Skip to content
Healix

Healix Online Screening Privacy Notice

This Privacy Notice sets out how any personal information that you provide to us or which we collect from you, or any third party, will be stored and processed by us. Healix is committed to a high standard of data protection and information security as demonstrated by our ISO27001 Certification and compliance with applicable law including the General Data Protection Regulation, the NZ Privacy Act 2020, the UK GDPR and the UK Data Protection Act 2018.
Last updated: 23rd October 2023

Who we are

Healix has been appointed by your employer to complete a medical screening. The Healix International Medical Screening Team will process your information for the purpose of providing this medical screening.

The processing will be performed by Healix International Limited, with registered address at Healix House, Esher, KT10 8AB, UK and Healix New Zealand, with registered address at Suite 8, 40 Arrenway Drive, Rosedale, Auckland, New Zealand 0632. Healix will process your personal data, as a data controller, for the purpose of providing medical screenings.

Your personal information

In order to provide the services Healix will collect personal data such as, but not limited to, contact, identification and location information and sensitive personal data such as your health information. Healix always aim to minimise the amount of data processed and in particular the sensitive personal data. Healix has strict organisational and technical measures in place to protect your data at all times.

Healix rely on the following legal basis for processing your personal and sensitive personal data for the purpose of providing medical screening. Healix only process Personal Data where necessary in order to:

  • Pursue the legitimate interests we have as a business in a way which may reasonably be expected as part of running our business and which does not materially impact your rights (for example to improve our services).
  • Comply with a legal obligation;
  • Process data as may be required in the public interest, such as detecting and preventing fraud;

Healix will process special category data when:

  • Processing is necessary for the purpose of the management of health systems and services. 
  • You have provided explicit consent;
  • Processing is necessary to protect your vital interests or those of another individual and you are not physically or legally capable of giving consent;
  • Processing is necessary for the establishment, exercise or defence of legal claims;
  • Processing data may be required in the public interest, such as detection and prevention of fraud.

Sharing your personal information

When you complete the medical screening Healix staff will use this information to assess the risk associated with overseas assignment. The result of the medical clearance, but no details of the medical information, will be shared with your employer.

In certain circumstances, it may be necessary to share additional information to support the assessment or the ongoing management of your case. Healix will obtain your explicit consent before sharing any medical information with the employer. Healix will explain what data we need to share, why we need to share it and what your options are if you do not wish for us to share the data. In most cases consent will be collected verbally over the phone to minimise delays in dealing with your case and to enable you to ask any relevant questions.

Healix rely on your consent to:

  • Share your personal data with the employer or with their insurer if required;
  • Discuss your case with a family member or friend.

In some cases the consent will be collected via email and in other circumstances a specific consent form will be used. Consent can be withdrawn at any time up until the moment the personal data is collected/ disclosed. You can withdraw your consent either by sending an email containing the relevant information to privacy@healix.co.uk or sending a letter to Healix Group Data Protection Officer as detailed below.

Personal information, use and disclosure 

The following table lists the main types, but not all, of personal data collected by Healix, the
purposes for which it is used and who it is disclosed to.

Personal DataWhat is it used for?
(Purpose)		Who is it disclosed to?
Contact information such as name, address, email address, telephone number, date of birth, reference numbers, other contact or identification information

To positively identify and communicate with you in order to provide the service requested.


Assisting insurers and/or Clients to confirm eligibility or cost authorisation where required.


Compliance with Healix legal obligations, including in relation to the administration of public health

Persons or organisations involved in providing you with services, or components of services, including medical professionals, allied health and care providers, insurance providers, broker or underwriters.


Companies in the Healix Group as necessary to provide the service only.


Government agencies or other persons/organisations involved in provision of medical treatment, public health administration and disease control.

Health information including your
medical history, prescriptions, dental
information, NHS referrals, any current conditions you may be suffering, any restrictions on travel, your diagnosis and prognosis, and details of medical treatment received or recommended.		To enable Healix to provide the requested service.

Your employer or their insurer where required and only with your consent. 

Details of treating medical professionals, any associated reports or information.To enable Healix to provide the requested service.

Organisations involved in the payments systems including financial institutions, merchants and payment organisations.

Healix may furthermore disclose limited personal data to:

  • Public authorities in order to comply with legal and regulatory obligations such as fraud and money laundering prevention.
  • Organisations involved in maintaining, reviewing and developing our business systems, procedures and  infrastructure including maintaining or upgrading our computer systems. Access is always limited by organisational and technical access controls.

Collection

Whenever it is reasonable or practicable to do so, Healix will collect your personal information directly from you. In the event that you do not consent to Healix collecting, using and disclosing your personal information as described above, we may be unable to provide the services requested by you or your employer.

International transfer

If necessary in order to provide the service, we may transfer your personal information cross border to recipients in countries including but not limited to the EU, New Zealand, US and the country in which you or the employer are receiving the services, as applicable.

Children

Healix do not knowingly collect Personal Information from anyone under the age of 13 without obtaining the consent of the holder of parental responsibility over the child. If you are under 13, please do not send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under the age of 13 without the appropriate consent, we will take action to delete that information as quickly as possible.

Your rights

You have the right to:

  • Request access to a copy of the personal data held by Healix.
  • Request to correct information if it is inaccurate.
  • Request completion or clarification of the information if it is incomplete or equivocal.
  • Request erasure of the information if it has been collected without adherence to
    legal requirements.
  • Complain if you consider Healix has breached its privacy obligations.
Subject access right

You have the right to request access to personal data held about you. The preferred method is for you to provide a written request to Healix including as much information as possible (reference number, dates, specific issue etc.) to enable us to comply with your request as quickly as possible. Please see contact details below.

How to make a complaint

If you have any concerns or a complaint regarding our collection and use of your personal data, or a possible breach of your privacy, please send them to: privacy@healix.com or write to us at the address listed below.

We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

If you do not believe your complaint is managed appropriately you have the right to escalate the complaint to the Data Protection Authority. You can make a complaint to the Information Commissioner, who is the UK independent regulator at casework@ico.org.uk. Please contact the Data Protection Officer using the Contact Details below if you require any further information regarding your rights.

Contact details

Any questions, comments or requests regarding this policy should be addressed to the Data Protection Officer at: privacy@healix.com.

Or by mail:
Group Data Protection Officer
Healix, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK

You can also find the regulatory information on the Healix Group of Companies.

A new version of this website is available.