Privacy Policy

Which Health Cover is a trading style of Heath Crawford Limited. Heath Crawford and its affiliated companies (collectively referred to any,” “we,” or “us”) respect your privacy. This Privacy Policy Statement describes the ways we collect information from and about you, and what we do with the information, so that you may decide whether or not to provide information to us. By accessing our website or purchasing our products or services you agree to this Privacy Statement in addition to any other agreements we might have with you. This Privacy Statement does not govern the practices of entities that our Company does not own or control, or entities that do not own or control our company or people that our Company does not employ or manage. This Privacy Policy Statement includes the Company’s Privacy Policy Statement.

Privacy Policy Statement

1. Consent and Legitimate Interests

This is where you consent to a specific organisation, to contact you by a communication channel or channels which you have agreed to, for specific reasons, which in the context of our processing will be for the arrangement of insurance contracts. When we ask for your consent for a specific organisation, we will do so by giving you the opportunity to answer a question on the phone.

You can of course withdraw your consent at any time and we will describe how, later on in this policy.

As an insurance broker we process personal data for commercial benefit. We require an appropriate legal basis to do this. In considering the most appropriate legal basis, Heath Crawford conducted Legitimate Interest Assessments. These are detailed evaluations of each type of data processing activity to ensure that we have balanced the need of the processing against the rights of the individual to ensure minimal privacy impact.

You data will be processed in pursuance of legitimate interests. This includes using your data for the postal and telephone marketing by ourselves or others, but in either case communications will be in relation to products or services which we believe may be of interest to you based upon the information which you have provided us. It also includes processing your data for ID protection and tracing purposes such as Credit Reference and Fraud Prevention. This is in relation to appropriate agencies which we have listed below which could help protect your identity and prevent fraud.

For all types of processing, we apply various measures to carefully protect your privacy rights. However, as with all your data, you can also object to us processing your data in this way. Your rights are detailed below.

2. Our Collection of your Personal Information

The information we collect may include your personal information, such as your name, contact information, product and service selections and about your medical history, criminal convictions and driving offences. We collect personal information from you at different points, including but not limited to the following:

• when we correspond or speak with you as a customer or prospective customer
• when you visit our website
• when you take out an insurance policy via us
• when you contact us for help

3. Our Use of your Personal Information

Our Company may use information that we collect about you to:

• Arrange and deliver the products and services that you have requested
• manage your customer relationship and provide you with customer support
• perform research and analysis about your use of, or interest in, our products or services
• communicate with you by e-mail, postal mail and telephone about products or services that you may hold with us, may be of interest to you either from us, or insurers
• transfer personal information to third parties for any legally permissible purpose
• where an individual has opted in to received information our services or products

We do not sell personal information to third parties

4. Our Disclosure of your Personal Information to Third Parties

We may share your personal information with third parties only in the ways that are described in this Privacy Statement:

• we may provide your information to our partner insurers and service providers who perform functions on your/our behalf
• as required by law enforcement, government officials, or other third parties pursuant to a court order, or other legal process or requirement applicable to our Company; or when we believe, that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our agreements or Company terms and conditions
• other third parties with your consent or direction to do so

Our systems have security measures in place to help protect information under our control from the risk of accidental or unlawful destruction or accidental loss, alteration or unauthorized disclosure or access

5. Our Use of Cookies and Links

Our web pages use “cookies.” Cookies are text files we place in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other personally identifiable information unless you choose to provide this information to us by, for example, registering at one of our sites. However, once you choose to furnish the site with personal information, this information may be linked to the data stored in the cookie. We use cookies to understand site usage and to improve the content and offerings on our site. We also may use cookies to offer you products or services. You have many choices with regards to the management of cookies on your computer. All major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage cookies, please consult the privacy features in your browser.

6. Our Retention of your Personal Information

We will retain any personal information only for as long as is necessary to fulfill the business purpose it was collected. In most cases the period will be for a maximum of 7 years following the expiry of an insurance contract unless we are required to retain the data for a longer period due to business, legal or regulatory requirements. We will also retain and use your personal information for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

7. International Transfers of your Personal Information

We only transfer personal information within the European Economic Area (EEA).

We will retain any personal information only for as long as is necessary to fulfill the business purpose it was collected. In most cases the period will be for a maximum of 7 years following the expiry of an insurance contract unless we are required to retain the data for a longer period due to business, legal or regulatory requirements. We will also retain and use your personal information for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

8. Your Access to and Updating of your Personal Information

Reasonable access to your personal information may be provided at no cost upon request made to our Company at the contact information provided below. If access cannot be provided within that time frame, our Company will provide the requesting party a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.

