Cookie Usage and Privacy Policy


Healthwise Limited ("We") are committed to protecting and respecting your privacy.

This document (together with our terms of use and any other documents referred to in it sets out how we handle what is known as your “personal data”. This is any information that relates to you or from which you can be identified from.

This Notice applies to situations where we collect personal data from you direct or indirectly through your employer.

If there is anything you do not understand please contact us.

Who are we?

Healthwise Limited, Unit 6, Castle Court 1, Castlegate Way, Dudley, West Midlands, DY1 4RD is the ‘Controller’ of your personal data. Our Data Protection Officer is Paul Swanson who can be contacted at the above address or 01384 456 345.

The purpose(s) of processing (‘using’) your personal data

We use your personal data for the following purposes:

We require information from you to better understand your demands & needs to either provide you or your employer with an insurance quotation or to provide other services as requested by you or your employer. Once we have collated your information we will arrange a policy/service with one of our insurance providers or service providers for one or more of the following reasons:

  • In arranging and deciding upon your insurance requirements
  • Internal record keeping.
  • To carry out market reviews on a regular basis to ensure that your product/service is the best fit available for you/ your employer.
  • To handle a claim or help you with your policy.
  • To periodically send promotional emails about other products or other information which we think you may find interesting.

The categories of personal data we process.

We process some or all the following information depending on your requirements:

  • Ordinary data – Name, DOB, address, gender, salary, employment details, email address, phone number.
  • Special data - Physical or mental health details, race or ethnic origin, medical conditions, medical records. previous claim history.

What is our legal basis for processing your personal data?

a) ‘Ordinary’ personal data (article 6 of GDPR)

There are various ways we can legally process (‘use’) your ordinary personal data. Some of them may overlap. These are:

With your Consent

This will usually be where we collect your information direct from you. On other occasions we may collect your information from your employer and they will have demonstrated to us that they have your consent to pass your information to us and for us to make use of it.

Processing necessary for compliance with a legal obligation

We are required by law to keep accurate records of how we communicate with you and how/why we recommend an insurance contract/service to you/ your employer. This could include assisting with a complaint, handling a claim or handling a query to assist you.

To take steps at your request prior to you entering in to a (typically) insurance contract or to perform the contract itself.

This could include where you ask us to secure a quote or to arrange insurance for you. Where your employer passes information to us they will want us to take steps to find appropriate cover for you and (when we find the cover) to take steps to perform the contract i.e. handle claims.

To protect your vital interests

In a life and death situation we may disclose information about you to an insurer or other person/ body

In our legitimate interests or those of your employer or another

We as a business need to process your information as part of our day to day activities. Other situations might arise where it is in the interests of another for us to make use of your personal data. In these situations, we will always consider your interests before using your information.

b) ‘Special’ personal data (article 9 of GDPR)

There are various ways we can legally process (‘use’) your special personal data. Some of them may overlap. These are:

Your explicit consent

Where we are dealing with sensitive personal information such as a medical claim so that we can work on your behalf with an insurer. If we do, we will send an email to you setting out what we propose to do with your data and who we intend to share it with etc. We will ask you to email us back giving the necessary consent. If we are sent information from your employer about you, we will ask your employer to demonstrate they have your explicit consent to our processing it and sharing it with any third party such as an insurer.

Processing necessary for reasons of preventative or occupational medicine, for assessing your working capacity, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services based on EU or UK law or a contract with a health professional

You may ask us to handle a claim for you which includes medical information, treatment, and medication and/or for occupational health reasons. You may ask us to arrange treatment and talk to other medical professionals

Processing is necessary to protect your vital interests where you are not capable of giving consent

As above – life and death situation – where we need to use your information to save your life.

Processing is necessary for reasons of substantial public interest under EU/ UK law and we have regard to your rights and how to protect them

This ground will typically be used where we are seeking an insurance product for you or making a claim on your behalf.

