Privacy Policy


Privacy policy

For the purpose of the Data Protection Act 1998 (the “Act”), the Data Controller, as defined in the Act, Access 2 Healthcare Ltd 62 South Street Chichester West Sussex

PO19 1EE

Access 2 Healthcare Ltd registered with the Information Commissioner as Data Controllers, (“the Vitality Group”, “we”, “us” or “our”) are health and life insurers that offer their members a range of incentives and benefits for being healthy. This privacy policy applies to services that we provide for private health insurance plans, life insurance and protection plans, investment products, 

Where appropriate, we’ll ask for your consent to use your personal information, at the point where we collect it. If the reasons for us processing your personal information are consistent with what you’ve asked us to do, we’ll explain this so that you fully understand how we’ll use your information.

What type of data will we collect?

We may collect and process the following data about you:

(i) Information you give us

You may give us information about you when you use the Services by filling in forms on our site or by getting in touch with us by phone, email, post or otherwise. We may also need to collect sensitive personal data which could include details around your physical health, mental health and your lifestyle. You can choose whether to supply or withhold any sensitive personal data. However, withholding information may limit the Services we can offer you.

(ii) Information we get from other sources

How we use your personal data

We will only collect personal data which is necessary to provide you with the Services or an associated or required service. We may process your personal data and sensitive personal data for the following reasons:


  • for administration and      management of our Services;
  • where we need a GP report,      we will ask you for your permission, which will be managed in line with      Access to Medical Report Act;
  • as part of our business      processes and relevant activities including auditing, business planning,      accounting and transactions;
  • to be compliant with legal      and regulatory obligations;
  • for research, statistical      purposes or to improve our Services
  • to notify you about changes      to our Services;
  • to improve our site to      ensure content is presented in the most effective manner for your      computer;
  • as part of our efforts to      keep our site safe and secure;
  • to make suggestions and      recommendations to you and other users of our site about goods or services      that may interest you or them.

This list isn’t definitive and could change if our business, legal or regulatory needs change. We will always ask for your consent first if we wish to use your personal information in a way we have not told you about. We may also combine information we get from other sources with information we collect about you for the reasons shown above.

Processing claims

When you submit a claim we may have to pass information about you to those involved in your treatment or care and/or your representative (if you have one). We’ll do this in a secure and confidential way.

Any insured dependant aged 16 or over has the right to confidentiality for their claims and information. To assert this right, the insured dependant should contact our customer services team.

How we may retain and remove personal data

We hold data in various ways. These include electronic databases, computerised files and paper files. We’ll keep your data for the term of your policy and for a further period of time specified by regulation. We’ll remove all personally identifiable data by using our approved company processes, to make sure we take all reasonable precautions to protect its confidentiality. We may keep non-personally identifiable data for research and statistical reasons or to improve our Services. Who we may share data with We may pass data to third parties so that we can provide the Services.

These include:

  • service providers;
  • technical payment and      delivery service sub-contractors;
  • analytics providers and      search information providers;

In all cases, we use privacy-enhancing technologies as promoted by the Information Commissioner's Office (“ICO”) and which conform to EU guidance.

Where we store your personal data

We may transfer and store the data that we collect from you to a destination outside the European Economic Area ("EEA"). Such transfers are conducted in compliance with the methods approved by the Information Commissioner. Suppliers, operating outside the EEA, may also process your data. They will do this on our behalf under contract to VCSL. Among other things, they may be involved in: delivering the Services, processing your payment details, and providing support services. We’ll take all reasonable and necessary steps to make sure we treat your data securely and in a way that conforms to this privacy policy.


To keep you informed with product updates and offers we would like to use your personal information to contact you. You have the right to ask us not to process your personal data for marketing uses. Before collecting your data, we’ll always tell you if we intend using it for marketing reasons. You can exercise your right to stop us using your data by checking certain boxes on the forms we use to collect it. 

 Your rights to ask for, check and change 

personal data

You have the right to ask for a copy of the data we hold about you, as well as asking us to correct any inaccurate data. You can use your right to access your data under the terms of the Act. To access your data, please contact the Data Subject Access Request team by email at: or by post Access to Healthcare Ltd, 62 South Street, Chichester West Sussex PO19 1EE. 

 Changes to our privacy policy

We’ll post any changes we may make to our privacy policy in future on Where appropriate, we’ll also let you know by email or post. Please check back regularly to see any updates or changes to our privacy policy.