This privacy notice applies to individuals who are named in or whose personal data we hold in relation to potential and actual policies issued by Healthcare Protection, as well as to our website visitors and those whose information we may obtain during
the course of complying with our obligations to policyholders. For example, we may have information about you if you are involved in a claim or complaint against a Healthcare Protection policyholder.
In this privacy notice, references to "we" or "us" or “our” and “Healthcare Protection” are to MPSUW Limited and its affiliates (together, the “Healthcare Protection Group”). Company contact details and information
about which companies make decisions about how your personal information is handled are as follows:
MPSUW Limited (a company registered in England with company number 11600166 at Level 19, The Shard, 32 London Bridge Street, London, SE1 9SG) makes decisions about how your personal information is handled
in connection with the Healthcare Protection websites, in relation to actual/potential policies and individuals connected with policyholders.
The Medical Protection Society Limited (“MPS”, a company registered in England with company number 0036142 at Level 19, The Shard, 32 London Bridge Street, London, SE1 9SG) provides claims handling services for Healthcare Protection and
makes decisions about how personal information is handled in connection with the Healthcare Protection claims. For further information about how MPS collects, handles, stores, processes, and protects personal information, please see the
MPS Privacy Notice.
This means that Healthcare Protection is a “controller” of your information in accordance with data protection laws.
We may collect information from you when you interact with us, for example, when you use our websites, your business applies for an insurance policy issued by Healthcare Protection or when you provide information in the course of dealing with us. We also
collect information about you from certain third parties (eg your employer, witnesses in a case, other insurance companies and professional defence organisations, etc.)
Website users may choose not to provide us with personal information.
If they do so, we may not be able to provide them with the full benefit of our services. Where this is the case, this will be made clear (eg because a form cannot be submitted, the website does not function or because we will tell them that this is
- Through your use of our websites, you provide us with information such as your IP address and information that you enter into contact and other online forms.
- When your organisation requests an insurance policy from Healthcare Protection, we ask them to provide us with information that we require to consider their application, which may include information about you.
- Through our provision of services, eg through any correspondence and transactions between us and your organisation, as well as when they contact us in relation to their policy (please note that we may record or monitor our calls for compliance
and quality control purposes), or use any of the services that we provide.
- From other third parties:
- where your organisation requests an insurance policy or is a policyholder, we may receive information about you from other insurance companies, professional defence organisations and other third parties who provide us with details of your
professional practice and career history
- where you are involved in a claim (whether involved from your work for a policyholder, or as a claimant, complainant, or co-defendant, for example), we may receive information about you from a policyholder, complainant, claimant,
witness, expert, court, regulator, law firm or professional regulatory body who is involved in the claim
- we may receive personal information from affiliates, partners and service providers who work with us in the provision of our services to you
- Through cookies – we use a variety of cookies to perform different functions, including to welcome you back when you return to the website, helping us to provide a better, faster, and safer browsing experience and tracking your usage of
our websites. More information relating to cookies can be found here.
During your use of our websites, your organisation’s application for insurance, our provision of services and/or your involvement in a complaint/claim, we will obtain information about you, where that information is relevant. The types of information
we collect depends on the circumstances.
Website Users: If you use our websites, we will normally only collect your IP address, information collected by our cookies, and information that you otherwise provide
to us in making use of website functionality (eg contact forms).
If you work for a potential or actual policyholder: If your organisation applies to us for an insurance policy, is a policyholder or if otherwise we provide services to your organisation,
we may collect the following information
- your name, title, address, e-mail address, telephone, and fax number(s)
- information related to your occupation, such as details of your specialty, professional practice and career history
- details relating to any relevant claims in which you are named, including from claimants, complainants or co-defendants, witnesses, experts, lawyers, or advisors
- details relating to any claims or complaints against you, including from claimants, complainants or co-defendants, witnesses, experts, lawyers, or advisors
- any other information provided to us for our operational or business purposes, or which we require to provide a policyholder with Healthcare Protection’s services
We use your personal information for the reasons set out in this privacy notice. Different legal bases for using your information apply depending on what category of personal information we process. We normally use personal information on the basis that
it is in our, or a third parties’, legitimate interests, or it is required or permitted by applicable law. Further information about these processing grounds is set out below.
We process personal information (other than Special Category Information) about you on the basis that it is:
- in our or a third party's legitimate interests – details of those legitimate interests are set out in more detail below.
- where we are required to do so, or it is otherwise permitted by law
The legitimate interests for which we process information are:
- where you use our websites – responding to any requests that you make via our websites and to analyse use of our websites and improve the content and function of our websites.
