Who are we?
We are Optimal (Optimal is a trading name of HF Life Ltd). We are the Data Controller for all information collected and stored about you, unless otherwise stated in this Privacy Notice. If you have any queries or concerns about how we handle your information, or want to exercise your rights, please contact us at the contact points listed under ‘Your Rights’.
Optimal has now closed to New Business and does not offer new policies. We do still hold personal information about people covered by our existing polices, including new joiners. When your employer’s policy ends, they are likely to seek a new insurer. We have arranged that Canada Life will offer your employer terms at least as beneficial as Optimal’s. If they choose to use this insurer we will send personal information to Canada Life to enable them to produce a quote for the scheme for your employer but we anonymise any sensitive data including medical data, before doing so. We do this because it is in our legitimate interests and Canada Life’s to do so and so your employer can easily maintain your cover.
Who does this Privacy Notice apply to?
Where we use the word ‘you’ in this Privacy Notice, we mean the person who is or will be covered by our insurance policy. If you are acting on behalf of this person, then you should bring this Notice to their attention before submitting any information to us. You should only supply information to us about another person if you have their permission first. Normally we do not require information from you about other people, such as your close family members, in a way that allows them to be identified easily.
You can always view our most up-to-date Privacy Notice below or can request it by contacting us.
We will use your personal information as set out in this Privacy Notice. We will contact you if we intend to use your information for different purposes to the ones set out in this Privacy Notice.
Why do we need your information?
We process your information to:
- allow us to identify if we can cover you under one of our existing insurance policies and how much the policy is likely to cost your employer.
If you are added to one of our policies, we use your information to:
- administer your policy, including assessing any claim that might be made,
- fulfil our legal and regulatory obligations and prevent fraud.
For employer sponsored Group Life Contracts like ours, the Data Protection Act permits that members may individually withdraw their consent. Should, you do so, we will be unable to provide cover for that person.
Full details of the legal basis for using your information are below.
Optimal will not sell your information to another company or use it to market the products or services of other companies to you. We do share information with third parties for various reasons.
What information do we need to produce a quote and how do we collect it?
We collect information directly from you, your employer or your adviser. We need your date of birth, occupation, gender, salary and we may need information about your hobbies (particularly active hobbies). We may need some sensitive information from you about your current and former physical and mental health and your lifestyle e.g. how much you drink and whether you smoke. This allows us to determine if we can offer you a policy and if we can, how much it would cost. If we do not ultimately add you to your employer’s policy we will retain your information for 6 months.
What information do we sometimes need to offer particular benefits?
In certain circumstances e.g. for higher amounts of cover, we will ask you whether close family members have suffered from certain medical conditions. In certain, limited, circumstances we will ask you to tell us about genetic tests that you have taken. We will ask for details of other, similar insurance policies that you have and with your consent, for information from the other insurers about those policies. We collect this information on our paper member declaration forms or in an interview between you and our medical underwriting experts Capita MDG, and from the information you supplied to obtain a quote. Where we need to obtain further data about your lifestyle or medical history from a third party to decide the terms on which we can offer you a policy, we will contact you and ask for your specific consent to do so. e.g. sometimes, with your permission, we ask your doctor to verify or clarify what you have told us. We will share information with Gen Re who assist us in making underwriting decisions. That is decisions about what cover we can offer you/your employer and at what price.
We need your information to work out whether we can add you to your employer’s policy and at what cost. If you do not give us your information or prohibit us from collecting it, we may not be able to offer you a policy or it may cost you more than it otherwise might. We use some of your information to meet legal and regulatory obligations such as the rules relating to money laundering prevention. If, having applied for a policy, you decide not to take one out or cancel it during the cancellation period, we will keep your information for up to 3 years in line with our regulatory obligations.
What Information will we collect during your policy lifetime
In certain circumstances, we need your employer to keep us informed about your income because if your income changes, it can affect the amount of your cover.
What information do we need if a claim is made?
If a claim is made, we gather information on your dependents and people you have asked to receive the benefit and pass it to the trustees of your scheme who have the power to pay money out. We typically need your recent income and absence history, medical information, death certificate and sometimes other information like a marriage certificate, decree absolute or legal change of name document. We collect this information by asking your employer to complete a paper claims notification form.
How long do we keep, your information for?
We keep this information for up to 2 years after your policy ends as we are contractually obliged to pay claims even if we are only told about them for this long after the policy ends and to meet regulatory requirements and deal with any queries or complaints.
