Freedom Health Insurance Privacy Policy
At Freedom Health Insurance (‘Freedom’), we take your privacy very seriously. We promise all personal information we receive will be treated as strictly confidential, kept secure, and will only be processed for lawful purposes in line with current data protection legislation and the detail provided in this privacy notice.
Occasionally we may need to update our privacy policy and so it is valid for a period of one day from the date you have viewed it. You should check the Freedom website from time to time to see our most up to date privacy policy.
This privacy notice was last updated in June 2024. You can download a PDF version here.
To view our Cookie Policy, please click here.
1. Who are we?
Freedom Health Insurance is a trading name of Freedom Healthnet Ltd which is authorised and regulated by the Financial Conduct Authority (‘FCA’) with the registration number 312282. Its registered address is County Gates House, 300 Poole Road, Poole BH12 1AZ, and its company registration number is 04815524.
Freedom Healthnet Ltd is registered as a data controller on the Data Protection Register held by the Information Commissioner’s Office (‘ICO’) with the registration number Z8298765.
2. Where do we collect personal information from?
2.1 Information you give us
We collect personal information directly from you when you:
- ask for a quote.
- take out a Freedom policy (you may be asked to complete an application form).
- make a claim.
- make a complaint.
- use the ‘contact us’ form, online chat facility, or virtual assistance facility on our website.
- complete a feedback form or customer survey.
- leave comments on a web-based review forum such as Google reviews or Trustpilot.
- contact us by *phone, fax, email, or post to make a general enquiry or discuss your policy or claim. (*Phone calls may be recorded, and this may include logging the phone number, date, time, and duration of the call.)
If you give us personal information about another person who is to be included on your policy, you should only do so if you have their consent and you should make this privacy policy available to any person who is included on your policy who has given you consent to act for them.
2.2 Information we collect about you
We collect personal information from several external sources including:
- the main policyholder or member under whose policy you are covered.
- social media or other insurance companies if we are investigating fraud.
other third parties such as:
- any broker appointed by the policyholder.
- a family member or other representative if you are unable to provide information relevant to your policy.
- medical professionals and hospitals.
- aggregators (such as price comparison websites).
- third parties who help us in investigating fraud, including obtaining information data from anti-fraud databases and other similar agencies.
- third parties who help us check we can make a claim payment.
- companies who provide consumer classification for marketing purposes.
The personal information we collect, and where we collect it from, will depend on our relationship with you and the services we provide.
2.3 Non personal information we collect
Technical, usage, and profile information which tells us how people are using our website may be automatically collected and aggregated by website analytics providers. This is done anonymously, and we cannot identify you personally. We call this ‘non-personal information’. We gather non-personal information from devices you use to connect to our website, such as computers and mobile phones, using cookies and other internet tracking software.
Non-personal information may be used to learn about online behaviour which helps us improve our website and marketing messages and provide a better brand experience. We may share non-personal information with third parties for research or statistical purposes but only when there is a legal data sharing agreement which clearly stipulates an agreed, limited purpose and which precludes any use for commercial gain.
3. What information do we collect?
The information we collect depends on the product or service you are interested in. For example, if you ask us for a quote, we will ask you for identity and contact information. If you take out a policy, we will ask for financial information so we can collect premiums.
In certain circumstances we may ask for more sensitive personal information about you such as information about your physical or mental health so we can provide a more personal quote, administer your policy, or process your claim. This is called ‘special category’ information.
We may also hold other personal information which relates to the way you use our website or engage with us even if you do not hold a policy.
Please see below for a more detailed summary of personal information we may collect.
| Type of personal information | Description (including but not limited to) |
| Identity | Name, address, date of birth |
| Marital status | Single, married, family, single parent family |
| Contact | Phone number(s), email address |
| Financial | Bank account, credit card or debit card details |
| Lifestyle | Occupation, smoking and drinking habits, sports activities |
| Special category | Information about physical and mental health |
| Technical | IP address, browser, operating system, network, device(s) |
| Usage | Pages visited, exit page, time spent, number of visits, searches carried out |
| Profile | Age group, gender, language, location |
| Marketing | Cookies, marketing preferences |
4. How do we use personal information?
The main reason we collect personal information is so we can provide you with the health insurance cover you have bought or has been bought for you (for example, by your employer) and to make sure we administer it correctly and efficiently. However, there are other reasons why we use personal information.
