Privacy Policy - Paragon Health Insurance
Paragon Health and Protection Ltd values its customers trust and recognises that the safety and lawful use of everyone’s personal data is key to retaining that trust and confidence. Paragon Health and Protection Ltd needs to collect, store, share and use personal data about past, current and prospective customers to enable it to meet its requirements in the provision of innovative products and services.
Paragon Health and Protection Ltd takes compliance with privacy laws and regulation very seriously. We take appropriate measures including training our staff about our data protection obligations to protect your personal data and your legal rights. We have implemented effective policies and procedures and security measures to ensure We protect your personal data.
You can read our full Privacy Policy below:
Data Protection Notice
Who Paragon Health and Protection Ltd are.
We offer Private Medical Insurance products from our panel of insurers. We will offer advice and will make a recommendation for you that is based on your individual needs for Private Medical Insurance. Paragon Health and Protection Ltd is listed as a data controller with the Information Commissioner under registration number ZA284565.
This Notice will inform you of what personal information we collect, how that information is used, where it is transferred, and how you may view and amend such information. You may be assured that we will treat all personal information as confidential and will not process it other than for a legitimate purpose. Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary. Measures will also be taken to safeguard against unauthorised or unlawful processing and accidental loss or destruction or damage to the information.
Securing your personal data
We have implemented security measures to ensure the secure management of Your personal data. This includes appropriate physical, organisational and technical measures to safeguard Your information. We regularly review these measures and where appropriate, we strengthen and enhance those measures.
Whenever we send your personal data to you, we will ensure appropriate measures are taken to prevent unauthorised access to your personal data or interception of your personal data by anyone not authorised to have it. If You wish to send any of Your personal data to us, we strongly recommend you do not send it by open email. Instead, you should select a safe method to provide your personal data to us such as recorded post.
How we use personal data
Personal data you give to us
We may collect personal data from you to the extent necessary to provide you advice, administrative and management services, for example :
1. – If You would like us to review your policy
2. – If You apply for a quote or plan with us
3. – If You purchase a policy through us
4. – If You submit a query to us, for example by email, telephone, through our website including a call-back request, or social media, (including where You reference Us in a public social media post); and
5. – If you participate in any marketing activity such as signing up for our email newsletter, entering a competition, or promotion, or survey.
Legitimate Interests
As an insurance broker we process your data for commercial benefit and also to obtain quotations on your behalf form the insurers we work with. We require an appropriate legal basis to do this. We conducted Legitimate Legal Benefit assessments in order to evaluate the needs for data processing against the rights of the consumer. Your data will be processed in the pursuance of legitimate interests. This includes using your data for telephone marketing, and obtaining quotes from insurance companies on your behalf. For all types of processing we apply various measures to protect your privacy rights.
When you provide personal data to us about someone else on their behalf
When giving us information about a family member or another person, you confirm that they have appointed you to act on their behalf including giving you consent to instruct us to process their personal data, to receive this data protection notice on their behalf and to inform them about the way in which we will process their personal data.
Personal information we hold about you
The information we hold about you may include:
1. – Your name, address, contact details and your next of kin;
2. – Your health and medical history and current health and or fitness status;
3. – Details about any contact we have had with you such as providing quotes; or subscribing to our customer email newsletter;
4. – Details of the services you have received, claims you have made or treatment you have received; and
5. – Feedback that you give to us regarding the services we have provided or the insurers we use
6. – Recordings of telephone calls between you and us..
How we use children’s personal data
We do not collect or use children’s personal data except when that information is provided by an adult who has purchased a plan that also covers a child. We do not use children’s information for any marketing activity.
How we use medical and health information
The security of and appropriate use and disclosure of your health and medical information is of paramount importance to Us. Paragon Health and Protection Ltd will only collect and use sufficient medical information to enable us to deliver our services to you.
Paragon Health and Protection Ltd will process personal medical and health data provided by you and/or by your representative as part of your application for a Health Insurance Plan. If we collect your personal medical and health data, we will use this data for the following purposes:
To provide You with a quote
As part of the applications to source quotations from our Insurers we collect the personal information and with your or your representative’s explicit consent we also capture your medical history. This information is required for us to assess your individual requirements, source quotes, identify any additional conditions or exclusions that may need to be applied and make a recommendation that is based on your needs. We may use information provided by healthcare professionals (Your GP or your Healthcare specialist) to gain further information on your medical health to ensure the cover given is adequate and any necessary exclusions are identified.
