Privacy Notice
International Expat Health’s Privacy Notice, Declaration of Consent, and Release of Confidentiality
Please read this statement carefully. This Privacy Notice and declaration of consent and release of secrecy (“Privacy Notice”) is about the processing of personal data. It explains which personal data is processed and for what purposes. “Personal data” refers to any information relating to an identified or identifiable natural person.
The controller of the personal data is:
International Expat Health (IEH)
Address: 71-75 Shelton Street, London, WC2H 9JQ, UK
Email: contact@internationalexpathealth.com
You can contact our data protection officer at:
International Expat Health Data Protection Officer
Address: 71-75 Shelton Street, London, WC2H 9JQ, UK
Email: contact@internationalexpathealth.com
This Privacy Notice applies to the collection of personal data via our website, as well as any other collection of your personal data, including inbound or outbound calls via telephone. It applies to our customers, business partners, contractors, and applicants for positions in our company. Where legally required, we will inform you separately about the processing of your personal data in other contexts.
Declaration of Consent for the Processing of Health Data, Transfer of Personal Data Outside EU, and Release from Confidentiality of Medical Providers and Professionals, Insurance Companies and Brokers
IEH, acting as a broker, expressly informs you that you are free to confirm this declaration of consent and to object to it in the future. However, without your consent for processing your health data, it may generally not be possible to conclude or implement an insurance contract with IEH.
If reference is made to this Privacy Notice and the confirmation of this Declaration of Consent is requested, this confirmation also includes the following statements regarding the processing of your health-related personal data, also in countries outside the EU, and the release of the general obligation to confidentiality for insurance companies and medical professions:
By confirming this Privacy Notice, I agree that IEH collects, stores, and processes the information I provide to IEH when applying for an insurance offer and in the future (including health-related data) to the extent necessary to review the application and to establish, perform, and finish an insurance agreement. I also agree that IEH stores my health-related data – even if a contract with IEH is not concluded – for a period of 3 years from the end of the calendar year of my request.
By confirming this Privacy Notice, I agree that IEH transfers my personal data including health-related data if necessary, for the purpose of my insurance agreement to:
– Service providers
– (Re-)insurance companies
– If necessary, to my employer if my employer has concluded the insurance contract with IEH, which also covers me
– Medical providers and medical experts as needed
I agree that this personal data, including health-related data, is processed there for the same purposes as stated in this Privacy Notice and that personal data, including health-related data, is returned to IEH. I release IEH and its employees, as well as medical providers, from their obligation to confidentiality regarding personal data, including health-related data.
By confirming this Privacy Notice, I agree that IEH collects my health data from doctors and other medical providers, nurses, hospital staff, personal insurers, statutory health insurance funds, and authorities and uses them for these purposes, insofar as necessary for risk assessment or the performance of contractual obligations of IEH. This confirmation also refers to service providers, especially medical service providers, in countries outside the EU, particularly if I use services in these countries.
We will not use or disclose your personal data for purposes other than those specified in this Privacy Notice. We will protect the privacy of your personal data. If you have concerns about the processing of your personal data, you can contact our Data Protection Officer at contact@internationalexpathealth.com or write to us at: International Expat Health, Data Protection Officer, 71-75 Shelton Street, London, WC2H 9JQ, UK. We will address your inquiry and make good-faith efforts to resolve any dispute. If you remain unhappy with our response, you can refer the matter to the relevant supervisory authority.
1. Processing of Personal Data of Children Under the Age of 18
We are legally obliged to provide our services only to individuals who are at least 18 years old. By entering into a contract with International Expat Health, you confirm that you are over 18 years of age.
2. How and Why We Need Your Personal Data – Provision of Services
Your personal data is collected from the personal digital spaces we provide you (APP, webpage, and self-service webpage), by our sales department, or by our service representatives, and, if you agree, via telephone.
We use the personal data we collect and receive to provide our service and, where appropriate and legally permissible, to study and analyze the functionality of our services, website, and APP, to analyze users’ activities, to provide support, to measure service activity, to conduct surveys and send questionnaires, to maintain our service, to improve it, and to communicate with individuals working for our business partners.
We may use your email address to contact you when necessary, to send reminders, and to provide information and notices about our service.
