Privacy Policy

This Privacy Policy tells you what data we collect, why we collect it and what we do with it. You can also find information on the controls you have to manage your data within these pages.

We are committed to ensuring your privacy and personal information is protected. 

AXA PPP Healthcare Administration Services Limited is the data controller of your personal information and is responsible for complying with data protection laws.

By providing your personal data, you acknowledge that we may use it only in the ways set out in this Privacy Policy. We may provide you with further notices highlighting certain uses we wish to make of your personal data.

From time to time we may need to make changes to this Privacy Policy, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally. You should check this policy periodically to view the most up to date version. 

When you use our Digital Wellbeing Services platforms, we understand that you are sharing data with us which is highly sensitive and personal. We are clear that this data is yours and you can decide what data you want to share. We comply with every aspect of data protection regulation.

The AXA UK Group includes insurance companies, insurance brokers, health and wellbeing companies as well as an online health shop. We may share your data within the AXA UK and AXA Group to create a single customer view to enhance your experience of the services received from us but we will not use any of the personal information that you share via this app for insurance underwriting or claims handling purposes. For the purposes of this Privacy Policy, references to “AXA”, "we" or "us" shall also refer to AXA UK Group companies.

1. Our Privacy Principles

When we collect and use your personal information, we ensure we look after it properly and use it in accordance with our privacy principles set out below. 

  1. Personal information you provide is processed fairly, lawfully and in a transparent manner
  2. Personal information you provide is collected for a specific purpose and is not processed in a way which is incompatible with the purpose for which AXA collected it
  3. Your personal information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
  4. Your personal information is kept accurate and, where necessary kept up to date
  5. Your personal information is kept no longer than is necessary for the purposes for which the personal information is processed
  6. We will take appropriate steps to keep your personal information secure
  7. Your personal information is processed in accordance with your rights
  8. We will only transfer your personal information to another country or an international organisation outside the European Economic Area where we have taken the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards
  9. AXA UK and AXA Group companies do not sell your personal information and we also do not permit the selling of customer data by any companies who provide a service to us

2. How we collect and use your personal information

  1. We collect your full name and email address & your country of residence when you create an account in order to set up your account and security features;
  2. We collect Information relating to your current life stage (e.g. whether you have children, and your work status), and the relationship to other people associated with you in our records (for example, partner, parent and child) and the gender you identify as. We also collect your date of birth within form questions in our application. Apart from basic mandatory information that we need to collect to set up and administer your account, it is up to you how much information you choose to share;
  3. We collect identification information such as your date of birth, passport and driving licence details when you select services provided by our partners that require identity verification for the provision of health and wellbeing services to you;
  4. We collect your location in the app with your consent, to direct you to relevant services based on location;
  5. We collect appointments with, and orders for, third party services that you make when you book an appointment, order a service, health assessment or consultation with an external provider via our app. We do this to track your activities in relation to the goals you have set and to notify you of upcoming activities and appointments. ;
  6. We collect your payment information such as payment amount, bank details and credit card details when you subscribe to our services and make a payment. We do this to collect payment for the services we provide you on the date we have stated. We do not retain any card payment data but transfer you directly to a secure payment processor to facilitate your payment;
  7. We collect your contact details such as a telephone number and postal address as part of your account set up to send you information about other products and services that may interest you, where you have given your consent for us to do so. We also use this data to administer your account in the event that you have any account issues and need to call our Customer Service Centre. These details may be used to verify your identity on a customer service call. We may pass your details to a third party if you raise an issue related to a third party service;
  8. When you access our mobile application, we collect information about how you navigate within the app, via Google Analytics and the feedback tool (Pendo). We use Google Analytics to improve the design and use of our application by understanding how users interact with different elements and the personalised services provided. We use Pendo to help direct what service messages to send to you;
  9. When you access our website, we collect information from you through the use of cookies and similar technologies. Please refer to our Cookie Policy for further details;
  10. For corporate customers, we collect employment details directly from your employer, such as the name of the employer and work location. We provide aggregated anonymised reports back to your employer on the level of use of our services but these reports cannot identify you;
  11. We collect information about the goods and services you have with other AXA companies, to understand how AXA products are bought in combination with each other, to assist in the development of our products and improve our service delivery to our customers;
  12. We collect your marketing preferences from you when you create an account to send you information on new products and services, offers and discounts;
  13. Where we can, and it is appropriate, we will minimise personal information or de-personalise data to use for statistical or analytical purposes