- if you are named in an insurance application – to assess the application and any future applications that are made by your organisation, and to communicate with them about it and the benefits of the insurance cover we offer
- if you work for a policyholder:
- the administration, arranging and underwriting of insurance to administer our business and our third-party providers
- education, research, and audit (eg to consider trends in complaints and claims to better understand the management of clinical risk)
- for the purposes of the insurance renewal whilst an insurance policy continues
- to market the Healthcare Protection insurance policy
- to protect our rights, privacy, safety or property, or those of other persons
- to comply with laws and regulations that apply to us and the third parties with whom we work, and to exercise our rights and defend ourselves from claims
- to participate in, or be the subject of, any sale, merger, or acquisition, or all or part of Healthcare Protection’s business
We may use your personal information to contact you about our products and services where we believe they may be of interest to you. We may deliver marketing communications to you by post or email.
We ask for your express consent to send
you marketing information by post or email. You can update your marketing preferences at any time by contacting us or following the unsubscribe links in the emails we send.
We may use information obtained about you from ‘cookies’ (text files which are sent to us by your computer, tablet, mobile phone, or other access device – referred to collectively as a “computer”) that we can access when
you visit our websites in the future. The ‘cookies’ store information about our visitors, which allows us to identify users and personalise the website wherever possible, providing a better, faster, and safer browsing experience.
We may access cookies stored on your computer when you visit our websites in future. We are able to do this by including web beacons (also known as clear GIFS or web bugs) in our emails. Our web beacons do not store additional
information on your computer, but by communicating with our cookies on your computer, they can tell us when you have opened emails from us and what pages you look at.
Without cookies, you would be asked to select the country website
you wish to visit upon each visit to our global landing page, www.healthcareprotection.org.
For a list of the cookies we use, please click here.
Full list of cookies:
- sf-trckngckie (statistics service)
- _utma (Google Analytics)
- _utmb (Google Analytics)
- _utmc (Google Analytics)
- _utmz (Google Analytics)
- region (to establish region)
- ssc (.addthis.com social share - records user sharing and social activity)
- uid (.addthis.com social share - uniquely assigned machine-generated user ID)
- uit (.addthis.com social share - uniquely assigned machine-generated user ID)
- _atuvc (.addthis.com social share - page share count)
- bt (.addthis.com social share - user interest modelling)
- bt2 (.addthis.com social share - user interest modelling)
- di2 (.addthis.com social share) - targeted advertising
- dt (.addthis.com social share - maintenance cookie – to manage expiration of other cookies)
- loc (.addthis.com social share - geolocation)
- um (.addthis.com social share – allows users to share content)
Alternatively, please refer to the instructions for your file management software to locate the file or directory that stores cookies. If you want to stop cookies being stored on your computer in the future, please refer to your browser manufacturer’s
instructions by clicking ‘Help’ in your browser menu. Further information on deleting or controlling cookies is available at AboutCookies.org.
Please note that by refusing or deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our websites and you may not be able to use the full functionality of our websites.
When you visit our websites, we may also log your IP address, a unique identifier for your computer or other access device.
website (including your IP address) will be transmitted to and stored by Google on its servers. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators
and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google
will not associate your IP address with any other data held by Google.
Healthcare Protection recognises the importance of protecting individuals’ personal data and the responsibility we have in ensuring the security of the data we hold. Healthcare Protection has robust technical and organisational information security
measures in place with guiding principles and responsibilities to protect the confidentiality, integrity, and availability of the data we hold.
We share your information within the Healthcare Protection Group with those we work with in the course of providing services to policyholders and others (eg an employer, trade union, other insurance companies and professional defence organisations) and
with others who help us provide services (eg brokers). We also share your information in accordance with the law. For more information on who we share your information with is listed below:
We share your information for the purposes set out in this privacy notice, with the following categories of recipients:
- other members of the Healthcare Protection Group
- our insurers
- third party suppliers who help us deliver services or who provide services to us (eg managing agents, insurers, brokers, advisors, translators, etc. (together, “Suppliers”))
- third parties, including the police and other law enforcement agencies in the exercise of their functions, where we have a duty to or are required by law or a court order to disclose your personal information
- where applicable, potential buyers of all or part of the Healthcare Protection Group’s business
Where we share your personal information, appropriate protections will be in place as required by data protection laws.
Healthcare Protection is an international organisation providing members with services in locations all around the world and dealing with international organisations (eg experts, law firms). We also use systems which may be hosted outside of your home
country. Some jurisdictions to which your personal information is transferred may not offer the same level of data protection as your home country.
We implement measures to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with data protection laws, often in contractual form. More information about these safeguards can
be obtained by contacting us.
Further information on the legislation relevant to the transfer of information in the jurisdictions that we service is available below.