4.1 The legal basis for processing personal information
Your privacy is protected by data protection law which says we are only allowed to use personal information if we have a legal basis for doing so. We have explained below the main reasons why we process personal information and the legal basis we rely on according to current data protection law.
| Legal basis | What this means |
| Consent | We will process personal information if you have given us permission. We do not always need consent to process personal information if another legal basis applies. |
| Contract | We will process personal information If you have a contract with us and we need to process personal information to fulfil the contract. For example, if you ask us for a quote, we need to process your personal information to provide you with the quote. |
| Legal obligations | We will process personal information if we must do so by law. For example, the Financial Conduct Authority and the Information Commissioner's Office require us to keep customer records. |
| Legitimate interests | We will process personal information if we have a legitimate business need to do so, it does not interfere with your information rights and freedoms, and it does not cause you any harm. See paragraph 4.2 below for further information. |
4.2 Legitimate interests
We process personal information for a number of legitimate business needs, including managing all aspects of our relationship with our customers, such as administering policies and handling claims, to help us improve our services and products, and to meet our legal and regulatory obligations.
‘Legitimate interests’ is one of the legal reasons why we may process personal information provided we consider our customers’ interests, rights, and freedoms, and do not use personal information in a way a customer would not reasonably expect us to use it or is likely to cause them harm.
4.3 The legal basis for processing special category information
As well as processing personal information, we also process special category information about your physical and mental health. We have explained below the main reasons why we process special category information and the legal basis we rely on according to current data protection legislation.
| Legal basis | What this means |
| Consent | We will process special category information if you have given us permission. We do not always need consent to process special category information if another legal basis applies, but if we need your consent, we will tell you why. You have the choice to not give consent if you wish but this may mean we cannot provide the relevant product or service. |
| Vital interests | We will process special category information to protect your vital interests if you are physically or legally incapable of giving consent. For example, if we need to discuss medical treatment with a doctor to provide cover in an urgent or emergency situation and you are not able to give consent. |
| Made public | We will process special category data if it has been made public by you. |
| Legal claims | We will process special category information if it is necessary to establish, exercise, or defend a legal claim. |
| Public interest | We will process special category information if it is in the public interest and in line with any other laws which apply. For example:
|
4.4 Typical uses of personal and special category information
| What we use personal information for | Personal information we process may include, but not be limited, to | Legal basis for processing personal information |
| Providing you with a health insurance quote and, if you ask us to, an indication of medical underwriting terms if you want to transfer your policy to us from another insurer. | Identity, marital status, contact, lifestyle and special category information. |
It is necessary to use personal information to provide a quote. Use of special category information is needed for insurance purposes so we can arrange an insurance contract. |
|
Asking an advisor from our sister company, UK Health insurance, to contact you about your quote. We will not do this if another broker arranges the quote for you. |
Identity and contact information. | By using our website to get a quote, you consent to being contacted by an advisor from UK Health Insurance to discuss your quote. |
| Providing your broker with a health insurance quote for you, and, if they ask us to, an indication of medical underwriting terms if you want to transfer your policy to us from another insurer. | Identity, marital status, lifestyle and special category information. |
Use of personal information is necessary as we have a legitimate business need to provide the quotation to your broker as efficiently as possible. Use of special category information is needed for insurance purposes so your broker can advise on and arrange an insurance contract. |
Registering and administering your policy including, but not limited to:
|
Identity, contact, lifestyle, financial and special category information. |
Use of personal information is necessary as we have a legitimate business need to administer a policy as efficiently as possible. We have a legal obligation to make sure the policy is lawful and to send you information about your policy promptly. Use of special category information is necessary for insurance purposes and for administration of a policy unless we need your consent. In some circumstances, if you do not provide consent, we may not be able to administer your policy. We can make changes to comply with our regulatory obligations, respond to fraud investigations, carry out the instructions of the insurer or as part of our product and business development. |
|
Administering claims made under your policy including, but not limited to:
If you are part of a group scheme, we may include details of claims paid in anonymised statistical reports sent to the group secretary and any appointed broker. |
Identity, contact, lifestyle, and special category information.. |
Use of personal information is necessary as we have a legitimate business need to administer a claim as efficiently as possible. We have a legal obligation to handle claims fairly. Use of special category information is necessary for insurance purposes and for administration of a claim made under a policy unless we need your consent, or we are acting in your vital interests when responding to a call. In some circumstances, if you do not provide consent, we may not be able to administer your claim. |
| Providing other services such as access to an online General Practitioner through a third party. | Identity information. |
Use of personal information is necessary as we have a legitimate business need to administer a policy as efficiently as possible and make sure you can access all services which we make available to you. The information provided to the third party will be no more than that which is sufficient for them to confirm your entitlement to use the service being provided. |
| Debt recovery where premiums have not been paid and we have made reasonable efforts to collect them from the policyholder. | Identity, contact and financial information. | We have a legitimate business need to use personal information to recover debts which are due to us. |
| Investigating and responding to complaints. | Identity, contact, lifestyle, financial and special category information. |
Use of personal information is necessary as we have a legal obligation to investigate complaints.