3. How we collect and use your sensitive personal information

We only collect personal health data from you for the purpose of providing you a digital wellbeing service. Health data is classed as sensitive personal data and is now known as ‘Special Category Personal Data’. We will not collect any more Special Category Personal Data than is required, and is limited to:

  1. Information about your plans for the future (e.g. areas of mental wellbeing you want to focus on in future) that we collect when we ask you to set goals, so that we can keep you motivated by reminding you of the goals you have set and allowing you to review your progress;
  2. Your Daily Sentiment that we collect by asking you to click on an emoji so that we can capture your current mood, to add to your journal entries and personalise your content;
  3. Details of your current or former physical or mental health or condition, and sex registered at birth that we collect via questionnaires or assessments that you complete or journal entries you add, so that we can direct you to appropriate information, communities and services;
  4. Details of health tests, consultations and assessments undertaken by a third party supplier with whom we have secure arrangements for sharing data that we collect when you have given your consent for your data to be shared back to AXA. We do this to personalise the information and services you receive; details relating to your health status, such as data from Apple Health kit, Google fit, or similar mobile applications, or wearable devices such as an Apple watch, Fitbit or similar device, that we collect when you choose to link other mobile applications or devices to your account  to help track against your goals and direct you to appropriate information, communities  and services.

4. More information about how we collect your personal information

We collect your personal information directly from you when you use our digital wellbeing service platforms. Before you create an account, we will collect anonymous information on users who download our mobile application. If you then create an account, we will initially collect your name and contact details to enable the creation of that account. 

Once your account has been created, we will collect further information from you in the following ways:

  1. when you purchase or use any of our products or services;
  2. when you vote in a poll on our website or interact with us on social media platforms;
  3. via customer service telephone calls with you, which may be recorded. 

We may collect your personal information from a number of different sources including:

  1. directly from an individual or employer (or your employer’s service provider) who has a policy with us under which you are insured, and in which a digital wellbeing service is provided to you as part of that policy;
  2. directly from an employer which funds a Healthcare Trust that we administer where you are a beneficiary;
  3. from credit reference agencies who will supply us with information, including information from the Electoral Register and credit information. Please note that the agencies may record details of the search whether or not your application proceeds;
  4. from social media platforms, in particular when fraud is suspected; and
  5. Other third parties including:
    1. partners who work with us to provide our digital wellbeing services directly to you;
    2. third parties such as companies who provide consumer classification and other personal information for marketing purposes e.g. market segmentation and lifestyle data; and
    3. third parties who provide information which may be used by AXA to inform its pricing and service modelling decisions.

5. Other ways in which we may use your personal information

We mainly use your personal data (including Special Category Personal Data) to provide you with digital wellbeing services via our digital platform. However, there are a number of other reasons that your personal information may be used.  Please see below for a more detailed list of how we use your personal information. 

Under data protection laws we can only process your information where we have one or more legal bases or conditions for doing so, as set out in the law. We have set out below the main reasons for processing your personal data and the applicable circumstances when we will do so. When the personal information we process about you is classed as Special Category Personal Data we must have an additional legal basis for such processing: 