We obey the law and expect you to do the same. If necessary, we may use your personal data to enforce our terms, policies, and legal agreements, to comply with court orders and warrants, to assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts, and any other misuse of our service, and to take any action in any legal dispute and proceeding.
3. The Personal Data You Provide in Order to Apply for an Insurance Policy
As a potential insured member with International Expat Health, we may request your personal data, including your name, contact details, gender, date of birth, passport number or other state-issued identification number, email address, profession, medical history and/or current status, and financial information. If you wish to enroll a family member in our insurance policy, we will need the same information about them. If you are enrolled in our insurance policy as part of a corporate group, we may ask for your workplace and job title. With your consent, we will record our phone conversations with you for quality assurance and record-keeping.
As an insured member, we may request additional personal details, such as medical documents, legal documents, and your premium debt status. When you file an insurance claim with us, we will collect and process your medical bills, your written correspondence with us, and any written notes taken about you by our customer service representatives.
If you correspond with us by telephone, as a potential or actual insured member, we will record the conversation only with your consent and will obtain it before recording.
If you have purchased insurance cover with us using a credit/debit card, we comply with the Payment Card Industry Data Security Standard (PCI DSS). We have implemented data security and organizational measures to protect your payment information, such as your credit/debit card number, and keep it confidential.
Should you provide us with your bank account information for future insurance payments, we will maintain that information in confidence in accordance with the data protection standard described in this statement.
When you contact us, or we contact you, we process the personal data involved. This may include participation in correspondence with treating and/or advising physicians to provide you with further services and/or to assess your eligibility for insurance.
We advise you to exercise caution when uploading insurance-related content through our APP, our self-service website, or via emails. Please also avoid any involuntary disclosure of your personal data or the personal data of others without their consent.
Processing of Personal Data of a Person Other Than the Applicant:
When you provide us with personal data of other persons (e.g., family members), you confirm that you have informed these individuals about the contents of this Privacy Policy and that you have obtained all necessary consents from them for the processing of their personal data, including health data, in accordance with this Privacy Policy.
4. The Personal Data That We Collect When You Access Our Website or APP
When you access the International Expat Health website or mobile app, our servers may log certain ‘traffic/session’ information from your device. This includes the country from which you use the service, the type of browser, operating system, geo-location, and the Internet Protocol (IP) address. We also collect information about your activity on our platforms, such as your log-in and log-out times, the duration of sessions, the web-pages you view, or specific content on those pages. This information is stored in log files along with your full IP address, provided we have obtained your consent for this.
5. Is There an Obligation to Provide Personal Data?
As stipulated in the previous sections, particularly paragraph 3, International Expat Health is required to collect your personal data. Without this data, we are generally unable to provide you with health insurance coverage or manage any pending claims you may have filed with us.
In some cases, we are legally obligated to process personal data. This is necessary for purposes such as detecting, preventing, and investigating fraud, or to facilitate the exercise of your consumer rights. Additionally, we may need to process your personal data to detect, prevent, and investigate any other actual or suspected violations of law or misuse of our service.
6. On What Legal Basis Do We Process Your Personal Data?
At International Expat Health, we process personal data on the following lawful grounds:
Explicit Consent: The processing of special categories of personal data, such as health data, is based on your explicit consent. We ensure that this consent is clearly and freely given, indicating your specific agreement to the processing of this type of data.
Performance of the Agreement: The processing of your personal data is necessary for us to perform the insurance agreement with you. This includes taking necessary steps at your request prior to enteringinto the agreement, such as assessing your eligibility for specific insurance plans.
Legal Obligations: The processing of your personal data is also necessary for us to comply with legal obligations to which we are subject. This includes regulatory requirements specific to the insurance industry and compliance with legal standards in the regions where we operate.
Legitimate Interests: We process your personal data for legitimate interests, including ensuring cyber security and data protection, fraud detection, maintaining and controlling the quality of our service, providing support, backing up data, and ensuring disaster recovery. These processes are essential for the secure and efficient operation of our services and for safeguarding your data and our systems.
7. Who Receives Your Personal Data?
At International Expat Health, we adhere to strict guidelines regarding the sharing of your personal data. Except as outlined in this Privacy Notice, we do not sell, trade, or otherwise transfer your personal data to outside parties. Your personal data may be transferred to the following categories of recipients:
Affiliates: This includes parent companies, subsidiaries, and other affiliated companies within our corporate group. Your personal data is provided to the respective departments within International Expat Health that need such data for the execution of the insurance policy you have chosen.
