At BHSF we are committed to protecting your data and to comply with data protection legislation and the General Data Protection Regulation (GDPR). BHSF is a data controller. This means that we are responsible for deciding how we hold and use personal information about you. This statement sets out how and why we are processing the information we have on you. It also explains your rights to access, rectify, restrict or erase your data.
It is important that you read this notice, together with any specific privacy notice to inform you of what personal information we are collecting or processing about you.
What is our commitment to you?
Our aim in processing your data is to successfully deliver our service to you with an appropriate level of data sharing whilst recognising the need to protect your fundamental rights to privacy.
BHSF Group is committed to:-
- Protecting the confidentiality, integrity and availability of the information it collects, stores, transfers and processes in accordance with the General Data Protection Regulation, and international good practice, and to meet its legal requirements and contractual obligations.
- Explaining why it needs personal information and only asking for the personal information it needs.
- Processing data only in a manner that is compatible with the specified, explicit and legitimate purposes for which the individual has given consent, or where it is necessary for the vital interests of the individual, for compliance with a legal requirement or for performance of a contract to which the individual is party.
- Maintaining the accuracy and completeness of data.
- Only sharing personal information within the BHSF Group and with other organisations as necessary, where the person concerned has given their consent to share their personal data.
- Ensuring the individual can:
- Request access to the personal information it holds on them and complain if they believe their information has been mishandled;
- Request withdrawal of consent, erasure of data, rectification of data and restrictions to processing;
- Request a transfer of data to another organisation where technically feasible.
- Not keeping personal information for longer than necessary or as required by legislation.
- Investigating and reporting data breaches and suspected breaches, and to being open and honest when things have gone wrong.
- Assessing and measuring the maturity of its information security controls annually.
- Applying the above standards to its supply chain and delivery partners.
- Keeping data in a form that permits identification of individuals no longer than necessary for the purposes for which the personal data is processed, in accordance with the BHSF data record.
- Applying appropriate technological and organisational controls to ensure the security of personal data.
In order to meet its commitment, BHSF Group operates a wide range of technical, physical and procedural controls to maintain the confidentiality, integrity and availability of information. BHSF maintains an information security policy which provides further details regarding the minimum standards of control to which it operates.
What are your rights?
At BHSF we recognise that your data is important to you and therefore we are committed to supporting you with your data protection rights. Within legal and regulatory constraints, you have the right to:
- Have information about how your information is being processed
- Request a copy of your data at any time (commonly known as a data subject access request)
- Port (move/transfer) your data to an alternative service provider
- Have your data rectified or corrected if it is factually inaccurate
- Be forgotten or have your data erased
- Restrict who has access to your data
- Have your data in a format that you can access, share and move on to different companies
- Appropriate decision making
Do you have a right to withdraw consent?
You have the right to withdraw your consent to specific processing at any time. Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis to do so in law.
How can you contact us about your data or your data rights?
If you wish to contact us about your data, or if you require any further information in addition to what is included in this privacy notice, please contact our Data Protection Officer at;
DPO, BHSF Group Limited, Gamgee House, 2 Darnley Road, Birmingham, B16 8TE
Telephone: 0800 0744 315
What should you do if you want to make a complaint about the way your data is being processed?
At BHSF we make every endeavour to protect your data. In the unfortunate circumstance that you are not happy with the manner in which we process your data, you may wish to make a complaint. In the first instance, please contact the BHSF Data Protection officer in writing, stating your name, date of birth, contact details and the nature of your complaint against BHSF.
If you are not happy with the response you receive you may also wish to contact the UK data protection regulator, the Information Commissioner, whose contact details are available at https://ico.org.uk
How and why do we process your personal data?
We will only process your personal information for the purpose for which we collected it. Please see below for further information. If we need to use your information for an unrelated purpose we will contact you and we will explain the legal basis that allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with our obligations in the case of criminal investigation.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time.
Who do we process the personal data of?
We are committed to being transparent about (a) what the legal basis for processing your data is and (b) how we process it. At BHSF we process personal information of:
Existing, former and prospective customers
BHSF processes data on former, current and prospective customers. This section applies to all corporate clients, corporate client employees, and individual customers. We collect and use personal information about you during and after your commercial relationship with us.
BHSF processes your personal information in order to provide a range of services.
- Health insurance: BHSF provides Health Cash Plans – which help customers with their everyday health costs; Personal Accident Insurance – which helps customers with their costs in the event of an accident; and cancer insurance cover – which helps customers with costs in the event of a diagnosis of cancer.
- Brokered insurances: BHSF provides travel insurance, income protection insurance, funeral, bereavement insurance and life assurance products which are underwritten by alternative insurers.
- Occupational health services: BHSF provides occupational health services which are designed to support businesses in the management of health issues at work such as sickness absence, new starter health assessments and ill-health reviews by providing access to impartial, specialist support.
- Employee benefits services: BHSF Employee Benefits Limited’s services are designed to support businesses with the provision of holistic employee benefits packages to their employees. These include salary sacrifice schemes; employee discount schemes; voluntary benefits schemes; confidential telephone helplines. BHSF Employee Benefits Limited supports businesses with the communication of their benefits package to employees.
BHSF processes your personal information in order to provide you with the most up to date information regarding our range of products and services in order to optimise your customer experience.
- Marketing: – BHSF processes data in order to provide prospective customers with information about its products. It uses social media, websites, emails, telephone and post marketing methods.
- Customer relationship management: – BHSF processes data about existing clients in order to understand a customer’s requirements and manage solutions to meet those requirements.
Existing, former and prospective employees
BHSF processes data on former, current and prospective employees. This section applies to all employees, workers and contractors. We collect and use personal information about you during and after your working relationship with us.
BHSF processes your personal information to perform the employment contract we have entered into with you and to enable us to comply with regulatory and legislative obligations as an employer, such as health and safety regulations. In some cases we may use your information to pursue legitimate interests of our own or those of third parties provided your interests and fundamental rights do not override those interests. We also may use your information for publicity purposes. The situations in which we will process your information are listed below.
- Human resource management: – BHSF processes your personal information to undertake recruitment, performance management, absence management, learning and development, employee contract management and for publicity purposes.
- Health and safety: – BHSF processes your personal information to meet the legislative requirements under reporting of injuries, diseases and dangerous occurrences regulations 2013/1472. This includes conducting health and safety assessments, and holding licenses, permits and certificates.
- Pension provision: – BHSF processes your personal information in order to manage its contractual obligations to you for pension provision.
- Wages and other benefits provision: – BHSF processes your personal information in order to provide you with your benefits package, including your wages and to be compliant with tax legislation.
- Senior insurance manager governance: – BHSF processes your personal information in order to comply with FCA and PRA regulatory responsibilities for ensuring senior insurance managers are fit and proper.