  1. We use Cloud technology storage solutions within the United Kingdom and the European Union which are chosen to ensure efficiency and improved performance through the use of up-to-date technology. In some instances, we may consider similar technology outside the EEA. In all cases where personal information is transferred to a country which is deemed not to have the same standards of protection for personal information as the UK, AXA will ensure appropriate safeguards have been implemented to ensure that your personal information is protected;
  2. Where we have a legal or regulatory obligation to use personal information, for example when our data protection regulator, the Information Commissioner's Office (ICO), require us to maintain certain records of our dealings with you;
  3. Where we need to use your personal information to establish, exercise or defend our legal rights, for example when we are faced with any legal claim or where we want to pursue any legal claims ourselves;
  4. Where we need to use personal information and Special Category Personal Data for reasons of public interest, such as medical malpractice;
  5. Where you have provided your consent to our use of your personal information and Special Category Personal Data. We will ask for your consent in relation to the purposes of processing Special Category Personal Data or when we would like to provide marketing information to you (including information about other products and services). We do not always need your consent to process your Special Category Personal Data, but where we do we will make this clear when you provide your personal information. Without your consent, in some circumstances, you may not be able to benefit from some of our services. Where you provide Special Category Personal Data about a third party, we may ask you to confirm that the third party has provided their consent for you to act on their behalf;
  6. Where we have appropriate legitimate business needs to use your personal information such as helping to resolve issues that may arise with the use of our products, or to maintaining our business records, developing and improving our products and services, all whilst ensuring that such business need does not interfere with your rights and freedoms and do not cause you any unnecessary harm;
  7. Where we need to use your Special Category Personal Data because it is necessary for your vital interests, this being a matter of life or death;
  8. Where we use and share “aggregated data” such as statistical or demographic data. Aggregated data may be derived from your personal data, but once in aggregated form it will not constitute personal data for the purposes of data protection law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your health questionnaire scores to create a benchmark for physical or mental wellbeing or to identify the most popular content within our digital platform.

If you have a subscription paid for by your employer

We share certain aggregated data (i.e. anonymous data) with your employer(s): for instance, they will be able to see the overall level of services being accessed and how that changes over time.  Your employer(s) will not have access to any personal information or Special Category Personal Data that you submit through your use of our digital platform (in particular health data you provide to us) as a direct consequence of your use of our digital platform.  This exclusion does not apply to any employer-provided data or any personal information that your employer may already possess in their course of employing you independently (such as Identity and Contact Data).

We may also disclose aggregated data to a prospective purchaser of our business or any part of it.

We also use such aggregated data to understand our end-users. To do so, we may take your anonymised data from your use of the app and combine it with other anonymised data we hold. This is to develop our service offering, to publish white papers and to share the aggregated data with health professionals and researchers. We may also use it to demonstrate the value of our offering to others.

6. Our legal basis for processing your personal information

  1. When we need your personal information to provide you with an account on our digital platform our legal basis is that such use is necessary in order to provide you a service under contract. Our legal basis for processing your health data (which is Special Category Personal Data) is that you have confirmed your explicit consent (please note that, in some cases, if you do not provide your explicit consent we may not be able to provide a service). The type of data we may process for this purpose will include but is not limited to: your contact and identifying details and your country of residence as stipulated in Section 2.1, 2.3 and 2.7 above; and personal information about your physical or mental health or condition as stipulated in Section 3 above;
  2. When we need your personal information to administer, provide and service your subscription our legal basis for processing is that such use is necessary in order to take steps to provide you a service under contract and our legal basis for processing your Special Category Personal Data is that you have provided your explicit consent. Please note that, in some cases, if you do not provide your explicit consent we may not be able to provide a service. The type of data we may process for this purpose will include, but is not limited to: your contact details and identifying details as stipulated in Section 2.1, 2.2, 2.3 and 2.7 above; information about your location as stipulated in Section 2.1 above; your healthcare provider(s) as stipulated in Section 3.4 above; your financial and payment details (such as payment card or bank account details) as stipulated in Section 2.6 above; and, Special Category Personal Data about your physical or mental health or condition as stipulated in Section 3 above;
  3. When we need your personal information to develop our service proposition further, by monitoring the use of our digital platforms and services offered, our legal basis for processing is that we have a legitimate business interest to assess and improve our services to ensure we are continually improving and updating our products for the benefit of our users. In some instances, we will link your data from the navigation of our platform to your account authentication, in which case we will collect your consent for this processing. The type of data we may process for this purpose will include but is not limited to: your IP address or User ID number and information about the pages and objects you have visited within the app and links to any external sites as stipulated in Section 2.8 above;
  4. When we need your personal information to communicate with you and resolve any issues or complaints you may have, our legal basis is that such use is necessary for our performance under our contract with you and we have a legitimate business need to resolve any issues or complaints. The type of data we may process for this purpose will include but is not limited to: your contact and identifying details as stipulated in Section 2.1, 2.3 and 2.7 above; your financial details and any information relevant to any payments you have made as stipulated in Section 2.6 above; and, Special Category Personal Data about your physical or mental health or condition as stipulated in section 3 above;
  5. When we need your personal information to prevent, detect and investigate fraud (which may include technology related to voice analytics),  our legal basis is that such use is necessary in order to provide a service to you and we have a legitimate business need to prevent fraud. Our legal basis for processing Special Category Personal Data is that we need to use your personal data for reasons of substantial public interest to prevent and detect fraud. The type of data we may process for this purpose will include but is not limited to: your contact and identifying details as stipulated in Section 2.1, 2.3 and 2.7 above; employment details as stipulated in Section 2.9 above; your payment information as stipulated in Section 2.6 above; and Special Category Personal Data about your physical or mental health as stipulated in section 3 above;

