We are committed to protecting your privacy when dealing with information we collect. This Privacy Notice describes the commitment by Bupa Insurance Company and its subsidiaries, affiliates, and related group of companies in Latin America (see Annex 1 below for a listing of the names and domiciles of the companies who act as data controllers in each Country - collectively “Bupa” “we” or “our”) to your privacy.
Please read this Privacy Notice carefully so you can make an informed decision about your use of this Site and other Bupa products and services. If you have questions or comments relating to Bupa or this notice, please see the “Questions and Comments” section below.
HIPAA Notice of Privacy Practices: To read more about our privacy practices specifically regarding health and medical information under the Health Insurance Portability and Accountability Act (“HIPAA”), visit our HIPAA Notice of Privacy Practices.
This privacy notice applies to anyone who interacts with us in relation to our products and services (“you”) in any way (for example, through our websites, live chat features, email, phone, or purchase of our products). This Privacy Notice provides details about the information we collect about you (“Personal Information”), how we use it and how we protect it. It also provides information about your rights as an individual in relation to the Personal Information that Bupa collects from you.
We may also provide you with further information and/or privacy notices as necessary, depending on the way we interact with you and the products and services Bupa provides to you. These may also apply to you, for example when you consent to them or where they apply to any Bupa products and services you use.
We collect Personal Information from you and from third parties (anyone acting on your behalf, for example, agents/brokers, health-care providers and so on). Where you provide us with information about other people, you must make sure that they have seen a copy of this privacy notice and are comfortable with you giving us their Personal Information. Bupa will collect and process Personal Information in compliance with applicable laws, and in line with data protection principles as set out in this notice.
Without limitation, we collect Personal Information from you:
through your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through use of our websites or apps, by mail, by filling in application or other forms relating to our products and services, by entering competitions, or through your contact and interaction with us on social media or through surveys we send you.
your parent or guardian, if you are under 18 years old;
a family member, or someone else acting on your behalf;
doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
any service providers who work with us in relation to your product or service, if we don’t provide it to you directly, such as providing you with apps, medical treatment, dental treatment or health assessments;
organizations who carry out customer-satisfaction surveys or market research on our behalf, or who provide us with statistics and other information (for example, about your interests, purchases and type of household) to help us to improve our products and services;
fraud-detection, background screening and credit-reference agencies; and sources which are available to the public.
If we provide you with insurance products and services, we may collect information from:
the main member, if you are a dependent under a family insurance policy;
your employer, if you are covered by an insurance policy your employer has taken out;
brokers and other agents (this may be your broker if you have one, or your employer's broker if they have one);
other third parties we work with, such as agents working on our behalf, other insurers and reinsurers, actuaries, auditors, solicitors, translators and interpreters, tax advisers, debt-collection agencies, credit-reference agencies, fraud-detection agencies (including health-insurance counter-fraud groups), regulators, data-protection supervisory authorities, health-care professionals, other health-care providers and medical-assistance providers.
We process a number of categories of Personal Information about you and (where this applies) your dependents, and may collect, without limitation, the following categories of data:
contact information, such as your name, username, address, email address and phone numbers;
yours and your family members’ or other insured’s nationality, residency, age, date of birth, government issued ID numbers such as passport number, your marital status, sex, height, weight, signature;
data relating to lifestyle, such as frequency of travel, times when you are most likely to need insurance coverage, or other products you may have purchased in the past from Bupa or other companies;
information about your employment;
details of any contact we have had with you, such as any complaints or incidents;
financial details, such as details about your credit card, payments, and bank details such as account numbers and billing addresses;
the results of any credit or any anti-fraud checks we have made on you;
information about how you use our products and services, such as insurance claims;
information about your physical or mental health, including genetic information or biometric information (we may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as information about complaints or incidents, and referrals from your existing insurance provider, quotes and records of medical services you have received), birth of family members, pregnancies or adoptions;
information about your race, ethnic origin and religion (we may get this information from your medical preferences to allow us to provide care that is tailored to your needs);
information about any criminal convictions and offences (we may get this information when carrying out anti-fraud or anti-money-laundering checks, or other background screening activity).
Some of these categories of information are defined as “sensitive” under differing laws and regulations and require special protections. Such sensitive Personal Information you provide us with will be collected only with our having a legal basis to do so, such as your consent. Such Personal Information will be safeguarded under strict administrative, technical and physical security measures, taking care of the integrity and availability of said data and avoiding its damage, loss, alteration, destruction or unauthorized use. Personal Information collected about you will be handled only by authorized personnel and in compliance with applicable laws and regulations to ensure it is appropriately safeguarded and not inappropriately disclosed.
This Site is not designed or intended to attract children 13 years and Bupa is committed to complying with the Children’s Online Privacy Protection Act. We collect information about children under the age of 13 only with consent from the child’s parent or legal guardian. We do not collect any Personal Information directly from any person if we know that such a person is a child under the age of 13. By accessing this site, you represent that you are 13 years of age or older. If you believe we have collected Personal Information from a child under the age of 13 without consent, please contact us at email@example.com or at the contact details below.
