Privacy notice

To be read in conjunction with the website terms of use.

This privacy notice tells members and customers of Benenden Health what to expect when Benenden Health collects, uses, retains and discloses your personal information. Personal information is information that (on its own or together with other information) identifies you and is about you. This includes what you tell us about yourself and what we learn by having you as a member or customer. This notice was last updated in May 2024.

- Our commitment to your privacy
- What types of personal information do we handle?
- Where we collect personal information from?
- Who we share your personal information with
- Sending personal information outside of the UK
- Marketing
- Business to business marketing
- How long we keep your personal information
- Your rights
- Contacting us

Who we are

'Benenden Health' and 'Benenden' are trading names of The Benenden Healthcare Society Limited. When we refer to Benenden Health or to Benenden (or to 'we', 'us', or 'our'), we mean:'

The Benenden Healthcare Society Ltd.
And/or its subsidiary Benenden Wellbeing Limited (also trading as Benenden).
And/or its subsidiary The Benenden Charitable Trust; all of which are registered at Holgate Park Drive, York, YO26 4GG.
And/or its subsidiary The Benenden Hospital, registered at Goddard's Green Road, Cranbrook, Kent, TN17 4AX.

Benenden Hospital has a separate privacy notice for patients and visitors. If you are, or have been, a patient at Benenden Hospital, their privacy notice explains how they hold your personal information.

Benenden Charitable Trust has a separate privacy notice which is supplied to all applicants, explaining how the Trust handles applicant and donor information.

To ensure that we process your personal information fairly and lawfully, this notice informs you:

Why we need your personal information;
How it will be used;
With whom it will be shared and;
What rights you have in relation to the personal information we collect.

Within this notice we describe instances where Benenden Health is the 'data controller' (the organisation who decides what personal information is collected and how it is used), and where we direct or commission the processing of personal information by third parties on our behalf to provide services or improve our offering to you.

There may be situations where Benenden Health processes personal information on the instructions of another organisation (known as acting as a 'data processor'), but in those circumstances our use of personal information would be governed by that organisation.

If you have any questions about this privacy notice, including any requests to exercise your legal rights please contact our DPO using the contact us section.

↑ Back to top

Our commitment to your privacy

Benenden Health recognises the importance of protecting personal and confidential information in all that we do. We take care to meet our legal duties, and we put in place all reasonable technical, security and procedural controls required to protect your personal information for the whole of its life, in whatever format we hold that information in.

How the law protects you

Your privacy is protected by law, which says that we can use your personal information only if we have a proper reason (known as a legal basis) to do so. This includes sharing it outside of Benenden Health. The reasons why we may process your personal information are:

To fulfil a contract we have with you;
When it is our legal duty;
When it is in our legitimate interest, or;
When you consent to it.

A legitimate interest is when we have a business or commercial reason to use your personal information, but this must not unfairly go against your rights or freedoms. If we rely on our legitimate interest, we will tell you what that is.

Purposes for which we use your personal information

Below is a list of the ways that we may use your personal information, and which of the reasons (or legal bases) we rely on to do so. This is also where we tell you what our legitimate interests are. For further information in relation to the marketing that we undertake, please see the Marketing section below.

WHAT WE USE YOUR PERSONAL INFORMATION FOR	OUR REASON(S) FOR PROCESSING	OUR LEGITIMATE INTERESTS (WHERE APPLICABLE)
To manage our relationship with you. To communicate with you about your membership or Benenden Health products you have purchased. To develop and carry out marketing activities. To conduct analysis and research activities to improve and develop our products and services. To analyse the reaction to our advertising activity. To create anonymised look-alike audiences for marketing purposes.	Fulfilling contracts. Our legal duty. Your consent. Our legitimate interests.	Keeping our records up to date. Working out which of our products and services may interest you and telling you about them. Defining audiences to market our products to. Seeking your consent when we need it to contact you. Being efficient about how we fulfil our legal and contractual duties.
To provide you with the services we can offer when members request assistance. To manage how we work with other companies that provide services to us and our members or customers.	Fulfilling contracts. Our legal duty. Our legitimate interests.	Being efficient about how we fulfil our legal and contractual duties.
To administer payments relating to membership. To administer payments relating to product sales. To administer payments for services we can offer when members request assistance.	Fulfilling contracts. Our legal duty. Our legitimate interests.	Being efficient about how we fulfil our legal and contractual duties. Complying with regulations that apply to us.
To detect, investigate, report and seek to prevent financial crime. To manage risk for us and our members or customers. To comply with regulations that apply to us. To respond to complaints and seek to resolve them.	Fulfilling contracts. Our legal duty. Our legitimate interests.	Developing and improving how we deal with financial crime. Complying with regulations that apply to us. Being efficient about how we fulfil our legal and contractual duties.
To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance and audit.	Our legal duty. Our legitimate interests.	Complying with regulations that apply to us. Being efficient about how we fulfil our legal and contractual duties.
To exercise our rights as set out in agreements or contracts.	Fulfilling contracts.

