How we use your information
If you have a service with us or you are considering getting a service with us, we collect information about you to keep your profile up-to-date whether you have an account with us and/or our strategic partner Nuffield Health.
We only collect information that is relevant and necessary for us to provide the services and to provide you with rewards, discounts, offers or other benefits.
If you contact us by telephone, we may record calls for training and monitoring purposes to help us improve our service and to detect and prevent fraud.
What type of information do we collect?
- Personal information provided by you or your employer:
- Contact details
- Date of birth
- Joining date
- Reporting classifications (e.g. which department you are in)
- Your employee ID Number, and
- Leave data (if relevant)
- Activation code, and
- Vitality Health/Life number (if applicable)
- Questionnaires (about your health and wellbeing)
- Devices and wearable technology
- Personal data collected from your Nuffield Health account will include your:
- Nuffield Health member ID
- Mobile number
- Email address
- Date of birth
- Post Code; and
- an authorisation token allocated to you.
- Sensitive information provided by you, directly or via our strategic partner:
- Health information including medical conditions and your doctor/hospital details
|Why do we use your information||Our lawful bases for processing||Our legitimate business interest, where applicable|
|To administer and manage your programme
|To resolve any complaints you may have
|To prevent, detect and investigate fraud or money laundering
|For management information purposes and internal analysis of products and services
|For training purposes to improve your customer experience
Fraud prevention and detection
In certain circumstances, where we suspect fraudulent behaviour, we will carry out checks with fraud prevention agencies and databases. We also conduct searches with publicly available sources of information including internet searches and social media searches.
If we suspect fraudulent behaviour, we may not offer you access to our programme and may void your profile. We investigate potentially fraudulent activities and where appropriate, we will use surveillance to assist our investigation. We appoint fraud investigation and surveillance suppliers to conduct these investigations on our behalf.
We will keep a record of individuals and any associated investigations to prevent and detect future fraud or money laundering
How we share your information
Under data protection law, when personal information is being transferred outside the EEA, we as data controller, are under an obligation to ensure that such transfers are performed in a manner that ensures that your personal information is adequately protected.
In the event that we transfer your personal information outside of the EEA, we will always put in place adequate safeguards to ensure that your personal information is protected.
Adequate safeguards may include placing contractual obligations on the third party that we are transferring your information to or ensuring that the third party is certified to the EU-US Privacy Shield Framework, if we are making transfers to third parties located in the United States.
How long we keep your information for
In most cases, we will keep your information for 7 years from the expiry date of your entitlement to Healthy Workplace access ends, after which it will be deleted or anonymised.
If we suspect, detect or investigate fraud or money laundering, information will be held on a case by case basis for up to 7 years.
How to contact us
In the first instance we would ask that you notify us of any concerns you have about how we handle your data but if you are still unhappy then you can contact the Information Commissioners Office here.