We are Mosaic Health, a company limited by shares (company number 12748409) based at 85 Great Portland St, London, W1W 7LT.
We manage a healthcare membership fund, with the purpose of providing our members frictionless access to the supplemental healthcare that they need.
This Privacy Notice outlines how we use, share, and store personal data relating to our customers and the users of our website. We decide on the means and purposes for processing this data and this makes us the data controller.
Most of the personal information we process is provided to us directly by you for one of the following reasons:
We may also collect personal information indirectly as follows:
We currently collect and process the following information:
Legitimate Interest – we process information under the legitimate interest legal basis in order to:
Where we rely on legitimate interest as grounds for processing your personal information, we carry out a ‘Legitimate Interest Assessment’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests.
Consent – we rely on the consent legal basis to:
We will never sell your personal information or share it for marketing purposes. Your personal information is available to the members of our staff who are involved in distribution – access is limited to those with a genuine business ‘need to know’.
We may share your information with cloud services we use to manage elements of our business, and with sub-processors we engage to deliver our services to you.
Where we do share your information, this is done under strict contract terms that protect your rights and the security of your data. We may otherwise disclose your personal information:
Your information is securely stored on secure Amazon Web Services servers on UK locations.
Where we have a contract with you, we will generally keep your contact information and correspondence for a period of 10 years following contract end. Other data is held for shorter timeframes, for example, website contact us forms are held for 12 months, and prospective customer details are held for 2 years.
When establishing and/or reviewing retention periods, the following is considered:
When the retention period has expired and we no longer need your data, we will dispose of it by securely deleting it from electronic sources and shredding any hardcopy.
Where we engage a sub-processor to support us in delivering your contracted services, they are bound by our retention limits and by strict contract terms to keep your data safe and secure.
Our website may contain links to other independent third-party websites or mobile applications.
These Third-party Sites are not under our control and will provide their own distinct privacy notices. You will need to make your own independent judgement regarding your interaction with any Third-party Sites, including the purchase and use of any services or products accessible through them.
Mosaic Health uses third party tracking analytics software in order to better understand how users use our product:
Under data protection law, you have a number of rights including:
Access - You have the right to ask us for copies of your personal information.
Rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Erasure - You have the right to ask us to erase your personal information in certain circumstances.
Restrict processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Withdraw consent - You have the right to withdraw your consent where we are relying on this for processing, this will not affect anything that has previously been done under this consent.
You also have rights in relation to automated decision making (including profiling), however Mosaic Health does not undertake any of this type of processing.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact our Data Protection Officer at email@example.com if you wish to make a rights request or query our use of your data.
You also have the right to complain to the Information Commissioner’s Office if you are unhappy with our use of your data or are unsatisfied with our response to a related complaint; see Make a complaint | ICO for more details.
This Privacy Notice is reviewed regularly to ensure that it accurately reflects how we use your information. When minor changes are made, we will post the updated Privacy Notice on our website; we will notify existing customers of any substantive changes by email or post.