Customer privacy notice
Why should you read this document?
Medisurance Ltd (“Medisurance”) is committed to protecting the privacy of its clients. During the course of dealing with us, we will ask you to provide us with detailed personal information relating to your existing circumstances (“Personal Data”) and, in some cases your health and family health history (“Special Category Data”). This document is important as it allows us to explain to you how we will use, store and protect your data, and the various rights you have in relation to this.
What do we mean by “Personal Data”?
Personal Data means any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, for example your name, address, date of birth, National Insurance number or indirectly, for example, your employment situation, your physical and mental health history, or any other information that could be associated with your cultural or social identity.
In order to assist you with your requirements we will be required to obtain information and documentation regarding your current and historic health status, including any pre-existing insurance products and the terms and conditions relating to those.
What do we mean by “Special Category Data”?
Where you ask us to assist you with your insurance requirements, we will ask you information about your health, medical history and ethnic origin. We will need to record and use this Special Category Data in order to make enquiries to insurance providers in relation to insurance products that may meet your needs, and to provide you with advice and guidance regarding the suitability of any product that may be available to you. Where applicable we are required to obtain your explicit consent to use this type of data and you can do this by signing our privacy notice. You do not have to consent to Medisurance using this information but if you do not consent (or you withdraw your consent, which you are entitled to do) we are unlikely to be able to provide our services where we need to rely on such information.
The basis upon which Medisurance will deal with your Personal Data
When we speak with you about your Insurance requirements we do so on the basis that both parties are entering a contract for the supply of services.
In order to perform that contract and to arrange the products you require we have the right to use your Personal Data for the purposes detailed in the client agreement.
Additionally, either in the course of initial discussions with you or when the contract between us has come to an end for whatever reason, we have the right to use your Personal Data provided it is in our legitimate business interest to do so and your rights are not affected. For example, we may need to respond to requests from insurance providers and our Compliance Service Provider relating to the advice we have given to you, or to make contact with you to seek feedback on the service you received.
On occasion, we will use your Personal Data due to the legal responsibilities that we may owe our regulator, the Financial Conduct Authority, or for wider compliance with any legal or regulatory obligation to which we might be subject. In such circumstances, we would be processing your Personal Data in order to meet a legal, compliance or other regulatory obligation to which we are subject.
Your data will not be used to either cross sell or direct market to you or any of our clients.
Relatives and Associates Personal Data
When Medisurance gathers your personal data, we may also need to obtain information regarding additional family members. The ongoing processing of their personal and special category data will also require their consent. Without this we will not be able to obtain insurance quotes or cover in their names. We therefore require a signed privacy notice from any spouse or partner to be included on the cover, as well as any children over the age of 16. For children under the age of 16 we can accept a privacy notice signed by the parent on their behalf. We would like to point out that children over the age of 13 are able to provide their own consent and have the same rights as adults over their personal data, so if you are signing on their behalf it is important that you make them aware of these rights.
How do we collect your Personal Data?
We will collect and record your Personal Data from a variety of sources, but mainly directly from you. You will usually provide information during the course of our initial meetings or conversations with you to establish your circumstances, needs and preferences in relation to any Insurance. You will provide information to us verbally and in writing, including email.
What happens to your Personal Data when it is disclosed to us?
In the course of handling your Personal Data, we will record and store your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drives, and cloud facilities). This information can only be accessed by employees and consultants within our Firm and only when it is necessary to provide our services to submit and correspond with Insurance Product providers, both in paper form and on-line via a secure portal. The provision of this information to a third party is essential in allowing us to progress any enquiry or application made on your behalf and to deal with any additional questions or administrative issues that providers may raise.
Sharing your Personal Data
Your Personal Data will be shared with insurance providers and ad hoc third parties such as compliance advisers, product specialists, legal services and IT providers. In each case, your Personal Data will only be shared for the purposes set out in this customer privacy notice, i.e. to progress your Insurance enquiry and to provide you with our professional service.
Please note that this sharing of your Personal Data does not entitle such third parties to send you marketing or promotional messages: it is shared to ensure we can adequately fulfil our responsibilities to you, and as otherwise set out in this Privacy Notice.
We do not envisage that the performance by us of our service will involve your Personal Data being transferred outside of the European Economic Area.
Security and retention of your Personal Data
Your privacy is important to us and we will keep your Personal Data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard your Personal Data against it being accessed unlawfully or maliciously by a third party.
We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.
Your Personal Data will be retained by us either electronically or in paper format for a minimum of six years following the termination of the contract, or in instances whereby we have legal right to such information we will retain records indefinitely.
If for what ever reason your quote does not go ahead we will hold you data for 12 months, and after this period it will be deleted from our systems.
Your rights in relation to your Personal Data
Your rights have been enhanced and updated to ensure you have more control over the data that Medisurance holds. You can request copies of your Personal Data that we hold, ask us to further explain how we use your Personal Data, ask us to correct, delete or require us to restrict or stop using your Personal Data (if permissible), ask us to send an electronic copy of your Personal Data to another organisation and change the basis of any consent you may have provided to enable us to market to you in the future (including withdrawing any consent). Please contact us direct for further information.
How to make contact with our Firm in relation to the use of your Personal Data
If you have any questions or comments about this document, or wish to make contact in order to exercise any of your rights set out within it please contact the Data Protection Officer at Medisurance Ltd via the contact details on the header. If we feel we have a legal right not to deal with your request, or to action it in different way to how you have requested, we will inform you of this at the time.
If you have any concerns or complaints as to how we have handled your Personal Data you may lodge a complaint with the UK's data protection regulator, the ICO, who can be contacted through their website at or by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF