1. General

Sovereign Health Care, Sovereign Health and Insurance Services Limited together with any group companies (“we” “us” “our”) are committed to protecting and respecting your privacy. For the purposes of data protection legislation, we are the data controller and we will process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 as incorporated unto UK domestic law, the Privacy and Electronic Communications Regulations 2003, and other national laws which relate to the processing of personal data. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

2. Visitors to our website and secure customer area (‘Portal’)

2.1 We may collect and process personal data about you in the following circumstances:

2.1.1 when you complete forms on our website or portal. This includes information such as your name, address, date of birth, telephone numbers, email address, employer, employment and bank account details which is provided at the time of applying for our products, registering to use our portal or subscribing to our e-newsletter;
2.1.2 whenever you provide information to us when reporting a problem with our website or portal, making a complaint, making an enquiry or contacting us for any other reason. If you contact us, we may keep a record of that correspondence;
2.1.3 where you update or amend your policy details including changes to the personal data we hold about you and upload claims information via the portal;
2.1.4 details of your visits to our website or portal including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access (see section 2.2.2 on Cookies below); and
2.1.5 whenever you disclose your information to us, or we collect information from you in any other way, through our website or portal.

2.2 We may also collect data in the following ways:

IP Address
2.2.1 We may collect information about your device, including where available your Internet Protocol address, for reasons of fraud protection. We may also collect information about your device’s operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

Cookies
2.2.2 Our website and portal use cookies to distinguish you from other users of our website and portal. This helps us to provide you with a good experience when you browse or use our website and portal and also allows us to improve both our website and portal. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

2.3 We may use your personal data for our legitimate interests in order to:

2.3.1 provide you with information, or services that you requested from us;
2.3.2 update our records and accounts;
2.3.3 allow you to participate in interactive features of our website and portal, when you choose to do so;
2.3.4 ensure that content from our website and portal is presented in the most effective manner for you and for your device;
2.3.5 improve our website, portal and services;
2.3.6 process and deal with any complaints or enquiries made by you; and
2.3.7 contact you for marketing purposes where you have signed up for these (see section 6 for further details).

Website Links
Our website and portal may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. When you leave our website or portal, we encourage you to read the privacy notice/policy of every website you visit.

3. Individual customers

3.1 We will collect details about you and your dependent children if applicable. Details may include your name, address, date of birth, telephone numbers, email address, employer, employment and bank account details when you make an application, submit a claim or update your personal details by post, telephone, email or via our website or portal. We will use this information to set up and manage your policy, take payment for premiums payable for your policy and to comply with our contractual obligations.

3.2 In order to perform our contract with you, we may also need to share personal data with third parties such as:

3.2.1 a product/service provider where your policy or an element of your policy is underwritten or provided by a third party;
3.2.2 employers, in order to administer company paid policies and to manage invoices and payroll deductions;
3.2.3 IT service and platform providers who helps us run our business;
3.2.4 mailing houses to fulfil customer communications or data specialists who help us analyse our customer data; and
3.2.5 authorised third parties to access and amend your policy where you have provided us with your consent to do so.

3.3 With your consent we will:

3.3.1 process health related data submitted to us to support any claims you make; and
3.3.2 where necessary, request a medical report from a GP or health care provider/practitioner to verify claims.

3.4 We may share your personal data with the Financial Ombudsman Service if you make a complaint about our services.

3.5 We may also advertise your feedback on our website and marketing materials (subject to obtaining your prior consent where necessary).

3.6 Ask you to participate on surveys (this is voluntary).

3.7 We will retain your information as long as you hold a policy with us and for a period of 10 years afterwards. Where you have subscribed to receive marketing correspondence from us we will keep personal data for 6 years from when you provide us with your consent. You are provided with the opportunity to opt-out of receiving marketing correspondence from us at any time.

4. Corporate customers

4.1 We will collect details such as name, job title, business address, email address and telephone numbers in order to contact you about your company cash plan scheme. We will use this information to set up and manage your scheme and to comply with our contractual and non-contractual obligations.