|
| Detecting, investigating, reporting, and seeking to prevent financial crime. | Identity, contact, lifestyle, financial and special category information. |
Use of personal information is necessary as we have a legitimate business need to detect, investigate, report, and prevent fraud. Use of special category information is necessary for reasons of public interest to prevent or detect unlawful acts. |
| Providing improved customer service quality, training and security (for example, by reviewing recorded phone calls) | Identity, contact, lifestyle, financial and special category information. |
Use of personal information is necessary as we have a legitimate business need to continually review our service as part of our ongoing programme of service improvement. Use of special category information is necessary for insurance purposes and the administration of a policy unless you have provided consent, or we are acting in your vital interests when responding to a call. |
| Complying with all our regulatory and legal obligations. | Identity, contact, lifestyle, and financial information. |
Use of personal information is necessary to comply with all our legal and regulatory obligations.
|
| For research and analytical purposes and to improve our website, products and services, marketing, customer relationships and experiences | Identity, contact, technical, usage and profile information. | We have a legitimate business need to use personal information to improve our customer service and experience, help define types of customers interested in our products and services, keep our website updated and relevant, develop our business, and inform our marketing strategy. |
|
For our own management information purposes which enables us to run the business in an efficient and proper way. This includes, but is not limited to:
|
Identity, contact, lifestyle, financial, special category and technical information. |
Use of personal information is necessary as we have a legitimate business need in understanding, monitoring and developing the performance of the business, keeping records and protecting our systems. We also have a legal obligation to run the business with integrity, skill, care, and diligence, to observe market conduct, and to maintain adequate financial resources. Use of special category information is necessary for insurance purposes and the administration of a policy. |
| Making suggestions and recommendations to you as a personal customer about other health insurance products and services which may be of interest. | Identity, contact and marketing information. | We will only use personal information if we have your consent. |
5. Who do we share information with?
We will not sell, distribute, or lease personal information to third parties or any other organisations to use for their own commercial purposes unless we have your permission or are required to do so by law.
To provide our products and services, personal information may be shared with third parties who, for example, help in our business administration or the prevention and detection of fraud. These third parties might include:
a) UK Health Insurance (‘UKHI’), a trading name of Healthnet Services Limited which is authorised and regulated by the Financial Services Authority, registration number 312313. UKHI is an independent specialist health insurance broker who can advise on the most suitable product for your health insurance needs. If you get a quote directly from us, we will ask an advisor from UKHI to contact you about it. We will not do this if another broker arranges the quote for you.
b) A relative or guardian acting on your behalf where you are incapacitated or unable to act for yourself, or other people or organisations associated with you such as your broker or lawyer.
c) A named alternative contact (such as a relative or advisor) who you have appointed to speak to us on your behalf and is authorised, by you, to discuss all aspects of your policy with us including claims and cancellation and can make changes on your behalf.
d) Organisations we use to conduct customer satisfaction surveys or send out information about changes to Freedom products on our behalf. For example, we use an email platform called Force 24 to send information to all our policyholders at the same time.
e) Organisations we use to help us administer policies and claims effectively and as cost-efficiently as possible.
f) A medical professional involved in your treatment.
g) A hospital administrator needing a guarantee of payment or an authorisation code.
h) A broker appointed by, and acting on behalf of, the policyholder.
i) The underwriter and the reinsurer who provides your insurance cover.
j) Suppliers and providers of goods or services we make available to you.
k) Regulatory bodies such as the Financial Conduct Authority or the Information Commissioner’s Office.
l) The Financial Ombudsman Service if a complaint is made through it.
m) Central and local Government (for example, if they are investigating fraud or because we need to contact them about international sanctions).
n) Other insurance companies, NHS fraud teams, the General Medical Council, the police and any law enforcement agencies and organisations which keep anti-fraud databases where necessary for the prevention or detection of crime.
o) Other insurance companies to whom the policyholder has authorised the transfer of your cover from us and require personal information from us to facilitate an efficient transfer with minimal delay.
The extent of personal information we provide will be limited to that which is necessary for the third party to carry out its purpose and we will not pass personal information, including special category information, to any third party if it is not needed.
We will not pass personal information, including special category information, to a third party who has been appointed by you if we do not believe it is in your best interests without checking with you first.
