Privacy Notice for End Customers

Last Updated: July 2021



Direct Healthline Limited are specialist Health Benefits Intermediaries offering products of more than one insurer and act on behalf of Private and Company Clients in arranging insurance cover.  Our Services include identifying your insurance needs, outlining costs, arranging your insurance cover with insurers to meet your requirements and processing renewals.  We provide on-going administrative and claims support.  We are authorised and regulated by the Financial Conduct Authority (FCA) (Firm Reference No. 309495).

Direct Healthline Limited (“Direct Healthline”, “we, “our”) is committed to protecting the privacy and security of the personal data we collect about users of our services (“you”, “your”). Any personal data that we hold about you will be stored and held securely by us on our computer systems.

Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at

It is important that you revisit this privacy notice regularly, as we may change the content to reflect how we deliver our products and services.  A full copy of our privacy notice is set out below, which provides more information about how we collect and process your personal data.

Personal data we collect

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK GDPR. We are also subject to the EU GDPR in relation to the services we offer to individuals in the EU. When you provide information to us as part of an online form or as part of our services, we may collect, for example, your:

  • name

  • email address

  • phone number

  • IP address

  • date of birth

  • gender

  • marital status

  • address

  • nationality

  • medical history

  • a copy of your passport

  • details of your dependants

  • any other information provided by you in the course of a request or enquiry

How your personal data is collected

We will only collect this personal data directly from you—in person,  by email, telephone, online form and/or via our website, or from your employer in respect of Company paid schemes.

For more information about the personal data we collect from your use of our website, please see our Cookies Policy.

Purposes for which we use personal data and the legal basis

When providing services to you, we may use your personal data for the following purposes and on the following lawful bases:


Lawful Basis for Processing

Providing our services including quotations, placing business, renewals, ongoing enquiries and claims management.

Performance of contract between you, (or your employer for Company schemes) and Direct Healthline.

To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.

Performance of contract between you, (or your employer for Company schemes) and Direct Healthline.

Providing and generally dealing with your enquiries and requests prior to contracting with us.

We have a legitimate interest, and we have balanced this against your rights as an individual.

To gather analytics information that allows us to improve our services and your browsing experience.

We have a legitimate interest, and we have balanced this against your rights as an individual.

To comply with any legal obligations we may have.

Direct Healthline is required to process your personal data for various legal and regulatory purpose. For example:

• to retain information for a specified amount of time;

• to conduct mandatory searches such as AML and  Sanctions checks; and

• to disclose and exchange certain information with law enforcement agencies and regulatory bodies to comply with our legal obligations.


To monitor the usage of our services.

We have a legitimate interest, and we have balanced this against your rights as an individual.


To detect, prevent and address technical issues.

We have a legitimate interest, and we have balanced this against your rights as an individual.


Providing information about products and services that we think are likely to be of interest to you.

We have a legitimate interest, and we have balanced this against your rights as an individual.


Where may also rely on your consent for some of our marketing activity.


Where personal data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.


Company Clients, who provide Employee Personal Data to us in order for us to provide the above Services, will need to act as a data controller and to determine the Lawful Basis in relation to their own respective processing.  As such it is the responsibility of Company Clients to notify Employees and any Family Dependants about our Privacy Policy and the use of any personal information that is provided to us for processing. 

In order to provide our Services, Insurers and Benefit Providers will receive Individual Private Client and Company Employee Personal Data that has been collected by or provided to us.  They will also act as independent Controllers and will be responsible for processing the data in accordance with the GDPR. They will have their own Privacy Notices and documentation setting out how and why they process this Personal Data.


Sharing your data

For some business activities we share your personal data with our vendors and third-party service providers, for instance, to provide our e-mail marketing services or when we gather quotations on your behalf.

We will only share your personal data outside the UK, European Union (“EU”) or European Economic Area (“EEA”) if it becomes necessary for the purposes of providing our services to you. When we do so, we will only share it with organisations in countries benefiting from an adequacy decision or on the basis of Standard Contractual Clauses approved by the European Commission, and recognised in the UK, which contractually oblige the recipient to process and protect your personal data to the standard expected within the UK and EU/EEA.

Personal data may also be shared with government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim.

How long we keep your data

We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.

At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.

How we protect your data

We implement appropriate technical and organisational measures to protect data that we process from unauthorised disclosure, use, alteration or destruction. 

Your rights and options

You have the following rights in respect of your personal data:

  • You have the right of access to your personal data and can request copies of it and information about our processing of it.

  • If the personal data we hold about you in incorrect or incomplete, you can ask us to rectify or add to it.

  • Where we are using your personal data with your consent, you can withdraw your consent at any time.

  • Where we are using your personal because it is in our legitimate interests to do so, you can object to us using it this way.

  • Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.

  • You can ask us to restrict the use of your personal data if:

    • It is not accurate.

    • It has been used unlawfully but you do not want us to delete it.

    • We do not need it anymore, but you want us to keep it for use in legal claims; or

    • if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.

  • In some circumstances you can compel us to erase your personal data

  • You can request a machine-readable copy of your personal data to transfer to another service provider.

  • You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, please contact us at

You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at:

Contact us

If you have any questions, or wish to exercise any of your rights, then you can contact us at:


Direct Healthline Limited

Gospel Oak Farm






Alternatively, you can email us at