide our services, and we handle it with extra care. We never use children’s information for marketing or profiling, and we only share it if it’s needed for services or required by law.

A parent or guardian can speak for the child until they turn 16. After that, we ask the young person for permission before sharing their information or letting a parent or guardian act for them. This way, their privacy grows with them—giving them control when the time is right.

Why we use your personal information

We only use your information when the law says we can. This might be:

  • To carry out a contract with you

  • Because the law says we must

  • Because we have a business reason (called a “legitimate interest”)

  • Because you've said we can (or in other words, given your consent)

If we use your information for a legitimate interest, we check carefully to make sure it’s fair and doesn’t affect your rights. We'll always explain what that reason is.

Think of it like this: we use your information to keep things running smoothly, meet legal rules, and make your experience with us simple and helpful. And we'll always tell you why we're using it—so you're never left in the dark.

 

↑ Back to top

 

How we use your personal information and why

The table below shows how we use your personal information and why we need it.

What we do

Example

Type of information

Why we use it

Legitimate interests (where applicable

Give you our services

Working with suppliers so you can use your Benenden Health membership

Name, contact details, membership and medical information

To carry out our contract with you

We have a legitimate interest

To provide our services to you

Manage our relationship with you

Answering questions, signing up new members, recording who can speak for you and keeping accurate records

Name, contact details, communications

To carry out our contract with you

We have a legitimate interest

To manage our relationship with you

Record who can speak on your behalf

Handle payments and renewals

Taking payments, giving refunds, and storing your payment details for renewal purposes

Name, payment details, membership information

We have a legal duty

To carry out our contract with you

With your consent

 

 

Send updates and marketing to you

Service messages, marketing messages, personalising content

Contact details, communication preferences

We have a legal duty

To carry out our contract with you

With your consent

We have a legitimate interest

To market to our members (as well as past and future members)

To follow your preferences including marketing, cookies, profiling and automated decision making

Tailor communications and support

Personalising messages and help to meet your needs

Name, medical information, communication preferences

With your consent

 

Tailor the content that you see in our app

Wellbeing topics that match your interests to personalise what you see in our app

Interests

We have a legitimate interest

To show content that suits you

Create targeted marketing audiences

Targeting advertising on social media

Name, contact details

We have a legitimate interest

To show you relevant advertising content

Run competitions and surveys

Prize draws and feedback surveys to improve services and understand customer satisfaction

Contact details, survey responses

We have a legitimate interest

To improve services and thank you for taking part

Handle complaints

Ensuring fair treatment and maintaining records of outcomes for quality assurance and regulatory compliance

Membership information, complaint details, communications including call recordings

We have a legal obligation

 

Manage our Online Community

Administer our Online Community platform and monitor content

Name, email address, membership information, username, interactions

  

 

Do market research and analysis

Research to improve services

Name, contact details, membership information, services used

We have a legitimate interest

To understand how you are using our services and how we can improve them

Train our employees and monitor our services

Reviewing calls, emails and chat interactions for training and to review the quality of our services

Communications including call recordings, emails and chat records

We have a legitimate interest

To improve quality and for training purposes

Manage third-party relationships

Working with brokers

Name, contact details

We have a legitimate interest

To maintain good relationships

To detect, investigate, report and seek to prevent financial crime

Money-laundering and other types of checks

Name, membership information, financial details

We have a legal obligation

 

Keep data secure

Monitoring system access and logging activity

Name, membership information, technical information

We have a legitimate interest

To protect our systems

To comply with laws and regulations

Audits, police requests, rights requests

Name, membership information, financial details

We have a legal obligation

 

Run our business in an efficient and proper way

Planning, internal communications, managing risk to us and our members or customers, business capability, corporate governance.

Name, membership information, services accessed

We have a legal obligation

We have a legitimate interest

To run our business in an efficient and proper way.

 

↑ Back to top

 

When we ask for your consent

We only ask for your consent to use your personal information if there's no other legal reason to do it—or if it feels like the right thing to do.

We'll always tell you when we need your consent and ask in a clear way. If we can't give you a product or service without your consent, we'll explain this at the time.