    Additional Information about our use of this data: we may verify with fraud prevention agencies and databases including publicly available data (for example data related to County Court Judgements, bankruptcy information and electoral roll data) any details you have provided to us.  If false or inaccurate information is provided and if fraud is suspected, details will be passed to fraud prevention agencies that we work with to prevent fraud and money laundering and we will periodically search records held by fraud prevention and credit reference agencies to:  help make decisions about credit services for you and your financial associates; trace people who owe money, recover debt,  and to prevent fraud; check your identity to prevent money laundering; carry out credit searches, electoral roll searches and further fraud searches.   For more information about the agencies with which we share your data, including further details explaining how the information held by fraud prevention agencies may be used, please email us at fraud@axa.co.uk;
  6. When we need your personal information to review or assist others such as the Care Quality Commission to assess the performance of healthcare providers to identify concerns regarding the care being provided to our customers and the public, our legal basis is that it is in the public interest to identify, or help others identify, deficiencies in the standards of care being provided. Our legal basis for processing Special Category Personal Data is that such use is necessary for reasons of public interest in the area of public health. The type of data we may process for this purpose will include but not limited to: contact and identifying information as stipulated in Section 2.1, 2.3 and 2.7 above; and, Special Category Personal Data about your physical or mental health or condition as stipulated in section 3;
  7. When we need your personal information for our own management information purposes including; managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice). We also undertake measures to secure our system and to ensure the effective operation of our systems. Our legal basis is that we have a legitimate business need to use your personal information to understand our business and monitor performance and maintain appropriate records, to protect the security of our systems. Our legal bases for processing Special Category Personal Data are that you have provided your consent. The type of data we may process for this purpose will include, but is not limited to: contact and identifying details as stipulated in Section 2.1, 2.3 and 2.7 above; payment information as stipulated in Section 2.6 above; Special Category Personal Data about your physical or mental health or condition as stipulated in Section 3 above; and, employment details as stipulated in Section 2.9 above.

    Additional Information about our use of this data: we use your personal information to help us understand our business and monitor our performance, for example, to help determine pricing of our subscription services. If you are a member of a large group health insurance or healthcare trust scheme, we may provide reports of aggregated data to your employer or a parent company on the performance of the scheme, the interactions with our digital platform and on the health of the workforce. The information we provide is anonymised so that you cannot be identified from the reports;
  8. When we need your personal information for research, statistical analysis and product development purposes to improve our products and services, our legal basis is that we have a legitimate business need to use your personal information for services improvement.  Our legal basis for processing Special Category Personal Data is that you have given your consent. The type of data we may process for this purpose will include but is not limited to: contact and identifying details as stipulated in Section 2.1, 2.3 and 2.7 above; payment information as stipulated in Section 2.6 above; Special Category Personal Data about your physical or mental health or condition as stipulated in Section 3 above; and, employment details as stipulated in Section 2.9 above. 