Service Providers:
Administrative services providers
Third-party information technology providers, such as cloud service providers
Other third-party service providers engaged by us to support data processing, known as “processors.” These providers may also be commissioned to offer server capacity.
Third Parties:
Your personal data will be disclosed to third parties only if necessary for fulfilling our legal and/or contractual obligations, if we or the third party have a legitimate interest in the disclosure that does not affect your interests, or if you have given your consent.
Data may also be transferred to third parties as required by law or by enforceable regulatory or judicial order.
Third parties to whom we may transfer your personal data include:
Medical providers, including doctors and medical experts
Legal representatives
Insurance consultants
Corporate contact personnel for group/business insurance policies
Insurance brokers and agents
Law enforcement agencies, upon valid legal requests for disclosure
Insurance companies responsible for paying your insurance claims, if applicable
Experts for assessing injuries, diseases, and their causes
Relevant financial institutions, including banks, credit card processors, clearing houses, Payment Service Providers, and card issuers
If you have any questions or concerns regarding the processing of your personal data, please contact our Data Protection Officer at contact@internationalexpathealth.com or write to us at: International Expat Health, Data Protection Officer, 71-75 Shelton Street, London, WC2H 9JQ, UK. We are committed to protecting
Sorry about that! Here’s the continuation from where we left off:
8. Where Do We Process Your Personal Data?
At International Expat Health, your personal data is primarily processed in the United Kingdom.
However, not all parties listed in paragraph 7 are located within the European Economic Area (EEA). Should there be a need to transfer personal data to a party outside the EEA, we ensure that such transfers are conducted in accordance with the General Data Protection Regulation (GDPR) principles. This includes the use of data onward transfer instruments like the Controller to Processor Standard Contractual Clauses (SCCs) and Controller to Controller SCCs, ensuring that appropriate safeguards are in place, such as those included in the EU-US Privacy Shield Framework, where applicable.
In certain situations, it may be necessary to transfer your personal information to countries outside Europe. Such transfers are either necessary for the fulfilment of our insurance contract as specified under Art. 49 subsection 1 sentence 1b GDPR or are carried out based on your consent.
9. Handling of Your Publicly Available Personal Data
Before our first communication with you, International Expat Health may have accessed your personal data from social media and other public online platforms where you have publicly published your data. This information may include, but is not limited to, your personal and contact information, geographical location, and other data publicly available in your social media profiles and other public accounts.
10. How Long Will We Store Your Personal Data?
At International Expat Health, we retain your personal data as necessary to adjudicate any claims you may file with us under your health insurance policy, such as for insurance reimbursements. We will store your personal data for at least the minimum amount of time required by the regulations of the United Kingdom, where we primarily operate.
In the UK, we adhere to various retention and documentation requirements as outlined by relevant laws and regulations. These include, but are not limited to, the UK Data Protection Act and other applicable legal frameworks. The retention and documentation periods under these regulations may last up to several years, depending on the specific type of data and the purpose for its processing.
Furthermore, the storage period is also influenced by statute of limitations periods, which can extend up to several years, depending on the nature of the claim or legal requirement. For instance, claims for damages based on injury to life, limb, health, or freedom may require us to keep customers’ personal data for an extended period, as stipulated by law.
If a request for an insurance agreement is not followed by the conclusion of a contract with International Expat Health, we store health-related data for a period of 3 years from the end of the calendar year of the request. Other personal data, not related to health, is stored for a period reflective of UK legal requirements for business documentation retention, typically around 6 years following the end of the year in which the application was made.
11. Data Protection Related Information for Job Applicants at Our Company
At International Expat Health, we handle, process, and store personal data provided to us by job applicants in accordance with Article 6 subsection 1a of the GDPR, based on the consent declaration expressed through the submission of application documents.
Application documents are processed by our Human Resources department and, as needed, by the superiors of the respective departments. Additionally, for organizational purposes, applicants’ personal data may be shared within our corporate group (as detailed in paragraph 7), such as for training organization purposes.
Personal data of applicants will be deleted no later than 6 months after the rejection of their application unless consent for longer storage is provided by the applicant.
