Navigation

Privacy notice

This privacy notice explains what information we collect about you, how we use it and how we protect it. It also gives you information about your rights.

We are committed to protecting and using your personal information responsibly.

If you have any questions about our privacy notice, please email [email protected]

Privacy notice sections

Who this notice is for

About us

How we collect your personal information

What personal information we collect

How we use the personal information we collect

Under data protection laws, we can only process your information if we have a legal reason (known as a ‘lawful ground’) for doing so.

You can find out how we use your personal information, including the lawful grounds, under data protection laws that we rely on to process your information. You can find out what the different types of information mean under ‘what personal information we collect’.

  • Basic personal details
  • Contact
  • Communications
  • Residency
  • Financial details
  • Employment details
  • Special category information
  • Behavioural and usage information
  • Technical
  • It’s necessary to provide the services set out in a contract
  • It’s required or allowed by law
  • We have a legitimate interest to:
    • deliver our products and services
    • tailor the delivery of our products and services to your specific needs and interests

For special category information

  • It’s necessary for health or social care purposes such as:
    • preventive or occupational medicine
    • assessing your working capacity as an employee
    • medical diagnosis
    • providing healthcare or treatment
    • providing social care
    • managing healthcare or social care systems or services
  • With your consent (if required)
  • When it’s in your vital interests
  • Basic personal details
  • Contact
  • Communications
  • Residency
  • Financial details
  • Employment details
  • Special category information
  • Behavioural and usage information
  • Technical
  • It’s necessary to provide the services set out in a contract
  • It’s required or allowed by law
  • We have a legitimate interest to:
    • manage our relationship with you, our business and third parties
    • deliver our products and services
    • tailor the delivery of our products and services to your specific needs and interests
    • communicate with our customers and business partners
    • process insurance claims and collect money owed to us

For special category information

  • It’s necessary for health or social care purposes such as:
    • advising on, arranging, providing or managing an insurance contract
    • dealing with a claim made under an insurance contract
    • relating to rights and responsibilities relating to or in an insurance contract or insurance law
  • With your consent (if required)
  • When it’s in your vital interests
  • Basic personal details
  • Contact
  • Communications
  • Residency
  • Financial details
  • Employment details
  • Criminal convictions and offences
  • Behavioural and usage information
  • Location
  • It’s required or allowed by law
  • We have a legitimate interest to:
    • manage our relationship with you, our business and third parties
    • resolve issues and answer questions about our products and services
    • investigate and respond to complaints
    • monitor how well we are meeting our clinical and non-clinical performance expectations
    • protect the public against dishonesty, malpractice or other seriously improper behaviour
    • manage a claim where a third party may be at fault
  • With your consent (if required)
  • Basic personal details
  • Contact
  • Communications
  • Residency
  • Financial details
  • Employment details
  • Criminal convictions and offences
  • Behavioural and usage information
  • Technical
  • It’s required or allowed by law
  • We have a legitimate interest to:
    • detect and prevent fraud and financial crime
    • ensure compliance with our terms and conditions and policies
  • Basic personal details
  • Contact
  • Residency
  • Employment details
  • Behavioural and usage information
  • Technical
  • It’s required or allowed by law
  • We have a legitimate interest to:
    • confirm that you’re an employee of your employer when they are paying for the product or service you’re using
    • confirm you’re an employee of a business we’re purchasing products or services from
    • identify you when you access our digital services and websites
    • identify if you were redirected to our websites through an advert or referral link
    • identify if you’re under the age of 16
    • identify fraud and fraudulent activity
  • Basic personal details
  • Contact
  • Communications
  • Residency
  • Financial details
  • Employment details
  • It’s necessary to provide the services set out in a contract
  • It’s required or allowed by law
  • We have a legitimate interest to:
    • take payment and charge for our products and services
    • review invoices and make payments
  • Basic personal details
  • Contact
  • Communications
  • Behavioural and usage information
  • Technical
  • We have a legitimate interest to:
    • market to our customers and prospective customers if they’ve shown an interest in us
    • request feedback from customers and people we work with
    • follow your contact preferences, marketing, cookies and other tracking such as in-app, profiling and automated decision making.
    • operate cookies on our websites and undertake other tracking to personalise our marketing activities
    • develop and run tailored advertising
  • With your consent (if required)
  • Basic personal details
  • Contact
  • Communications
  • Residency
  • Financial details
  • Employment details
  • Health information
  • Other sensitive information
  • Behavioural and usage information
  • Technical
  • We have a legitimate interest to:
    • undertake statistical research and analytics
    • understand our customers and the people we work with
    • understand more about our products and services, and how to improve them
  • With your consent (if required)
  • Basic personal details
  • Contact
  • Residency
  • Behavioural and usage information
  • Technical
  • It’s required or allowed by law
  • We have a legitimate interest to:
    • secure our systems and digital services
    • make sure we’re only providing and working with products and services in permitted locations
    • exercise our rights and defend ourselves from legal claims
  • Basic personal details
  • Contact
  • Personal information shared with us during a phone call or other method of communication, for example webchat and email
  • We have a legitimate interest to:
    • monitor phone calls for training and to review the quality of our services
    • review online and email exchanges between you and us for training and to review the quality of our services
  • It’s required or allowed by law

