Privacy Notice

Healthcare Protection is a registered trademark and trading name of MPSUW Limited (a company registered in England with company number 11600166 at Level 19, The Shard, 32 London Bridge Street, London, SE1 9SG, UK and in Hong Kong as a non-Hong Kong company with registration number F28811 at 5/F, Sun House, 181 Des Voeux Road, Central, Hong Kong). Healthcare Protection makes decisions about how your personal information is handled in connection with the Healthcare Protection websites, in relation to actual/potential policies and individuals connected with policyholders.

• Through your use of our websites, you provide us with information such as your IP address and information that you enter into contact and other online forms.
• When your organisation requests an insurance policy from Healthcare Protection, we ask them to provide us with information that we require to consider their application, which may include information about you.
• Through our provision of services, eg through any correspondence and transactions between us and your organisation, as well as when they contact us in relation to their policy (please note that we may record or monitor our calls for compliance and quality control purposes), or use any of the services that we provide.
• From other third parties:
  • where your organisation requests an insurance policy or is a policyholder, we may receive information about you from other insurance companies, professional defence organisations and other third parties who provide us with details of your professional practice and career history
• where you are involved in a claim (whether involved from your work for a policyholder, or as a claimant, complainant, or co-defendant, for example), we may receive information about you from a policyholder, complainant, claimant, witness, expert, court, regulator, law firm or professional regulatory body who is involved in the claim

• we may receive personal information from affiliates, partners and service providers who work with us in the provision of our services to you

• Through cookies – we use a variety of cookies to perform different functions, including to welcome you back when you return to the website, helping us to provide a better, faster, and safer browsing experience and tracking your usage of our websites. More information relating to cookies can be found here.

Website Users: If you use our websites, we will normally only collect your IP address, information collected by our cookies, and information that you otherwise provide to us in making use of website functionality (eg contact forms).

If you work for a potential or actual policyholder: If your organisation applies to us for an insurance policy, is a policyholder or if otherwise we provide services to your organisation, we may collect the following information

• your name, title, address, e-mail address, telephone, and fax number(s)
• information related to your occupation, such as details of your specialty, professional practice and career history
• details relating to any relevant claims, complaints or other matters in which you are named, including from claimants, complainants or co-defendants, witnesses, experts, lawyers, or advisors
• any other information provided to us for our operational or business purposes, or which we require to provide a policyholder with Healthcare Protection’s services

We may also collect information that you provide to us to enable us to appropriately support you when you engage with us on behalf of the entity you work for. This may include special category data, such as health data. Where you provide your special category data to us, we will only process it with your consent.

We process personal information about you on the basis that it is: 

• in our or a third party's legitimate interests – details of those legitimate interests are set out in more detail below.
• where we are required to do so, or it is otherwise permitted by law

The legitimate interests for which we process personal information are:

• where you use our websites – responding to any requests that you make via our websites and to analyse use of our websites and improve the content and function of our websites.
• if you are named in an insurance application – to assess the application and any future applications that are made by your organisation, and to communicate with them about it and the benefits of the insurance cover we offer
• if you work for a policyholder:
• the administration, arranging and underwriting of insurance to administer our business and our third-party providers
• education, research, and audit (eg to consider trends in complaints and claims to better understand the management of clinical risk)
• for the purposes of the insurance renewal whilst an insurance policy continues
• if you are a claimant, complainant or co-defendant, witness or other person connected to a claim or complaint against a policyholder, to provide our services to the policyholder (including to assess the claim or complaint)
• generally:
• to market the Healthcare Protection insurance policy
• to protect our rights, privacy, safety or property, or those of other persons
• to comply with laws and regulations that apply to us and the third parties with whom we work, and to exercise our rights and defend ourselves from claims
• to participate in, or be the subject of, any sale, merger, or acquisition, or all or part of Healthcare Protection’s business

Where we process special category data, we do so on the legal basis of consent. Consent may be withdrawn by contacting us.

The cookies store information about our visitors. This means that on future visits to our websites, we can identify past visitors and welcome them back, helping us to provide a better, faster, and safer browsing experience.

We may access cookies stored on your computer when you visit our websites in future. We are able to do this by including web beacons (also known as clear GIFS or web bugs) in our emails. Our web beacons do not store additional information on your computer but, by communicating with our cookies on your computer, they can tell us when you have opened emails from us and what pages you look at.

For example, we use cookies to identify which country website you last visited, so that on subsequent visits, you are redirected back to that website to aid your navigation. In this case without cookies, you would be asked to select the country website you wish to visit upon each visit to one of our global landing pages.

You may opt-in, opt-out, or adjust your cookie preferences by selecting the appropriate settings on your browser. The cookies we use can be categorised as follows:

• Strictly Necessary Cookies
  These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personal data.