12. Personal Data Security
We are committed to protecting the confidentiality of your personal data at International Expat Health. We employ reasonable data security measures that align with high industry standards. Our approach includes technical and physical administrative measures to safeguard your personal data against misuse and unauthorized access.
All correspondence between you and International Expat Health is secured and encrypted as necessary.
13. Web Services Disclaimer
Our website may include links to external third-party websites. Please be aware that these websites have their own privacy notices and policies, which we recommend reviewing. International Expat Health is not responsible for the privacy practices, policies, or the use of any software on these external websites. We bear no responsibility for any direct or indirect damages that may arise from the use of these third-party websites.
14. Cookies
The website uses standard analytics tools such as Google Analytics and IBM. The privacy practices of these tools are subject to Google’s privacy policy at: http://www.google.com/analytics/learn/privacy.html and IBM’s privacy policy at: https://www.ibm.com/watson/data-privacy/. Google Analytics and IBM use cookies to provide their services.
The website uses “cookies”. These are small files that are stored on the user’s computer when they visit the website. Here’s how we use cookies:
The 3 main types of cookies we use on our site are:
– Strictly Necessary Cookies: These cookies are essential. Without them, you may not be able to access the information or services you requested. They are necessary for tasks such as tracking error messages so we can make improvements and fix bugs, as well as allowing you to apply online for an insurance solution using our online form.
– Analytics and Measurement Cookies: We use several technologies to understand how visitors use our website or app. This helps us identify areas for improvement and collect and report commercial data (such as sales volumes). For example, we may analyze website usage and identify a page where visitors struggle to know what to do next; we would then use session capture to observe individual site visitors and determine the issue.
Tools we use for analytics and measurement include:
– Google Analytics (Google Inc.): Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. However, due to IP anonymization (“anonymizeIP”) being activated on this website, your IP address will be truncated within member states of the European Union or other parties to the Agreement on the European Economic Area before being transferred to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en.
– Smartlook: In the context of our legitimate interest in a technically flawless online offering and economically efficient design and optimization, we use the Smartlook analysis software from Smartsupp.com s.r.o., Milady Horakove 13, 602 00 Brno, Czech Republic, in accordance with Article 6, paragraph 1, letter f of the GDPR. This tool captures movements on the observed web pages in the form of heat maps. This allows us to anonymously identify where visitors click and how far they scroll, helping us improve our website to be more user-friendly. Protecting your personal data is important to us when using this tool. All data is collected without our ability to assign it to specific users. We can only track mouse movements, clicks, scroll depth, screen size, device type, browser information, country of access, and preferred language. If personal information about you or third parties is displayed on a website, Smartlook automatically hides it. You can use a “do not track” header to prevent the use of the Smartlook tool, ensuring no data is collected about your visit to our website. Instructions on how to do this can be found at: http://www.akademie.de/wissen/do-not-track-datenschutz. You can also disable the Smartlook tool using the opt-out button at: Smartlook Opt-Out. The Smartlook privacy policy is available here: https://help.smartlook.com/en/articles/3244452-privacy.
– CleverReach: This website uses CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service for organizing and analyzing the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter (e.g., your email address) is stored on CleverReach servers in Germany or Ireland.
Sending our newsletters through CleverReach allows us to analyze recipient behavior. For example, we can see how many recipients opened the newsletter and how often each link in the newsletter was clicked. Through conversion tracking, we can also analyze if a predefined action (e.g., purchasing a product on our website) occurred after clicking a link in the newsletter. For more information on data analysis by CleverReach newsletters, please see https://www.cleverreach.com/en/features/reporting-tracking/.
Data processing is carried out based on your consent (Art. 6, para. 1, letter a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of data processing operations already carried out remains unaffected by the revocation.
If you do not want CleverReach to perform this analysis, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter message for this purpose. You can also unsubscribe directly on the website.
The data you provide for subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from CleverReach servers after cancellation of the newsletter. Data stored for other purposes (e.g., email addresses for the member area) remain unaffected.
Further details can be found in CleverReach’s privacy policy at: https://www.cleverreach.com/en/privacy-policy/.
Conclusion of a contract for commissioned data processing:
We have concluded a contract with CleverReach for commissioned data processing and fully implement the strict requirements of German data protection authorities when using CleverReach.