You can change your mind later and withdraw your consent, just get in touch with us. You’ll find our contact details in the How to contact us section.

Where we collect personal information from

We collect your personal information from different places so we can provide and improve our services.

Most of the time, you give it to us directly, for example when you:

  • Join Benenden Health as a member

  • Contact us by phone, email, chat, social media, or letter

  • Take part in surveys or research

  • Enter prize draws or sign up for marketing

  • Use our services

  • Update your membership details using My Benenden

  • Buy one of our products (like Benenden Health Cash Plan)

  • Download and use our app

  • Join or contribute on our Online Community

We also collect information through our website.

When you visit and similar technologies to understand how you use the site. You can read more in our

Sometimes, we get information from other organisations or people we work with, such as:

  • Members who add you to their membership

  • Product providers (like Benenden Travel Insurance)

  • Payroll providers (if you pay through your salary or pension)

  • Social media platforms

  • Cookies on other websites (see our cookie policy for details)

  • Employers who set up and pay for your membership

  • Information we've purchased from marketing list providers (only if you've agreed to this)

  • Business contact list providers (e.g. where you have attended a conference and agreed for your details to be shared with us)

  • Business customers who refer a business to us

  • Service providers who share summary information about services you've used

 

↑ Back to top

 

If you choose not to give us your personal information

Sometimes we need your personal information to follow the law or under the terms of a contract we have with you. If you don't share this information, we may not be able to meet our legal duties, provide services under your membership or other products you've bought from us.

We'll always tell you if not giving us your information will cause a delay or stop us from meeting our obligations. If giving us your information is optional, we'll make that clear so you can decide.

Who we share your personal information with

We may share your personal information within Benenden Health (including Benenden Healthcare Society Ltd, Benenden Charitable Trust, Benenden Hospital Ltd and Benenden Wellbeing Ltd) and with trusted companies that help us deliver our services. We only share what's needed and always protect your privacy.

We do this to:

  • Check your identity

  • Improve our services

  • Understand your needs

  • Send marketing (if allowed and we believe it's relevant to you)

  • Train our employees

  • Meet legal and regulatory duties

  • Prevent or detect fraud

  • Assess risks

  • Handle complaints

We may also share your information with other trusted organisations like:

  • People or organisations you've said can speak for you

  • Healthcare providers we work with to provide our services

  • Alternative dispute resolution (ADR) services

  • Insurance providers (like for the Benenden Health Cash Plan)

  • Providers of other Benenden Health products (like Benenden Health Assessments)

  • Regulators (like the Financial Conduct Authority, Information Commissioners Office, Financial Ombudsman Service and Advertising Standards Agency)

  • HMRC and fraud prevention agencies

  • Law enforcement (like the police)

  • Companies that send letters, emails, texts, or social media messages (to contact you)

  • Auditors, consultants, lawyers, and insurers (to help us run our business)

  • Secure disposal and IT storage providers (to keep data safe)

  • IT system providers (to keep Benenden Health running smoothly)

  • Market researchers (to help us improve our services)

  • Tracing agencies (if we lose touch with you)

  • Companies you've asked us to share your information with

When we share your information, we make sure these companies only use it for the reasons we've agreed. They may work with other companies to support their services, but they must follow the same legal rules and data protection standards we do.

We never sell your information or share it with other companies for their own marketing.

 

↑ Back to top

 

Sending personal information outside the UK

Sometimes we may need to send your personal information to other countries. This could happen if:

  • The law says we have to

  • We work with a company outside the UK that helps us provide services to you

If we do send your information outside the UK, we’ll make sure it stays safe – just like it would be in the UK. We only do this when:

  • The country has strong privacy laws approved by the UK

  • We have legal agreements in place (called Standard Contractual Clauses) to keep your information safe

  • The organisation is part of an approved framework, like the UK Extension to the EU-US Data Privacy Framework

 

↑ Back to top

 

Marketing

We may use your personal information to keep you updated about products and services. This includes things from:

  • The Benenden Healthcare Society Ltd

  • Benenden Wellbeing Ltd

  • Benenden Hospital

Our marketing could include:

  • Sending you our Be Healthy magazine and newsletters

  • Letting you know about new services or member benefits you might like

We may contact you by email, post, phone, or through digital platforms such as on social media. We do this based on your consent or on our legitimate interest in keeping you informed, provided this doesn't override your rights. If you've been a member before, we may keep sending you relevant marketing messages for up to three years unless you tell us not to.

