Personal Group is a trading style of Personal Group Holdings plc and its subsidiary companies. Personal Group takes the privacy of your information very seriously. This policy explains how the companies in the group collect information and what we use the information about you for.
The information we hold is collected and managed by the following companies –
• Personal Group Benefits Limited – collect your information from sales presentations; • Personal Management Solutions Limited – collect your information provided through our websites and mobile applications: • Lets Connect IT Solutions Ltd – collect your information provided through our websites; • Personal Assurance Services Ltd – is passed your data when you take an insurance product with us or as part of the sales process for insurance products; • Personal Assurance plc – is provided with your information where you apply for an insurance product provided by them.
All of the companies have the same registered office which is John Ormond House, 899 Silbury Boulevard, Central Milton Keynes MK9 3XL.
Personal Assurance Services Ltd oversees all of the data management within Personal Group to ensure that we comply with this policy and the data protection rules.
The personal information we collect and hold
User Data
Personal Group provides access to its services to individuals who are authorised to use these by clients of Personal Group. The clients of Personal Group are either employers of the individuals or have a relationship with the individuals that they want to enhance with access to the Personal Group benefits. The individuals who use the Personal Group services (which will include you) are referred to as users. Personal Group is usually provided with personal data about you from our client. The data provided by the client may include one or more of the following: title, forename, surname, gender, email address, telephone number, date of birth, address, and postcode. The data may also include information (where the client is your employer) pertaining to your role including job division, job title, job grade, job location, salary, holiday entitlement, holiday units, working hours, start date, and a reference number from your employer which is unique to you, e.g. payroll ID. Sometimes we may request this data from you directly and confirm it with our client. You will provide your agreement in all cases via our Website or Mobile application (or when arranging a meeting with us as set out below) and we will capture any additional information directly from you.
We may also process your personal data for our client. We only do this for limited purposes. These are to confirm you are entitled to use our services, to provide communications to you via the benefits sites we host for our client and to provide some management information. We do not always do this and if we do we will act in accordance with the permission to use the data that our client will hold. Where we do this it is for our client and will be a result of a contract you have with them (such as your employment contract) or because there is a legitimate interest to do so.
We may jointly process your personal data with our client and if this is the case we will process your personal data as set out in this policy.
Website data/Mobile application data:
When you register with (or use) one of our internet sites or mobile applications (the Site) you will provide your personal information (which may be transferred by our client to us) and agree to our terms and conditions which incorporate this policy. The data will be processed, stored and used by Personal Group in accordance with this policy. If you download and agree to use our mobile application you will agree to the same terms and conditions.
When you first register on the Site, we ask for some basic personal data. This may include one or more of the following; your date of birth, postcode, forename and surname. Where the client is your employer it may also include employment start date and a reference number from your employer which is unique to you, e.g. payroll ID. When receiving an email invite, those registering on a site provided via their employer may also need to provide their payroll number.
You may provide additional information when you choose to make a purchase from or access a service on the Site including payment details. Other personal information about you is optional for you to provide during registration and this is clearly shown.
When you make a purchase or access a service on the Site you may be dealing with us or with a third-party supplier. Where you leave the Site, your information will be provided to the third party who operates the website you go to. You should ensure that you are aware of the websites you transfer to from the Site.
When the Transform section of the Site is available you may provide information about your mood (by clicking on mood indicators). This information is health data and we will manage it as set out below in relation to special category data.
Face to face sales data
When you meet with a member of the sales team you will provide information to them and agree that they may access the information held by Personal Group which either you or your employer has provided (and this service is only available to clients providing benefits to their employees). The information will include your name, date of birth, details of your employment and of any products you have with us.
Insurance products data:
When you purchase an insurance product from us you will provide us with personal information about yourself or someone authorised for you will have provided information for you. The information will include your name, your date of birth, your address, payment details for your product (which may include your bank details). If you raise a query or make a claim we will hold the information you provide for this which may include medical information. We will use medical information as set out below for special category data.
