International Expat Health’s Privacy Notice, Declaration of Consent, and Release of Confidentiality
Please read this statement carefully. This Privacy Notice and declaration of consent and release of secrecy (“Privacy Notice”) is about the processing of personal data. It explains to you which personal data is processed for which purposes. “Personal data” is any information relating to an identified or identifiable natural person.
The controller of the personal data is
International Expat Health (IEH) Address: 71-75 Shelton Street, London, WC2H 9JQ, UK Phone number: +44 203 829 2926 Email: firstname.lastname@example.org
You can contact our data protection officer at:
International Expat Health Data Protection Officer Address: 71-75 Shelton Street, London, WC2H 9JQ, UK Email: email@example.com
This Privacy Notice applies to the collection of personal data via our website, via our mobile app (“APP”), and for any other collecting of your personal data including inbound or outbound calls via telephone.
This Privacy Notice applies to our customers, our business partners, our contractors, as well as applicants for a position in our company.
If necessary and where legally required, we will also inform you separately about the processing of your personal data in other contexts if this has not yet been done by this Privacy Notice.
Declaration of Consent for the Processing of Health Data, Transfer of Personal Data Outside EU, and Release from Confidentiality of Medical Providers and Professionals, Insurance Companies and Brokers
IEH expressly informs and points out that you are free to confirm this declaration of consent and to object to it for the future. We have to point out, however, that it will generally not be possible to conclude or implement an insurance contract with IEH without your consent in the processing of your health data. If reference is made to this Privacy Notice and the confirmation of this Declaration of consent is requested, this confirmation also includes the following statements regarding the processing of your health-related personal data, also in countries outside the EU, and the release of the general obligation to confidentiality for insurance companies and medical professions: By confirming this Privacy Notice, I agree that IEH collects, stores, and processes the information I provide to IEH when applying for an insurance offer and in the future (including health-related data) to the extent necessary to review the application and to establish, perform, and finish an insurance agreement. I also agree that IEH stores my health-related data – even if a contract with IEH is not concluded – for a period of 3 years from the end of the calendar year of my request. By confirming this Privacy Notice, I agree that IEH transfers my personal data including health-related data if necessary, for the purpose of my insurance agreement to • service providers, • (re-)insurance companies, • if necessary, also to my employer if my employer has concluded the insurance contract with IEH, which also covers my person, and • in particular medical providers and medical experts as needed. I agree that this personal data including health-related data is processed there for the same purposes as stated in this Privacy Notice and that personal data including health-related data is returned to IEH. Insofar as necessary, I release IEH and its employees as well as medical providers by confirming this declaration from its obligation to confidentiality with regard to personal data including health-related data. By confirming this Privacy Notice, I agree that IEH collects my health data from doctors and other medical providers, nurses, hospital staff, personal insurers, statutory health insurance funds and authorities and uses them for these purposes, insofar as this is necessary for risk assessment or for the performance of contractual obligations of IEH. This confirmation also expressly refers to service providers, especially to medical service providers, in countries outside the EU, in particular if I use services in these countries.
We will not use or disclose your personal data for purposes other than those purposes specified in this Privacy Notice. We will do our best to protect the privacy of your personal data. If you have any concerns about the way we process your personal data, you are welcome to contact our Data Protection Officer and our data protection team at firstname.lastname@example.org or write to us at: International Expat Health, Data Protection Officer, 71-75 Shelton Street, London, WC2H 9JQ, UK. We will look into your enquiry and make good-faith efforts to resolve any existing or potential dispute with you. If you remain unhappy with the response you received, you can also refer the matter to the relevant supervisory authority.
1. Processing of Personal Data of Children Under the Age of 18
We are legally obliged to provide our services only to individuals who are at least 18 years old. By entering into a contract with International Expat Health, you confirm that you are over 18 years of age.
2. How and Why We Need Your Personal Data – Provision of Services
Your personal data is collected from the personal digital spaces we provide you (APP, webpage, and self-service webpage), by our sales department, or by our service representatives, and also, if you agree, via telephone.
We use the personal data we collect and receive to provide our service and, where appropriate, and if the legal requirements are met, to study and analyze the functionality of our services, website, and APP and to analyze users’ activities, to provide support, to measure service activity, to conduct surveys and send questionnaires, to maintain our service, to make it better and to continue developing the service, and to communicate with natural persons working for our business partners.