How do we prevent Fraud?
To prevent and detect fraud, we sometimes access publicly available information about claimants. These sources include social media and employer websites.
If fraud is suspected, we may decide to pass information to fraud prevention agencies. This activity is only undertaken after a formal review by one of our senior managers and our Data Protection Officer. It would be considered if we have reasonable grounds to suspect that false, inaccurate or inconsistent information has been given to us.
What information do we collect/obtain when you visit our website?
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to analyse aggregate information. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To recognise you when you return to our site.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.
Our cookies do not store sensitive information such as your name, address or payment details.
However, if you'd prefer to restrict, block or delete cookies you can use your browser to do this. Each browser is different, so check the 'Help' menu of your particular browser (or your mobile phone's handset manual) to learn how to change your cookie preferences.
What is a cookie?
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time.
Most Internet browsers support cookies; however, users can set their browsers to decline certain types of cookies or specific cookies. Further, users can delete cookies at any time.
Why do we use cookies?
We use cookies to learn how you interact with our content and to improve your experience when visiting our website.
Third-party cookies belong to and are managed by other parties, such as google analytics. These cookies may be required to render certain forms and so we can produce information about how people use our website to enable us to improve it.
Session Cookies
Session cookies are temporary cookies that are used to remember you during the course of your visit to the website, and they expire when you close the web browser.
Persistent Cookies
Persistent cookies are used to remember your preferences within the website and remain on your desktop or mobile device even after you close your browser or restart your computer. We use these cookies to analyse user behaviour to establish visit patterns so that we can improve our website functionality for you and others who visit our website(s).
How are third party cookies used?
For some of the functions within our websites we use third party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third party suppliers) may contain third party cookies, and we encourage you to consult the privacy policies of these third party vendors on their websites for information regarding their use of cookies.
How do I reject and delete cookies?
You can change your preferences by changing your browser settings. Please note that most browsers automatically accept cookies. Therefore, if you do not wish cookies to be used, you may need to actively delete or block the cookies.
If you reject the use of cookies, you will still be able to visit our websites but some of the functions may not work correctly. You may also visit www.allaboutcookies.org for details on how to delete or reject cookies and for further information on cookies generally. By using our website without deleting or rejecting some or all cookies, you agree that we can place those cookies that you have not deleted or rejected on your device.
Cookie
|
Description
|
Opt-Out Link/More details regarding specific privacy policy
|
Google Analytics
|
We use Google Analytics to understand how our media campaigns work and how you interact with our website in order to improve the user experience.
|
https://tools.google.com/dlpage/gaoptout
|
LinkedIn
|
The LinkedIn insight tag allows us to perform campaign reporting and unlock valuable insights about website visitors that may come via the campaigns we run on LinkedIn.
|
www.linkedin.com
|
What other Information Processing happens if you visit our offices?
In order to protect our Customers’ information, our premises and staff, we operate a CCTV system at our Head Office which covers the building, car park and an access road which is also used by the general public. We operate digital access systems which require authorised people, including visitors, to carry a digital chip to enter and move within the premises. The location of the chip can be traced by our Human Resources function so the location of staff and visitors can be identified in an emergency.
Legal Basis for using Personal Information
Why we need the Information
|
Categories of Information we process for that purpose
|
The Legal Basis for Processing
|
To provide your employer with a quote.
|
Your date of birth, occupation, income, your gender, and information about some hobbies.
Sensitive information on: your current and former physical and mental health and your lifestyle e.g. how much you drink and whether you smoke.
|
We apply an exemption for insurance purposes and/or you consent via your employer.
We will seek your consent to this processing if it is needed.
If you do not consent we can not add you to your employer’s policy.
|
To review if you can be added to an employer’s policy and at what cost.
|
Your date of birth, occupation, income your gender, and information about some hobbies. Information about other insurance policies you hold.
Sensitive information your current and former physical and mental health, your height and your lifestyle e.g. your weight, how much you drink and whether you smoke.
Limited information about, genetic test results and information about illnesses and conditions your natural parents, brothers and sisters have suffered from.
In some cases, we may need more details about medical conditions you have suffered from or treatment you have received for this purpose.
|
The processing is necessary, at your request, as a step in preparation to entering into a contract.
We apply an exemption for insurance purposes and/or you consent.