Collecting and sharing your personal information

Sometimes we need to collect your information from, or share it with other people or organisations. When we share your information, we only share the information needed, and as little of it as possible, for a specific purpose. For example, if you need treatment, we’ll share relevant medical details with your treatment provider.

We have processes in place to make sure that your information is protected when we share it with third parties. If you’re sharing someone else’s personal information with us, please make sure they’ve seen this privacy notice and are comfortable with you giving us their information.

We’ve set out below the types of third parties we collect and share information with, and our reasons for doing so. We may also disclose your personal information to other third parties if we’re required or permitted to do so by law.

Description

What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Deliver our products and services to you
  • Send you communications about products and services that might interest you
  • Undertake statistical research and analysis to understand more about our products and services and how to improve them
  • Understand and improve clinical outcomes for our customers
  • Product and service development
  • Fraud prevention and detection
  • Reporting on business activity and success
  • Enabling us to deliver a seamless experience across our businesses, and give you easy access to our products and services across our businesses

Description

  • You’ve given us consent to speak to a third party on your behalf, for example a family member, solicitor or a person acting through a Power of Attorney.

What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Deliver our products and services to you
  • Manage our relationship with you
  • Set you up as a customer
  • Meet our regulatory obligations or comply with legal requests or legal claims
  • Manage complaints, claims or individual rights requests

Description

  • You’re under a group insurance scheme or health trust, or they’re paying for our services
  • You’re working with us in a professional capacity as a business partner

What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Product or service administration
  • Transfer to a new service provider
  • Set you up as a business partner
  • Manage our relationship with your employer
  • Process and validate invoices, and make or receive payments

Description

  • Doctors, clinicians and other healthcare professionals
  • Hospitals and clinics
  • Dental laboratories
  • Medical laboratories
  • Individuals or organisations who pay for your care
  • NHS GP Connect: a secure NHS Digital service that allows authorised health and social care workers (such as Bupa GPs and Care Home nurses) to access a patient's NHS GP record to support their direct care.

What we do

  • We collect information from them
  • We share information with them
  • Consult your NHS GP record

Our reasons

  • So you can give or have treatment
  • Process and validate invoices, and make or receive payments
  • To investigate complaints, claims and possible fraudulent activity
  • To make patient information available to appropriate healthcare professionals when they need it (e:g: prescribed medications) to make informed clinical decisions: This leads to improvements in both care and outcomes:

Description


Professional associations our consultants belong to or are regulated by, including:

  • Care Quality Commission
  • General Medical Council
  • General Dental Council
  • The Health and Care Professions Council
  • Responsible Officer
  • Any others that are relevant to you

What we do

  • We collect information from them
  • We share information with them

Our reasons

  • For safeguarding purposes
  • Investigate complaints and clinical incidents
  • Monitor quality and performance

Description

  • Health insurance counter-fraud groups
  • Financial crime screening services

What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Detect and prevent fraud
  • Meet our regulatory and legal obligations