What types of personal information do we handle?

We process personal information to enable us to run Benenden Health, to support the provision of services to members and customers, to maintain our own accounts and to promote our services.

The types of personal information we collect, use, store and share include:

Personal details (such as names, addresses, telephone numbers, dates of birth).
The relationship between individuals on the same membership.
Employment details, work or profession details for individuals who pay for membership through their salary or pension.
Financial details (including payments to Benenden Health by members and customers and payments made by Benenden Health for services provided to members).
Details of how you use our website, and where you have accessed it from.
Details of how you interact with us on social media.
Details of when you contact us and when we contact you (including voice recordings of telephone calls and copies of written communications such as emails or letters).
CCTV images, which are used for building security.
Details of which Benenden Health products you have purchased.
Any consents which you have given us in relation to the processing of your personal information.
Physical or mental health details in relation to requests by members for access to our services. Such information requires special protection by law – we will always explain what information we require and why it is needed when collecting this information. It will always be processed and stored securely.
Details of your use of services offered by Benenden Health.
Contact details (such as names, roles, telephone numbers and email addresses) of business contacts.

↑ Back to top

Where we collect personal information from

We may collect your personal information from the following sources:

Personal information you give to us:

When you join The Benenden Healthcare Society Ltd.
When you contact us (for example by phone, email or letter).
In member or customer surveys or any other research activity we may conduct with you.
When you enter our competitions or sign up to receive our marketing.
When you use our services.
When you update your membership information using My Benenden.
When you buy a product from us other than Benenden Health membership (for example a Benenden Health Cash Plan)
When you use our app (view the Benenden Health App privacy notice).

Personal information gathered from www.benenden.co.uk:

When you use or access our website (please see cookies for further information).

Personal information from third parties that we work with:

When you buy a product from us other than Benenden Health membership (for example Benenden Travel Insurance).
Details of your payments from payroll service providers (if you pay by deduction at source from your salary or pension payment).
Details obtained from social media.
Details obtained from cookies on third party websites (please see cookies for further information).
Identifying and contact information from employers (if your membership is set up and paid for by your employer).
Personal information purchased from providers of third party marketing lists (only if you have given express consent to this).
Details of business contacts obtained from providers of third party business listings.

↑ Back to top

If you choose not to give personal information

We may need to collect personal information by law, or under the terms of a contract we have with you.

If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot provide you with services under your membership or other products which you have purchased from us. We will notify you if your choice not to give personal information to us would result in a delay or prevent us from meeting our obligations.

Any personal information that is optional will be clearly marked at the point of collection.

↑ Back to top

Who we share your personal information with

We may share your personal information between The Benenden Healthcare Society Ltd, Benenden Charitable Trust, and Benenden Wellbeing Ltd for these reasons:

Assisting in verifying your identity.
Assessing risks.
Understanding your requirements.
Developing, testing, researching and improving products and services.
Marketing products and services we believe may be appropriate to you.
Training and business analysis.
Legal and regulatory compliance.
Preventing or detecting financial crime.
Complaints handling, or;
Improving customer service.

Certain services are provided by third party organisations who collect and use personal information in order to provide those services to you. They will be a 'data controller' in their own right under data protection law. This means that they have a separate responsibility to protect your personal information and will keep you informed about how your personal information will be used.

Your personal information will only be shared with third party organisations when required (for example for legal obligations or regulatory requirements, in respect of the products and/or services you request as a member or customer of Benenden Health).

These types of organisations are:

Healthcare organisations we work with to provide the services offered by The Benenden Healthcare Society Ltd.
Approved alternative dispute resolution (ADR) schemes.
The providers of Benenden insurance products such as Benenden Health Cash Plan.
The providers of other Benenden products such as the Benenden Health Assessment.
HM Revenue & Customs, our regulators and other authorities, including fraud prevention agencies (where required or permitted by law).

In the usual course of our business, we may use other third party organisations known as 'data processors' under data protection law to support the essential delivery of our services. These organisations process your personal information on our behalf.