We may use your email address to contact you when necessary, to send you reminders, and to provide you information and notices about our service, provided that other necessary prerequisites are also fulfilled.
We obey the law and expect you to do the same. If necessary, we may use your personal data to enforce our terms, policies, and legal agreements, to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts, and any other misuse of our service, and to take any action in any legal dispute and proceeding.
3. The Personal Data You Provide in Order to Apply for an Insurance Policy
As a potential insured member with International Expat Health, we may request that you provide us with your personal data. This could include your name, contact details, gender, date of birth, passport number or other forms of state-issued identification number, email address, profession, medical history and/or current status, and financial information. If you wish to enroll a family member in our insurance policy, we will need the same information about them. Additionally, if you are enrolled in our insurance policy as part of a corporate group, we may ask for your workplace and job title. With your consent, we will also record our phone conversations with you for quality assurance and record-keeping.
As an insured member, we may request additional personal details, such as medical documents, legal documents, and your premium debt status. When you file an insurance claim with us, we will collect and process your medical bills, your written correspondence with us, and any written notes taken about you by our customer service representatives.
If you correspond with us by telephone, as a potential or actual insured member, we will record the conversation only with your consent and will ensure to obtain it before recording.
If you have purchased insurance cover with us using a credit/debit card, please note that we comply with the Payment Card Industry Data Security Standard (PCI DSS). We have implemented data security and organizational measures to protect your payment information, such as your credit/debit card number, and keep them confidential.
Should you provide us with your bank account information for future insurance payments, we will maintain that information in confidence in accordance with the data protection standard described in this statement.
When you contact us, or we contact you, we process the personal data involved. This may include participation in correspondence with treating and/or advising physicians to provide you with further services and/or to assess your eligibility for insurance.
We advise you to exercise caution when uploading insurance-related content through our APP, our self-service website, or via emails. Please also avoid any involuntary disclosure of your personal data or the personal data of others without their consent.
Processing of Personal Data of a Person Other Than the Applicant:
4. The Personal Data That We Collect When You Access Our Website or APP
When you access the International Expat Health website or mobile app, our servers may log certain ‘traffic/session’ information from your device. This includes the country from which you use the service, the type of browser, operating system, geo-location, and the Internet Protocol (IP) address. We also collect information about your activity on our platforms, such as your log-in and log-out times, the duration of sessions, the web-pages you view, or specific content on those pages. This information is stored in log files along with your full IP address, provided we have obtained your consent for this.
5. Is There an Obligation to Provide Personal Data?
As stipulated in the previous sections, particularly paragraph 3, International Expat Health is required to collect your personal data. Without this data, we are generally unable to provide you with health insurance coverage or manage any pending claims you may have filed with us.
In some cases, we are legally obligated to process personal data. This is necessary for purposes such as detecting, preventing, and investigating fraud, or to facilitate the exercise of your consumer rights. Additionally, we may need to process your personal data to detect, prevent, and investigate any other actual or suspected violations of law or misuse of our service.
6. On What Legal Basis Do We Process Your Personal Data?
At International Expat Health, we process personal data on the following lawful grounds:
Explicit Consent: The processing of special categories of personal data, such as health data, is based on your explicit consent. We ensure that this consent is clearly and freely given, indicating your specific agreement to the processing of this type of data.
Performance of the Agreement: The processing of your personal data is necessary for us to perform the insurance agreement with you. This includes taking necessary steps at your request prior to entering into the agreement, such as assessing your eligibility for specific insurance plans.
Legal Obligations: The processing of your personal data is also necessary for us to comply with legal obligations to which we are subject. This includes regulatory requirements specific to the insurance industry and compliance with legal standards in the regions where we operate.
Legitimate Interests: We process your personal data for legitimate interests, which include ensuring cyber security and data protection, fraud detection, maintaining and controlling the quality of our service, providing support, backing up data, and ensuring disaster recovery. These processes are essential for the secure and efficient operation of our services and for safeguarding your data and our systems.
7. Who Receives Your Personal Data?
At International Expat Health, we adhere to strict guidelines regarding the sharing of your personal data. Except as outlined in this Privacy Notice, we do not sell, trade, or otherwise transfer your personal data to outside parties. Your personal data may be transferred to the following categories of recipients:
Affiliates: This includes parent companies, subsidiaries, and other affiliated companies within our corporate group. Your personal data is provided to the respective departments within International Expat Health that need such data for the execution of the insurance policy you have chosen.
