Privacy Policy

2. Why do we process your personal information and what are our legal bases for doing so?

We process your personal information for different reasons, which we describe below. Under data protection law we can only process your information when we have a legal basis to do so; these legal bases are set out in data protection law. 

When the personal information is classed as sensitive personal information (for example information relating to your health which is also known as ‘Special Category Personal Data’) we must additionally have a legal condition to process it. The legal conditions which we rely on are also set out in data protection law. 

Your personal information will be accessed by AXA staff for some of the purposes set out below - for example, to assist with customer service enquiries, or to fix technical issues or bugs in the App. 

A. To set up your account and security features we collect:

• Your name, email address, country of residence, the gender you identify as, and your date of birth
• Information relating to your current life stage (e.g. whether you have children, and your work status), and the relationship to other people associated with you in our records (for example, partner, parent, and child).  

Our legal basis for processing your personal information is that the processing is necessary to provide you with the AXA Health app.  

B. To provide the app’s health and wellbeing services we may collect the following personal information. The information we collect and process about you will depend on which app services you access.

• Your location in the app with your consent, to direct you to relevant services based on location.
• Identification information such as your passport and driving licence details when you access partner services that require identity verification
• Payment information such as bank details and credit card details when you subscribe to our services and make a payment. We do not retain any card payment data but transfer you directly to a secure payment processor.

We may also collect information about your health, again depending on which app services you access: 

• Information about your goals (e.g. areas of mental wellbeing you want to focus on) which we remind you of so that you can monitor your progress towards them.
• Your Daily Sentiment via your selection of an emoji representing your mood which we add to your journal entries and use to personalise your content.
• Your sex registered at birth, as well as information about your physical and mental health that you provide when you complete certain app questionnaires and assessments. We process this so that we can direct you to relevant information, communities, and services.
• Information about appointments, services, health assessments and consultations that you arrange with external providers via our app. We do this to track your activities against the goals you have set and to notify you of upcoming activities and appointments.

Our legal basis for processing your personal information is that the processing is necessary to provide you with the AXA Health App services, or you have provided your consent. 

Our legal condition for processing your health information (‘Special Category Personal Data’) is that you have provided your consent.

C. To monitor and improve our business operations, including the security of our systems, we may process personal information such as:

• Your contact and identifying details, your financial details, and information about app services you have used and any payments you have made. We use this to generate Management Information which enables us to understand our business performance, maintain accounting records, undertake internal audits and receive professional advice (e.g. tax and legal advice), as well as secure and maintain effective operation of our systems.
• information about how you interact with and use the AXA Health App services including your IP address, User ID and details of the pages and objects you have visited within the app, and links to any external sites that you access (see also Section 3 on Cookies)

Given the nature of the app services, information about your physical or mental wellbeing may also be processed during the compilation of Management Information. 

Our legal basis for processing your personal information for management information purposes is that we have a legitimate business need to understand our business, monitor performance, maintain appropriate records, and to protect the security of our systems.

Our legal basis for processing Special Category Personal Data is that you have given your consent or because it is necessary for statistical purposes. 

D. For research, analytical, service improvement and product development purposes, we collect:

• Information about how you interact with and use the AXA Health App services including your IP address, User ID and details of the pages and objects you have visited within the app, and links to any external sites that you access (see also Section 3 on Cookies).
• Information about the goods and services you have purchased from other AXA UK companies, so that we can monitor how AXA products are bought in combination with each other.

We may also process health information for these purposes, for example, by: 

• aggregating users’ health questionnaire scores to improve our understanding of groups of users’ physical or mental wellbeing. The output of this analysis is anonymous - you cannot be identified from it.
• carrying out research and statistical analysis including general research into health-related areas and research which ultimately aims to improve our products and services.
• If you have access to the app because your employer is an AXA Health client, we collect employment details directly from your employer, such as the name of your employer and your work location. We use this, along with information collected by the app, to produce Management Information which we share with your employer. This consists only of aggregated, anonymous reports (for example, on employees’ use of the app/its services and the heath of the workforce). You cannot be identified in these reports. 

