Bupa is registered with the Information Commissioners Office, registration number Z6831692. Bupa is comprised of a number of trading companies (see Legal Notices), many of which also have their own data protection registrations.
In providing you with our services, Bupa may handle your personal information. Personal information is information about you from which you can be identified, such as your name and contact details. Depending on what services you receive from us, this may include sensitive personal information such as medical information.
The confidentiality of your personal information is of paramount concern to Bupa and we comply with UK data protection law and all the applicable medical confidentiality guidelines issued by professional bodies such as the General Medical Council and the Nursing and Midwifery Council.
Your confidential medical information will only be disclosed to those involved with your treatment or care, or in accordance with UK law and guidelines from professional bodies, or for the purposes of clinical audit (unless you object). If you receive services from Bupa and that service transfers to a new provider, we may share your personal and confidential medical information with the new provider.
We are committed to keeping your personal information secure. We have put in place physical, electronic and operational procedures intended to safeguard and secure the information we collect. All Bupa staff have a legal duty to respect the confidentiality of your information, and access to your confidential information is restricted only to those who have a reasonable need to access it.
When using a Bupa website, if the URL of a web page starts with HTTPS, or you see a locked/green padlock symbol, your data should be encrypted when it is sent from your computer to our server. However, we cannot ensure the security of your data when it is being transmitted to our website or other digital sites from other pages. All transmission of personal information and other data is done at your own risk.
Information submitted to Bupa through a website is normally unprotected until it reaches us. In addition, users are also requested not to send confidential details or credit card numbers, for example, by email.
The information we hold about you may include the following:
- basic details such as name, address, contact details and next of kin
- details of contact we have had with you such as referrals and quotes
- details of services you have received
- patient experience feedback and treatment outcome information you provide
- information about complaints and incidents
- notes and reports about your health and any treatment and care you have received or need, including about clinic and hospital visits and medicines administered
- information from customer surveys, competitions and marketing activities
- recordings of calls we receive or make
- other information we receive from other sources, including from your use of websites and other digital platforms we (or our group companies) operate or the other services we provide, information from business partners, advertising networks, analytics providers, or information provided by other companies who have obtained your permission to share information about you.
Information about you is collected when:
- you apply for a quote or policy
- you enter into a contract with Bupa for the provision of services, and when you use those services
- you submit a query to us, for example by email, telephone or social media, including where you reference the Bupa group of companies in a public social media post
- you participate in any marketing activity
- you are named in an application form or as a dependant under an individual or corporate scheme
- we process an application or claim (where we may carry out credit or fraud checks), or when we obtain medical reports
- we liaise with your family, employer, health professional or other treatment or benefit provider.
- you use a third party application to provide information to one of our mobile applications or websites
We may only share information in this way where you have provided your consent or in circumstances where you are incapable of giving consent, or we are unable or it is not reasonable to seek your permission, or we are required to by law or in accordance with guidance from professional bodies
When we process claims or investigate complaints on your behalf, Bupa may also request and obtain further details from your treatment provider. The information may be sought either at the time of processing or subsequently, for the purposes of ensuring the accuracy of information and the quality of treatment and care. Please note it is a term and condition of your policy that Bupa may obtain medical and billing information from your treatment provider relating to claims or complaints you may make.
Information about you may be shared by the companies in the Bupa group for all the purposes identified under “Using your information” to enable us to manage our relationship with you as a Bupa customer and update and improve our records. We may also share information in aggregated form with the companies in the Bupa group.
Bupa works with other individuals and organisations to provide our services to you, and this may involve them handling your personal information. This handling of your personal information may be done outside of the European Economic Area in countries with different data protection laws. In that case we ensure that the confidentiality and security of your personal information is protected by contractual restrictions and service monitoring.
We do not share your personal information with anyone outside of the Bupa group to use for their own purposes, except:
- when we have your permission
- when we are permitted or obliged to do so by law. For example, we are required to provide information to organisations such as the National Registries (e.g. The Cancer Registry) and to notify the government of certain infectious diseases such as TB and meningitis (but not HIV/Aids)
- to protect the rights, property, or safety of Bupa, our customers, or others.
- in order to detect, prevent and help with the prosecution of financial crime. For example we may share information with fraud prevention or law enforcement agencies, and other organisations. If we suspect fraudulent activity we may inform the person or organisation who administers or funds your Bupa services.
- if there are other exceptional circumstances, and we are unable or it is not appropriate to seek your permission.
You may receive Bupa private medical services where another member of your family is the main member of the scheme or services. In that case we send all membership documents and confirmation of how we have dealt with any claim you make to the main member.
You may also receive Bupa services where your employer, or the employer of another member of your family, is the policy holder or pays for the scheme or services. In that case, we may share your information, only for the administration of the scheme or services, with the employer, the employer's insurance broker, or the trustees of your scheme. This will be explained in your policy documents. We won’t share the details of your health condition, illness, injury or treatment with the employer without your permission.
In the event that we (or any member(s) of our group) sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
We use your personal information to provide you with our services, and to improve and extend our services. This may include:
- responding to your queries, including providing quotes
- supporting your medical treatment or care and other benefits
- internal record keeping and administration
- responding to requests where we have a legal or regulatory obligation to do so
- checking the accuracy of information about you, and the quality of your treatment or care, including auditing medical and billing information for insurance claims.
- supporting your doctor, nurse, carer or other healthcare professional
- assessing the type and quality of care you have received and any concerns or complaints you raise, so that these can be properly investigated
- using your contact information to send you service related information
- using your contact information to send promotional material about new products, special offers or other information we think you may find interesting (see ‘Keeping you informed’ below for more information)
- using your contact information to give you an opportunity to complete a customer satisfaction survey
- using your contact information to conduct and analyse market research
We will only keep your personal information for as long as is necessary and in accordance with UK law.
The Bupa group would like to keep you informed of the Bupa group’s products and services that we consider may be of interest to you (via mail, email, phone or SMS). When we collect your information, we will ask you if you would like us to keep you updated in this way. We may use your personal information to:
- decide which services which we think are relevant to you
- decide which media, including social media platforms, would best be utilised to reach the customers who wish to receive marketing materials
- contact you with details of our products and services, including displaying interest-based adverts via social media
If you do not wish to receive marketing information about our products and services, or at any time you change your mind about receiving these messages, please contact the Bupa UK Information Governance Team on the details shown below.
If you have any data protection queries, please contact the Bupa UK Information Governance team:
Write: 4 Pine Trees, Chertsey Lane, Staines-upon-Thames, TW18 3DZ
You should also contact the Bupa UK Information Governance team to request a copy of the personal information we hold about you and to ask us to correct or remove (where justified) any inaccurate information. We may charge a small amount for providing you with a copy of your personal information. We may also ask you to provide additional documentation to confirm your identity or, if you are seeking to access personal information of another individual, proof of their consent or your legal right to receive their personal information.
We review and update this notice regularly. The latest copy of this notice and the trading companies that comprise the Bupa group can be found on this web page.