This document is intended to explain to you in simple terms why we need to collect your Personal Data, how we use it and store it, who has access to it, and a précis of your rights under the Data Protection Act 1998 and the European Union General Data Protection Regulation (GDPR) 2018.

In order for us to provide you with our services, we need you to please read this document and confirm your understanding by signing the declaration.

1. Why We Need to Collect Your Personal Data

Victoria Healthcare has a legal and compliance requirement to know its clients by collecting relevant and accurate personal information. This personal data is used to assess the client’s circumstances, needs and requirements and then to make an objective recommendation.

When employing our services, you are freely consenting to providing this personal data to be held indefinitely. The data you provide must be true and accurate.

Victoria Healthcare does not need your consent to process this personal data because of its legal and compliance requirements under the following sections of the GDPR 2018.

Lawfulness of Processing Conditions

  • 6 (1b) - Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
  • 6 (1c) - Processing is necessary for compliance with a legal obligation.
  • 6 (1d) - Processing is necessary to protect the vital interests of a data subject or another person.
  • 6 (1e) - Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • 6 (1f) - Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Conditions for Special Categories of Data

  • 9 (2c) - Processing is necessary to protect the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent.
  • 9 (2e) - Processing relates to personal data manifestly made public by the data subject.
  • 9 (2f) - Processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity.

2. How We Use Your Data and Store It

Your personal data will be maintained on secure computer records indefinitely and will not be disclosed to other parties except other businesses within the same group, third parties providing accounts for clients, third parties to whom clients have given expressed authority for Victoria Healthcare to discuss their personal details with, representatives of Victoria Healthcare’s compliance advisers, Victoria Healthcare’s auditors, and any organisation requiring access to such information for regulatory purposes only, or any person having a legal entitlement to access.

We are required to maintain accurate and relevant information indefinitely and may occasionally ask you for updates and confirmation.

3. Your Basic Rights

It is our understanding that under the Data Protection Act 1998 and the European Union General Data Protection Regulation (GDPR) 2018 the following basic rights are included: -

  • You have the right to access your personal data (free of charge unless your request is manifestly unfounded, excessive or repetitive).
  • You have the right to expect that your personal data is accurately maintained and protected.
  • You will have the right to request that personal data is “ported” to a third party of your choice.
  • You may refuse to provide updated information but this could affect the relevance and effectiveness of earlier or ongoing advice.
  • The right to object.

When does the right to object apply?

Individuals have the right to object to:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • direct marketing (including profiling);
  • processing for purposes of scientific/historical research and statistics.

Please note that because of our legal obligations you will not be able to request that we delete your personal data. If you cease to be our client we indefinitely store your data for legal and compliance purposes only. This will not affect any of your other rights under the DPA (1998) and the GDPR (2018).

If you think your data has been misused or not kept secure, you should initially contact our Data Controller (see below). If you're unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO).

Our Contact Details

Click here to view our contact details.


Our panel of insurers