    Additional information about our use of this data: We may use your personal information for research and statistical analysis including general research into health-related areas and research about the products and services we provide. Where possible, we will take steps to anonymise, pseudonymise, aggregate or place appropriate controls and governance in place to protect Special Category Personal Data. By analysing customer information, we can tailor and improve our products and services to better suit the needs of our customers. AXA accelerate its understanding through innovation such as machine learning and Artificial Intelligence. This means we work with new technology for efficiency and speed. When we do this we do so in accordance with data protection laws and regulations, and we consider each use on a case-by-case basis, ensuring that we have undertaken a full data protection risk assessment.  To have an accurate understanding of all AXA products you hold, we bring relevant personal information together across the AXA UK Group of companies.  Please note we only ever market to you if you have provided your consent;
  9. When we need your personal information to provide improved quality, training and security (which may include technology related to voice analytics), for example, with respect to recorded or monitored phone calls to our contact numbers, we have several legal bases that may apply for us to process your data such as where we need to comply with our legal or regulatory obligations ( for example where this is necessary for proper performance with our contract with you). Our legal basis for processing Special Category Personal Data is that it is required for an Insurance purpose or you have provided your consent. The type of data we may process for this purpose will include, but is not limited to: contact and identifying details as stipulated in Section 2.1, 2.3 and 2.7 above;  your payment information as stipulated in Section 2.6 above; and  any additional information you might otherwise give us during your interactions with us;
  10. When we need your personal information to provide information to you about our products and services as a personal customer or potential personal customer, our legal basis is either that this is in our legitimate business interest or we have your consent. Our legal basis for processing Special Category Personal Data is that you have provided your consent. The type of data we may process for this purpose will include but is not limited to: contact and identifying information as stipulated in Section 2.1, 2.3 and 2.7 above; lifestyle and information about social circumstances as detailed in Section 4 above; information about the goods and services you currently have with AXA as stipulated in Section 2.10 above;  and marketing preferences as stipulated in Section 2.11 above;
  11. When we need your personal information to provide information to you about our products and services as a business customer or potential business customer (including information about other products), our legal basis for is that it is in our legitimate business interests for marketing within the commercial sector, or we have your consent. The type of data we may process for this purpose will include but is not limited to: your business contact information and publicly available information about your business.
  12. When we link your personal and Special Category Personal Data across different products and services that you receive across the AXA Group to create aggregated data for the purposes of analytics and reporting. Our legal basis for processing is that we have a legitimate business need to use your personal information for analysis and reporting so that we can better understand how AXA products work together in order to benefit our product development and service delivery. Our legal basis is that you  have given your consent. The type of data we may process for this purpose will include but is not limited to: contact and identifying details as stipulated in Section 2.1, 2.3 and 2.7 above; payment information as stipulated in Section 2.6 above; Special Category Personal Data about your physical or mental health or condition as stipulated in Section 3 above; and, employment details as stipulated in Section 2.9 above.
  13. When we need your personal information to provide a continuity of service with third party services that you select to use, we may transfer your personal information and Special Category Personal Data to third party service providers. Our legal basis for transferring your personal data is that you have provided your explicit consent. The type of data we may process for this purpose will include but is not limited to: your contact details and identifying details as stipulated in Section 2.1, 2.2, 2.3 and 2.7 above; information about your location as stipulated in Section 2.1 above; and Special Category Personal Data about your physical or mental health or condition as stipulated in Section 3 above.

7. Who do we share your personal information with?

We might share your personal information with two types of organisation – companies inside the AXA Group, and other third parties outside the AXA Group. For further details of disclosures, please see below. We won’t share any of your personal information other than for the purposes described in this Privacy Policy.  

Who might we disclose your personal information to:

7.1 Disclosures within our Group

In order to provide our services your personal information is shared with other companies in the AXA Group including but not limited to AXA Business Services in India (see section 7.3 below) AXA ICAS Occupational Health Services Limited and AXA ICAS Limited. Your personal information might be shared for our general business administration, efficiency and accuracy purposes.

7.2 Disclosures to third parties outside our Group

We also disclose your information to the types of third parties listed below for the purposes described in this Privacy Policy. This might include:

1. Your relatives, guardians or someone else acting on your behalf where you are incapacitated or unable, or other people or organisations connected to you such as your lawyer;Your current, past or prospective employers if you have been part of a group scheme but only ever in an aggregate/anonymised manner. Your personal details will not be identifiable in this sharing;
2. Our third-party services providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, research specialists, document management providers and contractors and their sub-contractors;
3. We may also share your information with businesses that we partner with to provide goods or services that we make available to you. They may only market their own products or services to you if you consent that they can do so.
4. Our partners include:

  • Medical professional carers for the provision of restoring or maintaining your health;
  • Providers of health assessment services;
  • Providers of counselling services;
  • Providers of complimentary therapies such as meditation and mindfulness.