Description

  • Debt collection agencies we engage to act on our behalf


What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Recover money owed to us

Description

  • Potential buyers or sellers of businesses and assets we’re buying or selling
  • Third parties that assume responsibility for Bupa


What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Enable the third party to take over our business activities
  • Support the third party’s decision making and processes to buy our business

Description

  • Solicitors, auditors, actuaries and tax advisors
  • Translators and interpreters

What we do

  • We share information with them

Our reasons

  • Support us to manage our business and meet our regulatory obligations
  • Gain advice on business decisions and strategy

Description

  • Government and their agencies
  • Law enforcement agencies, for example the police
  • Authorities and regulators such as the Financial Conduct Authority (FCA) or Prudential Regulation Authority (PRA)
  • Data protection supervisory authorities
  • HM Courts and Tribunals Service



What we do

  • We share information with them

Our reasons

  • Comply with our legal and regulatory obligations
  • Protect our rights

Description

  • Electoral register
  • Information about you on social media
  • For our business partners, public sources that include professional information about you

What we do

  • We collect information from them

Our reasons

  • Validate and update our records
  • Understand how our customers and business partners have reviewed or discussed us or our competitors online

Description

We put measures in place to ensure that our suppliers process your personal information fairly and in line with our expectations. We use the following types of suppliers:

  • IT service providers: Cloud storage, databases and data repositories, practice management systems, customer relationship management systems (CRM), communication and phone software, back-up solutions, network security and monitoring solutions and other ‘software as a service’ providers
  • Marketing, sales and business development: market and customer research consultants, social media platforms and marketing and digital marketing agencies, data set and contact list providers 
  • Customer service support: Outsourced support with customer communication and servicing, including translation
  • Dental laboratories: manufacture products such as crowns, implants, etc: for our patients

What we do

  • We share information with them

Our reasons

  • Help us run our business
  • Manage our relationship and communicate with you
  • Provide our products and services to you
  • Understand our customers and market to them
  • Identify and communicate with people that might be interested in our products and services
  • Grow our business and keep our customers

Description

  • Main policyholder, if you are a dependant under an insurance policy

What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Manage our relationship with you and the policyholder
  • Issue invoices, requests and take payment

Description

  • Insurance brokers
  • Your agents
  • Other intermediaries


What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Confirm you’re entitles to claim discounts on our products and services
  • Manage our relationship with you through your broker or agent
  • Discuss purchase, renewal and availability of our products and services through your broker and agent
  • Set you up as a customer or business partner

Description

  • Other health and benefit insurers
  • Reinsurers

What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Set you up as a customer
  • Support you to transfer to a new insurer
  • Manage and settle claims that are a third party’s fault
  • If reinsurance is necessary

Description

  • Evacuation or repatriation providers

What we do

  • We collect information from them
  • We share information with them

Our reasons

  • To arrange evacuation or repatriation

Description

  • Local authorities and other public sector bodies
  • Commissioners and embassies
  • HM Courts and Tribunals Service


What we do

  • We share information with them

Our reasons

  • Enable the third party to pay for the services we’re providing to you
  • Comply with our legal and regulatory obligations
  • Manage legal claims

Description

  • Those providing your treatment such as consultants, clinicians, doctors, therapists and other healthcare professionals
  • Hospitals, clinics and other healthcare providers



What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Provide you with your treatment
  • When those providing treatment are involved in legal proceedings, such as for negligence or malpractice
  • Manage, investigate and report on negligence or malpractice, and for legal claims

Description

  • Cancer registry

What we do

  • We share information with them

Our reasons

  • Aid monitoring cancer rate
  • Improve cancer care
  • Aid cancer research

Description

  • NHS Cervical Screening recall system

What we do

  • We share information with them

Our reasons

  • Make sure the screening is safe and in accordance with national service specifications

Description

  • Health Protection Agency for infectious diseases such as tuberculosis and meningitis


What we do

  • We share information with them

Our reasons

  • Protect public health

Description

  • Your consultant will be the data controller for any information they collect, use or store outside our systems, or in a way that isn’t in line with our instructions (this means they’ll be responsible for how your personal information is used)
  • We recommend you speak to your treating consultant if you have any questions about how they handle your information



