UnitedHealthcare Global Medical Services (UK) Limited all trading as UnitedHealthcare Global Medical Services, and its subsidiaries and affiliated companies (collectively, the “Company”, “We”, or “Us”) strives to properly address applicable data protection requirements.
This Privacy Notice (“Notice”) provides the individuals who receive our services, including but not limited to, Patients including employees and sub-contractors of clients, Clients, Prospective Clients and Suppliers (collectively, “Business Partners’’) with certain important information about how the Company handles your Personal Data. UnitedHealthcare Global Medical Services (UK) Limited trading as UnitedHealthcare Global Services is the primary data controller for processing of Personal Data.
Types of data processed for patients
Personal Data processed includes the following types of data:
- Date of Birth
- Home Address
- Assignment Address
- Email Address
- Telephone Number (landline and mobile)
- Employment Details
- Work Permit
- Visa Details
- Passport Number
- Marital Status
- Health Data
- IP Address
Types of data processed for business partners
- Postal Address
- Email Address
- Telephone Number (landline and/or mobile)
- Banking Data
Purpose of data processing, legal bases, and disclosures of personal data
The Company will use and otherwise process Personal Data:
- of Patients in order to assess your health as well as diagnose, provide treatment and drugs to you as well as in some cases, evacuate you from your place of work to a more appropriate medical centre to receive care for your condition. We may share your data with a third-party medical provider, and we may provide occupational health assessments and/or fitness for work recommendations to your employer or a third party acting on their behalf. We may also use data to develop reports (including anonymising your personal information); to communicate with you, including information about the quality of our services; and to conduct analysis on our operations.
- of Business Partners to provide our Services to you or to consider doing so for you and your employees and sub-contractors. Additionally, we will use and otherwise process Personal Data to manage our relationship with you, including communicating with you about our services and satisfaction with such services. We will process your Personal Data to deliver or request the delivery of services, and to manage and administer our contract with your company.
- For Patients, the Company’s legal basis to process Personal Data is necessary for: preventive or occupational medicine, the assessment of the working capacity of employees, medical diagnosis, provision of healthcare or treatment; or in order to protect the vital interests of the data subject or other natural person. Where we require explicit consent, we will let you know. Additionally, it is in the Company's legitimate interest as described above to carry out our services. Any consent you provide can subsequently be withdrawn at any time by contacting us at the address listed below in the “Contact Information” section without affecting the lawfulness of processing based on consent before its withdrawal.
- For Business Partners, the Company’s legal basis to process Personal Data is necessary to perform activities in the Company’s legitimate interest as described above to carry out our services. Where we require explicit consent, we will let you know. Any consent you provide can subsequently be withdrawn at any time by contacting us at the address listed below in the “Contact Information” section without affecting the lawfulness of processing based on consent before its withdrawal.
Disclosures of Personal Data
We may not be able to provide some of our services to you without your Personal Data. We may therefore require you to provide us with Personal Data for processing as described above as a prerequisite to providing certain services.
- If we are providing services to you as a Patient, we may share your personal data with authorised third-party suppliers such as service providers, medical clinics, hospitals and other medical facilities, assistance providers, sub-contractors and third-party administrators.
- If we are providing services to you as a Business Partner, we may share your personal data with authorised third-party suppliers such as sub-contractors and third-party administrators in order to fulfill our contractual obligations. Some of these authorised third-party suppliers may be located outside of the EEA, including in countries that may not provide the same level of data protection as your home country. The Company takes appropriate steps to ensure that such personnel and third-party suppliers are bound to duties of confidentiality and the Company implements measures such as standard data protection contractual clauses to ensure that any transferred Personal Data, remains protected and secure. A copy of these clauses can be obtained by contacting us at the address listed below in the “Contact Information” section.
Retention of Personal Data
Personal Data will be retained only for so long as reasonably necessary for the purposes set out above, in accordance with applicable laws.
Data Security and Data Integrity
The Company maintains reasonable security measures to safeguard Personal Data from loss, interference, misuse, unauthorised access, disclosure, alteration or destruction. The Company also maintains reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete and current.
You may contact us, at the address listed below in the “Contact Information” section, to request access to the Personal Data we hold about you, to correct any errors, or to request deletion of this data or to withdraw consent to the processing of Personal Data, in accordance with applicable law.
The Company may be unable to comply with a data deletion request where doing so would place us in breach of our obligations under applicable laws, regulation or codes of practice. However, in some circumstances, you may be able to request that your data be blocked from further processing. You may also have a right to data portability to another Data Controller under certain circumstances. Where we rely on consent to process Personal Data, your consent may be withdrawn at any time, although the withdrawal may impact or disrupt the services we provide.
If you are aware of changes or inaccuracies in your Personal Data, you should inform us of such changes so that the Personal Data may be updated or corrected.
You may lodge a complaint with a supervisory authority if you consider that the Company’s processing of your Personal Data infringes applicable law.
Disclosures Required or Permitted by Law
Regardless of any other provisions in this Notice, the Company may disclose or otherwise process Personal Data in the context of any sale or transaction involving all or a portion of the business, or as may be required or permitted by law or required for the purposes of any regulatory audit to which the Company may be subject from time to time.
You can raise any issues regarding the processing of your Personal Data by contacting:
UnitedHealthcare Global Medical Services (UK) Limited
In addition, you can contact our Data Protection Officer at any time at:
We reserve the right to amend this privacy statement at any time; you should regularly check this privacy statement for any amendments.
Last updated: October 2 2020