- Administrative services providers.
- Third-party information technology providers, such as cloud service providers.
- Other third-party service providers engaged by us to support data processing, known as “processors.” These providers may also be commissioned to offer server capacity.
- Your personal data will be disclosed to third parties only if necessary for fulfilling our legal and/or contractual obligations, if we or the third party have a legitimate interest in the disclosure that does not affect your interests, or if you have given your consent.
- Data may also be transferred to third parties as required by law or by enforceable regulatory or judicial order.
- Third parties to whom we may transfer your personal data include:
- Medical providers, including doctors and medical experts.
- Legal representatives.
- Insurance consultants.
- Corporate contact personnel for group/business insurance policies.
- Insurance brokers and agents.
- Law enforcement agencies, upon valid legal requests for disclosure.
- Insurance companies responsible for paying your insurance claims, if applicable.
- Experts for assessing injuries, diseases, and their causes.
- Relevant financial institutions, including banks, credit card processors, clearing houses, Payment Service Providers, and card issuers.
8. Where Do We Process Your Personal Data?
At International Expat Health, your personal data is primarily processed in the United Kingdom.
However, not all parties listed in paragraph 7 are located within the European Economic Area (EEA). Should there be a need to transfer personal data to a party outside the EEA, we ensure that such transfers are conducted in accordance with the General Data Protection Regulation (GDPR) principles. This includes the use of data onward transfer instruments like the Controller to Processor Standard Contractual Clauses (SCCs) and Controller to Controller SCCs, ensuring that appropriate safeguards are in place, such as those included in the EU-US Privacy Shield Framework, where applicable.
In certain situations, it may be necessary to transfer your personal information to countries outside Europe. Such transfers are either necessary for the fulfilment of our insurance contract as specified under Art. 49 subsection 1 sentence 1b GDPR or are carried out based on your consent.
9. Handling of Your Publicly Available Personal Data
Before our first communication with you, International Expat Health may have accessed your personal data from social media and other public online platforms where you have publicly published your data. This information may include, but is not limited to, your personal and contact information, geographical location, and other data publicly available in your social media profiles and other public accounts.
10. How Long Will We Store Your Personal Data?
At International Expat Health, we retain your personal data as necessary to adjudicate any claims you may file with us under your health insurance policy, such as for insurance reimbursements. We will store your personal data for at least the minimum amount of time required by the regulations of the United Kingdom, where we primarily operate.
In the UK, we adhere to various retention and documentation requirements as outlined by relevant laws and regulations. These include, but are not limited to, the UK Data Protection Act and other applicable legal frameworks. The retention and documentation periods under these regulations may last up to several years, depending on the specific type of data and the purpose for its processing.
Furthermore, the storage period is also influenced by statute of limitations periods, which can extend up to several years, depending on the nature of the claim or legal requirement. For instance, claims for damages based on injury to life, limb, health, or freedom may require us to keep customers’ personal data for an extended period, as stipulated by law.
If a request for an insurance agreement is not followed by the conclusion of a contract with International Expat Health, we store health-related data for a period of 3 years from the end of the calendar year of the request. Other personal data, not related to health, is stored for a period reflective of UK legal requirements for business documentation retention, typically around 6 years following the end of the year in which the application was made.
11. Data Protection Related Information for Job Applicants at Our Company
At International Expat Health, we handle, process, and store personal data provided to us by job applicants in accordance with Article 6 subsection 1a of the GDPR, based on the consent declaration expressed through the submission of application documents.
Application documents are processed by our Human Resources department and, as needed, by the superiors of the respective departments. Additionally, for organizational purposes, applicants’ personal data may be shared within our corporate group (as detailed in paragraph 7), such as for training organization purposes.
Personal data of applicants will be deleted no later than 6 months after the rejection of their application unless consent for longer storage is provided by the applicant.
12. Personal Data Security
We are committed to protecting the confidentiality of your personal data at International Expat Health. We employ reasonable data security measures that align with high industry standards. Our approach includes technical and physical administrative measures to safeguard your personal data against misuse and unauthorized access.
All correspondence between you and International Expat Health is secured and encrypted as necessary.