5. Central and local Government (for example if they are investigating fraud or because we need to contact them regarding international sanctions);
6. NHS fraud teams, the General Medical Council, the police, National Crime Agency, other law enforcement agencies and organisations that maintain anti-fraud or other crime databases where reasonably necessary for the prevention or detection of crime;
7. Selected third parties in connection with the sale, transfer or disposal of our business.

    Disclosure of your personal information to a third party outside of the AXA Group with exception of law enforcement agencies or other bodies exercising their official authority will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them. 

    We may also disclose your personal information to other third parties where:

    8. we are required or permitted to do so by law or by regulatory bodies such as where there is a court order, statutory obligation or Prudential Regulatory Authority / Financial Conduct Authority or Information Commissioners Office request;
    9. we believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest; or
    10. where exemptions under the data protection legislation allow us to do so.

    7.3 Transfer of your data outside of the EEA

    Some of the recipients and technical solutions set out above may be in countries outside of the EEA (European Economic Area), notably in i) Switzerland, where AXA has a European Data Centre, and ii) India, where some administration is undertaken. Where we make a transfer of your personal information outside of the EEA and to a country which is deemed not to have the same standards of data protection as the UK, in all cases we will ensure that appropriate safeguards have been implemented to ensure that your personal information is protected. Such steps may include entering into contractual obligations with the third party to protect your personal information to adequate standards.

    8. How long do we keep records for?

    In most cases, we will keep your information for between three and ten years after our relationship with you ends but it will vary depending on what data we hold, why we hold it and what we’re obliged to do by the regulator or the law.

    We keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply or demonstrate compliance with our legal and regulatory obligations.  Where we can, and it is appropriate, we will minimise personal information or de-personalise data to use for statistical or analytical purposes.

    The time period we retain your personal information for will differ depending on the nature of the personal information and what we do with it. We typically keep payment information for up to 7 years to comply with financial reporting requirements.  Beyond seven years we will keep minimised information for statistical analysis, for example for pricing and service delivery improvement purposes.

    9. Your Rights

    You can ask us to do various things with your personal information. For example, at any time you can ask us for a copy of your personal information, ask us to correct mistakes, change the way we use your information, or even delete it. We’ll either do what you’ve asked or explain why we are unable to - usually because of a legal or regulatory issue.

    For further details about your rights please see below.

    You have the following rights in relation to our use of your personal information.

    The right to access your personal information

    You are entitled to a copy of the personal information we hold about you which you can request directly from the Privacy Centre within the digital application. From the application you are able to download a .CSV file that contains all the information that we hold about you. If you are unable to access the digital application for any reason you can make a direct request for a copy of your data by emailing data.protection@axa-ppp.co.uk.

    The right to rectification

    We take reasonable steps to ensure that the personal information we hold about you is accurate and, to the extent necessary, complete. However, if you do not believe this is the case, please contact us by emailing data.protection@axa-ppp.co.uk.

    The right to erasure:

    You can request an account deletion directly from the Privacy Centre within the digital application. When you request a deletion, we will delete your account and all the data that we hold about you with the exception of any payments you have made. We have a legal obligation to hold financial records for 7 years of which the data will be limited to a simple identifier and payment amounts, which will be securely deleted at the end of the legal retention period. If you are unable to access the digital application for any reason you can make a direct erasure request by emailing data.protection@axa-ppp.co.uk. There may be some other legal and regulatory reasons which mean we cannot comply with your request. 

    Right to restriction of processing:

    In certain circumstances, you are entitled to ask us to suspend using your personal information for a period, for example where you think that the personal information we hold about you may be inaccurate, to allow us to verify the accuracy, or where you think that we no longer need to process your personal information, but you need us to keep it for legal reasons. You can request processing to be restricted (i.e. your account will be suspended) by emailing data.protection@axa-ppp.co.uk.

