THE LEGAL STUFF

For the purposes of Data Protection Laws, Peachy is a ‘data controller’ for data that we collect from our customers. This means we are responsible for deciding the reason why we collect your information and control the processing of it.

We collect the following types of information for all the reasons outlined in What we use your information for:

‍

Personal information
This will be provided by yourself or the plan holder if you are under 18, or a spouse or partner. We will use this to contact you, identify you or manage our relationship with you. This includes:

• Contact details (e.g. name, address, email)
• Date of birth
• Your existing GP or doctor details

‍

Financial information
This will be provided by yourself, and includes:

• Payment details
• Transactions and payments made for your plan

‍

Sensitive information
This will be provided by yourself or by a third party in relation to your previous healthcare. This includes:

• Health information
• Information about pre-existing/chronic conditions

‍

Information from third-parties
This will be provided by a third-party after account registration or requested by us at any point, in relation to any screening checks to prevent dealings with sanctioned or politically exposed individuals (a regulatory requirement) and to help us provide the best service.

‍

Information from the public domain

We also aggregate public domain information on healthcare providers. This information is available to any individual with access to Peachy’s website irrespective of whether they are a customer or not.

Why we do this: The aggregation of this data is carried out in the public interest because we believe that individuals should have all the necessary information to make informed healthcare choices, especially given healthcare services are considered a critical service. In our interpretation, this meets the requirements of the Data Privacy regulation (see GDPR Art 85).

The information on the healthcare providers is provided at no cost in the public interest. Peachy does not take any responsibility for the accuracy, completeness and consistency of this data.

‍

Other information

We automatically collect and store information about your device and activities when you use our website, app or service. This information can include:

• Device data (like operating system, MAC address, IP address)  
• Preference settings: time zone, language
• Usage data: time on service or feature

We collect information from you and third parties for all the reasons outlined in What we use your information for by the following methods:

Web analytics & cookies

When you use our website we automatically send cookies to your computer from our website, and we also use tracking software such as Google Analytics. We use these cookies to improve the way our website operates and for system administration purposes. We use tracking software to build a profile of our users, enabling us to optimise our website design. Some of this data is statistical, which means we will not be able to identify you individually. For more information on cookies and tracking software please see our Cookie Policy.

Monitoring & recording conversations

We may monitor and record communications with you (via email, chat and telephone) for quality and training purposes, as well as to help us improve our products and services.

From yourself

We collect information through all your contact with us, including by:

• Email
• Chat via our website or app
• Phone
• Filling out a quote
• Social media
• Entering competitions
• Post

From other people or organisations

We will collect information from a parent or guardian if you are under 18, or from the plan holder if you are a spouse or partner. We will also collect information related to your health and healthcare you might have recevied from doctors, clinicians, hospitals, clinics and any other healthcare professionals or providers.

We will collect information from service providers that work with us in relation to your product or service that is not provided directly by us, for example the virtual GP, medical and dental treatment and virtual physio.

We may collect information from fraud-detection and credit-reference agencies, or other sources available to the public such as the edited electoral register, social media and internet searches. For more information on fraud please see Fraud prevention and detection.

We collect and process information about you that is relevant and necessary so that we can provide our products and services to you. We also collect and process any information that is required by law, or that is in our or any third parties legitimate interests. We may use your information for the following purposes:

• To provide services set out in our contract, including services powered by a third party
• To identify you and manage your account and our relationship with you
• To give you an accurate insurance quote
• To carry out customer profiling and analyse your preferences, which will allow us to customise our website, app and any applicable content so it is most relevant to you
• To carry out statistical research and analysis, which will allow us to develop, manage and improve our products and services
• To process and undertake checks to allow us to give the green light on your cover check
• To process and undertake checks to allow us to accept your claim and pay you back
• To prevent or detect fraud (further details under Fraud prevention and detection)
• To let you know about other products or services that may be of interest to you, only if you have opted in to marketing (further details under Marketing)
• To monitor our business performance and maintain appropriate company records
• To meet any regulatory and statutory obligations required or allowed by law, including laws regarding public interest
• When required, to establish, make or defend a legal claim
• To enforce or apply our terms of use, plan terms and conditions or any other contracts
• To protect our, our customers' or other peoples' rights, property or safety
• To take part in, or be the subject of any sale, purchase, merger or takeover of all or part of the Peachy business
• To provide you with news and updates from Peachy
• To process job applications and other business arrangements

In order to carry out some activities outlined in What we use your information for, we may need to share your information with third parties inside or outside the UK and EEA. This could include:

• Third-party suppliers who provide products or services on our behalf
• Accredited healthcare providers so that they can provide you treatment
• Government bodies including regulators, the police, other law-enforcement agencies and data protection supervisory authorities in order to help them perform their duties, or if we have to share your information by law or under a court order
• People or organisations we have to or are allowed to share your information with by law, including fraud-prevention companies and for safeguarding purposes
• Other partners including our insurance partners, actuaries, auditors, solicitors, tax advisers, debt collection agencies, credit reference agencies and fraud detection agencies
• Third-parties in relation to what marketing you have opted into (further details under Marketing)

We use technical and organisational measures to keep your information secure, including storing your information on a secure server, and controlling access to your account by password and username unique to you. 