13. Web Services Disclaimer
Our website may include links to external third-party websites. Please be aware that these websites have their own privacy notices and policies, which we recommend reviewing. International Expat Health is not responsible for the privacy practices, policies, or the use of any software on these external websites. We bear no responsibility for any direct or indirect damages that may arise from the use of these third-party websites.
The 3 main types of cookies we use on our site are:
Strictly necessary cookies
These cookies are essential. Without them you might not be able to get the information or service you have asked for. They are needed for things like logging whether you see error messages – so we can make improvements and fix bugs – as well as allowing you to apply online for an insurance solution on our online form.
Analytics and measurement cookies
We use several technologies to understand how visitors use our website or app. These help us to identify areas for improvement, and to collect and report on commercial data (like sales volumes). We may, for example, analyse website usage and identify a page where people struggle to know what to do next; we’d then use session capture to observe some individual site visitors and find out what the issue is.
Tools we use for analytics and measurement include:
Google Analytics (Google Inc.)
Our website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics employs so-called “cookies“, text files that are stored to your computer in order to facilitate an analysis of your use of the site. The information generated by these cookies about your visits to our site is transmitted to Google’s servers in the US and stored there. However, using the IP anonymization (“anonymizeIP”) activated for this website, Google will shorten your IP address (IP masking) within the member states of the European Union, or other countries within the European Economic Area (so-called IP masking).Only in exceptional cases will the full IP address be transferred to a Google server in the USA, and will be shortened there for further processing. On behalf of the website provider, Google will use this information to evaluate your use of the website, to compile reports on the website activities, and to provide other services related to website use to the provider. The IP addresses transferred in the context of Google Analytics from the App will not be put together with other Google data. You can prevent cookies from being installed by adjusting the settings on your browser software accordingly. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our website. You can prevent the transfer of data created by the cookie and related to your use of the website (including your IP address) to Google and the processed of tis data by Google, by downloading and installing the browser plugin available under the following link (https://tools.google.com/dlpage/gaoptout?hl=en).
You can prevent the identification by Google Analytics on this website, by clicking on the following link. An opt-out cookie will be placed which prevent the future collection of your data when visiting this website:
We would like to point out that on this website Google Analytics uses the “anonymizeIP” function in order to ensure anonymous detection of IP addresses (so-called IP masking). This ensures that one cannot create a personal reference using IP addresses.
In the context of our legitimate interest in a technically flawless online offer and its economically efficient design and optimization, we use according to Art.6 paragraph 1 letter f GDPR the analysis software Smartlook from Smartsupp.com s.r.o., Milady Horakove 13, 602 00 Brno, Czech Republic.
This tool captures movements on the observed web pages in so-called heat maps. This enables us to identify anonymously where visitors click and how far they scroll. This enables us to make our website better and more customer friendly. The protection of your personal data is very important to us when using this tool. All data is collected without us being able to assign it to specific users. We can only track how the mouse is moved, where clicks are made and how far it was scrolled. We also record the screen size of the device, the type of device, browser information, the country from which access was made and the preferred language. If personal information about you or third parties is displayed on a website, Smartlook automatically hides it. These data are therefore not comprehensible for us.
You can use a “do not track header” to prevent the Smartlook tool from being used. Then no data will be collected about your visit to our website. For this purpose you must set your browser accordingly. You can find instructions on how to do this at: http://www.akademie.de/wissen/do-not-track-datenschutz.
You can also disable the Smartlook tool by using the opt-out button under: Smartlook Opt-Out.
There you will also find information on how to undo the Smartlook use from our website.
This website uses CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service to organize and analyze the dispatch of newsletters. The data entered by you for the purpose of receiving the newsletter (e.g. e-mail address) is stored on the CleverReach servers in Germany or Ireland.
Sending out our newsletters with CleverReach allow us to analyze the behavior of the newsletter recipients. Among other things, we can analyze how many recipients opened the newsletter message and how often which link in the newsletter was clicked on. With the help of the so-called conversion tracking, we can also analyze whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. For further information on data analysis by CleverReach newsletters, please see https://www.cleverreach.com/en/features/reporting-tracking/.
Data processing is carried out on the basis of your consent (Art. 6 para. 1 letter a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
If you do not wish that CleverReach carries out the analysis, you need to unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe from the newsletter directly on the website.
The data that you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after the newsletter has been cancelled. Data that has been stored for other purposes (e.g. email addresses for the member area) remains unaffected.
