Privacy Policy

Direct Healthline Limited are specialist Health Benefits Intermediaries offering products of more than one insurer and act on behalf of Private and Company Clients in arranging insurance cover. Our Services include identifying your insurance needs, outlining costs, arranging your insurance cover with insurers to meet your requirements and processing renewals. We provide on-going administrative and claims support. We are authorised and regulated by the Financial Conduct Authority (FCA) (Firm Reference No. 309495).

We are committed to protecting and respecting the privacy of Individuals. Under the General Data Protection Regulation (GDPR) we are required to provide information about what Personal Data we collect and hold and how we use it. This Policy sets out the basis on how we will process any Personal Data that is provided to us in the course of providing the above Services to our Clients.

The Purpose for Processing Personal Data

In order to be able to effectively provide the above Services and meet our obligations under FCA regulatory guidelines, we need to process the Personal Data of Individual Private Clients who make an enquiry about or are enrolled under an insurance policy. We also process the Personal Data of Individuals who are Employees of our Company Clients. This Privacy Notice applies to any Individual whose Personal Data we process in the course of providing our Services.

What is the Lawful Basis for Processing Personal Data

The Lawful Basis for processing any Personal Data received or collected by us is for our Legitimate Interest in:

  • Ensuring that the Services we provide are appropriate to our Client’s requirements

  • Providing advice on and setting up Health Benefits

  • Maintaining accurate transaction records

  • Managing our business in an efficient way

  • Complying with our legal and regulatory obligations

Company Clients, who provide Employee Personal Data to us in order for us to provide the above Services, will need to act as an independent Controller and to determine the Lawful Basis in relation to their own respective processing. As such it is the responsibility of Company Clients to notify Employees and any Family Dependants about our Privacy Policy and the use of any personal information that is provided to us for processing.

In order to provide our Services, Insurers and Benefit Providers will receive Individual Private Client and Company Employee Personal Data that has been collected by or provided to us. They will also act as independent Controllers and will be responsible for processing the data in accordance with the GDPR. They will have their own Privacy Notices and documentation setting out how and why they process this Personal Data.

What Personal Data Do We Collect

Personal Data is information that relates to an identifiable individual – either a Private Client or a Company Employee and any family members to be covered under a policy. We only collect and process Personal Data that is relevant to the provision of the Services that we offer. This may be provided to us verbally, by post or e-mail and by completing Application Forms. See Appendix 1 for a list of the Personal Data that we process in a way that is compatible with and relevant to the Lawful Basis outlined above.

How Will We Use this Personal Data

We will only use Personal Data to:

  • Conduct due diligence

  • Provide our Services (including providing quotations and arranging or renewing policies)

  • Perform administrative activities in connection with the provision of our Services

  • Notify Clients about changes to our Service

  • Monitor or prevent fraud

  • Exercise, defend or protect our legal rights or the rights of our Clients

  • Comply with legal, professional and contractual obligations

  • Co-operate with Regulatory bodies

We do not sell personal information to third parties or use Personal Data for marketing purposes. We will only use information provided to us in ways we are allowed to by law and in accordance with GDPR guidelines. This includes only collecting as much relevant information as we need in order to provide the Services requested from us. Should we plan to use Personal Data for a new purpose, we will update our Privacy Policy and communicate the changes to our Clients before starting any new processing.

Who We Share Personal Data With

We may disclose relevant Personal Data to third parties such as Insurers, Benefit Providers, Company Clients and Intermediary or Business Partners for the purposes of providing our Services and fulfilling our contractual or regulatory obligations. We will request consent to process certain information, such as claims or medical information, when it is necessary to do so.

We may also provide Personal Data to other relevant agencies for the purpose of preventing or investigating fraud.

If Direct Healthline Limited or substantially all of its assets are acquired by a third party, Personal Data held about our Clients will be one of the transferred assets.

How We Protect Personal Data

We have implemented appropriate technical and organisational measures to protect the Relevant Personal Data in our possession against unauthorised or unlawful processing and against accidental loss, misuse, unauthorised access, destruction, damage, alteration or disclosure in accordance with Data Protection Regulations. We evaluate these measures on a regular basis to ensure the security of the processing.

Access to Personal Data and Correction

We want to make sure that your personal information is accurate and up to date. We collect relevant Personal Data when you register with us, when you contact us with any change in circumstances and again at a policy renewal. You have the right to request the information that we hold about you. If you would like a copy of this, please email or write to us at the below address. You can ask us to correct or remove information you think is inaccurate. If you fail to provide relevant information to us, or request that any Personal Data we already hold is erased or restricted, this may affect the Services that we provide and our ability to manage them.

Data Retention Periods

We will only retain Personal Data for as long as necessary in order to fulfil the Purpose for which it was collected, as set out in this Privacy Notice, and for as long as we are required to keep it by law or regulatory requirements and for record keeping or auditing purposes.Changes to Our Privacy Policy

We will keep our Privacy Policy under regular review. Any revised versions will be provided to our Clients so that they have the opportunity to exercise their rights to object to any further processing of Personal Data.

The Right to Complain

We are committed to working to resolve any complaint or concern about privacy. If you feel that we have not been able to assist with this, you have the right to make a complaint to the Information Commissioner’s Office at

How to Contact Us

Please contact us if you have any questions about our Privacy Policy or information we hold about you. Richard Skeates is our designated contact for Data Protection Compliance and can be contacted as follows:



T. 00 44 (0) 1666 860086






A. Direct Healthline Limited, Gospel Oak Farm, Braydon, Swindon, Wiltshire, SN5 0AD