If you do not allow us to obtain this data we may not be able to add you to your employer’s policy.
|
To administer and service your employer’s policy, including resolving any complaints.
|
Your name, date of birth, your occupation and income
Sensitive information on your current and former physical and mental health, and your lifestyle e.g. your weight, how much you drink and whether you smoke.
|
Processing is necessary for the performance of a contract.
We apply an exemption for insurance purposes and/or you consent.
If you do not allow us to obtain this information we may not be able to amend your policy.
|
To assess and pay claims
|
Your name, employment details including absence and income and death certificate and information about dependents and people you have nominated to benefit in the event of your death.
Sensitive information on your physical and/or mental health.
|
Processing is necessary for the performance of a contract.
We apply an exemption for insurance purposes and/or you consent.
If you do not allow us to obtain this information we pay not be able to pay claims.
|
To prevent detect and investigate fraud
|
Your name, occupation and date of birth.
Sensitive information on your physical and/or mental health.
|
The processing is necessary for a legal obligation of an insurer.
The processing is necessary for the legitimate interests of Optimal and its customers in preventing fraud.
And for sensitive information
Preventing Fraud is necessary for reasons of substantial public interest.
|
To run Optimal’s business efficiently and in line with legal and regulatory obligations.
e.g. Running effective, compliance monitoring, Internal and audit functions, and supply information to external auditors.
keeping accounting records, receiving professional advice (e.g. Legal advice.) and managing risk so we can make sure we have money available to pay claims.
|
Your date of birth, occupation, income your gender, and information about some hobbies. Information about other insurance policies you hold.
Sensitive information on your current and former physical and mental health, your height and your lifestyle e.g. your weight, how much you drink and whether you smoke.
Limited information about, genetic test results and information about illnesses and conditions your natural parents, brothers and sisters have suffered from.
|
Processing fulfils legal obligations to have robust, controls, Compliance and Internal Audit functions and to manage all risks so we can ensure we have enough money to pay claims now and in the future.
Our legitimate interests in understanding customer behaviour and claims rates etc. so we can run Optimal effectively.
Sensitive information: We apply an exemption for insurance purposes.
|
To keep our staff, premises and personal data safe.
|
Car registration number. Images of visitors from CCTV, information about where visitors have gone within our premises
|
The Processing is necessary for the purposes of meeting a legal obligation, to keep personal data safe and, we have a legitimate business interest in protecting our staff, premises and data.
|
Who Do we share your information with?
Our Data Processors
From time to time, we appoint third parties to support us in supplying services to you. Where these third parties need to access your information or process it to do their jobs, but we remain responsible to you for how they do this they are called Data Processors. We have contracts in place with all of our Data Processors which prohibit them doing anything with your information unless we have instructed them to do it, or explicitly allowed them to do it. They will not share your personal information with any organization apart from us without our agreement, unless they are legally obliged to do so e.g. if they suspect money laundering. They will hold your information securely and retain it for the period we instruct, in line with this Privacy Notice.
None of our Data Processors are allowed to send your personal information outside the European Economic Area without our express permission. If any of our Data Processors ask our permission, we will insist they take the steps to protect your information before agreeing to their request.
We may appoint new third parties from time to time and will update our Privacy Notice when we do.
Table of Data Processors:
Name/Category of Recipient
|
Processing undertaken
|
Information They Receive
|
RHM Telecommunications
|
Storage of Telephone calls
|
Any information you discuss with us in a recorded telephone call which can include sensitive information about your health e.g. when we are working out the terms we can offer you a policy or when you are making a claim.
|
Medicals Direct Screenings Ltd
|
Interviewing
|
Sensitive information provided by you about your current and former physical and mental health, your lifestyle and illnesses of close family members you disclose.
|
OAC plc.
|
Actuarial support including setting prices, assessing risks, measuring claims experience and capital management
|
All information relating to quotes, policy applications, policies and claims. Often such data is aggregated and/or anonymised. e.g. names are not routinely included.
|
Printwaste Recycling & Shredding
|
Confidential and Non Confidential waste collection and destruction.
|
Confidential and non- confidential waste created at our office.
|
Fraud Prevention Agencies and investigators.
|
Identification of people who may be likely to undertake fraud.
|
Typically name, age and occupation. Sensitive information about injuries and illnesses may be shared where necessary.
|
Other Recipients
We disclose personal information to other third parties where we are required or permitted to do so by law or regulation, where it is necessary to pay out benefits or where you give your consent. We also share information where it is required for a new insurer to provide a quote for providing your employer’s scheme in future. Once we have done so, these third parties become responsible for your information and become Data Controllers in their own right.
