Health Services privacy policy

This Privacy Policy tells you what data we collect, why we collect it and what we do with it. You can also find information on the controls you have to manage your data within these pages.

 

Health Services division of AXA PPP healthcare

We are the dedicated Health Services division of AXA PPP healthcare.  The Health Services division is made up of 2 legal entities;

AXA ICAS Limited

  • Psychological Services
  • Proactive Health
  • ActivePlus

AXA ICAS Occupational Health Services

  • Occupational Health Services
  • Musculoskeletal Services

You have been directed to this notice either from a consent form, documentation you have received, an online service you have accessed, or by an AXA employee you have spoken to. This notice shall set out details about how Health Services process your personal information; It is the data controller of your personal information who is responsible for complying with the Data Protection Act 2018. For the purposes of this Privacy Policy, references to “we” or “us” shall refer to Health Services division of AXA PPP Healthcare. From time to time we may need to make changes to this privacy policy, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally. You should check this page periodically to view our most up to date version of our privacy policy.  

  

1. Our Privacy Principles

When we collect and use your personal information, we ensure we look after it properly and use it in accordance with our privacy principles set out below, keep it safe and will never sell it.

  1. Personal information you provide is processed fairly, lawfully and in a transparent manner
  2. Personal information you provide is collected for a specific purpose and is not processed in a way which is incompatible with the purpose which AXA collected it
  3. Your personal information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
  4. Your personal information is kept accurate and, where necessary kept up to date
  5. Your personal information is kept no longer than is necessary for the purposes for which the personal information is processed 
  6. We will take appropriate steps to keep your personal information secure
  7. Your personal information is processed in accordance with your rights
  8. We will only transfer your personal information to another country or an international organisation outside the European Economic Area where we have taken the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards
  9. AXA UK and AXA Group companies do not sell your personal information and we also do not permit the selling of customer data by any companies who provide a service to us
  10. We endeavour to be transparent and clear with the way we use your personal information

 

2. How do we collect your personal information?

Whilst there are a number of ways in which we collect your personal information, the two main ways we might collect personal information about you are from things you tell us yourself either over the telephone, and from things we ask other people or organisations to share with us. Things you tell us could include conversations we have on the phone or face to face. We might also collect information about you from other people and organisations, such as your employer, AXA PPP healthcare, medical professionals (for example your GP), a treating specialist or physiotherapist in the form of a medical report. 

 

3. What personal information do we collect and how do we use it?

We might collect personal information, such as your contact details and medical information. Please note, in certain circumstances we may need to process a large volume of medical information in order to provide the service to you or a third party for example your employer.  The information may be very sensitive and confidential in nature. Where we provide services on behalf of your employer we will not share information without your consent. We mainly use your personal information to provide you with health-related services.

You will find a non-exhaustive list of the legal grounds we rely on for each use of your personal information below.

Psychological and Musculoskeletal Services

We will process your personal information to provide psychological and musculoskeletal services. 

If you are accessing psychological services (Stronger Minds) or musculoskeletal services (Working Body) under your private medical insurance policy (or your employer’s policy if you receive this service as a benefit), we will process your personal information to deliver these services. 

The delivery of these services may include processing medical information for the purpose of assessing, medical diagnosis, and provision of health care or treatment. 

Occupational Health

Your employer may instruct us to carry out health related services on health and safety grounds. This is done for the purposes of preventative or occupational medicine. 

We will always seek your consent to process your information, undertake health-related assessments and to share your information with third parties for example your employer for occupational health purposes or a healthcare professional involved in your care for our other services. Our consent processes are based on the General Medical Council (GMC) Confidentiality Guidance and the Faculty of Occupational Medicine’s Ethical Guidance, as well as relevant laws such as the Access to Medical Reports Act 1988 (where applicable).

ActivePlus

We may process your information to provide you with gym membership or to supply you with our products.

Note: as with all provisions of health-related services, there would be other legal grounds used to process your information, for example:

  • To protect your vital interest or that of someone else
  • Within the context of a dispute or legal claim
  • Compliance with a legal obligation to which we are subject 
Detail Section 3 – How does Health Services use your information for Management Information purposes?

We use your personal information to help us understand our business and monitor our performance. We may provide reports to your employer, or a parent company, for example about service utilisation and the health of the workforce. The information we provide is anonymised which means you cannot be identified from the information. We may also use your personal information for customer satisfaction surveys and where possible, we will anonymise such information. However, sometimes we may need to use your personal information to do this and where we do, we will obtain your consent beforehand. 

  

4. Who do we share your personal information with?

Who might we disclose your personal information to?

Disclosures within our group

In order to provide our services your personal information is shared with other companies in the AXA Group for our general business administration purposes. We will never share your personal information for marketing purposes.

Disclosures to third parties

We also disclose your information to the third parties listed below for the purposes described in this Privacy Policy. This might include:

  • Your relatives, guardians (on your behalf where you are incapacitated or unable) or other people or organisations connected to you
  • Your current, past or prospective employers
  • Your medical, social and welfare advisers or practitioners
  • Our third-party services providers such as IT suppliers, auditors, lawyers
  • Professional regulatory bodies for example the General Medical Council (GMC), the Nursing and Midwifery Council (NMC)
  • The police, health and social care practitioners for the purposes of safeguarding (Health and Social Care Act 2012, Article 13, 2 (d))
  • Information Commissioners Office (ICO) UK, Office of the Information Commissioner (OIC) Jersey

Disclosure of your personal information to a third party outside of the AXA Group will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them.

