Privacy Policy

2. Why do we process your personal information and what are our legal bases for doing so?

Within the App, AXA Health collects personal information about you when:

• you set up the App
• you’re on the homepage
• you click on a service
• you update your Personal Details in My Account
• you make requests through the Privacy Centre
• you view the Help section
• you speak to us about issues you may have with the App.

 

We process this personal information for different reasons and to do so we must rely on ‘legal bases’ set out in data protection law. There’s detailed information about this below.  

 

A. To set up and manage your account and access to app services, and to manage the security of the App, we may collect: 

• Your name, email address, date of birth, who your employer is and your login details.
• Information about any issues you’re having with the App or details of any complaint about it. If you call us, your phone call may be recorded.
• Information about how you use the App including your IP address, User ID and details of the pages, objects and external links you click on (see also Section 3 on Cookies).

 

Complaints management here refers to resolving issues with using the App itself (e.g. technical bugs or design). For information about how AXA Health uses your personal information if you make a complaint about the health and wellbeing services themselves, please see AXA Health Services Ltd company privacy policy.

• Our legal basis for using your personal information to set up and manage your account is that this is in our, your and your employer’s legitimate interests.
•  Our legal basis for processing your personal information to manage the security of the App is that we have a legitimate interest in doing so and we are under a legal obligation to secure your personal information.  

 

B. For research, analytical, service improvement, marketing and product development purposes, we may process:

• Information about how you use the App including your IP address, User ID and details of the pages, objects and external links you click on (see also Section 3 on Cookies)
• Demographic information, which may include information obtained from third parties (for example companies like Experian and LexisNexis who provide consumer classification, market segmentation and lifestyle data).
• Information about the products you hold from other AXA UK companies.

 

For information on how to object to our use of your personal information for marketing purposes, please see section 6 (What are your rights in relation to your personal information?).

• Our legal basis is that we have a legitimate interest to monitor and understand how people are using the App and improve it, and to process it for marketing purposes.  

 

C. Anonymising your personal information

When required, we anonymise personal information so that individuals cannot be identified before we use it for management information and analysis of our products and services. Analysis of anonymous information provides us with insights about our business, and with opportunities to improve our products and services and the health and wellbeing of the people who use them. The way that we anonymise personal information aligns with regulatory guidance and is achieved using different techniques, for example removing identifying data or overwriting it with randomised non-identifiable data.

• Anonymisation still constitutes use of your personal information; we rely on the legal bases that we relied on when your data was originally collected.  

4. Who do we share your personal information with?

AXA Health may share your personal information with AXA Group companies, and other third parties outside the AXA Group. We share information for the purposes described in this privacy policy. 

 Disclosures within our Group 

To provide the App, your personal information may be shared with other companies in the AXA Group. Your personal information might be shared for our general business administration, efficiency, and accuracy purposes. 

 Disclosures to third parties outside our Group  

We also disclose your information to the types of third parties listed below for the purposes described in this privacy policy. They might include: 

• Your relatives, guardians, or someone else acting on your behalf where we have your consent or where Data Protection law allows this. 
• Our third-party services providers and their sub-contractors such as IT suppliers, auditors, lawyers, consultants and marketing agencies. 
• Partner businesses so that they can provide their products or services to you via the App, for example:   
  • Medical professionals, including providers of health assessment services and counselling services 
  • Providers of complimentary therapies such as meditation and mindfulness. 
• Regulatory authorities such as the Care Quality Commission and the Information Commissioner’s Office. 
• Third parties in connection with the sale, transfer, or disposal of our business. 

We may also disclose your personal information to other third parties where: 

• we are required or permitted to do so by law or by regulatory bodies, for instance where there is a court order, statutory obligation or regulatory request.   
• we believe that such disclosure is necessary to assist in the prevention or detection of any criminal action or is otherwise in the overriding public interest; or 
• where exemptions under the data protection legislation allow us to do so. 

 

Transfer of your data outside of the UK 

If we transfer personal information outside the UK to a country which is deemed not to have the same standards of data protection as the UK, we will ensure that appropriate safeguards have been implemented to protect your personal information. Such steps may include imposing contractual obligations on third parties to adequately protect your personal information. 

6. What are your rights in relation to your personal information?

The rights that you have over your personal information are described below. If you make a rights request, we’ll either do what you’ve asked, or explain why we can’t - usually for legal or regulatory reasons. In some circumstances exercising some of these rights may mean that we are unable to continue providing you with the App.  

We may ask you for information to confirm your identity. 

Within the App, AXA Health collects limited personal information about you because the App acts only as a gateway/access point to services provided by Spectrum.Life, or as signposting to sites outside the App.  

For rights requests relating to the use of EAP, Events, Learn, Health coaching, Mental Wellbeing coaching, Cancer coaching, Health assessments (Know your numbers, glucose and cholesterol, wellbeing consultation, DIY checkpoint) and Health score within the App, please consult https://app.spectrum.life/privacy-policy 

For rights requests relating to the use of services accessed via external sites, please consult the relevant third-party provider’s privacy policy.  

For rights requests relating to the use of AXA Health services accessed via AXA Health sites external to the App, please click the privacy policy links on those sites to access relevant privacy information.   

The right to access your personal information

You are entitled to a copy of the personal information we hold about you and information about how we use it. Please email data.protection@axahealth.co.uk with the subject line: AXA Health App - Data Subject Access Request.  

The right to rectification

We take steps to ensure that the personal information we hold about you is accurate and to the extent necessary, complete. If needed, you can update your personal information in the App in the ‘Personal Details’ page. If you can’t access the App, please email data.protection@axahealth.co.uk with the subject line: AXA Health App – Rectification Request. 

The right to erasure

You can request an account deletion from the Privacy Centre within the App and we’ll delete your account and the personal information that’s connected to your App use. If we can’t for any reason, we’ll advise you at the time. If you can’t access the App, email data.protection@axahealth.co.uk with the subject line: AXA Health App – Account Deletion. 

The right to restriction of processing

You can ask us to suspend using your personal information for a period. For example, if you need us to retain your personal information beyond our retention periods, you can ask us not to delete it. Please email data.protection@axahealth.co.uk with the subject line: AXA Health App – Restriction Request.  

The right to data portability

In certain circumstances, you have the right to the personal information that you have provided to us in a machine-readable format. Please email data.protection@axahealth.co.uk with the subject line: AXA Health App – Portability Request. 

The right to object

You can ask us to stop processing all or some of your personal information. If we are doing this for marketing purposes, we will stop in line with your request. Otherwise, depending on the (non-marketing) purpose and our legal basis for processing, we may not always be able to fulfil your request but as a first step, please email data.protection@axahealth.co.uk with the subject line: AXA Health App – Objection Request.  

The right to withdraw consent

We ask for your consent to process your personal information for certain purposes, and you can withdraw this consent at any point in the Privacy Centre. If you can’t access the App to do this, please email data.protection@axahealth.co.uk with the subject line: AXA Health App – Consent Withdrawal. 

The right to lodge a complaint:

You have the right to complain to the Information Commissioner’s Office (ICO) if you consider that we have not complied with data protection law. The ICO will usually expect you to have given us the opportunity to resolve your complaint before interceding, so please do bring any concerns to us in the first instance at data.protection@axahealth.co.uk or by using our postal address (see Section 7)More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/.