Love a good document? Check out our jargon-free policies below
ICO Registration Number: ZB008024
Last Updated: 11th August 2023
For the purposes of Data Protection Laws, Peachy is a ‘data controller’ for data that we collect from our customers. This means we are responsible for deciding the reason why we collect your information and control the processing of it.
We collect the following types of information for all the reasons outlined in What we use your information for:
This will be provided by yourself or the plan holder if you are under 18, or a spouse or partner. We will use this to contact you, identify you or manage our relationship with you. This includes:
This will be provided by yourself, and includes:
This will be provided by yourself or by a third party in relation to your previous healthcare. This includes:
Information from third-parties
This will be provided by a third-party after account registration or requested by us at any point, in relation to any screening checks to prevent dealings with sanctioned or politically exposed individuals (a regulatory requirement) and to help us provide the best service.
Information from the public domain
We also aggregate public domain information on healthcare providers. This information is available to any individual with access to Peachy’s website irrespective of whether they are a customer or not.
Why we do this: The aggregation of this data is carried out in the public interest because we believe that individuals should have all the necessary information to make informed healthcare choices, especially given healthcare services are considered a critical service. In our interpretation, this meets the requirements of the Data Privacy regulation (see GDPR Art 85).
The information on the healthcare providers is provided at no cost in the public interest. Peachy does not take any responsibility for the accuracy, completeness and consistency of this data.
We automatically collect and store information about your device and activities when you use our website, app or service. This information can include:
We collect information from you and third parties for all the reasons outlined in What we use your information for by the following methods:
Web analytics & cookies
Monitoring & recording conversations
We may monitor and record communications with you (via email, chat and telephone) for quality and training purposes, as well as to help us improve our products and services.
We collect information through all your contact with us, including by:
From other people or organisations
We will collect information from a parent or guardian if you are under 18, or from the plan holder if you are a spouse or partner. We will also collect information related to your health and healthcare you might have recevied from doctors, clinicians, hospitals, clinics and any other healthcare professionals or providers.
We will collect information from service providers that work with us in relation to your product or service that is not provided directly by us, for example the virtual GP, medical and dental treatment and virtual physio.
We may collect information from fraud-detection and credit-reference agencies, or other sources available to the public such as the edited electoral register, social media and internet searches. For more information on fraud please see Fraud prevention and detection.
We collect and process information about you that is relevant and necessary so that we can provide our products and services to you. We also collect and process any information that is required by law, or that is in our or any third parties legitimate interests. We may use your information for the following purposes:
In order to carry out some activities outlined in What we use your information for, we may need to share your information with third parties inside or outside the UK and EEA. This could include:
We use technical and organisational measures to keep your information secure, including storing your information on a secure server, and controlling access to your account by password and username unique to you.
We use all reasonable efforts to keep your information secure, however the use of the internet is not entirely secure so we cannot guarantee the security of any information transferred from you or to you via the internet.
The majority of your personal data is collected and stored in the UK and EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data or to a third party where we have approved transfer mechanisms in place to protect your personal data (i.e. by entering into the European Commission's Standard Contract Clauses, or by ensuring the entity is Privacy Shield certified for transfers to US-based third parties).
If you have any particular concerns regarding this, please contact us at firstname.lastname@example.org
We keep your information for as long as is necessary in line with the reasons why we collected the information, which includes satisfying any regulatory or statutory requirements. In some cases we may anonymise your personal information so that it can no longer be associated with you, in which case we can use this information without notifying you.
To determine the appropriate amount of time to keep your information, we take into account the following:
Under certain circumstances we may need to keep your information for longer. This could be when we have a legal obligation to do so, to defend or manage legal claims or if we suspect, detect or investigate fraud or money laundering.
We do not use automated decision making.
In circumstances where we suspect fraudulent behaviour, we will carry out checks with fraud prevention agencies and databases and conduct searches with publicly available sources of information. If we suspect fraudulent behaviour, we reserve the right not to offer you insurance, not to accept your claim and to void your Peachy plan. We will appoint fraud investigation and surveillance suppliers to investigate potentially fraudulent claims and use surveillance to assist investigations. We keep a record of individuals and associated investigations to prevent and detect future fraud or money laundering.
When we check information against fraud protection agencies and databases, we use a range of databases and agencies, which includes other insurers’ databases. If fraud is identified, your details will be passed to fraud prevention agencies, fraud databases and other insurers. Law enforcement agencies may access and use this information.
We may use the following fraud and prevention agencies and databases:
We will ask you whether you would like us to send you marketing information when you complete our quote and buy process, and you can opt out at any time via our app or by contacting a member of our team at email@example.com.
We would like to use your personal information to send you marketing by e-mail or SMS related to competitions and special offers which may be of interest to you. Other businesses that we have carefully selected may also send you similar marketing messages.
Under Data Protection Laws you have the right to object to marketing, for more information please see Your rights.
Under Data Protection Laws, you have the following rights:
The right to request access to your personal information. This will enable you to request details and receive a copy of the personal information we hold about you, and check that we are processing it lawfully.
The right to request correction or removal of inaccurate personal information.
The right to request that we delete your personal information. This enables you to request that we delete or remove your personal information where there is no good reason for us to continue storing or processing it. However, whilst we respect your right to be forgotten, we may still be required to retain some of your personal data to meet our regulatory and/or statutory obligations.
Restriction of processing
The right to request that we stop processing your personal information and only store it. You can do this if you want us to establish the accuracy of your personal information or our reason for processing it.
The right to request that we transfer your personal information to yourself, someone else or another company.
Object to legitimate interest
The right to object to the processing and profiling of your personal information when we use it for legitimate interest (see What we use your information for).
Object to marketing
The right to object to direct marketing at any point. You can do this via our app, by speaking to a member of our team or by requesting to be added to a marketing suppression list.
The right to withdraw consent given to handle personal information. If you withdraw consent, this does not affect the lawfulness of how we stored or processed your personal information before consent withdrawal. We will let you know if we are no longer able to provide you with your chosen product or service.
If applicable, the right to request that an automated decision is reviewed by a human.
We reserve the right to charge an administrative fee if your request concerning your rights is manifestly unfounded or excessive.
We may also contact you to ask you for further information to help us to confirm your identity, ensure your right to access your personal data or to exercise any other right in relation to your request so we can deal with it promptly.
If you have any questions about your rights to your personal data or wish to exercise your rights in relation to your personal data, please contact us at firstname.lastname@example.org
Peachy is the trading name of Hlthie Ltd, which is authorised and regulated by the Financial Conduct Authority (firm reference number 967392)
Hlthie Ltd is incorporated in England and Wales (company number: 12091384)
Our registered address is 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