These types of organisations are:

Mailing, email, SMS messaging, and/or print fulfilment organisations (to enable us to communicate with you efficiently).
Providers of business services such as auditors, consultants, solicitors and/or insurers (to enable us to run Benenden Health efficiently).
Providers of records management services such as secure disposal suppliers, and IT storage providers (to enable us to secure data efficiently).
Providers of IT systems or services (to enable us to run Benenden Health efficiently).
Market researchers (to help us to improve the services we offer).
Providers of information management services (to help us learn about our customers).
Companies you ask us to share your personal information with (upon request).

When we share your information with our approved third party providers, our contractual relationship with them prevents them from using your information for any other purpose outside of our instructions to them. They may use their own third party data processors, but are always required to meet the same legal requirements as Benenden Health does.

Benenden Health will never sell your information, or share it with external companies for their own marketing purposes.

Sending personal information outside of the UK

The UK GDPR and DPA 2018 hold the UK to high standards of data protection. If we transfer information outside of the UK, we will make sure that it is protected to these standards.

We will only send your personal information to countries outside of the UK to:

Follow your instructions.
Comply with a legal duty, or;
Work with other third-party organisations (as detailed above) who we use to help provide our services to you.

We will always use one or more of these safeguards:

Transfer it to a country with privacy laws that give the same protection as the UK as deemed by the UK to provide an adequate level of protection for personal information.
Make use of Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), where suitable, to facilitate the transfer of personal and special category data between ourselves and an international organisation.

↑ Back to top

Marketing

We may use your personal information to tell you about relevant products offered by The Benenden Healthcare Society Ltd, and its subsidiaries Benenden Wellbeing Ltd, and Benenden Hospital. This is what we mean when we talk about 'marketing'.

We can only use your personal information to send you marketing messages if we either have your consent or a 'legitimate interest'. Legitimate interest is when we have a business reason to use your information for marketing purposes (which will not unfairly go against your rights and freedoms). In other words, we will not market to you based on legitimate interest if you have told us that you do not want to receive such marketing or are registered on a preference services list.

We have a legitimate interest to:

Send you marketing messages about Benenden Healthcare or other products offered by Benenden Health (such as Travel Insurance, Health Cash Plan, Health Assessments, and self-pay services at Benenden Hospital) by post.
Contact you via telephone to welcome you to Benenden Health, or to discuss your membership if you decide to leave Benenden Health, and;
Send you marketing messages by email or via social media about products offered by Benenden Health which are similar to those which you have already purchased from us (if you have provided us with an email address).

We will ask your explicit consent to send you any other marketing messages.

You can withdraw your consent or ask us to stop sending you any marketing messages at any time. If you want to do so, please contact us by:

Following the unsubscribe link on the relevant email.
Changing your preferences by logging into the My Benenden member area.
Writing to us at: Member Services, The Benenden Healthcare Society Ltd, Holgate Park Drive, York, YO26 4GG.
Emailing memberservices@benenden.co.uk.

Please note that if you tell us that you no longer wish to receive marketing from us, you will still receive essential service information, such as details of how you can have your say and participate in member voting (for members who pay for their own membership), details of changes to the product you hold and updates to this privacy notice.

↑ Back to top

Tailoring products and services by automated systems

We use groupings called “customer segments” to analyse our member and/or customer needs, and to make decisions based upon what we learn. To enable us to do this, we may use automated systems offered by information management service providers to place you in groups with similar members or customers, based upon your personal information. We use these groups to help us to create marketing materials which will appeal to new members and customers, and to show our existing members or customers content and promotional material about Benenden Health products which may be of interest to them.

You have the right to ask that we do not use your personal information in this type of automated decision making. If you want to do so, please contact us by:

Writing to us at: Member Services, The Benenden Healthcare Society Ltd, Holgate Park Drive, York, YO26 4GG.
Emailing memberservices@benenden.co.uk.

↑ Back to top

Business to business marketing

Benenden Health provides healthcare and wellbeing services to other businesses as well as directly to individuals. This section of the privacy notice applies only to individuals we contact in the course of marketing our products and services to other businesses.

We use providers of business contact details to obtain the details of individuals who may be interested in discussing this with us in relation to their business. We may also obtain business contact details from events such as trade fairs, or from enquiries made directly to us through our website.

We use these contact details to tell you about products and services offered by Benenden Health (being The Benenden Healthcare Society Ltd, and its subsidiaries Benenden Wellbeing Ltd, and Benenden Hospital).

We can only use your business contact information to send you marketing messages if we either have your consent or a 'legitimate interest'. Legitimate interest is when we have a business reason to use your information for marketing purposes (which will not unfairly go against your rights and freedoms). In other words, we will not market to you based on legitimate interest if you have told us that you do not want to receive such marketing or are registered on a preference services list.