Sharing your personal data

As part of the Aston Lark Group, Healthwise Limited seeks to offer clients a wide range of insurance broking and employee benefit consulting services. We will therefore share Personal Data with other Data Controllers in the Group in order to inform you of other similar contracts and services provided by our other group companies that we believe you may benefit from. We only share limited Personal Data to enable this, typically name, contact details and type of insurance / investment / pension contracts you have effected and its associated renewal date. We may also share special categories of Personal Data (as defined in the Regulation), criminal convictions data or children’s data with the Central Compliance Team in order to facilitate the investigation of any complaints submitted by you.

We may share your information with third parties only to the extent necessary to provide our services to you. These third parties may include:

  • Your agent, adviser or employer;
  • Support companies for the delivery of the products and services we offer to you including but not limited to insurers; other insurance brokers, loss adjusters and loss assessors; risk managers, administrators, incident management firms; professional advisors; premium finance companies; IT providers, internet service providers and mailing/fulfilment houses;
  • Feefo, to enable us to receive feedback on the services we have provided (their privacy notice can be found here);
  • Our regulators and supervisory authority e.g. the Financial Conduct Authority (FCA) and the Information Commissioner’s Office for the UK (the ICO);
  • Law enforcement, credit and identity check agencies for the prevention and detection of crime;
  • HM Revenue & Customs (HMRC) e.g. for the processing of tax relief on pension payments or the prevention of tax avoidance.

We do not sell, rent or trade our mailing lists, phone numbers or email addresses.

How long do we keep your personal data?

We keep your personal data for no longer than 6 years to meet our legal requirements under the Financial Conduct Authority (FCA). Examples include: in case of any legal claims/complaints about us or your insurer; for safeguarding purposes, making a claim on a policy.

Providing us with your personal data
You are under no statutory or contractual requirement or obligation to provide us with your personal data. but failure to do so may have the following consequences.

  • We would be unable to arrange insurance for you or provide you with a service
  • We would be unable to communicate with you
  • We would be unable to assist with a claim
  • It could invalidate your insurance cover

Your rights and your personal data

Unless subject to a ‘restriction’ under the law you have the following rights with respect to your personal data:

  • The right to request a copy (“access to”) of the personal data which we hold about you;
  • The right to request that we correct any personal data we hold - if it is found to be inaccurate. If we have passed the inaccurate information on to a third party, we will ask them to correct it;
  • The right to request your personal data is erased. Again, if we have passed your information on to a third party we will tell them if we have granted your request.

Please note that where we need to retain your personal data for a reason(s) such as our regulatory requirements we will decline your request.

  • The right to request that we provide you with any or all your personal data that we process by automated means i.e. computers and, where technically possible, to transmit that data directly to another data controller;
  • The right to withdraw your consent to the processing at any time,
  • The right to restrict what we are doing with your information in certain situations for example, where you dispute its accuracy. Again, we will tell any third party who we have passed your information to if we grant your request;
  • The right to object to any processing of your personal data where we purport to do so in either, our legitimate interests or those of another.

Please note that these are general rights. There are always exceptions and, as such, we may decline
your request in whole or in part.

Transfer of Data Abroad

We do not transfer personal data outside the EEA.

Automated Decision Making

We do not use any form of automated decision making in our business.


The management have undertaken a full internal audit of our systems and procedures to ensure the continued protection of your data. We operate a single internal server which is protected by appropriate firewalls and antivirus/malware software to monitor and protect our systems.  Our data is backed up twice daily and is removed from site. All users have unique log-ons and passwords which are regularly refreshed. Staff are provided with regular training to identify threats and to understand the importance of Data Protection. If we discover a data breach that puts you at risk, we will notify the Information Commissioner without undue delay and at the latest within 72 hours of discovery. Where there is a high risk to you we will also contact you. All staff have signed our security policy and have been provided with a full and detailed explanation of how important data protection is to you and us. When we transfer data to insurers or clients we will ensure appropriate protection by way of password protection or encryption are used.

How to make a complaint

To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Officer on 01384 456 345.

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

Changes to our Privacy Notice
Any changes we may make to this Notice in the future will be posted on our web page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.