Security and Privacy Statement
Data Protection Act 1988 and 2003
Laya Healthcare Limited and Elips Insurance Limited act as joint data controllers in relation to information held about you for the purposes of the Data Protection Acts. You should show this notice to anyone who may be covered by your insurance policy with laya healthcare.
Security and Privacy Statement
At laya healthcare, we are committed to protecting and respecting your data protection and privacy rights. Please take a moment to read this Security and Privacy Statement to find out more about why and how we process your personal information. You should show this notice to anyone who may be covered by your insurance policy with laya healthcare.
Who processes your data?
For the purposes of the applicable data protection legislation, laya healthcare is the controller of your personal data. You will find our contact details in the “Contact us” section below.
Data we process
We process the identification and contact information and the data you input into our online forms or provide to us over the phone when you request a quote or when you join laya healthcare.
It is also necessary for us to collect sensitive information/ special categories of information (such as medical conditions) about you and others named on the insurance policy. We may seek and obtain from your physician or a hospital information about you relating to any treatment or other services provided to you or other members of the insurance policy:
• records of physical or mental illness or illhealth;
• medical histories;
• records of treatments obtained by you;
• length of any stay in a hospital;
• other treatments or services, including wellness services, received by you or your dependant(s);
The above sensitive information/ special categories of information are not used to offer or determine any products for you or any other members of your insurance policy, and is only used to administer claims on that policy. We also collect and record certain information about you when you browse our website. For more information, please see our Cookies Policy.
Why do we process your data?
We collect and use the information you disclose to us to provide you with your chosen products and services, including wellness services. Without collecting and using your personal information, it would not be possible for us to offer you a quote, help you choose the best plan for you, manage and administer your policy nor to underwrite or handle your claims.
More specifically, we use the information about you (both personal and sensitive personal data/ special categories of personal data) that we hold for the following purposes:
• for managing and administering your insurance policy
• for underwriting and claims handling
• for money laundering prevention purposes
• to analyse and examine the claims processes and treatment/over-night stay/convalescence options applied/utilised by medical service providers
• to audit medical service providers generally
• to examine the handling of claims by a medical service provider
• for the efficient payment of Stamp Duty, payable on your Health Insurance contract under section 125A of the Stamp Duties Consolidation Act 1999.
We also process your information in order to comply with legal obligations to which we are subject and for the purposes of our legitimate interests such as to prevent fraud, for marketing and audit purposes for systems development and for managing and improving our services.
From time to time we would like to contact you to:
• invite you to events we are sponsoring;
• invite you to various events we run exclusively for our members
• gauge satisfaction with the service you received from us.
• perform market research.
If you consent to us contacting you for the above purposes we will do so, if you opt out of such communications we will adhere to your preferences at all times.
Who do we share your data with?
Laya Healthcare might share your data with others in order to provide you with a first class service and so as to comply with our legal obligations. In case as part of your policy with us you receive additional services, we might share your information with additional service providers such as Spectrum Health Limited, Ed Advanced Medical Services Limited t/a Advanced Medical Services, [Webdoctor and Bupa], and/ or other partners.
We might also share your personal information with hospitals and/or consultants to aid the efficient processing of claims.
We are also under a legal obligation under the Health (Provision of Information) Act 1997 to provide information to the National Cancer Registry Board, the Minister for Health or a health board, hospital or other body or agency participating in any cancer screening.
In the event you switch to another insurer, we will share your information with the new insurer in accordance with the Health Insurance Act 1994 (Determination of Relevant Increase under section 7A and Provision of Information under section 7B) Regulations 2014 to confirm information that you have provided on taking out a policy with the new insurer.
Our agents or subcontractors may also have access to your data on a strictly confidential basis.
In order to provide you with products and services, this information will be held in the data systems of laya healthcare or by our agents or subcontractors.
When you request a quote from us, you may receive a phone call or text message and/or email in relation to that quote. If you would prefer not to receive such communications, please contact us to let us know.
Data Retention Period
It is our aim to only hold your data for as long as this is necessary. We generally hold your data for as long as we are obliged to do so under the applicable law.