Conclusion of a contract for commissioned data processing
We have concluded a contract with CleverReach for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using CleverReach.
If you have agreed to so-called geolocation in your browser or operating system or other settings of your respective end device, we use this function to offer you individual services related to your current location (e.g. the location of the nearest branch). We process your location data processed in this way exclusively for this function. If you terminate the use, the data will be deleted.
Google Tag Manager
Google Tag Manager is used on this website. Google Tag Manager is a solution from Google Inc. that allows companies to manage website tags through an interface. Google Tag Manager is a cookie-less domain which does not collect any personal information. Google Tag Manager triggers other tags that may collect data, which we herewith specifically point out. Google Tag Manager does not access this data. If deactivated by the user at domain or cookie level, it is also in place for all tracking tags implemented with Google Tag Manager.
You may prevent the storage of cookies by adjusting your browser software accordingly; however, we point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Google Web Fonts
Google Web Fonts (http://www.google.com/webfonts/) are used to improve the visual presentation of various information on this website. The web fonts are transferred to the cache of the browser when the page is opened, so that they can be displayed. If the browser does not support Google Web Fonts or prevents access, the text will be displayed in a standard font.
When the page is opened, no cookies are stored for the website visitor. Data transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. If the browser does not support Google Web Fonts or prevents access, the text will be displayed in a standard font.
General information on data protection is available in the Google Privacy Center at: http://www.google.com/intl/en/privacy/
Google Marketing Services
We use the marketing and remarketing services (“Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google’s marketing services are disabled by default on our websites and will only be enabled once you have given us your consent to set tracking cookies. The data processing is carried out in accordance with Art. 6 Para. 1 lit. a) GDPR on the basis of your consent.
Google’s marketing services allow us to better target ads for and on our website to show users only ads that potentially match their interests. If e.g. the user is shown ads for products that he or she has been interested in on other websites, this is called “remarketing”. For these purposes, when you access our and other websites on which Google marketing services are active, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are incorporated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (instead of cookies, comparable technologies can also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer. The IP address of the user is also recorded, however, we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other countries which are contracting parties to the Agreement on the European Economic Area and is only in exceptional cases transferred in full to a Google server in the USA and shortened there. The IP address is not combined with user data within other Google offers. This aforementioned information may also be combined with such information from other sources. If the user subsequently visits other websites, the ads tailored to his interests may be displayed.
User data is processed pseudonymously within the scope of Google marketing services. This means that Google does not store and process e.g. the name or e-mail address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. I.e. from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The user information collected by “DoubleClick” is transmitted to Google and stored on Google’s servers in the USA.
The Google marketing services we use include the online advertising program “Google Ads”. In the case of Google Ads, each Ads customer receives a different “conversion cookie”. Cookies can therefore not be tracked on the websites of Ads customers. The information collected through the cookie is used to compile conversion statistics for those Ads customers who have opted in to conversion tracking. The Ads customers are provided with the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users.
Another Google marketing service used by us is the “Google Tag Manager”, with the help of which further Google analysis and marketing services can be integrated into our website (e.g. “Ads”, “DoubleClick” or “Google Analytics”).
If you wish to opt-out of collection by Google marketing services, you can use the preferences and opt-out options provided by Google at http://www.google.com/ads/preferences.
The so-called “Facebook Pixel” of the social network Facebook is used as part of our online offer, which is operated by Facebook Inc. or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Facebook Pixel is deactivated by default on our websites and is only activated once you have given us your consent to set tracking cookies. The data processing is carried out in accordance with Art. 6 para. 1 lit. a) GDPR on the basis of your consent.
With the help of the Facebook Pixel, Facebook is able to determine the visitors of our offer as a target group for the presentation of ads, so-called “Facebook Ads”. Accordingly, we use Facebook Pixel in order to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our Internet offer. This means that with the help of the Facebook Pixel we want to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. With the help of Facebook Pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users are redirected to our website after clicking on a Facebook ad.
Facebook Pixel is integrated directly by Facebook when our websites are opened and can store a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our website will be noted in your profile. The data collected about you is anonymous to us, so we cannot draw conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. The data processing by Facebook is carried out within the framework of Facebook’s data usage policy. Accordingly, you can find more information on how the remarketing Pixel works and generally on the display of Facebook ads in the Facebook data usage policy: https://www.facebook.com/policy.php.