15. Geolocation
Google Web Fonts
Google Web Fonts (http://www.google.com/webfonts/) are used to improve the visual presentation of various information on this website. The web fonts are transferred to the cache of the browser when the page is opened, so that they can be displayed. If the browser does not support Google Web Fonts or prevents access, the text will be displayed in a standard font.
When the page is opened, no cookies are stored for the website visitor. Data transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. If the browser does not support Google Web Fonts or prevents access, the text will be displayed in a standard font.
For information about Google Web Fonts’ privacy policy, please visit: https://developers.google.com/fonts/faq#Privacy
General information on data protection is available in the Google Privacy Center at: http://www.google.com/intl/en/privacy/
Google Marketing Services
We use the marketing and remarketing services (“Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google’s marketing services are disabled by default on our websites and will only be enabled once you have given us your consent to set tracking cookies. The data processing is carried out in accordance with Art. 6 Para. 1 lit. a) GDPR on the basis of your consent.
Google’s marketing services allow us to better target ads for and on our website to show users only ads that potentially match their interests. If e.g. the user is shown ads for products that he or she has been interested in on other websites, this is called “remarketing”. For these purposes, when you access our and other websites on which Google marketing services are active, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are incorporated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (instead of cookies, comparable technologies can also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer. The IP address of the user is also recorded, however, we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other countries which are contracting parties to the Agreement on the European Economic Area and is only in exceptional cases transferred in full to a Google server in the USA and shortened there. The IP address is not combined with user data within other Google offers. This aforementioned information may also be combined with such information from other sources. If the user subsequently visits other websites, the ads tailored to his interests may be displayed.
User data is processed pseudonymously within the scope of Google marketing services. This means that Google does not store and process e.g. the name or e-mail address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. I.e. from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The user information collected by “DoubleClick” is transmitted to Google and stored on Google’s servers in the USA.
The Google marketing services we use include the online advertising program “Google Ads”. In the case of Google Ads, each Ads customer receives a different “conversion cookie”. Cookies can therefore not be tracked on the websites of Ads customers. The information collected through the cookie is used to compile conversion statistics for those Ads customers who have opted in to conversion tracking. The Ads customers are provided with the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users.
Another Google marketing service used by us is the “Google Tag Manager”, with the help of which further Google analysis and marketing services can be integrated into our website (e.g. “Ads”, “DoubleClick” or “Google Analytics”).
For more information about Google’s use of data for marketing purposes, please visit the website: https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy.
If you wish to opt-out of collection by Google marketing services, you can use the preferences and opt-out options provided by Google at http://www.google.com/ads/preferences.
Facebook Pixel
The so-called “Facebook Pixel” of the social network Facebook is used as part of our online offer, which is operated by Facebook Inc. or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Facebook Pixel is deactivated by default on our websites and is only activated once you have given us your consent to set tracking cookies. The data processing is carried out in accordance with Art. 6 para. 1 lit. a) GDPR on the basis of your consent.
With the help of the Facebook Pixel, Facebook is able to determine the visitors of our offer as a target group for the presentation of ads, so-called “Facebook Ads”. Accordingly, we use Facebook Pixel in order to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our Internet offer. This means that with the help of the Facebook Pixel we want to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. With the help of Facebook Pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users are redirected to our website after clicking on a Facebook ad.
Facebook Pixel is integrated directly by Facebook when our websites are opened and can store a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our website will be noted in your profile. The data collected about you is anonymous to us, so we cannot draw conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. The data processing by Facebook is carried out within the framework of Facebook’s data usage policy. Accordingly, you can find more information on how the remarketing Pixel works and generally on the display of Facebook ads in the Facebook data usage policy: https://www.facebook.com/policy.php.
You can object to tracking by Facebook Pixel and use of your information to display Facebook ads. To do so, go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising:
https://www.facebook.com/settings?tab=ads or declare your objection via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Facebook Retargeting (Custom Audience)
A Facebook Ireland Limited pixel is integrated into this website (website custom audience pixel). This pixel is used by Facebook Ireland Limited to collect information about the use of this website (e.g. information about items viewed). This information can be associated with your person with the help of other information that Facebook Ireland Limited has stored about you, for example, due to your ownership of an account on the social network “Facebook”. Based on the information collected via the pixel, interest-related advertisements about our offers can be displayed in your Facebook account (retargeting).