Our legal basis for processing your personal information is that we have a legitimate business interest or because you have provided your consent for processing to improve product design and future service offerings. 

Our legal basis for processing Special Category Personal Data is that you have provided your consent for processing to improve product design and future service offerings or because it is for scientific research or statistical purposes. 

E. To resolve any issues or complaints we collect the following types of information:

• your contact and identifying details, and any other information relevant to resolving your complaint.
• Information about how you interact with and use the AXA Health App services including your IP address, User ID and details of the pages and objects you have visited within the app, and links to any external sites that you access (see also Section 3 on Cookies). 

Our legal basis is that such use is necessary to meet our obligations under our contract with you, and we have a legitimate business need to resolve any issues or complaints.

F. For quality, training and security purposes, we collect:

• Information from you via customer service telephone calls, which may be recorded.

The legal bases that we rely on is that we have a legitimate business interest to process personal information for service improvements, and that we may need to do so to comply with our legal or regulatory obligations. 

G. To tell you and other people about other products and services we may collect and process:

• Your marketing preferences and your contact details so that we can send you information if you’re happy to receive it, but also stop sending it if not. We may also share this information with other AXA UK companies for the same purposes.
• Demographic information, personal information that you input into the AXA Health App, and information about how you interact with the App so that we can better target our communications to your needs and interests. We may also process information about the products you hold from other AXA UK companies, and information about you obtained from third parties (for example companies like Experian and LexisNexis who provide consumer classification, market segmentation and lifestyle data) for this purpose.  

For more information on how to object to our use of your personal information for marketing purposes, please see section 6 (What are your rights in relation to your personal information?).

We may also process health information that you have provided to us in the AXA Health App to better understand your needs and interests, and to provide you with information about the products and services that we believe are relevant to you. 

Our legal basis for processing your personal information for marketing purposes is that we have a legitimate interest, or you have provided your consent.

Our legal basis for processing your health information for marketing purposes is that you have provided your consent. 

H. Anonymising your personal information

When required, we anonymise personal information so that individuals cannot be identified before we use it for management information and analysis of our products and services. Analysis of anonymous information provides us with insights about our business, and with opportunities to improve our products and services and the health and wellbeing of the people who use them. Analysis of anonymous information also allows us to demonstrate the value of the services we provide to our clients. The way that we anonymise personal information aligns with regulatory guidance and is achieved using different techniques, for example removing identifying data or overwriting it with randomised non-identifiable data.

Anonymisation still constitutes use of your personal information; we rely on the legal bases that we relied on when your data was originally collected.

4. Who do we share your personal information with?

We may share your personal information with two types of organisations – companies inside the AXA Group, and other third parties outside the AXA Group. We share information for the purposes described in this privacy policy.

Disclosures within our Group

To provide our services, your personal information may be shared with other companies in the AXA Group. Your personal information might be shared for our general business administration, efficiency, and accuracy purposes.

Disclosures to third parties outside our Group 

We also disclose your information to the types of third parties listed below for the purposes described in this privacy policy. This might include:

1. Your relatives, guardians, or someone else acting on your behalf where you are incapacitated or unable, or other people or organisations connected to you such as your lawyer.
2. Our third-party services providers and their sub-contractors such as IT suppliers, auditors, lawyers, marketing agencies, research specialists, document management providers.
3. We may also share your information with partner businesses so that they can provide their products or services to you via the App.  They may send you marketing to you if you consent that they can do so.  Our partners include:
   • Medical professional carers for the provision of restoring or maintaining your health;
   • Providers of health assessment services;
   • Providers of counselling services;
   • Providers of complimentary therapies such as meditation and mindfulness.
4. Regulatory authorities such as the Financial Conduct Authority, the Care Quality Commission and the Information Commissioner’s Office;
5. Organisations such as NHS fraud teams, the General Medical Council, the police, National Crime Agency, and other law enforcement agencies or public authorities where reasonably necessary for the prevention or detection of crime;
6. Third parties in connection with the sale, transfer, or disposal of our business.