We will also provide personal information to third parties:
a.) if we sell or buy any business or assets, in which case we will only provide information which is needed as part of the sale or purchase.
b) if the assets of Freedom, either in whole or in part, are acquired by a third party, in which case information held by Freedom will be transferred, as an asset, to the third-party purchaser.
c) if we are under a legal duty to disclose or share information to comply with legal or regulatory obligations, to enforce any agreements governing the terms of use of our service or any other agreements with any other supplier, or to protect the rights, property, or safety of Freedom, our customers, employees or others.
6. How do we process your information?
Steps are taken to ensure the personal information we hold is correct, kept up to date and not kept for longer than is necessary. Measures are taken to safeguard against unauthorised or unlawful processing and accidental loss or destruction or damage to the personal information.
From time to time, it may be necessary to process personal information outside of the United Kingdom (UK) – for example, if we need to place a guarantee of payment with an overseas hospital. We will only transfer personal information to another country outside the UK for which the UK regulator has granted an ‘adequacy decision’ (such as those within the European Economic Area) where there are sufficient regulations in place for the protection of personal information.
If we need to transfer personal information outside the EEA, we will only do so if we have taken steps to make sure it is protected. This may include placing the party we are transferring the personal information to under contractual obligations to protect it to adequate standards and performing risk assessments of those transfers.
7. Cookies
Cookies are files holding small amounts of information which are downloaded to the device you use when you visit a website. Cookies are then sent back to the originating website on each later visit, or to another website which recognises the cookie. Cookies do lots of different and useful jobs, such as remembering your preferences and generally improving your online experience.
We never store personal information in cookies. If you want to block cookies, you can turn them off in your browser settings, but the quality of your online experience will be reduced.
8. How long do we keep personal information for?
We only keep personal information for as long as it is reasonably necessary, but it will depend on what information we hold, why we hold it, and what our wider regulatory obligations are.
We typically keep information provided in quotes (where no policy is bought) for no more than three months after the quote expires and information provided in respect of a policy and claim for no more than two years after a policy is cancelled. Medical notes not related to an ongoing claim or policy will not be kept for longer than twelve months.
If there is a dispute or legal action, or there are extenuating circumstances, we may have to keep personal information for longer.
9. What are your rights?
You have a number of rights in respect of the way we process your personal information which are outlined below. If we cannot do what you ask, we will explain why – it is usually because of a legal or regulatory issue.
9.1 The right to access your personal information
You are entitled to a copy of the personal information we hold about you and certain details of how we use it. There will not usually be a charge for sending you this information which will be sent to you electronically. If this is not possible, we will provide the personal information in writing. Telephone calls will always be provided in the form of audio recordings – we do not provide transcripts.
9.2 The right to rectification
We take reasonable steps to make sure personal information we hold is correct and complete. However, if you believe the information we hold about you is factually incorrect, you can ask us to amend it.
9.3 The right to erasure
In certain circumstances, you can ask us to erase your personal information – for example if it is no longer needed or if you withdraw your consent. However, this must be balanced against the consequences of erasure and there may be legal reasons why we cannot comply.
9.4 Right to restriction of processing
In certain circumstances, you can ask us to stop using your personal information – for example if you think the personal information we hold may be inaccurate or we no longer need to process it.
9.5 Right to data portability
In certain circumstances, you can ask us to transfer personal information you have provided to us to another third party of your choice.
9.6 Right to object to direct marketing
You can ask us to stop sending marketing messages at any time by contacting us by email on [email protected].
9.7 Right not to be subject to automated-decision making
Some of our decisions are made automatically by using systems which adopt automatic calculations based on personal information parameters rather than an employee making those decisions.
When you ask us for a quote, your premium is automatically calculated based on your age as well as the policy cover you have chosen, and this is generally fixed. When your policy renews each year, we use the same information to automatically calculate a premium but may take into consideration how long you have held a policy with us and what claims you have made. The law allows us to make automated decisions in these circumstances.
9.8 The right to withdraw consent:
Where we have asked for, and you have given, your consent for us to use your personal information, you have the right to withdraw your consent. In some cases, this may mean we will no longer be able to administer your insurance policy.
9.9 The right to make a complaint
You can complain to the ICO if you object to the way we use your personal information. More information can be found on the ICO website at https://ico.org.uk/.
10. Contact
Questions, comments, and requests about this privacy policy or Freedom’s data protection procedures should be sent to:
The Chief Operating Officer
Freedom Health Insurance
County Gates House
300 Poole Road
Poole BH12 1AZ
Email: [email protected]
Updated December 2020.