9. Our Use of Third-Party Data

We may share your personal information with third parties only in the ways that are described in this Privacy Statement:

• we may provide your information to our partner insurers and service providers who perform functions on your/our behalf;
• we may provide your information to our service providers who perform functions on our behalf. Usually our service providers sign a standard confidentiality agreement;
• we may share your data with any parent company, subsidiaries, joint ventures, other entities under a common control or third-party acquirers.
• we may allow a potential acquirer or merger partner to review our databases, although we would restrict their use and disclosure of this data during the diligence phase and direct them to treat the data confidentially;
• as required by law enforcement, government officials, or other third parties pursuant to a court order, or other legal process or requirement applicable to our Company; or when we believe, in our sole discretion, that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our agreements or Company policies; and
• other third parties with your consent or direction to do so.
• we may obtain data from marketing companies where we will then contact you to offer you services that we believe will be of benefit to you and if you have given your consent to be contacted.

Please note that these third parties may be in other countries where the laws on processing personal information may be less stringent than in your country.

10. What are your rights

You have a number of rights under the law which include;

• Right to be informed: When we collect your data we have to tell you what we are going to do with it primarily through this Privacy Policy and Consent Statement
• Right to access: You have the right to contact us verbally or in writing to request details of the information we hold about you
• Right of Rectification: You have the right to ask us to rectify information that we hold about you if it is inaccurate or incomplete
• Right to erasure: This is also known as the right to be forgotten and gives you the right to request your information be removed if there is no compelling reason for its continued processing. A word of warning though, we keep a list of people who have asked not to be contacted which we use to ensure that you receive no further contact from us. Without this list your data could enter our system again from another source and we would have no record of the fact that you asked us not to contact you
• Right to restrict processing: This is the alternative to erasure and gives you the right to tell us to stop processing your data but allowing us to keep enough information about you to ensure that your wishes are respected in the future
• Right to data portability: This gives you the right to ask a holder of your information to transfer information to another business. This right would most commonly be used if you were switching banks, insurance companies, utility companies and mobile phone providers
• Right to object: You have the right to object to the processing of your data for marketing purposes. You also have the right to ask us to cease processing based on legitimate interest, where there is no overriding justification for the processing of your data. Your rights and freedoms override our interests
• Rights related to the automated decision making including profiling: We do not use automated decision making processes which would have a potentially damaging effect on you. If we did, you have the right to obtain human intervention, express your point of view, obtain an explanation of the decision and challenge it
• Rights related to the automated decision making including profiling: We do not use automated decision making processes which would have a potentially damaging effect on you. If we did, you have the right to obtain human intervention, express your point of view, obtain an explanation of the decision and challenge it
• Right to withdraw consent at any time where relevant: You have the right to withdraw your consent to the processing of your information at any time and we must provide you with the information needed to do so, at the time we collect your data and each time we contact you. You can withdraw consent in the following ways;
  • In writing to: The Data Protection Officer, Heath Crawford Ltd, Iveco House, Station Road, Watford, WD17 1ET
  • By email to: [email protected]
  • By telephone: 020 8421 7030

• Right to lodge a complaint with a supervisory authority: If we cannot deal with your complaint to your satisfaction, you also have the right to complain to a relevant supervisory authority which include;
  • The Information Commissioners Office: https://ico.org.uk/concerns/

11. Direct Marketing

Direct marketing is a communication that promotes a product or service, including a website or mobile application that is sent directly to a specific business contact by post, telephone, email, or text message. Consent to direct marketing does not remain valid indefinitely. We will ensure that we will only promote products or services to individuals from whom we have received opt-in consent and we will ensure our marketing database reflects individuals’ relevant preferences. For example, if consent is given when an individual signs up to a service, consent for direct marketing is likely to be deemed withdrawn when the individual cancels their agreement with us.

12. Changes to our Privacy Statement

This Privacy Notice is subject to change. It was last updated on 2 July 2020. If we make changes to this Privacy Notice, we will update the date it was last changed.

13. Contacting Us

If you have any questions about this Privacy Statement, our practices or have any concerns, please contact our Privacy Officer at:

Heath Crawford Ltd
[email protected]
020 8421 7030