For underwriting
During the application process we may be required to share your medical history with our Insurers underwriting teams for them to identify any additional conditions or exclusions that need to be applied. Manual underwriting will be performed in the UK by underwriters using your risk profile, applying exclusions, identifying non-disclosures, and reviewing additional medical information
To set up and administer Your plan
To confirm the purchase of a plan the necessary personal information and medical history is submitted to the chosen Insurer. This will be on terms that are approved by the Information Commissioner and the Insurer will then issue you with a welcome pack which will include a copy of their privacy notice.
To renew or continue Your plan annually
Unless you tell us or your Insurer otherwise your Insurer will renew or continue your plan and adjust your premium and coverage amount according to the terms of your plan. Us and Your insurer will continue to use the data you have previously provided us.
To communicate with You
We will communicate with you via email, post, telephone, SMS text and social media depending on your communication preferences and/or the methods You have chosen.
As part of the applications to source quotations from our Insurers we collect the personal information and with your or your representative’s explicit consent we also capture your medical history. This information is required for us to assess your individual requirements, source quotes, identify any additional conditions or exclusions that may need to be applied and make a recommendation that is based on your needs. We may use information provided by healthcare professionals (Your GP or your Healthcare specialist) to gain further information on your medical health to ensure the cover given is adequate and any necessary exclusions are identified.
For compliance
To ensure we are compliant with legal and regulatory obligations, we will use your data, this will include reviewing calls between you and us. This also helps us to train our staff and to improve performance.
To carry out data modelling, profiling or statistical analysis
We will use data modelling, profiling and statistical analysis of our customer base for future campaigns to improve the products, services or features we may offer you now or in the future in order to meet Your needs.
Who we share your personal data with
Disclosure for regulatory or legal purposes
Paragon Health and Protection Ltd will only share Your personal data with other companies or organisations where there is a legitimate reason for doing so. For example We are obligated to provide information to specific Government departments such as HM Revenue and Customs and to regulatory bodies who govern our activity such as the Prudential Regulation Authority, Financial Conduct Authority and the Financial Ombudsman Service.
Sharing Your Personal Information with Our Insurers
In order to source quotes, policy conditions and exclusions and complete the purchase of a Health Insurance policy, it is necessary for us to share the required personal information that is collected from you or your representative with our Insurers. It may also be necessary to share your Medical History as this allows the insurer to identify any additional conditions or exclusions that need to be applied.
For legitimate business processes such as Audit Activity, Regulatory Compliance and Legal (including dealing with claims) we may share your personal information and your Medical History with your Insurer if it is necessary for them to complete their investigation.
Our use of other companies to provide our products and services to You
We use third party services for areas such as infrastructure and support. This helps us to provide a better and more secure service to customers. When using third-parties, we ensure that there is an agreement in place that meets our standards and legal requirements for data protection. Our Service Providers are listed below :
1. – Criterion IT – Information Technology infrastructure support;
2. – Reef Environmental Solutions Limited – Confidential Waste Disposal;
3. – Ring central Ltd – Call recording and voip;
4. – Force 24 Ltd; – email marketing services;
Companies who work under contracts with us may process your personal data outside of the European Economic Area. This will be on terms that are in line with Data Protection Requirements and adhere to the Information Commissioners Office guidance. Your rights and confidentiality are protected in the same way as they would be if your personal data was processed in the UK.
Retaining Your personal and health information
We will normally only keep your personal data for as long as necessary to provide you with the services you’ve chosen and to ensure we meet our regulatory obligations. This means that we will normally hold your plan information and the personal data We have collected during the term of the plan for seven years after your plan has finished.
At the end of this time period We will fully anonymise all personal data that identifies you or could be used to identify You. We will also ensure that any of the suppliers who have processed your personal data throughout the term of your plan delete your personal data from their systems.
Your legal rights
The General Data Protection Regulation and the Data Protection Act 2018 makes provision for a number of rights under which you are entitled to make a claim Paragon Health and Protection Ltd is committed to ensuring you are given access to these rights and will ensure that this is done appropriately and in compliance with privacy law.
Data subject access requests
Under the General Data Protection Regulation you have the right to ask Paragon Health and Protection Ltd to confirm whether or not your personal data is being processed, and, where it is being processed, to be provided with access to your personal data and the following information:
1. – The purpose(s) of the processing;
2. – The categories of personal data concerned;
3. – The recipients or categories of recipient to whom Your personal data has been or will be disclosed, in particular recipients in different countries or international organisations;
4. – Where possible, the period for which the personal data will be stored, or, if this is not possible, the criteria used to determine the storage period;
5. – Where your personal data is not collected from you, any available information about the sources of such information; and
6. – The details of any automated decision-making or profiling being done on your personal data, meaningful information about the logic involved, and the consequences of such processing for you.;
Where your personal data is transferred to a third country or to an international organisation you have the right to be informed how appropriate safeguards have been used to transfer your personal information.