The information collected through the pixel may also be aggregated by Facebook Ireland Limited and the aggregated information may be used by Facebook Ireland Limited for its own promotional purposes and for promotional purposes of third parties. For example, Facebook Ireland Limited may infer certain interests from your surfing behavior on this website and may also use this information to promote offers from third parties. Facebook Ireland Limited may also combine the information collected via the pixel with other information that Facebook Ireland Limited has collected about you via other websites and/or in connection with the use of the social network “Facebook”, so that a profile about you can be stored at Facebook Ireland Limited. This profile may be used for advertising purposes. For more information on data protection at Facebook Ireland Limited, please click here: https://www.facebook.com/policy.php
The legal basis for data processing is Article 6(1)(a) GDPR and (f) GDPR.
Your consent to cookies
Strictly necessary cookies do not require your consent.
For analytical and measurement cookies as well as for targeting or advertising cookies we request your consent before placing them on your device. You can give your consent by continuing to use our website or by clicking on the appropriate button on the banner displayed to you when visiting our website.
What about links to other websites and their Cookies?
We often link to other sites to give you extra information or services. Where these are provided by a third party, you may leave our website by clicking through to theirs. In this case, the Cookies policy set out on the third party’s website will also apply. As this won’t be controlled by us, you should read their policy to find out what information is being collected and how it’s used.
How to control Cookies
You can restrict, remove or block Cookies through your browser settings at any time.
In addition to what is specified in this document, the user can manage preferences for Cookies directly from within their own browser and prevent – for example – third parties from installing them. Through the browser preferences, it is also possible to delete Cookies installed in the past, including the Cookies that might possibly have saved the consent for the installation of Cookies by this website. It is important to note that by disabling all Cookies, the functioning of this site may be compromised. Users can find information about how to manage Cookies in their browser at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Windows Explorer.
In the case of services provided by third parties, users can exercise their right to withdraw from the tracking activity by utilizing the information provided in the third party’s privacy policy, by clicking the opt-out link – if provided – or by contacting the third party.
16. What Rights Do I Have?
As a data subject, you have the following rights regarding data protection at International Expat Health:
Access: You have the right to request access to personal data related to you that is stored by International Expat Health. This includes information about the extent of data processing and data transfer performed by us and to obtain a copy of your stored personal data, as outlined in Art. 15 GDPR.
Rectification: You can request immediate rectification of incorrect personal data stored by International Expat Health and completion of any incomplete personal data.
Erasure: You have the right to request the deletion of your personal data stored by us, provided legal requirements are met. This includes situations where:
Your personal data is no longer necessary for the purposes for which it was collected.
Your consent was the sole legal basis for processing, and you have withdrawn this consent.
You have objected to processing, and there are no overriding legitimate grounds for processing.
Your personal data was processed unlawfully.
Legal requirements mandate the erasure of your personal data.
We will inform third parties to whom the data was transmitted about the erasure as required by law. However, this right to erasure is subject to limitations, such as statutory retention obligations and the need for data in legal claims.
Restriction of Processing: Under certain conditions, you have the right to request a restriction on processing your personal data. This applies if:
You contest the accuracy of the personal data.
The processing is unlawful, but you oppose erasure and request restriction instead.
The personal data is no longer needed for processing purposes, but you require it for legal claims.
You have objected to processing, pending verification of overriding legitimate grounds.
Data Portability: Where your personal data is processed automatically based on your consent or a contract, you have the right to receive such data in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance, as per Art. 20 GDPR.
Right to Object: If we process your personal data based on legitimate interests or public interest, you have the right to object to this processing on grounds related to your particular situation. You also have an unrestricted right to object if we process your data for direct marketing purposes.
Withdrawal of Consent: You can withdraw your consent to the processing of your personal data at any time. Note that the withdrawal applies prospectively only and does not affect the legality of processing done prior to the withdrawal.
Complaint: You have the right to file a complaint with a data protection authority if you believe the processing of your personal data is unlawful. This does not affect your right to other administrative or judicial remedies.
Please contact us directly for the address of the data protection supervisory authority responsible for International Expat Health.
Information about Your Right to Object
Right to Object for Personal Reasons:
You have the right to object to the processing of your personal data by International Expat Health on grounds relating to your particular situation, especially when the data processing is carried out in the public interest or based on a balancing of legitimate interests. This includes any related profiling.
