3. What data we need and why we need it:
This section tells you what personal data we may collect from you and why we need it when you use our services and what other personal data we may receive from other sources.
3.1. When you register for our services, you may provide us with:
- Your personal details, including your title, name, postal and billing addresses, email addresses, phone numbers, title and date of birth;
- Your payment details;
- Information in relation to your health, including any pre-existing medical conditions;
- Details in relation to your partner, friends or dependents for the purposes of adding them to your plan/policy or in order to create their own. Where customers have provided information about another person the customer should ensure that they have their approval to do so.
3.2. When you contact us, or we contact you or you take part in promotions, competitions, surveys or questionnaires about our services, we may collect:
- Personal data you provide about yourself anytime you contact us about our services (for example, your name, username and contact details), including by phone, email or post or when you speak with us via social media.
- Details of the emails and other digital communications we send to you that you open, including any links in them that you click on.
- Information collected using cookies stored on your device(s) about the use of our online services.
- Your feedback and contributions to customer surveys and questionnaires.
3.3. We will record, and monitor telephone calls made to and from Westfield Health’s sales and customer service teams. We do this in order to continuously improve our service to customers and for training purposes. This will also include the recording and monitoring of Special Category Data; such as data relating to health and medical conditions. We do not record the segment of telephone calls where any form of payment is being made.
4. Marketing & Market Research
Here we explain the choices you have when it comes to receiving marketing communications and being invited to take part in market research.
4.1. We will send you relevant offers and news about our products and services in a number of ways including by email, but only if you have previously agreed to receive these marketing communications.
4.2. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices online via our marketing preference centre, in My Westfield, over the phone or in writing at any time.
4.3. We also like to hear your views to help us to improve our services, so we may contact you to invite you to take part in market research, called Westfield Insiders. You always have the choice about whether to take part in our market research.
5. Understanding our Customers
5.1. We may make use of profiling to produce more relevant and tailored communications by having a deeper understanding of your interests, behaviours and personal preferences. This information helps us provide a better experience for our customers.
5.2. Profiling can help us target our resources more effectively through gaining an insight into the background of our customers and helping us to build relationships that are appropriate to their interests.
5.3. To do this we may use additional external sources of data to increase and enhance the information we hold about you. This may include obtaining details of changes of address, date of birth, telephone numbers and other contact details, information related to your consumption and demographic data generated through software tools such as Cameo or Acorn.
5.4. If you have any questions in relation to how your information is processed, then please contact us using the information in point 13.
6. Processing your data using our Legitimate Interests
We have a number of lawful reasons that we can use (or ‘process’) your personal data. One of these lawful reasons is called ‘legitimate interests’.
Broadly speaking legitimate interests means that we can process your personal information if:
- We have a genuine and legitimate reason and we are not harming any of your rights and interests.
The following are some examples of when and why we would use this approach during our normal course of business:
6.1. To improve and enhance our services: When we do process your data, we will use it to benefit you and to make your experience better and to improve our products and services.
6.2. Your best interest: Processing your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.
6.3. Personalisation: Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customers.
6.4. Analytics: To process your personal data for the purposes of customer analysis, assessment, profiling and direct marketing, on a personalised or aggregated basis, to help us with our services and to provide you with the most relevant information as long as this does not harm any of your rights and interests.
6.5. Research: To determine the effectiveness of promotional campaigns and advertising and to develop our products, services, systems and relationships with you.
6.6. Due Diligence: We may need to conduct investigations on existing customers, potential customers and business partners to determine if those companies and individuals have been involved or convicted of offences such as fraud, bribery and corruption.
6.7. Direct Marketing: We may send postal marketing. We will also make sure our postal marketing is relevant for you and tailored to your interests. You also have the right to opt-out of receiving this information at anytime.
6.8. When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
11. Your rights
11.1. Right to be Informed: We will always be transparent in the way we use your personal data. You will be fully informed about the processing through relevant privacy notices.
11.2. Right to Access: You have a right to request access to the personal data that we hold about you and this should be provided to you, under the Data Protection Act 1998, within 40 days. We are able to charge a small fee of £10. If you would like to request a copy of your personal data, please contact us via point 13.
11.3. Right to rectification: We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them. You can also visit the “My Westfield” section of the website and update your details at any time.
11.4. Right to erasure: You have the right to have your data ‘erased’ in the following situations:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed.
- When you withdraw consent.
- When you object to the processing and there is no overriding legitimate interest for continuing the processing.
- When the personal data was unlawfully processed.
- When the personal data has to be erased in order to comply with a legal obligation.
If you would like to request erasure of your personal data, please contact us via point 13. Please note that each request will be reviewed on a case by case basis and where we have a lawful reason to retain the data, it may not be erased.
11.5. Right to restrict processing: You have the right to restrict processing in certain situations such as:
- Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data.
- Where you have objected to processing and we are considering whether Westfield Health’s legitimate grounds override your legitimate grounds.
- When processing is unlawful and you oppose erasure and request restriction instead.
- Where Westfield Health no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
11.6. Right to data portability: You have the right to data portability in certain situations. You have the right to obtain and reuse your personal data for your own purposes via a machine-readable format, such as a .CSV file. If you would like to request portability of your personal data, please contact us via point 13, this only applies:
- To personal data that you have provided to us;
- Where the processing is based on your consent or for the performance of a contract; and
- When processing is carried out by automated means.
11.7. Right to object: You have the right to object to the processing of your in the following circumstances:
- Direct marketing (including profiling). Remember you can opt out at any time from marketing communications via our Marketing Preferences, available in “My Westfield”; and
- Where the processing is based on legitimate interests;
- Processing for purposes of scientific/historical research and statistics.
11.8. Rights in relation to automated decisions making including profiling: You have the right to not be subject to a decision when it is based on automated processing. If you have any questions in relation to how your information is processed in this way, then please contact us using the information in point 13.