Privacy Policy

TachMed privacy policy

Information about TachMed

In this privacy notice, ‘we’, ‘us’ and ‘our’ mean TachMed. For our contact details, click here.

Depending on which of our products and services you ask us about, buy or use, different companies within our organisation will process your information.

Scope of our privacy notice

This privacy notice applies to anyone who interacts with us about our products and services (‘you’, ‘your’), in any way (for example, by email, through our website, by phone, through our app). We will give you further privacy information if necessary for specific contact methods or in relation to specific products or services.

This privacy notice applies to you if you ask us about, buy or use our products and services. It describes how we handle your information, regardless of the way you contact us (for example, by email, through our website, by phone, through our app and so on). We will provide you with further information or notices if necessary, depending on the way we interact with each other, for example if you use our apps we may give you privacy notices which apply just to a particular type of information which we collected through that app.

If you have any questions about this, please contact us at [ dataprivacy@tachmed.com ].

How we collect personal information

We collect personal information from you through your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our websites, by correspondence you send us in the post, by your filling in application or other forms, through social media or face-to-face (including, but not limited to, in medical consultations).

For all our customers, we may collect information from:

  • your parent or guardian, if you are under 18 years old;
  • a family member, or someone else acting on your behalf;
  • doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
  • any service providers who work with us in relation to your product or service, if we don’t provide it to you direct, such as providing you with apps, medical treatment, dental treatment or health assessments;
  • organisations, such as CACI or Binleys, who carry out customer-satisfaction surveys or market research on our behalf, or who provide us with statistics and other information (for example, about your interests, purchases and type of household) to help us to improve our products and services;
  • fraud-detection and credit-reference agencies; and
  • sources which are available to the public, such as the edited electoral register or social media.

Categories of personal information

We process two categories of personal information about you and (where this applies) your dependants:

  • standard personal information (for example, information we use to contact you, identify you or manage our relationship with you); and
  • special categories of information (for example, health information, information about your race, ethnic origin and religion that allows us to tailor your treatment, and information about crime in connection with checks against fraud or anti-money-laundering registers).

For more information about these categories of information, see below.

Standard personal information includes:

  • contact information, such as your name, username, address, email address and phone numbers;
  • the country you live in, your age, your date of birth and national identifiers (such as your National Insurance number or passport number);
  • information about your employment;
  • details of any contact we have had with you, such as any complaints or incidents;
  • financial details, such as details about your payments and your bank details;
  • the results of any credit or any anti-fraud checks we have made on you;
  • information about how you use our products and services, such as insurance claims; and
  • information about how you use our website, apps or other technology, including IP addresses or other device information.

Special category information includes:

  • information about your physical or mental health, including genetic information or biometric information (we may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as information about complaints or incidents, and referrals from your existing insurance provider, quotes and records of medical services you have received);
  • information about your race, ethnic origin and religion (we may get this information from your medical or care-home preferences to allow us to provide care that is tailored to your needs); and
  • information about any criminal convictions and offences (we may get this information when carrying out anti-fraud or anti-money-laundering checks, or other background screening activity.

What we use your personal information for

We process your personal information for the purposes set out in this privacy notice. We have also set out some legal reasons why we may process your personal information (these depend on what category of personal information we are processing). We normally process standard personal information if this is necessary to provide the services set out in a contract, it is in our or a third party’s legitimate interests or it is required or allowed by any law that applies. Please see below for more information about this and the reasons why we may need to process special category information.

By law, we must have a lawful reason for processing your personal information. We process standard personal information about you if this is:

  • necessary to provide the terms and conditions  set out in our grant agreement  − if we have an agreement  with you, we will process your personal information in order to fulfil that contract (that is, to provide you and your dependants with our funding);
  • in our or a third party’s legitimate interests − details of those legitimate interests are set out in more detail below;
  • required or allowed by law.

Legitimate Interest

We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing, to help us improve our services and products, and in order to exercise our rights or handle claims. More detailed information about our legitimate interests is set out below.