4.2 We will collect the name, business email address and date of birth of each  nominated employee (”Authorised User”) who needs to access our Corporate Invoice Portal to download the relevant corporate customer invoices for payment. The standard maximum number of Authorised Users shall be two, but we may permit further Authorised Users if agreed between us and our corporate customer. Authorised User data will be used to set up accounts on our Corporate Invoice Portal and for security validation. Each Authorised User will have access to our Corporate Invoice Portal (subject to our separate Corporate Invoice Portal Terms of Use) and limited employee personal data that we store for that corporate customer for the sole purpose of managing and arranging payment for the company cash plan scheme in accordance with our agreement with the corporate customer. For the avoidance of doubt, such agreement with our corporate customer is subject to separate terms of business, inclusive of our full data terms.

4.3 In order to perform our services, we may also need to share your data and your employee data with third parties such as:

4.3.1 a product/service provider where your scheme or an element of your scheme is underwritten or provided by a third party;
4.3.2 mailing houses to fulfil customer communications or data specialists who help us analyse our customer data

4.4 We may share your company data with the Financial Ombudsman Service if you make a complaint about our services.

4.5 We may also advertise your feedback on our website and marketing materials (subject to obtaining your prior consent where necessary).

4.6 We will retain your company information as long as your company has a cash plan scheme with us and for a period of 10 years afterwards. Where you have subscribed to receive marketing correspondence from us we will keep personal data for 6 years from when you provide us with your consent. You are provided with the opportunity to opt-out of receiving marketing correspondence from us at any time.

5. Suppliers

We will collect details such as name, business address, email address, telephone numbers and bank details in order to contact you about goods or services ordered with you, to place further orders and pay for your goods and services. We will keep the personal data for 10 years further to being provided with the goods/services.

6. If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide the data when requested, we may not be able to perform the contract we have or are trying to enter with you to provide you with our services. In this case, we may have to cancel your policy.

7. Marketing

7.1 Where you indicate you would like to receive marketing correspondence from us, subscribe to our mailing lists or newsletters, enter into any of our competitions or provide us with your details at networking events, we may use personal data for our legitimate interests in order to provide you with details about products and services, business policies and events from Sovereign Health Care and its group companies which we think may be of interest.

7.2 We may contact you via post for the purposes of marketing if you opted in to your details being shared with third parties, including but not limited to the Open Register at the time you registered on the Electoral Roll. We use this data for our legitimate interests.

7.3 We may also contact you via email, telephone and direct mail for the purposes of marketing where we have obtained your consent to do so.

7.4 You have the right to opt-out of receiving the information detailed in section 7.1 at any time. To opt-out of receiving such information you can:

7.4.1 choose not to tick the relevant opt-in boxes included in the application form on which we collect your information;
7.4.2 click the unsubscribe button contained in any such communication received; or
7.4.3 email us at help@sovereignhealthcare.co.uk or call 01274 841130 providing us with your name and contact details.

8. Monitoring and recording

We may monitor and record communications with you (such as telephone communications and e-mails). We may retain such information for legitimate business purposes including quality assurance, training, fraud prevention and compliance.

9. Automated processing

We may use personal data for profiling purposes to send out targeted marketing communications to relevant customers or non-customers or to feed blog articles that may be relevant to a customer’s interests or lifestyle via their portal homepage. Profiling is based on age, location, gender and claiming behaviour.

10. Legal basis for processing your personal data

10.1 We will only use your personal data where the law allows us to. Most commonly, we will use your personal data in the following circumstances:

10.1.1 for performance of a contract we enter into with you;
10.1.2 for performance of a contract we enter into with your employer in order for you to benefit from the contract;
10.1.3 where necessary for compliance with a legal obligation we are subject to;
10.1.4 where you have provided us with your consent; and
10.1.5 for our legitimate interests (as described within this policy and your interests and fundamental rights do not override these interests).