We may also disclose your personal information to other third parties where:

1. we are required or permitted to do so by law or by regulatory bodies, for instance where there is a court order, statutory obligation or regulatory request.
2. we believe that such disclosure is necessary to assist in the prevention or detection of any criminal action or is otherwise in the overriding public interest; or
3. where exemptions under the data protection legislation allow us to do so.

Transfer of your data outside of the EEA

If we transfer personal information outside the United Kingdom and the European Economic Area to a country which is deemed not to have the same standards of data protection as the UK, in all cases we will ensure that appropriate safeguards have been implemented to protect your personal information. Such steps may include entering into contractual obligations with the third party to protect your personal information.

6. What are your rights in relation to your personal information?

The rights that you have over your personal information are described below. If you make a rights request, we’ll either do what you’ve asked, or explain why we can’t - usually for legal or regulatory reasons. 

In some circumstances exercising some of these rights may mean that we are unable to continue providing you with the AXA Health App. This may result in the cancellation of your subscription and the suspension of your account. Our terms and conditions set out what will happen in the event your subscription is cancelled.  

We may ask you for information to confirm your identity and/or to enable us to carry out your request.

The right to access your personal information

You are entitled to a copy of the personal information we hold about you and information about how we use it. You can access much of this directly from the Privacy Centre within the AXA Health App. If you can’t access the app for any reason, or you require copies of audio recordings from phone calls, please contact data.protection@axahealth.co.uk.

The right to rectification

We take steps to ensure that the personal information we hold about you is accurate and to the extent necessary, complete. However, if you do not believe this is the case, please contact data.protection@axahealth.co.uk.

The right to erasure

You can request an account deletion from the Privacy Centre within the AXA Health App, and we’ll delete your account and the personal information we hold about you. An exception is any payments you have made; we have a legal obligation to retain financial records for 7 years but this will be limited to an identifier and payment amounts. If there is any other reason why we must retain more personal information than this, we’ll advise you at the time. If you can’t access the AXA Health App to request an account deletion, please contact data.protection@axahealth.co.uk instead. 

The right to restriction of processing

In certain circumstances, you can ask us to suspend using your personal information for a period. For example, if you think that the personal information we hold about you is inaccurate, you can ask us to stop using it while we verify its accuracy; or if you need us to retain your personal information beyond our retention periods, you can ask us not to delete it. You can make a restriction request by emailing data.protection@axahealth.co.uk.

The right to data portability

You have the right to the personal information that you have provided to us in a machine-readable format; a .CSV file of this is available to you in the Privacy Centre within the AXA Health App. You can also ask us to provide this directly to a third party - to do so please contact data.protection@axahealth.co.uk.

The right to object

You can ask us to stop sending you marketing messages at any time by withdrawing your consent in the Privacy Centre. You can also follow the unsubscribe instructions in our emails to stop receiving marketing by email.  We will continue to send you service related (non-marketing) communications. You can also choose how we use your personal information for marketing purposes (e.g. profiling) in the Privacy Centre.  

You can also ask us to stop processing all or some of your personal information when we’re doing this for other purposes. Depending on the purpose and our legal basis for processing, we may not always be able to fulfil your request but as a first step, please contact data.protection@axahealth.co.uk. 

The right to withdraw consent

We ask for your consent to process your personal information for certain purposes, and you can withdraw this consent at any point in the Privacy Centre. Please note that if you want to withdraw your consent to any use of your health information, we will no longer be able to provide you with the app - to proceed, please request an account deletion in the Privacy Centre or contact data.protection@axahealth.co.uk.  

The right to lodge a complaint:

You have the right to complain to the Information Commissioner’s Office (ICO) if you consider that we have not complied with data protection law. The ICO will usually expect you to have given us the opportunity to resolve your complaint before interceding, so please do bring any concerns to us in the first instance at data.protection@axahealth.co.uk or by using our postal address (see Section 7)More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/.