We retain the data we collect and process as a result of gauging your satisfaction with the service you received from us and as a result of marketing research for a period of 18 months after your membership ends.
We take our security responsibilities seriously, employing the most appropriate physical and technical measures, including staff training and awareness. We review our security measures and procedures regularly. Our website uses the latest, industry leading, HTTPS (SSL/TLS) encryption.
Responsible Disclosure Guidelines
Security issues should be disclosed to email@example.com. Please note we cannot respond to individual policy queries on this address and these should be raised through our contact us page. We will investigate legitimate security reports and respond within 1-2 business days, and make every effort to quickly correct any issues, while following Data Protection guidelines and responsibilities. If you identify a security issue you should not modify or access data that does not belong to you.
Use of Laya healthcare website
We may also record additional information on the web pages you have visited and the contents of those web pages, any information you input, your referring URL or IP address, your time of visit and related session information, your requested page, web browser type, USR agent, status of request (successful reply), cookies, number of bytes in the response, and query string and any information or technical detail your browser is sending to us. IP addresses are not linked to personally identifiable information. We use this information to better understand website usage in the aggregate so that we know what areas of our website users prefer. This information is stored in log files and is used for statistical reporting and in limited circumstances to prevent fraudulent claims
What are Cookies?
Cookies are small, often encrypted text files sent by web servers to web browsers and stored there to provide useful information. When the user subsequently visits the website, the browser sends cookies back to the website allowing the user to be recognised. This eliminates the redundant re-entering of data and the website can be used more efficiently.
Session Cookies are temporary cookies that are not stored on your computer or mobile device.
Persistent cookies are those placed on your computer or mobile device for a pre-determined length of time when you visit a site.
Cookies we use
Session cookies (JSESSION ID) are deleted from your computer when you close your browser. These cookies enable services such as:
- Maintaining log in details to layahealthcare.ie, thereby keeping you logged in for the duration of your visit
- Remembering the content of your shopping cart while purchasing layahealthcare.ie products
Policy Cookie (CookiePolicyAccept): This cookie is a persistent cookie which is sent when a user closes the cookie banner. This ensures that the banner does not appear each time you visit our website.
Used to maintain log in details and remember the content of your shopping cart.
Used to ensure that when you have accepted the cookies policy, the banner does not appear each time you visit our website
Third Party Cookies
You can manage cookies from a website by adjusting the cookie settings of your browser. Most browsers support cookies, but you can set you browser’s settings to decline them and can delete them whenever you like. The cookie settings are usually stored in Tools -> Internet Options -> Privacy.
Please note that blocking cookies may have a negative impact on the performance and functionality of the website.
Find Out More
More information about cookies can be found at: www.allaboutcookies.org. This site contains information on how to configure your browser to block all cookies as well as general information about cookies.
This Cookies Policy forms part of our overall Security and Privacy Statement
You can easily edit or update your personal information through the “members area” section of our website or by contacting us over the phone. You will need your membership number and a password to access and change your information online. If you contact us over the phone or a webchat to edit or delete your personal data we will ask you questions in order to verify your identity.
Under the applicable data protection legislation, you have the right to request that we:
- provide you with information as to whether we process your data and details relating to our processing, and with a copy of your data;
- rectify any inaccurate data we might have about your without undue delay;
- complete any incomplete information about you;
- under certain circumstances, erase your personal data without undue delay,
- under certain circumstances, be restricted from processing your data;
- under certain circumstances, furnish you with the personal data which you provided us with in a structured, commonly used and machine readable format;
Where we process your data solely on the basis of your consent, you are entitled to withdraw your consent at any time. This will not affect the lawfulness of our processing before the withdrawal.
You also have the right to lodge a complaint with the Data Protection Commissioner at any time.
The exercise of your rights might be subject to certain conditions and we might require further information from you before we can respond to your request.
You may exercise your rights by contacting our Data Protection Officer at the address or e-mail address provided below.
Change to statement
We may occasionally update this security and privacy statement and will endeavour to notify you of any changes through the members’ area, on our website and/ or upon renewal of your policy.
Laya Healthcare Limited
Mr Ian Brennan
Data Protection Officer