How we use and disclose personal information
We and third parties may use your personal data provided to the Site, via face to face process or as part of a contract with us the purposes for which we will use it may include:
• providing you with a personalised service, which may be subject to the requirements your employer, or the client through whom you access the service, selects or whether you have opted to receive marketing – you will agree to this where it concerns the benefits your employer requests or is subject to your consent if it concerns marketing. We will provide you with operational messages and service updates. Operational messages will come from your employer or the client through whom you access the service. We may also send operational messages about the platform itself and any updates relating to it. Service updates are notices or mailings from us about the services available on or via the platform to ensure you are aware of the services available to you (as these may change from time to time). Service updates and operational messages are part of our services and you may not opt out of these. Where these are provided as push notifications to your mobile device you may turn off any permissions in the device. • to create your account and to identify you, we may share your information with your employer, or the client through whom you access the service, to verify you are entitled to an account – you agree to this as part of your agreement to use the Site • sharing information on your use of benefits with our client so they can consider how their programme is working – you agree to this as part of your agreement to use the Site • allowing our client to provide benefits and notifications via the Site and/or our mobile application – you agree to this as part of your agreement to use the Site (and it will be part of your arrangements with our client) • providing information to our client to confirm you are eligible to use the Site – you agree to this as part of your agreement to use the Site • checks with our client to ensure that you and other users are entitled to access their benefits scheme – you agree to this as part of your agreement to use the Site • processing your orders, registrations and enquiries – you agree to this when making an order and/or as part of your agreement to use the Site • processing benefits which may be made available to you on the Site – you agree to this as part of your agreement to use the Site • providing and administering the insurance contracts we provide for you – this is part of the provision of the contract to you • completing an insurance policy on your behalf – where you are purchasing an insurance policy we will provide information to the insurer which is part of your request • providing information on the scheduling of launch visits – you agree to this as part of your agreement to use the Site • providing you with information about promotions and products and services we offer, as operational messages, service updates or marketing – (if you have consented to receive such marketing information and not opted out, – see below). Service updates may contain details of the products and services available to you but are not marketing messages. • sharing your Data with third party organisations who offer products or services which we feel may be of interest to you (if you agree to receive such information) • providing data to third party organisations who provide services which you choose to receive – you agree to this as part of your agreement to use the Site • displaying user feedback (if the individual agrees to the information being displayed or provides it to a service which operates by identifying them) – if you consent to this and have not withdrawn your consent.
We will provide information to third parties who process information for us. This will include:
• suppliers of some services, vouchers, card and or e-Vouchers, who will fulfil the delivery of the services to you.
• suppliers of services to our clients where the services are delivered to you in order to fulfil that delivery. • Our third party hosting provider. • Other sub-contractors who provide services for us.
We will use your data in providing or supporting any insurance product you purchase from us. We may share this information with insurers and/or third parties where necessary to provide the service. This information is all used so we can carry out our obligations or rights to deliver services to you under these contracts with you. We use your personal information when providing insurance or broking services to:
• administer your product, including ensuring that premiums are paid • to consider any claims or complaints you may make • to pay any claims • to support you in making a claim to an insurer • deal with any queries or meet any requirements of our regulators – this is a legal obligation on us • where we process your data, it is subject to our strict internal policy requirements as well as the Data Protection regulations.
Special category information
We will collect some medical information from you to support some services. This is limited to two areas. These are:
To assist you with any insurance claims – where an insurance claim requires medical information we will collect this information off you and use it solely for the purposes of the claim.
As part of the Transform service – the Transform service includes an option for you to share information about your mood. This information is considered health data and as such we process this based on the consent you give to us. The consent is given by you providing the information. We use this information for limited purposes. We will use the information to direct you to some material in the Transform service which we hope will be useful for you. We also annonymise your information with other individuals to provide general reports to our client. Our client will not be able to identify you or any information you have provided to us from these reports.
How long will we hold your personal information
We will hold the personal information we use to meet the requirements of our agreements with you for the period of those agreements and any further period afterwards that we need for regulatory or other legal reasons (such as to defend any claims). This will usually mean that we will hold information for seven years after an agreement ends. We will remove any personal information we do not need when we no longer need it.
Where we have personal information which you have consented for us to use we will hold it for the period the consent remains in force and any other period we need for regulatory or other legal reasons. You may remove your consent at any time. Your consent for us to use special category information will cease for any future information not that already provided.
We will delete any information about you we no longer need. Please see below in relation to your rights to have data erased, rectified or for you to access it and for you to object to any processing or to transfer it.
Your Rights
You have a number of rights in relation to your personal information. These are –
• The right to confirm if we are using data about you and to access details about what we are using and how; • The right to lodge a complaint with the Information Commissioners Office; • The right to have us rectify any inaccurate data corrected or to have data which is incomplete for the purpose we hold it completed; • The right to be forgotten. Which is the right to ask us to delete information about you and if it is appropriate to do so we will do so; • The right to restrict what we do with data in specific circumstances, including where the accuracy of the data is contested, processing is unlawful but you do not want us to erase the data or if we only need the data to meet legal requirements; • The right to receive the data we hold about you in a format you can use to transfer the data electronically elsewhere.
You are also able to withdraw any consent you have provided for us to use your data at any time. This is opting out and the process is set out below.
Opting Out
You can opt out of any marketing activity by unsubscribing from the benefits communication you receive or alternatively within your account on the Site under “Me”.