We may keep your business contact information for up to seven years, to enable us to respond to questions or complaints and to maintain records according to legal requirements and documented business need.

We use automated systems to manage our business marketing activities. This means that we take automated decisions based upon aspects of your behaviour such as opening an email which we have sent to you, or navigating to links within our communications with you. These decisions will only affect the kinds of communications we send to you, and when.

You have the right to ask that we do not use your personal information in this type of automated decision making. If you want to do so, please contact us by:

Writing to us at: Sales Team, The Benenden Healthcare Society Ltd, Holgate Park Drive, York, YO26 4GG.

↑ Back to top

How long we keep your personal information

We will keep your personal information for as long as you are a member or customer of Benenden Health.

After you stop being a member or customer:

We may contact you for up to three years, unless you have asked us not to send marketing messages to you (see ‘Marketing’ above).
We may keep your personal information for up to eight years for one of these reasons:

- To respond to questions or complaints.

- To show that we treated you fairly, or;

- To maintain records according to legal requirements and documented business need.
We may keep your personal information for longer than eight years if we cannot delete it for legal, regulatory or technical reasons. In these circumstances, we will make sure that your privacy is protected and only use it for legal or regulatory purposes.

Your rights

In order to exercise your rights under data protection law, we will need to verify your identity for your security.

↑ Back to top

Contact us

You can contact us by emailing data.protection@benenden.co.uk, writing to Data Protection Officer, The Benenden Healthcare Society Ltd, Holgate Park Drive, York, YO26 4GG or telephoning Member Services on 0800 414 8100 Monday to Friday.

How to get a copy of your personal information

You can request a copy of your personal information, as well as why we have that personal information, who has access to that personal information and where we got that personal information from at any time (commonly known as a 'subject access request'). Once we have received your request we will respond within 30 days.

Letting us know if your personal information needs updating

You have the right to question any information we hold on you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.

If you need to update your contact details (and/or the details of others, for example if you pay for other people on your membership), you can do so by logging into the My Benenden member area or contacting us using the details in the contact us section above.

If you want us to stop using your personal information

You have the right to object to our use of your personal information, where it is in relation to direct marketing, we're processing it for a legitimate interest or it is a task carried out in the public interest.

We may be able to restrict the use of your personal information so that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.

You can ask us to restrict the use of your personal information if:

It is not accurate.
It has been used unlawfully but you don’t want us to delete it.
It is not relevant any more, but you want us to keep it for use in legal claims, or;
You have already asked us to stop using your personal information but you are waiting for us to assess your request and confirm whether we are permitted to continue using the personal information under data protection law.

If you want to object to how we use your personal information, or ask us to restrict how we use it, please contact us using the details above.

↑ Back to top

If you want us to erase your personal information

If you feel that we should no longer be using your personal information, where it is in relation to direct marketing, we're processing it for a legitimate interest or it is a task carried out in the public interest.

If you want to request that we erase your personal information, please contact us using the details above.

Obtaining your personal information in a portable format

You have the right to get copies of your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information to other organisations. To request this, please contact us using the details above.

↑ Back to top

Your right to complain

If you have any concerns about how your data is handled, please contact the Data Protection Officer by emailing data.protection@benenden.co.uk or writing to: Data Protection Officer, The Benenden Healthcare Society, Holgate Park Drive, York, YO26 4GG.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk), by emailing casework@ico.org.uk or telephoning 0303 123 1113. Additional contact methods are detailed on the ICO website. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to this privacy notice

We regularly review our privacy notice. We will publish any updates on the Benenden Health website and inform members and customers of any changes within our regular communications. You can request a copy of our privacy notice from us using the details in the contact us section above.

Contacting us

If you contact us

When you contact us, we will need to verify your identity for your security. Verifying identity is an important way of safeguarding against criminal activities including the prevention of illicit access to your information.

If we are unable to validate your identity, we may ask you to provide further evidence so that we can access your information.

Benenden Health reserves the right to discuss any financial transactions with the relevant bank account holder.

Freedom of Information

Benenden Health and its subsidiaries are not governed by the Freedom of Information Act as neither Benenden Health nor any of its subsidiaries are a public authority.

How to contact our Data Protection Officer

If you have any questions about this privacy notice or our processing of information, if you wish to raise a complaint on how we have handled your personal information, or if you wish to exercise any of the rights set out in this privacy notice, please contact our Data Protection Officer by emailing data.protection@benenden.co.uk or writing to: Data Protection Officer, The Benenden Healthcare Society Ltd, Holgate Park Drive, York, YO26 4GG.