11. Disclosure of personal data to third parties

11.1 In addition to the third parties already referenced in this privacy policy, we may disclose your information to third parties for our legitimate interests as follows:

11.1.1 to staff members in order to facilitate the provision of goods or services to you;
11.1.2 to our affiliated entities to support internal administration;
11.1.3 IT software providers that host our website and store data on our behalf; and
11.1.4 professional advisors including consultants, lawyers, bankers and insurers who provide us with consultancy, banking, legal, insurance and accounting services;
11.1.5 HM Revenue and Customs, regulators and authorities who require reporting of processing activities in certain circumstances;
11.1.6 the Health Insurance Counter Fraud Group (HICFG) and insurers if we suspect fraudulent activity; and
11.1.7 third parties who we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or manage with them. If a change happens to our business then the new owners may use your personal data in the same way as set out in this privacy policy.

11.2 We may disclose personal data to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our website terms and conditions and other agreements; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

11.3 We will not sell or distribute personal data to other organisations without your approval.

12. Cross-border data transfers

Where a customer’s policy is underwritten by a third party we will transfer data to them in order to administer the policy. This may involve transfer of personal data outside the European Economic Area (EEA). We will ensure that adequate levels of protection approved by the European Commission are in place for the security of the transfer of your personal data outside the EEA.

13. Data security

13.1 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or portal, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

13.2 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our website or portal; any transmission is at your own risk.

13.3 Information you provide to us is shared on our secure servers. We have implemented appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. In addition, we limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access.

14. Access to, updating, deleting and restricting use of personal data

14.1 It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data we hold about you changes.

14.2 Data protection legislation (namely, the Data Protection Act 2018 and UK GDPR) gives you the right to object to the processing of your personal data in certain circumstances or withdraw your consent to the processing of your personal data where this has been provided. You also have the right to access information held about you and for this to be provided in an intelligible form. If you would like a copy of some or all of your personal information, please send an email quoting your name and policy number to help@sovereignhealthcare.co.uk, or call 01274 841130. Lines are open Monday to Thursday from 9am to 5pm and Friday from 9am to 4pm. In certain circumstances we reserve the right to charge a reasonable fee to comply with your request.

14.3 You can also ask us to undertake the following:

14.3.1 update or amend your personal data if you feel this is inaccurate;
14.3.2 remove your personal data from our database entirely;
14.3.3 send you copies of your personal data in a commonly used format and transfer your information to another entity where you have supplied this to us, and we process this electronically with your consent or where necessary for the performance of a contract; or
14.3.4 restrict the use of your personal data.

14.4 We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Data protection legislation may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you or refuse to comply with any requests made in accordance with your rights referred to above. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

14.5 Please send any requests relating to the above to Sovereign Health Care, 2nd Floor, West Wing, The Waterfront, Salts Mill Road, Shipley, Bradford BD17 7EZ specifying your name, policy number and the action you would like us to undertake.

15. Right to withdraw consent

Where you have provided your consent to the collection, processing and transfer of your personal data, you have the legal right to withdraw your consent under certain circumstances. In this case, we may have to cancel your policy if we are no longer able to perform the functions required to administer and maintain your policy. To withdraw your consent, if applicable, please email us at help@sovereignhealthcare.co.uk quoting your name and policy number, or call 01274 841130. Lines are open Monday to Thursday from 9am to 5pm, and Fridays from 9am to 4pm.

16. Changes to our privacy policy

We reserve the right to update this privacy policy at any time, and any changes we make to our privacy policy will be posted on this page. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose. We may process your personal data without your knowledge or consent where required by applicable law or regulation.

17. Contact us

If you have any questions, comments or requests regarding this policy or how we use your personal data please email us at help@sovereignhealthcare.co.uk quoting your name and policy number, or call 01274 841130. Lines are open Monday to Thursday from 9am to 5pm, and Fridays from 9am to 4pm.
This is in addition to your right to contact the Information Commissioner’s Office if you are unsatisfied with our response to any issues you raise at https://ico.org.uk/global/contact-us/

Last updated: 1 January 2024

Main Logo
×