Healthcare Protection deals with international organisations and uses global information systems. As a result, Healthcare Protection may transfer your personal information to countries outside of your home country for the purposes
time, but include the UK, Ireland, South Africa, and Hong Kong.
The rules on data protection vary from country to country. We have set out below the names of the data protection laws in the primary jurisdictions in which we provide services, along with additional information about cross-border transfers that are
relevant to members located in those countries.
- Hong Kong - The Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (“Ordinance”). For the purposes of Hong Kong law and the Ordinance, if you make an application for insurance with Healthcare
Protection, your consent to the use of your personal information is obtained as part of your application. This consent also governs the use of your personal information if cover is granted. The terms of your consent are confirmed, and may
be varied, as part of the renewal process.
- Ireland - The General Data Protection Regulation (EU) 2016/679. MPS may transfer your information outside of the European Economic Area (“EEA”) in accordance with applicable data protection laws. Not all countries
outside of the EEA have data protection laws that are similar to those in the EEA, and they may not be regarded by the European Commission as providing an adequate level of data protection. Where this is the case, MPS puts in place additional
safeguards in accordance with applicable law.
- South Africa - The Protection of Personal Information Act 4 of 2013 (“POPIA”). For the purposes of South African law and POPIA, if you make an application for insurance with Healthcare Protection, your consent
to the use of your personal information is obtained as part of your application. This consent also governs the use of your personal information if cover is granted. The terms of your consent are confirmed, and may be varied, as part of the
- The UK - The UK Data Protection Act 2018 (and the UK GDPR (as defined in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018). MPS may transfer your information outside of the UK in accordance with
UK data protection law. Not all countries outside of the UK have data protection laws that are similar to those in the UK, and they may not be regarded by the Information Commissioner’s Office as providing an adequate level of data protection.
Where this is the case, MPS puts in place additional safeguards in accordance with UK law.
We retain your information in accordance with time periods and criteria that reflect our reasonable needs to retain information.
We set out below the general retention periods that apply to the personal information we hold. These periods may sometimes be extended where recommended by a regulator, prescribed by law, or required for us to exercise our
rights or defend ourselves from claims.
For example, if you make a claim against us or we are subject to a litigation hold request, we will retain information until that claim has been fully settled or hold request been satisfied and any relevant limitation periods have expired.
- If you are a visitor to our websites, we retain this information whilst you are viewing our websites and for a reasonable period afterwards, taking into account the amount, nature, and sensitivity of the information, the potential risk of harm
from unauthorised use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements.
- If you are named in an application for insurance, we retain your information for a period of six years after an application for a policy is rejected by us or withdrawn by you.
- If you work for, or previously worked for a policyholder, we retain your information during the policy term and for a period of six years after it terminates. This is because, under the terms of the insurance policy issued by Healthcare Protection,
even after the insurance policy is terminated, the policyholder may still retain the right to request assistance with matters that occurred and were notified to us during the policy period.
You have legal rights to access your information and to ask us to rectify, erase, and restrict use of your information. You also have the right to object to the use of your information (including for marketing purposes), to ask for the transfer of information
you have made available to us, and to withdraw consent to the use of your information.
- The right to obtain a copy of any of your personal information that we hold
- The right to request that we correct any of your personal information
- The right to request that we delete your personal information
- The right to request a restriction is placed on the processing of your personal information
- The right to object to the processing of your personal information, including the right to object to marketing
- The right to ask for personal information you have made available to us to be transferred to you or a third party in machine-readable formats
- The right to withdraw any consent you have given us to the processing of your personal information
These rights are not absolute – they do not always apply, and exemptions may be engaged. Please note that, before we can provide you with any information or correct any inaccuracies, we may ask you to verify your identity and to provide other
details to help us identify you and respond to your request. If we do not comply with your request, we will explain why.
You may contact our Data Protection Officer with any comments, complaints, or suggestions in relation to the way we handle personal information. You have the right to complain to your local regulator if you are not satisfied with how we handle your personal
If you have any questions about the way we use your information, if you wish to exercise any of your legal rights in respect of, or if you have complaints about, the use of your information please contact Healthcare Protection’s
Data Protection Officer at: DPO@medicalprotection.org or at Data Protection Officer, Healthcare Protection, Level 19, The Shard, 32 London Bridge Street, London SE1 9SG.
In the UK, you have the right to lodge a complaint with the Information Commissioner. You can contact the Information Commissioner at:
Information Commissioner's Office
Tel: 0303 123 1113
Updating this privacy notice
As we strive for continuous improvement in our services and processes, we will update this privacy notice from time to time to reflect our business activities and will show the latest version of it on our website. We will provide you with notice of any
significant updates in accordance with data protection laws.
Last updated: January 2022