You're always in control. You can change your marketing preferences anytime through My Benenden, our app, by emailing memberservices@benenden.co.uk, or by writing to us.

Even if you opt out of marketing, we'll still send important service messages. These include things like:

  • How you can have your say and participate in member voting (if you pay for your own membership)

  • Updates to your product

  • Changes to this privacy notice

Tailoring products and services using automated systems

To make our messages more relevant, we use automated systems to understand what our members are interested in. These systems look at things like your age, gender, membership details, and services you've used. This helps us decide what to send you and when. This process is automatic, but it only affects the type and timing of messages. It doesn’t make decisions about your membership or services.

If you'd prefer us not to use your information this way, you can opt out by emailing marketingmail@benenden.co.uk or writing to us.

Prize draws

Sometimes we run prize draws for members. If you've opted out of marketing, you won’t hear about these. If you take part, we'll use your information to manage the draw and send prizes. If you win, we may need to share your surname and country you live in with the Advertising Standards Authority if they ask.

Social media advertising

We work with social media platforms to help us target our online advertising and reach people who might be interested in Benenden Health. These platforms may use their own data with ours to create 'lookalike' audiences (groups of people with similar interests) for advertising. Your marketing preferences are always respected. If you'd rather we didn’t use your personal information this way, just let us know.

 

↑ Back to top

 

Business-to-business marketing

Sometimes we contact people at other organisations to share how Benenden Health can help their employees. This might include:

  • Sending emails or letters

  • Making phone calls

  • Sharing information about our products and services

We collect business contact details from trusted sources like:

  • Marketing list providers (e.g. Market Location Ltd, DataHQ Ltd and Lusha)

  • Trade events

  • Referrals from existing customers

  • Social media platforms like LinkedIn

  • Tools on our website that show which organisations are interested in our services

Our business marketing includes:

  • Sending newsletters, product updates, and invitations to webinars

  • Running webinars and online events to promote our services and engage with business contacts

  • Tracking website visits and phone calls to see which campaigns work for example, using call tracking tools that assign unique numbers to website visitors so we can see which marketing channel led to a call

  • Sending follow-up messages to people who've shown interest in our services, such as downloading a white paper or attending a webinar

We only send marketing messages if:

  • You've given permission

  • Or we have a good business reason (a 'legitimate interest') that respects your rights

We won't contact you if you've opted out or are listed on a preference service like the Corporate Telephone Preference Service.

We may keep your business contact details:

  • Up to 7 years after your company stops being a Benenden Health customer (to meet legal requirements, handle complaints, or keep records)

  • If your company doesn't become a Benenden Health customer, we keep your details for 3 years

To make our messages more relevant, we sometimes use automated systems that look at how you interact with us. Like if you open an email or click a link. This only affects the timing and content of messages, not any decisions about you.

If you don't want to receive these messages, or don't want us to use automated systems to tailor messages, you can opt out at any time, Just contact us using the details in the "How to contact us" section.

 

↑ Back to top

 

Artificial Intelligence (AI)

We use artificial intelligence (AI) technologies to support and enhance how we deliver our services. This includes the use of AI tools to assist employees in carrying out their roles more effectively and to improve the experience of our customers and members.

Here's how we use AI:

  • Supporting customer and member services
    To respond to enquiries, provide information, and handle requests more efficiently.

  • Improving customer service and interactions
    To better understand customer needs, improve response times, and enhance the quality and consistency of communications.

  • Improving accessibility
    To support accessibility features such as transcriptions, captions, and other tools that make our services more inclusive.

  • Helping employees work more efficiently
    To assist with routine tasks, drafting, summarising information, and organising work.

  • Support reporting, analysis, and service improvement
    To analyse information, identify trends, and generate insights to improve our services.