General
The Sites contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies (and any terms of use) before you submit any personal data to these websites. If you choose to follow a link to a website we may provide some information to the site to allow them to identify you. The site will require you to consent to their processing this data. Please be aware that the transfer to other websites will happen when the website address changes and you should be aware of the details of the webpages you visit.
Your privacy and data protection is very important to us and we comply with all aspects of the Data Protection legislation and ensure that any third parties we engage do so. You can find out more about your rights to data from the Information Commissioners Office.
Some data processing may occur in other parts of the European Union (“EU”) or outside of the EU. Wherever data is processed your rights under the Data Protection Regulations will be met and we will ensure that any agreement to process your data ensures this and gives you rights in the unlikely event of any security breach.
Cookies
When you visit the Sites we may store some information (commonly known as a "cookie") on your computer. Cookies are pieces of information that a Site transfers to your hard drive to store and sometimes track information about you. Cookies are specific to the server that created them and cannot be accessed by other servers, which means that they cannot be used to track your movements around the web. Passwords are not stored in cookies.
In app analytics settings
We may capture analytics data for product functionality, performance tracking, feature enhancement and product marketing. This data may be shared with third-parties anonymously or with a tracking identifier on an opt-in basis.
How we use cookies
A cookie helps you get the best out of the Site and helps us to provide you with a more customised service.
Cookies expire once you close your browser.
You can block or erase cookies from your computer if you want to (your browser's help screen or manual should tell you how to do this), but if you choose to do so you will not be able to access most parts of the Site which are reliant on the use of cookies to operate correctly and will not work if you set your browser not to accept cookies.
Please note, that if you set your browser to reject cookies you may not be able to use certain aspects of the Sites.
Cookies on www.hapibenefits.com do the following:
1. Track your transactions and the way you navigate the Site. When you make a purchase it is cookies that give us the information to track your transactions and which retailers you have used. It also tells us which third party sites you've clicked through to 2. Keep you logged in to your account for a period of time 3. Allow us to comply with your choices about the display of information in your account 4. Remember the options you select (such as favourite merchants) 5. Permit integration with social media sites (such as the ability to "like" hapi on Twitter) 6. Provide you with recommended offers, based on your use of hapi and the transactions you enter into through it
Push notifications
Our mobile application does provide push notifications. These are provided to all of the users of a scheme who are using the application on which they are issued. If you do not wish to receive push notifications, you should amend the settings of your mobile device as we are not able to limit this function.
Our push notifications may also include location based notifications which notify you of suppliers or benefits which may be local to the location of your mobile device.
Credit/Debit Card Information
When you register a card on the Site it will be recorded to use with purchases on the Site.
The card data will be transferred to, and stored at, secure third party destinations to provide those services which involve processing card information on our behalf, to ensure successful transactions. All data is stored in an encrypted format and can only be accessed when you place an order using your required details which links a match. Currently we use Sage Pay exclusively for our transactions.
Please note: We do not provide any credit or debit card details to our clients.
We advise you never to enter your bank card, account number or password into an email or after following a link from an email. We will never ask you to do this in an email.
Any payment transactions will be encrypted (using SSL technology). Where you have chosen a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. You must be aware that you could be liable for any misuse of your passwords. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
Anonymous Site Statistics
We may automatically collect non-personal information such as the type of internet browsers being used to view our Site. You will not be identified from this information and it is only used to assist us in providing an effective service on this Site.
Household Member Privacy (If ‘Household Member Invite’ is made available)
All the above information applies to the household members site, with the following exception: No household member's data is given to us by the primary user. At point of invite, the user will enter their household member's title, name, email address and confirmation they live at the same address. If the household member chooses to decline the invite, all data will be automatically removed from our system.
A users household member's transactions can be seen by the user on the user’s account; the information that can be seen by the user in relation to the household member's transactions includes: date of transaction, product i.e. e-voucher, retailer, value and amount saved. Household members of users who have registered on the Site agree to this as part of their agreement to use the Site.
Contact Us
If you have any enquiry relating to your personal information, you can do so by sending an e-mail to us at info@personal-group.com
(Please note that because of the insecure nature of emails we cannot accept any responsibility for data lost or intercepted in transit.)
Or write to us at: Personal Group John Ormond House 899 Silbury Boulevard Central Milton Keynes MK9 3XL Telephone 0800 542 5930 Fax 01908 201711
Personal Group are based in Milton Keynes and processes all data in accordance with UK data protection laws.
hapi version 7.14 March 29, 2023. This site is operated by Personal Management Solutions Limited a subsidiary of Personal Group Holdings Plc. Personal Group, is a trading style of Personal Group Holdings Plc, John Ormond House, 899 Silbury Boulevard, Central Milton Keynes MK9 3XL. Tel: 0333 400 0844, Fax: 01908 201711. Registered number 4232995.