You can object to tracking by Facebook Pixel and use of your information to display Facebook ads. To do so, go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising:
https://www.facebook.com/settings?tab=ads or declare your objection via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Facebook Retargeting (Custom Audience)
A Facebook Ireland Limited pixel is integrated into this website (website custom audience pixel). This pixel is used by Facebook Ireland Limited to collect information about the use of this website (e.g. information about items viewed). This information can be associated with your person with the help of other information that Facebook Ireland Limited has stored about you, for example, due to your ownership of an account on the social network “Facebook”. Based on the information collected via the pixel, interest-related advertisements about our offers can be displayed in your Facebook account (retargeting).
The information collected through the pixel may also be aggregated by Facebook Ireland Limited and the aggregated information may be used by Facebook Ireland Limited for its own promotional purposes and for promotional purposes of third parties. For example, Facebook Ireland Limited may infer certain interests from your surfing behavior on this website and may also use this information to promote offers from third parties. Facebook Ireland Limited may also combine the information collected via the pixel with other information that Facebook Ireland Limited has collected about you via other websites and/or in connection with the use of the social network “Facebook”, so that a profile about you can be stored at Facebook Ireland Limited. This profile may be used for advertising purposes. For more information on data protection at Facebook Ireland Limited, please click here: https://www.facebook.com/policy.php
The legal basis for data processing is Article 6(1)(a) GDPR and (f) GDPR.
Your consent to cookies
Strictly necessary cookies do not require your consent.
For analytical and measurement cookies as well as for targeting or advertising cookies we request your consent before placing them on your device. You can give your consent by continuing to use our website or by clicking on the appropriate button on the banner displayed to you when visiting our website.
What about links to other websites and their Cookies?
We often link to other sites to give you extra information or services. Where these are provided by a third party, you may leave our website by clicking through to theirs. In this case, the Cookies policy set out on the third party’s website will also apply. As this won’t be controlled by us, you should read their policy to find out what information is being collected and how it’s used.
How to control Cookies
You can restrict, remove or block Cookies through your browser settings at any time.
In addition to what is specified in this document, the user can manage preferences for Cookies directly from within their own browser and prevent – for example – third parties from installing them. Through the browser preferences, it is also possible to delete Cookies installed in the past, including the Cookies that might possibly have saved the consent for the installation of Cookies by this website. It is important to note that by disabling all Cookies, the functioning of this site may be compromised. Users can find information about how to manage Cookies in their browser at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Windows Explorer.
15. What Rights Do I Have?
As a data subject, you have the following rights regarding data protection at International Expat Health:
Access: You have the right to request access to personal data related to you that is stored by International Expat Health. This includes information about the extent of data processing and data transfer performed by us and to obtain a copy of your stored personal data, as outlined in Art. 15 GDPR.
Rectification: You can request immediate rectification of incorrect personal data stored by International Expat Health and completion of any incomplete personal data.
Erasure: You have the right to request the deletion of your personal data stored by us, provided legal requirements are met. This includes situations where:
- Your personal data is no longer necessary for the purposes for which it was collected.
- Your consent was the sole legal basis for processing, and you have withdrawn this consent.
- You have objected to processing, and there are no overriding legitimate grounds for processing.
- Your personal data was processed unlawfully.
- Legal requirements mandate the erasure of your personal data.
We will inform third parties to whom the data was transmitted about the erasure as required by law. However, this right to erasure is subject to limitations, such as statutory retention obligations and the need for data in legal claims.
Restriction of Processing: Under certain conditions, you have the right to request a restriction on processing your personal data. This applies if:
- You contest the accuracy of the personal data.
- The processing is unlawful, but you oppose erasure and request restriction instead.
- The personal data is no longer needed for processing purposes, but you require it for legal claims.
- You have objected to processing, pending verification of overriding legitimate grounds.
Data Portability: Where your personal data is processed automatically based on your consent or a contract, you have the right to receive such data in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance, as per Art. 20 GDPR.
Right to Object: If we process your personal data based on legitimate interests or public interest, you have the right to object to this processing on grounds related to your particular situation. You also have an unrestricted right to object if we process your data for direct marketing purposes.
Withdrawal of Consent: You can withdraw your consent to the processing of your personal data at any time. Note that the withdrawal applies prospectively only and does not affect the legality of processing done prior to the withdrawal.