We use all reasonable efforts to keep your information secure, however the use of the internet is not entirely secure so we cannot guarantee the security of any information transferred from you or to you via the internet. 

The majority of your personal data is collected and stored in the UK and EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data or to a third party where we have approved transfer mechanisms in place to protect your personal data (i.e. by entering into the European Commission's Standard Contract Clauses, or by ensuring the entity is Privacy Shield certified for transfers to US-based third parties).
If you have any particular concerns regarding this, please contact us at dpo@peachy.health

We keep your information for as long as is necessary in line with the reasons why we collected the information, which includes satisfying any regulatory or statutory requirements. In some cases we may anonymise your personal information so that it can no longer be associated with you, in which case we can use this information without notifying you.

To determine the appropriate amount of time to keep your information, we take into account the following:

1. The amount, nature and sensitivity of the information
2. The potential risk of harm from unauthorised use or disclosure of your information
3. The reasons for collecting and processing your information and whether we can achieve these reasons through other means
4. Any applicable regulatory or statutory requirements

Under certain circumstances we may need to keep your information for longer. This could be when we have a legal obligation to do so, to defend or manage legal claims or if we suspect, detect or investigate fraud or money laundering.

In circumstances where we suspect fraudulent behaviour, we will carry out checks with fraud prevention agencies and databases and conduct searches with publicly available sources of information. If we suspect fraudulent behaviour, we reserve the right not to offer you insurance, not to accept your claim and to void your Peachy plan. We will appoint fraud investigation and surveillance suppliers to investigate potentially fraudulent claims and use surveillance to assist investigations. We keep a record of individuals and associated investigations to prevent and detect future fraud or money laundering.

When we check information against fraud protection agencies and databases, we use a range of databases and agencies, which includes other insurers’ databases. If fraud is identified, your details will be passed to fraud prevention agencies, fraud databases and other insurers. Law enforcement agencies may access and use this information.

We may use the following fraud and prevention agencies and databases:

• Claims and Underwriting Exchange (CUE)
• Health Insurance Counter Fraud Group (HICFG)
• Insurance Fraud Bureau (IFB)
• Insurance Fraud Enforcement Agency (IFED)
• Insurance Fraud Investigators Group (IFIG)
• Insurance Fraud Register (IFR)
• LexisNexis
• National Crime Agency (NCA)
• National Fraud Database (CIFAS)
• National Fraud Intelligence Bureau (NFIB)
• Office of Financial Sanctions Implementation (OFSI)

We will ask you whether you would like us to send you marketing information when you complete our quote and buy process, and you can opt out at any time via our app or by contacting a member of our team at dpo@peachy.health.

We would like to use your personal information to send you marketing by e-mail or SMS related to competitions and special offers which may be of interest to you. Other businesses that we have carefully selected may also send you similar marketing messages.

Under Data Protection Laws you have the right to object to marketing, for more information please see Your rights.

Under Data Protection Laws, you have the following rights:

‍

Access
The right to request access to your personal information. This will enable you to request details and receive a copy of the personal information we hold about you, and check that we are processing it lawfully.

‍

Correction
The right to request correction or removal of inaccurate personal information.

‍

Erasure
The right to request that we delete your personal information. This enables you to request that we delete or remove your personal information where there is no good reason for us to continue storing or processing it. However, whilst we respect your right to be forgotten, we may still be required to retain some of your personal data to meet our regulatory and/or statutory obligations.

‍

Restriction of processing
The right to request that we stop processing your personal information and only store it. You can do this if you want us to establish the accuracy of your personal information or our reason for processing it.

‍

Data Portability
The right to request that we transfer your personal information to yourself, someone else or another company.

‍

Object to legitimate interest
The right to object to the processing and profiling of your personal information when we use it for legitimate interest (see What we use your information for).

‍

Object to marketing
The right to object to direct marketing at any point. You can do this via our app, by speaking to a member of our team or by requesting to be added to a marketing suppression list.

‍

Withdraw consent
The right to withdraw consent given to handle personal information. If you withdraw consent, this does not affect the lawfulness of how we stored or processed your personal information before consent withdrawal. We will let you know if we are no longer able to provide you with your chosen product or service.

‍

Automated decisions
If applicable, the right to request that an automated decision is reviewed by a human.

‍

We reserve the right to charge an administrative fee if your request concerning your rights is manifestly unfounded or excessive.
We may also contact you to ask you for further information to help us to confirm your identity, ensure your right to access your personal data or to exercise any other right in relation to your request so we can deal with it promptly.

If you have any questions about your rights to your personal data or wish to exercise your rights in relation to your personal data, please contact us at dpo@peachy.health

We have appointed a Data Protection Officer, who oversees how we handle your personal information. If you have any questions about our Privacy Policy or how we store your personal information, please contact us at dpo@peachy.health.

We reserve the right to make changes to this Privacy Policy from time to time. These changes might be necessary because of changes or developments in data protection laws, privacy best practice or the introduction of new technologies. You should check this policy for updates to ensure you are aware of the most recent Privacy Policy.