If You request it Paragon Health and Protection Ltd will provide you with a copy of your personal data undergoing processing by us. This would be issued to you by post and by recorded delivery. If You require access to your personal data that we have disclosed to a company, and that company is also a data controller, you will need to ask them directly to provide your personal data.
Portability of personal data
You have the right to receive personal data about you that you have provided to Paragon Health and Protection Ltd in a structured, commonly used electronic format. You also have the right to transmit that personal data to a different data controller company and, if it is technically feasible, Paragon Health and Protection Ltd will try to transmit your personal data to such other data controller company. Please note that this attempt may be restricted due to the incompatibility of the various customer record keeping databases.
Withdrawing Your consent
Where we rely upon your consent to process your personal data, you have the right to withdraw your consent at any time. From the time that We receive such withdrawal of consent Paragon Health and Protection Ltd will stop the processing of your personal data relating to the consent. Where we have a statutory, regulatory or contractual obligation to process your personal data we may not be able to meet your request. You should be aware that if you do withdraw consent for the processing of your personal data we may not be able to continue to service your plan with us.
Your right to be forgotten
You have the right to ask Paragon Health and Protection Ltd to erase your personal data without undue delay and Paragon Health and Protection Ltd is obliged to do this where one of the following grounds applies:
1. – Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
2. – You withdraw consent on which the processing is based and where there is no other legal ground for the processing;
3. – You object to the processing and there are no overriding legitimate grounds for the processing or your personal data has been unlawfully processed; or;
4. – Your personal data must be erased to comply with a legal obligation;
The right to be forgotten shall not apply to the extent that processing is necessary in order to:
1. – Exercise the right of freedom of expression and information;
2. – Comply with a legal obligation that requires processing in the United Kingdom; or
3. – Establish, exercise or defend a legal claim.
Rectification
You have the right to ask Paragon Health and Protection Ltd to rectify any personal data about you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by providing a supplementary information statement.
Restriction on processing
In specified circumstances you have the right to restrict the processing of your personal data. These are:
1. – You contest the accuracy of Your personal data held by Paragon Health and Protection Ltd and restrict the processing to enable Paragon Health and Protection Ltd to verify the accuracy;
2. – You request restricted processing of your personal data instead of erasing it because you believe it to be unlawful processing;
3. – Paragon Health and Protection Ltd no longer requires your personal data for its processing purposes but you require it to establish, exercise or defend a legal claim; or
4. – Where You object to the use of your personal data for profiling or marketing purposes, and our legitimate grounds for this processing does not override your rights;
Where Paragon Health and Protection Ltd applies restrictions on processing your personal data, apart from storage, the establishment or exercise of legal defence, or the protection of the rights of another individual, Paragon Health and Protection Ltd shall seek your consent prior to restarting any processing of the restricted personal data.
You have the right to object to automated decision making and profiling
You have the right to object to automated decision making where the outcome may have a legal or other significant impact on you. Paragon Health and Protection Ltd does not conduct any automated decision making or profiling.
Marketing
Our Insurers constantly review their products as they wish to provide innovative and relevant insurance options to our customers. We are also always looking at new innovative offers that you may want to take advantage of, so we would like to keep you informed about all of these exciting new offers. You have the right to opt-out of the use of your personal data for marketing purposes and Paragon Health and Protection Ltd is obligated to ensure marketing information is not sent to you if you assert this right.
If You do give us your permission to send marketing information to you we will provide you with the opportunity to change your mind every time we contact you. We will communicate with you via telephone, email, our website, post, SMS text and social media depending on your communication preferences and/or the methods You have chosen.
Data Protection Complaints
We want all of our members to be happy with the way their personal data and health or medical information has been processed by us. If You are unhappy about the way we have managed your personal data we would like to know about this. We are constantly striving to ensure we do the right thing, and we would like to be able to put things right.
You’ll find the contact details for our complaint’s teams at: info@paragon-health.co.uk
However, if You are still dissatisfied You have the right to contact the Information Commissioner, who regulates compliance with Data Protection regulation and laws at: http://www.ico.org.uk.
You can also call the ICO on 0303 123 1113 or 01625 545 745 or
You can write to them at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
If You have any queries in respect of Your Data Protection rights or the way Your personal data is processed by Paragon Health and Protection Ltd please call Us on 0800 999 3037, email Us at: info@paragon-health.co.uk or write to us at:
Data Protection Officer
Paragon Health and Protection Ltd
1b Cumberland Avenue
Maidstone
Kent
ME15 7JW
Some of the insurers we work with:
