We are Expacare Limited, a specialist international medical insurance provider.
Expacare Limited is authorised and regulated by The Financial Conduct Authority. Further information can be found at www.fca.org.uk.
Our Registered Office is : Bracknell Enterprise Centre, Easthampstead Road, Bracknell, Berkshire, RG12 1NF and we are Registered in England : No. 01524095.
We administer your medical insurance policy and process claims through assistance companies and claims administration providers. You can find details of the relevant assistance company and claims administrator in your membership pack.
The Expacare website is intended to provide information and assistance to expatriates with international healthcare needs.
Our website provides links to third-party sites for your convenience
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, their gender and contact details.
Personal data may contain information which is known as special categories of personal data. This may be information relating to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to or sexual orientation.
Personal data may also contain data relating to criminal convictions and offences.
For the purposes of safeguarding and processing criminal conviction and offence data responsibly, this data is treated in the same manner as special categories of personal data, where we are legally required to comply with specific data processing requirements.
In order for us to arrange and administer insurance for you we will collect and process personal data about you. We will also collect your personal data where you request information about our services.
We may also need to collect personal data relating to others in order to arrange and administer insurance. In most circumstances, you will provide us with this information. Where you disclose the personal data of others, you must ensure you are entitled to do so.
You may provide us with personal data when completing online quote or contact forms, when you contact us via the telephone, when writing to us directly or where we provide you with paper based forms for completion or we complete a form in conjunction with you.
We will share your personal data within our group of companies and with business partners. This is normal practice within the insurance industry where it is necessary to share information in order to place, quantify and underwrite risks, to assess overall risk exposure and to process claims. It is also necessary to determine the premium payable and to administer our business.
We also share personal data with authorised third parties, this is necessary where we are required to do so by law, where we need to administer our business, to quote for, source, place and administer your insurances, to perform underwriting activities and to process claims. Some examples follow:
We will collect your personal data when you visit our website. We will collect your unique online electronic identifier; this is commonly known as an IP address.
We may record your communications with us when contacting our customer care, complaints and other customer focused functions.
Where we collect data directly from you, we are considered to be the controller of that data i.e. we are the data controller. Where we use third parties to process your data, these parties are known as processors of your personal data. Where there are other parties involved in underwriting or administering your insurance they may also process your data in which circumstance we will be a joint data controller of your personal data.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
As a provider of insurance services, we will process the following categories of data:
If you object to the collection, sharing and use of your personal data we may be unable to provide you with our products and services.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
Aggregated data may be used by Expacare Limited or others for research, product design or statistical purposes.
If you require more information about our insurance processes or further details on how we collect personal data and with whom we share data with, please contact our data privacy representative by e-mailing firstname.lastname@example.org.
We will use your personal data for the performance of our contract with you, to quote for and provide you with insurance products and services, to process claims and renewals, to administer your policy and our business, to respond to any requests from you about services we provide and to process complaints. We will also use your personal data to manage your account, perform statistical analysis on the data we collect, business forecasting purposes and to develop new and market existing products and services.
We process special category data, for the performance of our contract with you and under the condition of substantial public interest, we will ensure that the appropriate additional safeguards are in place to protect the data, these will include added security measures, restrictions in access to the data. We will use your data if it is deemed to be necessary for reasons of substantial public interest to detect fraud and improper claims. This allows us to quote for and provide you with insurance products and services, to process claims and renewals and to administer your policy.
In purchasing our products and services you should understand that you are forming a contract with us. If you contact us for a quote or request details on the services we provide, we consider ourselves
as having a legitimate business interest to provide you with further information about our services.
Where we require consent to process your personal data, your rights and what you are consenting to will be clearly communicated to you. Where you provide consent, you can withdraw this at any time by contacting our data privacy representative.
We will retain your personal data at the end of any contractual agreement for a minimum period of 7 years. We will retain special category data for a minimum period of 7 years. Where you have submitted a claim, we will retain your data for a minimum period of 7 years. Where you have requested a quote, we will retain your personal data for 13 months, where you have contacted us for details of our services and products, we will retain your personal data for 13 months. Where you make a complaint we will retain the data for a minimum of 7 years. Where you or law enforcement agencies inform us about any active investigation or potential criminal prosecution, we will comply with legal requirements when retaining this data.
The retaining of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interests for statistical analysis (profiling) and product development and marketing purposes. We will not retain your data for longer than necessary.
Sometimes we may need to retain your data for longer, for example if we are representing you or defending ourselves in a legal dispute or as required by law or where evidence exists that a future claim may occur.
Please contact our data privacy representative if you object to the use of, or you have any questions relating to the use of, your data, the retention of your personal data.
We will transfer your data to third parties based outside the European Economic Area. This is necessary for the purposes of administering our business and underwriting and claims processing purposes. Such parties are not permitted to use your personal data for any other purpose than for what has been agreed with us. These parties are also required to safeguard your personal data through the use of appropriate technical and organisational data security measures and are prohibited from disclosing or sharing your data with other third parties without our prior authorisation, or unless as required by law.
Please contact our data privacy representative for further information on the measures undertaken to safeguard your data by emailing email@example.com.
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact our data privacy representative by e-mailing firstname.lastname@example.org or by writing to data privacy representative, Expacare, Bracknell Enterprise Centre, Easthampstead Road, Bracknell, Berkshire, RG12 1NF, United Kingdom.
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within our group of companies and with business partners and authorised third parties.
To ensure data privacy and protection has appropriate focus within our organisation we have a data privacy representative who reports to our senior management team. Our data privacy representative’s contact details are as follows:
Data Privacy Representative, Expacare, Bracknell Enterprise Centre, Easthampstead Road, Bracknell, Berkshire, RG12 1NF, United Kingdom.
If you are dissatisfied with any aspect of the way in which we process your personal data please contact data privacy representative. You have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office(ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
If you have any questions regarding this Notice, the use of your
data and your Individual Rights please contact our data privacy representative at Expacare, Bracknell Enterprise Centre, Easthampstead Road, Bracknell, Berkshire, RG12 1NF, United Kingdom or by e-mailing email@example.com or by telephoning +44 1344 233950.