Select your country

HSF health plan privacy policy

This is the privacy notice of HSF health plan Limited. In this document, “we”, “our”, or “us” refers to HSF health plan Limited.
We are company number 30869 and our registered offices are at 24 Upper Ground, London, SE1 9PD. In Ireland our company number is 904935 and the registered office is at 5 Westgate Business Park, Kilrush Road, Ennis, Co Clare Ireland.

We are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority in the UK. In Ireland we are regulated by the Central Bank of Ireland for Code of Conduct business rules, with the Department of Health and Children and The Health Insurance Authority in Ireland. Founded 1873 Incorporated 1890.We are the trading company of The Hospital Saturday Fund, a Registered Charity in the UK No 1123381 and in Ireland Registered Charity No 20104528.


This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.

We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not inadvertently fall into the hands of a third party.

We undertake to preserve the confidentiality of all information you provide to us and hope that you reciprocate.

Our policy complies with the EU General Data Protection Regulation (GDPR). The law requires us to tell you about your rights and our obligations to you regarding the processing and control of your personal data.

Data Privacy Policy

What information do we collect?

If you make an application for a Health Cash Plan. We collect three types of information: your personal details (including those of your partner and any dependants), your medical details (including those of your partner and any dependants) and payment details.

Personal details

The personal details we collect are: your personal and contact details including name, address, date of birth, company name and address (if applicable), email address and telephone numbers. We also collect the name and date of birth of your partner (if applicable) and any dependants (if applicable).

Medical details

The medical details we collect are: any conditions or illness you, your partner and any dependants may have had (or have) and the date any of the symptoms began.
A copy of this information is kept securely by us and our technology suppliers.

Payment details

The payment details we collect are Direct Debit or Credit Card information. Direct Debit or Credit Card information will be used for automatic payments to be made from the account you provide. A copy of this information is kept securely by us (and temporarily by our technology suppliers).

Information about your Direct Debit

When you agree to set up a Direct Debit arrangement, the information you give to us is passed to our own bank for processing according to our instructions. We do keep a copy.

Sending a message to our support team

When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.
We record your request and our reply in order to increase the efficiency of our business.

How we use your information and the legal basis

When you make an application for a Health Cash Plan or otherwise agree to our terms and conditions, a contract is formed between you and us.​In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.

We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter a legal contract.Additionally, we may aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, we would have a genuine and legitimate reason and we are not harming any of your rights and interests.

The following are some examples of when and why we would use this approach:

When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Who do we share your information with?

In order to provide you with our services, we may share your data with third parties and other organisations within our group or other organisations to enable continuity of service, such as;

Site usage information – Log files and Matomo Analytics

This website uses log files and Matomo Analytics to track visits to the website in order to inform changes to the layout of the site and to the information on it, based on the way that visitors move around it. Log files do not contain any personal information but may record the IP address, the type of web browser and the operating system used during a visit to the website. Matomo subprocessor is stored in secure infrastructure for servers, databases and logs hosted in Paris, France.

Matomo is an open-source project brought to you by the Matomo team members as well as many other contributors around the globe. Matomo operates tracking methods such as counting the number of unique IP addresses or browser fingerprinting to identify users. Matomo does not use third-party cookies and all first-party cookies have been disabled.

You can opt out of being tracked by our Matomo Analytics below:

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

We may also share your data with regulatory bodies when it is a legal requirement to do so for the purpose of monitoring and enforcing compliances such as;

Your data outside Europe

The disclosure of personal information to the affiliates and other third parties set out above may involve the transfer of data outside the EEA. We have put in place the Standard Contractual Clauses approved by the European Union Commission for such transfers of personal data.  To find out more about how your personal data is protected when it is transferred outside the EEA, please contact our Data Protection Officer.

How long we hold your data?

Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:

Implications of not providing data

If you do not provide information, we may not be able to:

We will tell you when we ask for information which is not a contractual requirement or is not needed to comply with our legal obligations.

Your rights

Right to be informed:

We will always be transparent in the way we use your personal data. You will be fully informed about the processing through relevant privacy notices.

Right to Access

You have the right to request a copy of all information about you held by us.
Please note that we are not obliged to take proactive steps to discover that a subject access has been made. If we cannot view a subject access request without paying a fee or signing up to a service, we will not respond to the request.

Data Portability

You have the right to exercise your right to data portability in certain circumstances.

Right to Object or to Restrict Processing

You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. Please note our policy is to only keep personal information for as long as is reasonably required for the purpose(s) for which it was collected. We are required to keep certain transactional records – which does include personal information – for more extended periods to meet legal, regulatory, tax or accounting needs. We are also required to retain an accurate record of dealings with us for at least six years after your last interaction with us, so we can respond to any complaints or challenges you or others might raise later.

We may sometimes be able to restrict the use of your data. This means that it can only be used for certain things, if this is the case we would not use or share your information in other ways whilst it is restricted. You can ask us to restrict the use of your personal information if:

Right to Rectification

We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them.

When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.

Right to Erasure

You have the right to have your data ‘erased’ in the following situations:

Please note that each request will be reviewed on a case by case basis and where we have a lawful reason to retain the data or where exceptions exist within our retention policy, then it may not be erased.
If you wish to exercise any of your above right, you can do so by contacting the Data Protection Officer.

Right to Complain.

Should you not be happy with the way we handle your personal data, you have the right to complain. You can do so by contacting the Data Protection Officer.

If your complaint reasonably requires us to contact a third party, we may decide to give to that third party some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.

​You also have a right to lodge a complaint with the supervisory:

Ireland: Data Protection Commissioner

UK: Information Commissioner Office​

Data Protection Officer contact details

HSF health plan.
24 Upper Ground,
London SE1 9PD.

Other Information:

Information we obtain from third parties

Although we do not disclose your personal information to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal information from third parties whose services we use.

No such information is personally identifiable to you.

Compliance with the law

Our privacy policy has been compiled so as to comply with the law of every country or legal jurisdiction in which we aim to do business. If you think it fails to satisfy the law of your jurisdiction, we should like to hear from you.

However, ultimately it is your choice as to whether you wish to use our website.

​Review of this privacy policy

We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.

​If you have any questions regarding our privacy policy, please contact us.

Last updated December 2020.