What we do

  • We collect information from them
  • We share information with them

Our reasons

  • So you can have treatment
  • Manage our relationship with consultants
  • Process and validate invoices, and make or receive payments

Description

  • If you’re referred or you’re transferring from or to a different provider
  • The NHS and your general practitioner (GP)



What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Set you up as a customer
  • Support you to transfer to the new provider
  • Keep records up to date
  • Ensure continuity of care

Description

  • Our partners offer support and add-on services, such as patient finance and dental subscription plans
  • In some cases, the partner may be the data controller of the personal information they hold about you (this means they’ll be responsible for how your personal information is used). We’ll confirm this when you choose to use the product or service



What we do

  • We collect information from them
  • We share information with them

Our reasons

  • Offer you products and services that may interest you
  • Enable you to purchase or take up offers on additional products and services offered by our partners

How long we keep your information for

We keep your personal information in line with set periods:

Cookies, AI, analytics, and profiling

Here you’ll find information on certain technologies we use to process your personal information:

Analytics

Analytics is a process to analyse data, statistics and other information, either automatically by a computer or manually by a person.


Anonymous analytics

As part of our day-to-day business, we produce management information reports. These are typically aggregated which means the information is grouped together and not looked at on an individual basis, and often they do not contain personal information. For example, we produce reports showing business performance split by day, business area or customer type.

Analytics using personal information

Profiling and automated decision making

Like many businesses, we evaluate information about you and use technology to give you automatic responses and decisions. This is known as profiling and automated decision making. We use these processes for:

  • business activities, to give you a quicker, more consistent and fair service
  • marketing, to give you information we think will interest you

Business activities

Running our business and delivering our products and services

Profiling and automated decision making can help us identify how our products and services can be improved, as well as how we can achieve better outcomes for our customers and business partners. For example, we may profile you so we can give you relevant information and notices within our apps.

We may share some of your information including your name, date of birth, sex and the country you live in with third party companies who carry out fraud checks. This will allow us to identify matches and carry out further checks to detect and prevent fraud.





Even if you aren’t at risk of fraud or suspected of committing fraud, using a range of people’s information allows us to have a better and more accurate anti-fraud process.

We use technologies that automatically pre-authorise your treatment. This is more efficient for our customers, business partners and healthcare professionals. We need to use profiling to create a reliable system and this involves automatic decision making. We typically make sure an adviser reviews any problems with treatment approval to guarantee a fair outcome to our customers. 

We use profiling and automated decision making to help us decide what level of cover we can offer you. We’ll use technology to review your medical information and find out if you have any previous or existing health conditions which aren’t covered by your health policy or scheme. 

We may use software to help us calculate the price of products and services based on what we know about you and other customers.

Our software may:

  • analyse your previous claims and compare it with the information we hold to find out how likely you are to claim in future
  • use data such as your age, where you live and details about your health, for example existing health conditions and whether or not you smoke, to calculate prices for products
  • evaluate your payment and previous claims, information you’ve given us about yourself, and other information we’ve received from third parties to automatically:
    • provide you with a renewal quote
    • decide what incentives we can offer you
    • choose the marketing messages you’ll receive

We use AI and machine learning technologies to do this automatically. The technology gives us more accurate and tailored information.

We use AI and machine learning technologies to do this automatically. The technology gives us more accurate and tailored information. You can find more information about this under AI and machine learning below.

Marketing

Conducting and improving our marketing activities

We use profiling for marketing purposes. This helps us understand what offers, incentives and information may interest you and other people. We take the following steps:

Artificial intelligence and machine learning

What are these technologies?

Your choices and rights

Information on how to control your personal information and the rights you have under the law.

Opting-out from marketing

Your rights

You have rights under privacy law about to your personal information.

How to exercise your rights

If you want to exercise your rights, please email:


To help us manage your request, please tell us in your email which Bupa business you’re a customer of.

What to expect

How to get in touch or make a complaint

If you have any questions, comments or would like to complain about this notice, or any other questions about the way we process your information, please get in touch with our Data Protection Officer and privacy team.

Content is loading