Category/Name of Recipient
|
Why do we share data and what data might we share
|
Where to find more information
|
Trustees of your employers scheme
|
They decide who should receive money if you die taking into account your wishes. Including information on a form expressing your wishes, marriage certificate, information about your dependents and your will.
|
Your HR team can give you information about who the trustees are for your scheme or you can contact Optimal at the contact points below.
|
Regulated Insurance Intermediaries
|
So your insurance intermediary can act for you in arranging or servicing the policy and meet their regulatory obligations.
|
Your adviser can give you information about their own privacy notice.
|
Financial Conduct Authority
|
We are required by law to share data with our regulator at their request.
|
https://www.fca.org.uk/privacy
|
Prudential Regulation Authority
|
We are required by law to share data with our regulator at their request.
|
https://www.bankofengland.co.uk/education/~/link.aspx?_id=77B66E2403FE498AA052878683ACC069&_z=z
|
Financial Ombudsman Service
|
At your request, the ombudsman will consider a complaint you make to him about us if we have not been able to resolve it to your satisfaction.
|
http://www.financial-ombudsman.org.uk/help/privacy_statement.html
|
Information Commissioner’s Office
|
At your request, the Information Commissioner’s Office, will consider a complaint you make to him about us if we have not been able to resolve it to your satisfaction.
|
https://ico.org.uk/global/privacy-notice/
|
The police, HMRC and other crime prevention agencies
|
Where they request information to prevent or detect crime e.g. where they have a court order or where we reasonably suspect a crime may have been committed.
|
Police or HMRC Websites
|
Ernst and Young LLP
|
So they can act as our Internal Auditor. All information relating to quotes, policy applications, policies and claims, where relevant to an audit they are undertaking.
|
www.ey.com/uk/en/home/privacy-policy
|
PricewaterhouseCoopers
|
So they can act as our external Auditor. External Auditors have to be given access to all information on request to perform their role
|
https://www.pwc.com/gx/en/site-information.html
|
Gen Re
|
Reinsuring of the insurance risks we take on to allow effective capital management and to assess as to whether Optimal should offer terms
|
https://www.genre.com/aboutus/privacyatgenre/#tab=1
|
Canada Life
|
So they can set up a new policy for you and your employer following the closure of Optimal to new business to ensure that you have continuous cover
|
https://www.canadalife.co.uk/data-protection-notice
|
Your Rights
You have the right to:
- access your information and some details of how we use it such as the purpose of the processing, the categories of information that we hold, to whom it has been disclosed and how long it will be stored. We do not normally make a charge for supplying this information. We will agree with you how to securely provide access to your information, in writing or by electronic means, where this is possible.
- data portability. For some information, typically the personal information you supplied to us,you have the right to ask that we send it to a third party you have chosen.The third party will then become responsible for looking after it.
- rectification. We try and keep the personal information we have about you up to date and accurate. However, if it is not correct or in incomplete, you can ask us to correct it or add other information to it.
- erasure. This has sometimes been called ‘the right to be forgotten’ in the press. You can ask us to delete some of the your information if you think we no longer need it for the purpose for which we collected it or where we are only processing it with your consent and you wish to withdraw consent. There may be reasons why we cannot delete your information e.g. if we are obliged to keep it for legal or regulatory reasons. Where this is the case we will tell you, and indicate how long we need to keep it.
- restriction of processing. You can ask us to stop processing your information in certain situations e.g. if you are concerned your information is inaccurate and you want us to verify it or you don’t think we have the right or need to process it, but don’t want us to delete it.
- Right not to be subject to automated decision making. Currently Optimal do not have any automated decision making. You have the right to object to automatic decisions.
You also have the right to ask us to stop sending you marketing messages. We do not currently do this.
You have the right to make a complaint to the Information Commissioner’s Office (ICO at any time about the way we use your personal information. More information can be found at the ICO’s website https://ico.org.uk. ). The ICO is the supervisory authority for data protection matters for Data Controllers based in the UK.
If you want to exercise any of these rights, complain to us or ask us questions please email us at Dataprotectionofficer@holloway.co.uk or write to us at:
Data Protection Officer
Holloway House
71 Eastgate Street
Gloucester
GL1 1PW
Changes to this privacy notice
This privacy notice was last updated on 24 May 2018.