  • Keeping systems and information secure
    To detect and prevent security threats and protect our systems, data and users.

Where AI involves the processing of personal data, we ensure it is handled in accordance with applicable data protection laws. This may include information you provide to us, records of your interactions with us, and technical or usage data.

We rely on lawful bases such as legitimate interests, contract and legal obligations depending on the context of processing. For more information, please refer to the relevant section of this notice.

We apply appropriate technical and organisational safeguards when using AI, including data minimisation, access controls, testing, and human oversight of outputs where necessary. We also take steps to monitor and reduce the risk of bias and to ensure AI is used in a fair and responsible way.

We do not use AI to make solely automated decisions about your membership, the services you receive, or any decisions that would have legal or similarly significant effects on you.

Where we use third-party AI providers, we ensure appropriate contractual, security and data protection safeguards are in place.

 

↑ Back to top

 

How long we keep your personal information

We only keep your personal information for as long as we need it. How long that is depends on what the information is and why we collected it.

Here are some examples:

  • Membership records - up to 8 years after your membership ends (for legal and audit requirements)

  • Complaint records – 7 years after they're resolved (to meet regulatory obligations)

  • Payments and refunds - 6 years after the financial year ends (as required by HMRC)

  • Survey responses and prize draw entries - up to 2 years

  • Call recordings and chat transcripts - 3 years (for training, quality checks and complaints)

  • Online community account – 6 months after your membership ends

Sometimes we turn your data into anonymous statistics so it can’t be linked back to you. This lets us improve our services without keeping your personal information.

 

↑ Back to top

 

Your rights

You have rights under data protection law that give you more control over how we use your personal information. To protect your privacy, we may need to check your identity when you call or chat to us online before we can help.

Here's what you can ask us to do:

See your information
You can ask for a copy of the personal information we hold about you. This is called a subject access request. We'll tell you:

  • What we have

  • Why we have it

  • Who we've shared it with

  • Where we got it from

Correct your information
If your information is wrong, out of date, or incomplete, you can ask us to fix it. You can also update your contact details through My Benenden or our app.

Ask us to stop using your information
You can object if we’re using your information for:

  • Direct marketing

  • Automated decision making and profiling

  • A business reason (called a "legitimate interest")

Limit how we use your information
You can ask us to only use your information for certain things, like legal claims. You can do this if:

  • The information is wrong

  • It's been used in the wrong way, but you don't want it deleted

  • We don't need it anymore, but you want us to keep it for legal reasons

  • You've asked us to stop using it and we’re still reviewing your request

Delete your information
You can ask us to delete your personal information. Sometimes we can’t delete it straight away because we need to keep it to meet legal or regulatory requirements. We’ll let you know if we’ve deleted it or explain why we can’t.

Get your information in a portable format
You can ask for a copy of your personal information in a format that’s easy to reuse. You can also ask us to send it directly to another organisation.

 

↑ Back to top

 

How to contact us

If you have any questions about this privacy notice or want to use any of your rights, you can contact our Data Protection Officer (DPO).

  • Email: protection@benenden.co.uk

  • Post: Data Protection Officer, The Benenden Healthcare Society Ltd, Holgate Park Drive, York, YO26 4GG

  • Phone: 0300 304 5700 (Monday to Friday)

When you get in touch, we may need to check who you are. This helps keep your information safe and stops anyone else from accessing it. If we can’t confirm who you are, we might ask for more proof before we can help.

If your question is about a payment, we'll need to speak to the person who owns the bank account.

 

↑ Back to top

 

Complaints

If you're worried about how we've handled your personal information, please contact our DPO first. We'll do our best to help.

You can also complain to the Information Commissioner's Office (ICO), the UK's data protection regulator:

 

↑ Back to top

 

Changes to this Privacy Notice

We regularly check and update this privacy notice.

If we make changes, we'll:

  • Publish the new version on the Benenden Health website and notify users on our Online Community platform.

  • Let you know about the changes in our usual member and customers messages

You can also ask us for a copy of the latest version using the contact details in the How to contact us section above.

Freedom of Information

Benenden Health and its subsidiaries are not covered by the Freedom of Information Act because we're not a public authority.