    Right to data portability:

    In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice. You can request a file of your data directly from the Privacy Centre within the digital application. From the application you are able to download a .CSV file that contains all the information that we hold about you. If you are unable to access the digital application for any reason you can make a direct request for a copy of your data by emailing data.protection@axa-ppp.co.uk.

    Right to object to direct marketing:

    You can ask us to stop sending you marketing messages at any time by amending your consent in the Privacy Centre in the app.

    Right not to be subject to automated-decision making:

    Some of our decisions are made automatically where you input your personal information into our app and the content you are directed to is determined using certain automatic processes rather than our employees directly making those decisions. We make automated decisions in the following situations:

    • Directing you to relevant content and information based on your responses to our questionnaires, your location, data from linked devices or applications, third party data and your account information.
    • Directing you to a proposed subscription service based on your responses to our questionnaires, your location, data from linked devices or applications, third party data and your account information.
    • Directing you to suggested community groups based on your responses to our questionnaires, your location, data from linked devices or applications, third party data and your account information.

    The right to withdraw consent

    For certain uses of your personal information, we will ask for your explicit consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. Please note that where you withdraw all consent to process your special category (health) data we will need to delete all of your data which will require that we delete your entire account. You can do this at any time by requesting an account deletion directly from the Privacy Centre within the digital application.

    The right to lodge a complaint

    You have a right to complain to the ICO at any time if you believe that we have not met the requirements of data protection law. The ICO will usually expect that you have given us the opportunity to resolve your complaint before they will take up your enquiry, so please do tell us first if you think we have not complied with these laws. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/.

    In some circumstances exercising some of these rights will mean we are unable to continue providing you with services.  This may therefore result in the cancellation of your subscription and the suspension of your account. Our terms and conditions set out what will happen in the event your subscription is cancelled.

    10. Marketing

    You’re in control of whether we may use your information for marketing purposes.  If you are an existing customer, we will only contact you if you’ve agreed it’s okay. Then, we might use your information to tell you about products and services that could interest you. 

     We may use pixels and similar technologies within our marketing emails to enable us to see whether the email was delivered and accessed, and to provide us with insights into the performance of our campaigns so we can provide you with more relevant content at optimum times. 

    If you wish to unsubscribe from emails sent by us, you may do so at any time by following the unsubscribe instructions that appear in all emails. Otherwise you can amend your consents in the Privacy Centre on our digital app. In such circumstances, we will continue to send you service related (non-marketing) communications where necessary. 

    We would like to keep you informed, from time to time about relevant products and services. We may do this by mail, email, telephone or other electronic methods such as text message. In order to help us get to know you and identify what products and services may interest you we obtain information about you from other sources inside and outside the AXA Group for example, companies who provide consumer classification, market segmentation and lifestyle data for marketing purposes. Examples of these organisations are Experian or LexisNexis.

    We may run specific marketing campaigns through social media and digital advertising that you may see which are based on general demographics and interests.  We do this by creating generic customer characteristics which are viewed in social media. If you do not want to see any campaigns then you will need to adjust your preferences within social media settings and your browser cookie settings. 

    From time to time we may share your data with social media platform providers who aggregate elements of your personal information and match this data against other sources to find similar profile individuals. If you do not want us to use your personal information in this way, you can opt out of profiling at any time by visiting the Preference page in the app and opt out of ‘Help us to find new customers’

    Business to business marketing (that is, commercial marketing) may rely on legitimate business interests when contacting the organisation rather than marketing choices made by an individual.

    11. Contact Details of the Data Protection Officer

    The Data Protection Officer:

    AXA PPP healthcare
    Jubilee House
    Vale Road, 
    Tunbridge Wells
    TN1 1BJ
    Email address: data.protection@axa-ppp.co.uk

    Alternatively you can contact our Group Data Protection Officer at our head office:

    The Data Protection Officer:

    AXA UK Plc
    20 Gracechurch Street,
    London,
    EC3V 0BG
    Email address: ukgroupprivacy@axa-uk.co.uk

    If you would like to contact the UK’s Information Commissioner’s Officer direct; please write to the Information Commissioner's Office,

    Wycliffe House,
    Water Lane,
    Wilmslow,
    Cheshire,
    SK9 5AF

    Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national number.