Introduction

This is the privacy policy of Square Health Limited relating to Our health screening services and the associated processing by Us of personal data that We collect from You or Your Insurer and/or other service providers (controller). Under Data Protection Law We have a legal duty to protect any information We collect from You or (where appropriate Your Child) and We are committed to protecting and respecting the privacy of You and Your Child. We use up to date technologies and encryption software to safeguard personal data, and keep strict security standards to prevent any unauthorised access to it.

Questions, comments and requests regarding Our privacy policy are welcomed and should be addressed to The Data Protection Officer at Square Health Limited, Crown House, William Street, Windsor, Berkshire SL4 1AT OR emailed to: dataprotection@squarehealth.com

Please read the following carefully to understand Our policies and practices regarding personal data and how We will treat it.

In this policy:

  • Square Health refers to Square Health Limited, company number 07054181, of Crown House, William Street, Windsor, Berkshire SL4 1AT and We, Us, Our, Ours and Ourselves also refer to Square Health Limited
  • You, Your, Yours and Yourself refer to you
  • Child refers to a child for whom You are the parent or legal guardian who is under the age of 18 years old
  • Data Protection Law refers to the DPA, the GDPR and all other laws and regulations relating to the collection and processing of personal data
  • DPA refers to the Data Protection Act 1998
  • GDPR refers to the General Data Protection Regulation (EU regulation 2016/679)

How we received Your personal data:

Your personal data has been provided to Square Health Limited by Your Insurers and/or other service providers (the controller).  Additional personal data may be collected directly from You.

We may collect, process, store and transfer the following personal data and special categories of personal data:

  • Your name
  • Address
  • Contact details
  • Date of birth
  • Information about Your work/education and lifestyle
  • Medical records
  • Physical build (height/weight)
  • Marital status
  • Medical history (including , but not limited to current and past history, psychological history, family history, medication, tests and investigation results)
  • Your GP details
  • Results of Your physical examination
  • Test results

Without the information above, We would not be able to comply with Our contractual requirements and therefore will not be able to provide the necessary information required by the controller.

The legal basis for collecting, processing, storing, transferring or disposing Your personal data is for one or more of the following Data Protection conditions:

  • Is necessary for the performance of a contract
  • The legitimate interests pursued by the controller
    • In support of your medical insurance
  • Legal obligations
    • Insurance indemnity
    • Taxation

The purpose of collecting, processing, storing, transferring or disposing Your personal data is for one or more of the following Data Protection conditions:

  • For the purpose of obtaining a medical report
  • For the purpose of arranging tests
  • For the purpose of arranging investigations to assist in Your case

Consent for collecting, processing, storing, transferring or disposing Your personal data is for one or more of the following Data Protection conditions:

  • The controller will obtain your consent to represent you for Your case
  • Explicit consent may be required when we need to obtain Your medical records for the purpose of being reviewed by the medical expert and to aid in completion of the medical report
  • Explicit consent may be required when requesting access to the examination form and any test results.

Your personal data will be used where necessary and as instructed by the controller:

  • To keep an internal record of the progress of Your case
  • To arrange for a report from a medical examiner
  • To arrange for medical tests
  • To provide management information to monitor the service provided by Us
  • To review and enhance the quality of any services, including monitoring compliance

Storing Your personal data and special categories of personal data will be carried out electronically or in paper format:

  • Electronic – stored on Our secure (password and firewall protected) applications/servers
  • Paper – stored in secure lockable cabinets
  • CDs/DVDs – stored in secure lockable cabinets

We may disclose Your personal data and special categories of personal data to one or more of the recipient types where necessary and as instructed by the controller:

  • The controller
  • Medical examiners for the purpose of obtaining a medical report
  • Blood Laboratories for the purpose of providing blood results
  • Diagnostics providers (for example hospitals) for the purpose arranging investigations
  • Your GP, other medical practitioner, therapist

In dealing with Your case, We may also transfer Your information to people providing Us with support, administrative services and secure shredding services for the more efficient processing of Your case. Your details will be processed in each case in strict confidence and We have set up adequate measures to ensure that Your privacy is protected when transferring Your data to third parties for the purposes of providing Our services to You.

We may share Your personal data with one or more of the following recipients where necessary or as instructed by the controller

  • Any debt recovery agencies appointed by Us
  • Financial/Non Financial Auditors/Lawyers

Your personal data and special categories of personal data may be disclosed electronically or in paper format.

  • Electronic – via email. Emails are encrypted during transit providing the recipient has enabled the necessary protection.
  • Electronic – via secure integration connection with the controller (where appropriate)
  • Paper – sealed envelope via Royal Mail
  • Paper – (containing special categories of data) Royal Mail Recorded Delivery service
  • CDs/DVDs – Royal Mail Recorded Delivery service

Storage of Your personal and special categories of personal data

  • We will keep Your data on our system not later than 3 years following completion of Your case. However, We may store a limited amount of Your data (including data relating to Your health) for longer periods to comply with insurance requirements or if needed by Us to comply with other legal obligations. The data will be deleted once it is no longer necessary.

You have the following rights;

  • Request to have Your personal data updated/corrected
  • Request to have Your personal data deleted – unless there is a contractual/legal requirement to keep Your data
  • Request to restrict the processing of Your personal data
  • Withdrawal of consent (when the processing is based on consent)
  • Access to the personal data We hold on file about You
  • Right to object (where legitimate interest was the basis of collecting/processing the data)
  • Right to portability

Where personal data has been provided to the controller, please contact them directly.

Please contact our Data Protection Officer: dataprotection@squarehealth.com for further information. You also have the right to complain to the Supervisory Authority (www.ico.org.uk) about Our data processing activities.