This is the privacy notice of HSF health plan Limited. In this document, “we”, “our”, or “us” refers to HSF health plan Limited.
We are company number 30869 and 904935 registered in England, Wales & Ireland.
Our registered offices are at 24 Upper Ground, London, SE1 9PD and 5 Westgate Business Park, Kilrush Road, Ennis, Co Clare Ireland.
HSF health plan Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority in the UK, with the Department of Health and Children and The Health Insurance Authority in Ireland. Founded 1873 Incorporated 1890.
We are the trading company of The Hospital Saturday Fund, a Registered Charity in the UK No 1123381 and in Ireland Registered Charity No 20104528.


This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not inadvertently fall into the hands of a third party.
We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
Our policy complies with the EU General Data Protection Regulation (GDPR).
The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data.

Data Privacy Policy

What is GDPR?

The General Data Protection Regulation (GDPR) is a new EU regulation. This new piece of legislation will replace the existing Data Protection Act 1998 and will place a greater accountability on organisations when using personal information and in turn give customers new rights. The GDPR applies to all organisations that offer products or services to customers that reside in the EU as well as those that collect data from customers based in the EU. Despite the UK planning to leave the EU, all UK companies still have to comply with the GPDR.

What does this mean to you?

There is no action required, but there are a few changes you should be aware of.
Under the GDPR, we have a legal duty to protect any information we collect from you. We use leading technologies to safeguard your data, and keep strict security standards to prevent any unauthorised access to it. Upon the demonstration of satisfactory identification evidence, you may request a copy of the information we hold about you.

What information do we collect?
Health Cash Plan Applications

If you make an application for a Health Cash Plan. We collect three types of information: your personal details (including those of your partner and any dependants), your medical details (including those of your partner and any dependants) and payment details.

Personal details

The personal details we collect are: your personal and contact details including name, address, date of birth, company name and address (if applicable), email address and telephone numbers. We also collect the name and date of birth of your partner (if applicable) and any dependants (if applicable).

Medical details

The medical details we collect are: any conditions or illness you, your partner and any dependants may have had (or have) and the date any of the symptoms began. The medical details we collect are: any conditions or illness you, your partner and any dependants may have had (or have) and the date any symptoms began.

A copy of this information is kept securely by HSF health plan and our technology suppliers, Microsoft Azure.

Payment details

The payment details we collect are Direct Debit or Credit Card information. Direct Debit or Credit Card information will be used for automatic payments to be made from the account you provide. A copy of this information is kept securely by HSF health plan (and temporarily by our technology suppliers Microsoft Azure).

Information about your Direct Debit

When you agree to set up a Direct Debit arrangement, the information you give to us is passed to our own bank HSBC UK and Ulster Bank Ireland for processing according to our instructions. We do keep a copy.

Site usage information – Log files and Google Analytics

This website uses log files and Google Analytics to track visits to the website in order to inform changes to the layout of the site and to the information on it, based on the way that visitors move around it.

Log files do not contain any personal information but may record the IP address, the type of web browser and operating system used during a visit to the website. This information will be kept securely on computer by Microsoft Azure, the technology providers for the website.

Google Analytics is a web analytics service provided by Google, Inc. Google Analytics uses cookies to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) and will be transmitted to and stored by Google on servers in the United States.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.


Throughout our website, we have a LinkedIn Insights tag which collects user data matching it up with LinkedIn data and serving relevant ads when possible through the social platform. The cookie lasts for 90 days and collects relevant information needed to serve ads such as user and IP address. To opt out or see more information about the settings go to the following link;


Throughout our website, we have Facebook cookies to track users coming from our Facebook channels or ads. The purpose of this information is to track user behaviour and acquisition data as well as the performance of ads and potential to deliver ads. You are able to opt-out here; To read more about Facebook cookies go to the following link;


Throughout our website, we have a Twitter pixel which collects user data matching it up with Twitter data and serving relevant ads when possible throughout the Twitter social platform, no personal information is collected. The cookie lasts for 30 days. To opt-out or see more information about the settings go to the following link; You can find further information on data protection at Twitter and Twitter advertising here; Twitter does also support the “Do Not Track” option. You can activate this here;


YouTube cookies may be stored into your browser once you have viewed videos that are embedded across our website. This is to collect data such as length of video watched etc. YouTube won’t store information about our visitors unless they play the video. For more information on managing your privacy across the platform please go to;

External links is not responsible for the content of external internet sites.

Sending a message to our support team

When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.

We record your request and our reply in order to increase the efficiency of our business.

How we use your information and the legal basis

When you make an application for a Health Cash Plan or otherwise agree to our terms and conditions, a contract is formed between you and us.

In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.

We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.

Additionally, we may aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, you as an individual will not be personally identifiable

Who we share your information with

HSF health plan may share your data with regulatory bodies when it is a legal requirement to do so for the purpose of monitoring and enforcing compliances;

We may also share aspects of your information on occasions with organisation to enable continuity of service, these include:

How long we hold your data for?

Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:

Where is your information stored?

All of your data is located in the EU.

Implications of not providing data

If you do not provide information we may not be able to:

We will tell you when we ask for information which is not a contractual requirement or is not needed to comply with our legal obligations.

How to exercise your information rights including the right to object

Access to your Data

You have the right to request a copy of all information about you held by HSF health plan.

Please note that we are not obliged to take proactive steps to discover that a subject access has been made. If HSF health plan cannot view a subject access request without paying a fee or signing up to a service we will not respond to the request.

Data Portability

You have the right to exercise your right to data portability in certain circumstances.

What if you want us to stop using your personal information?

You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. Please note our policy is to only keep personal information for as long as is reasonably required for the purpose(s) for which it was collected. We are required to keep certain transactional records – which does include personal information – for more extended periods to meet legal, regulatory, tax or accounting needs. We are also required to retain an accurate record of dealings with us for at least six years after your last interaction with us, so we can respond to any complaints or challenges you or others might raise later.

We may sometimes be able to restrict the use of your data. This means that it can only be used for certain things, if this is the case we would not use or share your information in other ways whilst it is restricted. You can ask us to restrict the use of your personal information if:

If you wish to exercise any of your above right you can do so by contacting the Data Protection Officer.

Verification of your information

When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.

Right to complain

Should you not be happy with the way we handle your personal data, you have the right to complain. You can do so by contacting the Data Protection Officer.

If your complaint reasonably requires us to contact a third party, we may decide to give to that third party some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.

You also have a right to lodge a complaint with the supervisory:

Ireland: Data Protection Commissioner

UK: Information Commissioner Office

Data Protection Officer contact details

HSF health plan.
24 Upper Ground,
London SE1 9PD.

Other Information

Use of information we collect through automated systems when you visit our website


Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.

Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.

Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.

Our website uses cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use.

When you first visit our website, we ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose.

If you choose not to use cookies or you prevent their use through your browser settings, you will not be able to use all the functionality of our website.

We use cookies in the following ways:

Personal identifiers from your browsing activity

Requests by your web browser to our servers for web pages and other content on our website are recorded.

We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution. We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.

If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.

Information we obtain from third parties

Although we do not disclose your personal information to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal information from third parties whose services we use.

No such information is personally identifiable to you.

Encryption of data sent between us

We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.

Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.

Compliance with the law

Our privacy policy has been compiled so as to comply with the law of every country or legal jurisdiction in which we aim to do business. If you think it fails to satisfy the law of your jurisdiction, we should like to hear from you.

However, ultimately it is your choice as to whether you wish to use our website.

Review of this privacy policy

We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.

If you have any questions regarding our privacy policy, please contact us.

Last updated April 2020.