Complaint: You have the right to file a complaint with a data protection authority if you believe the processing of your personal data is unlawful. This does not affect your right to other administrative or judicial remedies.
Please contact us directly for the address of the data protection supervisory authority responsible for International Expat Health.
Information about Your Right to Object
Right to Object for Personal Reasons:
You have the right to object to the processing of your personal data by International Expat Health on grounds relating to your particular situation, especially when the data processing is carried out in the public interest or based on a balancing of legitimate interests. This includes any related profiling.
Whenever we process your personal data based on legitimate interests, we believe that we can demonstrate compelling legitimate reasons for such processing. However, we will review each case individually upon objection.
If you object, we will cease processing your personal data unless:
- We can establish compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or
- The processing of your personal data is necessary for the establishment, exercise, or defense of legal claims.
Right to Object to Processing for Direct Marketing Purposes:
You have an unconditional right to object to the processing of your personal data for direct marketing purposes, including profiling related to such direct marketing.
Upon objection to processing for direct marketing, we will cease processing your personal data for these purposes.
Exercise of the Right of Objection:
The objection can be informal and should preferably be addressed using the contact details provided in this data protection notice.
16. Disclosure of Personal Data in Case of Emergency:
In emergency situations, International Expat Health may disclose your personal data to a third party if all the following conditions are met:
- We are approached by a third party, such as a close relative or someone else connected to you, requesting the disclosure of your personal data. We will verify the third party’s relationship to you through reasonable means.
- Despite reasonable efforts, we are unable to contact you, taking into consideration the nature and urgency of the emergency.
- We reasonably determine that the requested disclosure is necessary to protect your vital interests.
17. Notification of Changes
International Expat Health may occasionally update the terms of this Privacy Notice. We will notify you of any changes through our website or mobile app. We encourage you to review any changes to this Privacy Notice, as they may impact your privacy rights.
18. Less Secured Communication During Emergencies
In emergency situations, such as during medical care, hospitalization, or doctor check-ups, you may need to share personal data related to your specific situation with us. While we prioritize using secured communication channels, we understand that these might not always be available during emergencies. If you choose to send or receive personal data via unsecured channels (like WhatsApp, SMS, or other IM services) during such times, please be aware of the inherent risks. Note that International Expat Health will not be liable for any system failure or data breaches occurring through these unsecured channels. The use of these unsecured communication methods is solely your responsibility. We will, however, provide separate guidance on this matter as needed.
19. Use of WhatsApp
WhatsApp is a service offered by WhatsApp Inc., part of Facebook Inc.
International Expat Health may use this external application solely as a communication channel. We are not responsible for the content and data shared, uploaded, and processed via WhatsApp outside of our own network. The data protection guidelines of WhatsApp apply in these instances.
Before using WhatsApp, please review its data protection policy carefully. By using WhatsApp, you automatically agree to these policies.
When you send us a message via WhatsApp, you are providing us with your phone number. This number will only be used for communication with you through WhatsApp. The contents of the chat will only be used to process your request.
We avoid answering personal or confidential questions (i.e., those concerning personal data) via WhatsApp. Please use an email address or phone number for such inquiries.
Important: International Expat Health will never request sensitive data via WhatsApp. If we need your data, a staff member will inform you of a secure method to share it, such as a phone call or email.
20. Direct Marketing
If you have purchased an insurance policy with International Expat Health and are therefore an existing customer, you have been included in our marketing distribution list. We will send you future information about our company and its offerings. If you wish to opt-out of our marketing distribution list, you can do so by sending a request to [IEH’s designated email] or by selecting the removal option in our communications. Opting out of the marketing distribution list will not affect your contractual rights. We will inform you of this right and the option to opt-out in every marketing communication.
If you do not have an insurance policy with International Expat Health but are interested in receiving information about our products, you can contact us at [IEH’s designated email] to request inclusion in our marketing distribution list. The provisions of this Privacy Notice will then apply.
Data Protection Officer (DPO): [DPO’s Name and Contact Information]
Use of SalesViewer® Technology:
Our website utilizes SalesViewer® technology from SalesViewer® GmbH, based on the legitimate interests of the website operator (Article 6(1)(f) GDPR), for the purposes of marketing, market research, and optimization.
The recording and storage of data can be revoked at any time with immediate effect for the future, by clicking on [SalesViewer opt-out link] to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website will be stored on your device. If you delete cookies from your browser, this link will need to be clicked again.