• Functional Cookies
  These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

• Targeting Cookies
  These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal data, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

• Performance Cookies
  These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
   
• Social Media CookiesThese cookies are set by a range of social media services that we have added to our site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
  
  Note that cookies stay on your device(s) for differing amounts of time, depending on whether it is a “persistent” or “session” cookie:

• Persistent cookies: These cookies are used to remember your preferences on the website, to analyse user behaviour to establish patterns of usage and preferences, and to improve functionality of the website. They remain on your computer or device until they expire or they are deleted by you. They persist even after you close the browser and restart your computer.

• Session cookies: These cookies are used to remember your activity during the course of the current website visit. They are temporary and only stay on your computer or device only until you stop the current browsing session.

For further details on the specific cookies we use, including their categorisation, whether they are persistent or session cookies and the purposes for which we use them, please click here.

If you want to delete any cookies that are already on your computer, you can find out more at AboutCookies.org.

Alternatively, please refer to the instructions for your file management software to locate the file or directory that stores cookies. If you want to stop cookies being stored on your computer in future, please refer to your browser manufacturer’s instructions by clicking “Help” in your browser menu. Further information on deleting or controlling cookies is available at AboutCookies.org.

When you visit our websites, we may also log your IP address, a unique identifier for your computer or other access device.

• other members of the Healthcare Protection Group
• your employer (including in relation to your special category data, where you have provided it)
• other insurance companies and professional defence organisations
• our insurers
• third party suppliers who help us deliver services or who provide services to us (eg managing agents, insurers, brokers, advisors, translators, system and cloud hosting service providers).
• third parties, including the police and other law enforcement agencies in the exercise of their functions, where we have a duty to or are required by law or a court order to disclose your personal information 
• where applicable, potential buyers of all or part of the Healthcare Protection Group’s business

Where we share personal information, appropriate protections will be in place as required by data protection laws.

The rules on data protection vary from country to country. We have set out below the names of the data protection laws in the primary jurisdictions in which we provide services, along with additional information about cross-border transfers that are relevant to individuals located in those countries.

• Hong Kong - The Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (“Ordinance”). For the purposes of Hong Kong law and the Ordinance, if you work for a policyholder in Hong Kong then your consent to the use of your personal information is confirmed as part of the policyholder's application. This consent also governs the use of your personal information if a policy is issued.
• Ireland - The General Data Protection Regulation (EU) 2016/679. Healthcare Protection may transfer your information outside of the European Economic Area (“EEA”) in accordance with applicable data protection laws. Not all countries outside of the EEA have data protection laws that are similar to those in the EEA, and they may not be regarded by the European Commission as providing an adequate level of data protection. Where this is the case, Healthcare Protection puts in place additional safeguards in accordance with applicable law.
• South Africa - The Protection of Personal Information Act 4 of 2013 (“POPIA”). For the purposes of South African law and POPIA, if you work for a policyholder in South Africa then your consent to the use of your personal information is obtained as part of the policyholder's application. This consent also governs the use of your personal information if a policy is issued.
• The UK - The UK Data Protection Act 2018 (and the UK GDPR (as defined in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018). Healthcare Protection may transfer your information outside of the UK in accordance with UK data protection law. Not all countries outside of the UK have data protection laws that are similar to those in the UK and they may not be regarded by the Information Commissioner's Office as providing an adequate level of data protection. Where this is the case, Healthcare Protection puts in place additional safeguards in accordance with UK law.

We set out below the general retention periods that apply to the personal information we hold. These periods may sometimes be extended where recommended by a regulator, prescribed by law, or required for us to exercise our rights or defend ourselves from claims.

For example, if you make a claim against us or we are subject to a litigation hold request, we will retain information until that claim has been fully settled or hold request been satisfied and any relevant limitation periods have expired.

• If you are a visitor to our websites, we retain this information whilst you are viewing our websites and for a reasonable period afterwards, taking into account the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements.
• If you are named in an application for insurance, we retain your information for a period of six years after an application for a policy is rejected by us or withdrawn by you.
• If you work for, or previously worked for a policyholder, we retain your information during the policy term and for a period of six years after it terminates. This is because, under the terms of the insurance policy issued by Healthcare Protection, even after the insurance policy is terminated, the policyholder may still retain the right to request assistance with matters that occurred and were notified to us during the policy period.

• The right to obtain a copy of any of your personal information that we hold
• The right to request that we correct any of your personal information
• The right to request that we delete your personal information
• The right to request a restriction is placed on the processing of your personal information
• The right to object to the processing of your personal information, including the right to object to marketing
• The right to ask for personal information you have made available to us to be transferred to you or a third party in machine-readable formats
• The right to withdraw any consent you have given us to the processing of your personal information
• The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly significantly affects you.

These rights are not absolute – they do not always apply, and exemptions may be engaged. Please note that, before we can provide you with any information or correct any inaccuracies, we may ask you to verify your identity and to provide other details to help us identify you and respond to your request. If we do not comply with your request, we will explain why.

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113
Web: https://ico.org.uk/concerns