My Benefits World and its associated companies fully respect your right to privacy. In order for us to carry out our services to you it will be necessary for us to use your personal information (“information”). Your continued use of this Benefits Portal indicates your agreement to the Privacy Policy and any changes to it. As we may change our Privacy Policy from time to time, please check this page regularly.
Where My Benefits World uses third parties to provide a service, My Benefits World confirms that it has entered into a written agreement with the third-party processor which imposes the same obligations on the third party in respect to the processing of personal data as imposed on My Benefits World. My Benefits World shall ensure that the third party provides sufficient guarantees that it will implement and maintain appropriate technical and organisational measures to ensure that its processing of personal data meets the requirements of the Data Protection Legislation.
Confidentiality and Data Protection
My Benefits World shall comply with the provisions of the General Data Protection Regulation (GDPR) and any subsequent amendment or replacement thereof when handling Personal Data. GDPR means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, any national legislation passed to implement the Regulation, and any legislation amending or replacing the Regulation from time to time, whether in the UK or the EU.
My Benefits World shall maintain records of all processing operations under its responsibility that contain at least the minimum information required by the data protection legislation (GDPR) and shall make such information available to any supervisory or regulatory authority on request.
Why we need your data
We will treat any information in our possession which relates to you as confidential. Any personal information provided to us, as data controller, by a policyholder, joint policyholder, employer policyholder, trustee, insured person, beneficiary, claimant or member (referred to as ‘you’ or ‘your’), will be treated in accordance with the Data Protection Acts (as amended).
Using personal information
We use personal information to undertake activities relating to the establishment, administration and renewal of this Benefits Portal, insurance policies, products and related services to employers and individuals. This includes assisting in the completion of applications forms, provision of data to your employer to facilitate payroll deduction and for fulfilment of contractual exchange for selected benefits. For the majority of our business we will rely on the performance of contractual arrangements with you and your employer and you and the benefits provider as the legal basis for processing data. We may rely on our legitimate interests to process your personal data. When we do, we will demonstrate compelling legitimate grounds for doing so. We do not use policyholder or member personal data for marketing purposes and we do not make your personal information available to third parties for the purpose of direct marketing. For services including insurances bought by employers on behalf of employees and to fulfil contractual commitments, Data Protection Legislation permits appropriate information about employees to be provided by an employer without individual consent. For employer purchased services Data Protection Legislation permits that members may individually withdraw their consent. In those instances we will be unable to provide services for that individual or procure insurance terms or cover.
Sharing personal information
We share personal information only on the basis of the purposes for which it was collected. This notice is intended to illustrate the instances where data may be shared. However, we will share your data only for the limited and compatible purposes for which it was originally obtained:
- with other My Benefits World group companies;
- with any of our service providers
- with insurers and government agencies, including without limitation Her Majesty’s Revenue and Customs (HMRC)
- in order to prevent, detect or investigate financial crime including fraud or other criminal activity, we may share your data with other companies (including private investigators), organisations (including fraud prevention agencies and databases), public bodies (including the police) and associations and credit reference agencies;
Retention of your personal data
We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected, or where we are required to keep your personal data due to legal or regulatory reasons such as meeting HMRC obligations.
Fraud prevention and detection
In order to prevent and detect fraud it may be necessary to:
- Share information about you with other organisations (including private investigators) and public bodies.
- Check and / or file your details with fraud prevention agencies and databases.
If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering.
Your rights and contact details of the Information Commissioner’s Office
You have the following rights:
- Right of access: the right to make a written request for details of your personal information and a copy of that personal information
- Right to rectification: the right to have inaccurate information about you corrected or removed
- Right to be forgotten: the right to have certain personal information about you erased
- Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
- Right to object: the right to object to processing of your personal information
- Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party
- Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of My Benefits World use of your personal information prior to the withdrawal of your consent. We will let you know if this removes or reduces the ability to access any of the products or services we provide. This does not absolve you or remove any payment responsibilities or contractual terms you have agreed to.
- If you make a request, we will ask you to confirm your identity and (if required) provide information that helps us to better understand your request.
In certain circumstances, we may need to restrict the rights listed above in order to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of our legal responsibilities) and for the performance of our contract with an employer who has contractually engaged us for employer-related products and services.
If you have any questions, or complaints, in relation to our use of your personal information, you should first contact our DPO by email at: [email protected]
In the event that you are dissatisfied with our response, you have the right to take the matter up with the Information Commissioner’s Office (ICO), whose address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate). Email: [email protected]