Disclosure of your personal information to a third party outside of the AXA Group will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them. Some of the recipients set out above may be in countries outside of the EEA notably in (i) Switzerland, where AXA has a European Data Centre, and (ii) India, where some administration is undertaken. Where we make a transfer of your personal information outside of the EEA we will take the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring personal information to under contractual obligations to protect it to adequate standards. Occasionally there may also be some circumstances where we are required to transfer your personal information outside of the EEA and we shall rely on the basis of processing it for being necessary for the performance of your contract; for example, where you have a travel insurance policy and we need to contact you when you are on holiday.

 

5. How long do we keep records for?

In most cases, we only keep your information for as long as the regulations say we have to. This is usually between three and six years after our relationship with you ends but it will vary depending on what data we hold, why we hold it and what we’re obliged to do by the regulator or the law. Please note that for OH Health Surveillance we keep these records for 40 or 50 years as required by law. 

We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. The time period we retain your personal information for will differ depending on the nature of the personal information and what we do with it.  How long we keep personal information is primarily determined by our regulatory obligations.  

 

6. Your Rights

You can ask us to do various things with your personal information. For example, at any time you can ask us for a copy of your personal information, ask us to correct mistakes, change the way we use your information, or even delete it. We’ll either do what you’ve asked, or explain why we can’t - usually because of a legal or regulatory issue.

Your Rights

You have a number of rights in relation to our use of your personal information;

The right to access your personal information 

You are entitled to a copy of the personal information we hold about you and certain details of how we use it.  There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.

The right to rectification

We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us and you can ask us to update or amend it. 

The right to erasure:

In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors, for example according to the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.  

Right to restriction of processing:

In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.  

Right to data portability:

In certain circumstances, for example occupational health, you have the right to ask that we do not transfer any personal information that we hold to another occupational health third party. For any personal information that is transferred a new occupational health provider, they will be responsible for looking after your personal information.

Right to object to direct marketing:

We will never use your personal information to contact you for marketing purposes. 

Right not to be subject to automated-decision making:

Some of our decisions are made automatically by inputting your personal information into a system or computer and the decision is calculated using certain automatic processes rather than our employees making those decisions.  We make automated decisions for some online Occupational Health assessments, for example a pre-placement health questionnaire for a new starter, a night worker health assessment or a periodic health assessment. These questionnaires contain specific sets of health questions that are used to assess an employee’s health and identify any potential risks in relation to their job role. Where the responses show that there are no health risks to the employee, the employee and employer are automatically informed that the assessment has been completed. Where health risks are identified the online Occupational Health Assessment system will notify the employee that an occupational health clinician will contact them to undertake a more detailed health assessment in relation to their job role. You have a right not to be subject to automated decision-making in the circumstances described above.

The right to withdraw consent:

For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. 

The right to lodge a complaint

You have a right to complain to the ICO at any time if you object to the way in which we use your personal information. More information can be found on the following;

You can make any of the requests set out above by using the contact details you have been provided with for our services or alternatively as set out in section 7.  Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we can't comply with your request, we will tell you why.

 

7. Contact Details of the Data Protection Officer

If you wish to contact the Data Protection Officer the details are below:

Health Services division of AXA PPP healthcare

The Data Protection Officer :
AXA PPP healthcare
AXIS House
23 St Leonards Road
Eastbourne
BN21 3PX                

email address: dataprotectionofficer@axa-icas.com  

 

8. Contact Details for AXA 

AXA ICAS Limited 

AXA ICAS Limited trading as a division of AXA PPP healthcare, is a private limited company incorporated in England and Wales with company number 02548573 and whose registered office is at 5 Old Broad Street London EC2N 1AD

AXA ICAS Occupational Health Services Limited 

AXA ICAS Occupational Health Services Limited trading as a division of AXA PPP healthcare, is a private limited company incorporated in England and Wales with company number 01336017 and whose registered office is at 5 Old Broad Street London EC2N 1AD

AXA Group

Wherever the name “AXA” is used on the Website, this implies one or more of the following companies within the AXA Group of companies, which may offer products or services on the Website. Further details can be found on the respective companies’ websites.

AXA PPP healthcare Limited

Trading as AXA PPP healthcare, a private limited company incorporated in England and Wales with company number 03148119 and whose registered office is at 5 Old Broad Street London EC2N 1AD

AXA UK plc

Registered Company Number: 02937724

Registered Office: 5 Old Broad Street London EC2N 1AD

 

9. Health Services data privacy declaration

Your personal information can help us give you a better, more personalised service. But looking after that data is a big responsibility. We take our responsibilities seriously, so we’ve introduced internationally-recognised data privacy rules to protect you. We keep your data safe, confidential and will never sell it. And, if you ask us to, we’ll tell you exactly what information we have so you can be sure it’s up-to-date and accurate. Our Commitment to Safeguard Personal information

We know that respecting the confidentiality of personal information is critical to preserving your trust and therefore have developed security procedures and we use a range of organisational and technical security measures designed to protect your personal information from unauthorized use or disclosure. We will always seek your consent to process your information, undertake health-related assessments and to share your information with third parties for example your employer for occupational health purposes or a healthcare professional involved in your care for our other services.