Let’s Connect IT Solutions Limited (hereafter referred to as Let’s Connect) is a subsidiary company of Personal Group Holdings plc. Let’s Connect takes the privacy of your information very seriously. This policy explains how the companies in the group collect information and what we use the information about you for.
All of the companies has the same registered office which is John Ormond House, 899 Silbury Boulevard, Central Milton Keynes MK9 3XL. The Data Protection Officer for the companies can be contacted on info@personal-group.com or by calling 0333 400 0844.
Personal Assurance Services Limited oversees all of the data management within the Personal Group to ensure that we comply with this policy and the data protection rules.
Employee data: Let’s Connect is sometimes provided with employee’s personal data from its employer clients, which it has been authorised to use by them. We will use this information as we are instructed which may include providing details to you via the employee benefits sites we host and confirming you are authorised to use these. Where this personal data is passed to Let’s Connect, we processes it on behalf of your employer and its use is limited to what is permitted by your employer. We will act in accordance with the permission to use the data that your employer holds.
The data provided by employers may include email, first name, surname, payroll, postal address and date of birth. Where we provide information to you for your employer we will hold that information.
Website data: When you register with one of our internet sites (the Site) you will provide your personal information and agree to our terms and conditions which incorporate this policy. The data will be processed, stored and used by Let’s Connect in accordance with this policy.
When you first register on the Site, we ask for some basic personal data. This will include your date of birth and postcode when receiving an email invite, those registering on the site will also need to provide their payroll number. The Site will also ask you to provide an email address, as well as other personal information. You may provide additional information when you choose to make a purchase from or accessing a service on the Site including payment details. Other personal information about you is optional for you to provide during registration and this is clearly shown.
Face to face sales data: When you meet with a member of the sales team at a roadshow or other event they may collect personal information from you, at which point you agree that they may access the information held by Let’s Connect which either you or your employer has provided. The information will include your name, date of birth, details of your employment and of any products you have with us.
How we use and disclosure personal information
We and third parties may use your personal data provided to the Site or via face to face sales for purposes which may include:
Where we process your data, it is subject to our strict internal policy requirements as well as the Data Protection regulations.
Where we have personal information which you have consented for us to use we will hold it for the period the consent remains in force and any other period we need for regulatory or other legal reasons. You may remove your consent at any time.
You are also able to withdraw any consent you have provided for use to use your data at any time. This is opting out and the process is set out below.
Legitimate Interest
Legitimate interests that may be identified during the course of the relationship with you with regards to processing personal information to certain business-related activities and for administrative or operational purposes. In such cases, processing of personal data can be justified on grounds of legitimate interest.
Individuals are free to opt out or change their contact preferences at any time.
You can opt out by unsubscribing from the benefits communication you receive or alternatively within your account on the Site under “Me”
The Sites contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies (and any terms of use) before you submit any personal data to these websites. If you choose to follow a link to a website we may provide some information to the site to allow them to identify you. The site will require you to consent to their processing this data.
Some data processing may occur in other parts of the European Union (“EU”) or outside of the EU. Wherever data is processed your rights under the Data Protection Regulations will be met and we will ensure that any agreement to process your data ensures this and give you rights in the unlikely event of any security breach.
When you visit the Sites we may store some information (commonly known as a “cookie”) on your computer. Cookies are pieces of information that a Site transfers to your hard drive to store and sometimes track information about you. Cookies are specific to the server that created them and cannot be accessed by other servers, which means that they cannot be used to track your movements around the web. Passwords are not stored in cookies.
You can block or erase cookies from your computer if you want to (your browser’s help screen or manual should tell you how to do this), but if you chose to do so you will not be able to access most parts of the Site which are reliant on the use of cookies to operate correctly and will not work if you set your browser not to accept cookies.
Cookies on the www.hapibenefits.com do the following:
Permit integration with social media sites (such as the ability to “like” hapi on Twitter).
Provide you with recommended offers, based on your use of hapi and the transactions you enter into through it.
The card data will be transferred to, and stored at, secure third party destinations to provide those services which involve processing card information on our behalf, to ensure successful transactions. All data is stored in an encrypted format and can only be accessed when you place an order using your required details which links a match.
Partners Privacy (If ‘Partner Invite’ is made available)
All the above information applies to the partners site, with the following exception: No partners data is given to us by the employees employer. At point of invite, the employee will enter their partner’s title, name, email address and confirmation they live at the same address. If the partner chooses to decline the invite, all data will be automatically removed from our system.
Or write to us at:
The Data Officer (Let’s Connect IT Solutions Limited) John Ormond House 899 Silbury Boulevard Central Milton Keynes MK9 3XL Telephone 0333 400 0844 Fax 01908 201711