Whenever we process your personal data based on legitimate interests, we believe that we can demonstrate compelling legitimate reasons for such processing. However, we will review each case individually upon objection.
If you object, we will cease processing your personal data unless:
We can establish compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or
The processing of your personal data is necessary for the establishment, exercise, or defense of legal claims.
Right to Object to Processing for Direct Marketing Purposes:
You have an unconditional right to object to the processing of your personal data for direct marketing purposes, including profiling related to such direct marketing.
Upon objection to processing for direct marketing, we will cease processing your personal data for these purposes.
Exercise of the Right of Objection:
The objection can be informal and should preferably be addressed using the contact details provided in this data protection notice.
17. Disclosure of Personal Data in Case of Emergency:
In emergency situations, International Expat Health may disclose your personal data to a third party if all the following conditions are met:
We are approached by a third party, such as a close relative or someone else connected to you, requesting the disclosure of your personal data. We will verify the third party’s relationship to you through reasonable means.
Despite reasonable efforts, we are unable to contact you, taking into consideration the nature and urgency of the emergency.
We reasonably determine that the requested disclosure is necessary to protect your vital interests.
18. Notification of Changes
International Expat Health may occasionally update the terms of this Privacy Notice. We will not notify you of any changes through our website or mobile app. We encourage you to review any changes to this Privacy Notice, as they may impact your privacy rights.
19. Less Secured Communication During Emergencies
In emergency situations, such as during medical care, hospitalization, or doctor check-ups, you may need to share personal data related to your specific situation with us. While we prioritize using secured communication channels, we understand that these might not always be available during emergencies. If you choose to send or receive personal data via unsecured channels (like WhatsApp, SMS, or other IM services) during such times, please be aware of the inherent risks. Note that International Expat Health will not be liable for any system failure or data breaches occurring through these unsecured channels. The use of these unsecured communication methods is solely your responsibility. We will, however, provide separate guidance on this matter as needed.
20. Use of WhatsApp
WhatsApp is a service offered by WhatsApp Inc., part of Facebook Inc.
International Expat Health may use this external application solely as a communication channel. We are not responsible for the content and data shared, uploaded, and processed via WhatsApp outside of our own network. The data protection guidelines of WhatsApp apply in these instances.
Before using WhatsApp, please review its data protection policy carefully. By using WhatsApp, you automatically agree to these policies.
When you send us a message via WhatsApp, you are providing us with your phone number. This number will only be used for communication with you through WhatsApp. The contents of the chat will only be used to process your request.
Be aware of WhatsApp’s terms of use, over which we have no control. By installing and using WhatsApp on your mobile phone, you agree to WhatsApp’s terms, which include granting WhatsApp Inc. access to your phone number and contacts.
We avoid answering personal or confidential questions (i.e., those concerning personal data) via WhatsApp. Please use an email address or phone number for such inquiries.
Important: International Expat Health will never request sensitive data via WhatsApp. If we need your data, a staff member will inform you of a secure method to share it, such as a phone call or email.
21. Direct Marketing
If you have purchased an insurance policy with International Expat Health and are therefore an existing customer, you have been included in our marketing distribution list. We will send you future information about our company and its offerings. If you wish to opt-out of our marketing distribution list, you can do so by sending a request to contact@iehinsurance.com or by selecting the removal option in our communications. Opting out of the marketing distribution list will not affect your contractual rights. We will inform you of this right and the option to opt-out in every marketing communication.
If you do not have an insurance policy with International Expat Health but are interested in receiving information about our products, you can contact us at contact@iehinsurance.com to request inclusion in our marketing distribution list. The provisions of this Privacy Notice will then apply.
Use of SalesViewer® Technology:
Our website utilizes SalesViewer® technology from SalesViewer® GmbH, based on the legitimate interests of the website operator (Article 6(1)(f) GDPR), for the purposes of marketing, market research, and optimization.
This technology uses a JavaScript-based code to capture company-related data and corresponding website usage. The data captured by this technology is encrypted through a non-retrievable one-way function (hashing). The data is immediately pseudonymized and is not used to personally identify website visitors.
The recording and storage of data can be revoked at any time with immediate effect for the future, to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website will be stored on your device. If you delete cookies from your browser, this link will need to be clicked again.