Legitimate interest is one of the legal reasons why we may process your personal information. Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:

  • to manage our relationship with you, our business and third parties who provide products or services for us (for example, to check that you have received a service that you’re covered for, to validate invoices and so on);
  • to keep our records up to date and to provide you with marketing as allowed by law;
  • to develop and carry out marketing activities and to show you information that is of interest to you, based on our understanding of your preferences (we combine information you give us with information we receive about you from third parties to help us understand you better);
  • for statistical research and analysis so that we can monitor and improve products, services, websites and apps, or develop new ones;
  • to contact you about market research we are carrying out;
  • to monitor how well we are meeting our clinical and non-clinical performance expectations in the case of health-care providers;
  • to enforce or apply our website terms of use, our policy terms and conditions or other contracts, or to protect our (or our customers’ or other people’s) rights, property or safety;
  • to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with; and
  • to take part in, or be the subject of, any sale, purchase, merger or takeover of all or part of the business.

Marketing preferences

We may use your personal information to send you marketing by post, by phone, through social media, by email and by text.

We can only use your personal information to send you marketing material if we have your permission or a legitimate interest as described above.

If you don’t want to receive emails from us, you can click on the ‘unsubscribe’ link that appears in all emails we send. If you don’t want to receive texts from us you can tell us by contacting us at any time. Otherwise, you can always contact us to update your contact preferences.

You have the right to object to direct marketing and profiling (the automated processing of your information to help us evaluate certain things about you, for example, your personal preferences and your interests) relating to direct marketing.

Sharing your information

We sometimes need to share your information with other people or organisations for the purposes set out in this privacy notice.

For all our contacts, we share your information with:

  • people or organisations we have to, or are allowed to, share your personal information with by law (for example, for fraud prevention or safeguarding purposes including with the Charity Commission or auditors);
  • the police and other law enforcement agencies to help them perform their duties, or with others if we have to do this by law or under a court order.

Transferring information outside the European Economic Area

We may transfer your personal information to countries outside the EEA (the EU member states plus Norway, Liechtenstein and Iceland) for the purposes set out in this privacy notice. Not all countries outside the EEA have data-protection laws that are similar to those in the EEA and if so, the European Commission may not consider those countries as providing an adequate level of data protection.

We take steps to make sure that, when we transfer your personal information to another country, appropriate protection is in place, in line with data-protection laws. Often, this protection is set out under a contract with the organisation who receives that information.

How long we keep your personal information

We keep your personal information in line with set periods calculated using the following criteria.

  • How long you have been a customer with us, the types of products or services you have with us, and when you will stop being our customer.
  • How long it is reasonable to keep records to show we have met the obligations we have to you and by law.
  • Any time limits for making a claim.
  • Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
  • Any relevant proceedings that apply.

If you would like more information about how long we will keep your information for, please contact us at [  dataprivacy@tachmed.com  ].

Your rights

You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer your information you have provided and to withdraw permission you have given us to use your information. You have the following rights (certain exceptions apply).

  • Right of access: the right to make a written request for details of your personal information and a copy of that personal information;
  • Right to rectification: the right to have inaccurate information about you corrected or removed;
  • Right to erasure (‘right to be forgotten’): the right to have certain personal information about you erased;
  • Right to restriction of processing: the right to request that your personal information is only used for restricted purposes;
  • Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests;
  • Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats;
  • Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information.

If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.

In order to exercise your rights please contact [  dataprivacy@tachmed.com  ].

Data protection contacts

If you have any questions, comments, complaints or suggestions in relation to this notice, or any other concerns about the way in which we process information about you, please contact our Data Protection Officer and Privacy Team at [  dataprivacy@tachmed.com  ].

You also have a right to make a complaint to your local privacy supervisory authority. TachMed’s main establishment is in the UK, where the local supervisory authority is the Information Commissioner:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, United Kingdom
SK9 5AF


Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)