We process your Personal Information for the purposes set out in this privacy notice. We have also set out some legal reasons why we may process your Personal Information (these also depend on what category of Personal Information we are processing). We normally process Personal Information if this is necessary to provide the services set out in a contract, it is in our or a third party’s legitimate interests or it is required or allowed by any law that applies. We must have a lawful reason for processing your Personal Information. We process Personal Information about you for the following “primary” purposes if this is:
necessary to provide the services set out in a contract - if we have a contract with you, we will process your Personal Information in order to fulfil that contract (that is, to provide you and your dependents or covered employees with our products and services) and to provide you with information about the benefits of your policy;
necessary for the evaluation of your insurance application, premium quote and risk selection; the underwriting process may use automated decision making to determine insurance policy coverage such as deductibles, inclusions and exclusions, and may also use automated decision making to determine premium rates based on information collected from you;
necessary for management of benefits and coverage contained in your insurance contract with medical providers, and processing of claims for payment of claims and reimbursements;
in our or a third party’s legitimate interests - details of those legitimate interests are set out in the section below and include, as primary purposes of processing, hiring job applicants and processing job applications;
required or allowed by law;
necessary for addressing complaints and queries. ;
necessary for the purposes of provision of health care, medical diagnosis, to provide treatment, or to help manage health-care or social-care systems (including to monitor whether we are meeting expectations relating to our clinical and non-clinical performance);
necessary to establish, make or defend legal claims (for example, claims against us for insurance);
necessary for the purposes of preventing or detecting an unlawful act in circumstances where we must carry out checks without your permission so as not to affect the outcome of those checks (for example, anti-fraud and anti-money-laundering checks or to check other unlawful behavior, or to carry out investigations with other insurers and third parties for the purpose of detecting fraud);
necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behavior (for example, investigations in response to a safeguarding concern, a member's complaint or a regulator telling us about an issue);
in the public interest, in line with any laws that apply; information that you have made public; or
with your permission. As is best practice, we will only ask you for permission to process your Personal Information if there is no other legal reason to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for, and ask you to confirm your choice to give us that permission. If we cannot provide a product or service without your permission we will make this clear when we ask for your permission. If you later withdraw your permission, we may no longer be able to provide you with a product or service that relies on having your permission.
In order to improve the services provided by Bupa, particularly in reference to the design of new products, the quality of existing products, and for the continuous improvement of Bupa, data may be used for the following "secondary” purposes:
developing, marketing and promoting new ranges of products and services, including benefits, discounts or market studies, which may involve: processing anonymized or deidentified data in our statistical databases; preparation of statistical profiles based on subjects with similar characteristics or characteristics; analysis of these statistical profiles, and measurement of the reliability of the statistical profiles created;
supporting research to improve our products, services and operations, including, for example, research in relation to our product pricing. As part of this research we use anonymized information (with all names and other identifying information removed) including aggregated information (combining your de-identified information with that of other individuals) for research or statistical purposes. You cannot be identified from this information and we will only share the information with third parties where we have a legal basis to do so and in line with applicable laws and regulations.
to contact you about market research we are carrying out;
to monitor how well we are meeting our clinical and non-clinical performance expectations in the case of health-care providers.
If you do not want your personal information to be used for secondary purposes as stated above, please contact us at firstname.lastname@example.org or email@example.com for Mexico residents, or alternatively at the contact details provided below.
Taking into account applicable laws as well as your individual interests, rights and freedoms, we may process your Personal Information for a number of legitimate interests (among other legal reasons for processing your Personal Information, such as to fulfil a contractual obligation to you). These legitimate interests may include and not be limited to:
to manage our relationship with you, our business and third parties who provide products or services for us (for example, to check that you have received a service that you’re covered for, to validate invoices and so on);
to provide health-care services on behalf of a third party (for example, your employer);
to make sure that claims are handled efficiently and to investigate complaints (for example, we may ask your treatment provider for information to make sure we receive accurate information and to monitor the quality of your treatment and care);
for statistical research and analysis so that we can monitor and improve products, services, websites and apps, or develop new ones;
to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with; and
to take part in, or be the subject of, any sale, purchase, merger or takeover of all or part of the Bupa business.
We may use your Personal Information to send you marketing through various channels (such as by mail, by phone, through social media, by email or by text), however we only use your Personal Information to send you marketing material if we have your permission or a legitimate interest as described above. If you don’t want to receive direct marketing from us, you have the right to object, for example opting out by clicking on the ‘unsubscribe’ links that appear in emails we send or contacting us at firstname.lastname@example.org to update your contact and marketing preferences.
We share your information within the Bupa Group, with relevant policy holders (including your employer if you are covered under a group scheme), with funders arranging services on your behalf, with people acting on your behalf (for example, brokers and other agents) and with others who help us provide services to you (for example, health-care providers and medical-assistance providers) or who we need information from to allow us to handle or confirm claims or entitlements (for example, professional associations). We also share your information in line with the law. We sometimes need to share your information with other people or organizations for the purposes set out in this privacy notice.
We may share your Personal Information with:
other members of the Bupa Group;
other organizations you belong to, or are professionally associated with, in order to confirm your entitlement to claim discounts on our products and services;
doctors, clinicians and other health-care professionals, hospitals, clinics and other health-care providers;
third parties and commercial partners helping to deliver our products, services or marketing (such as insurance agents, or companies providing the technology and logging for the live chat features of our websites);
people or organizations we must share or are allowed to share your Personal Information with by law (for example, for fraud-prevention or safeguarding purposes);
the police and other law-enforcement agencies to help them perform their duties, or with others if we must do this by law or under a court order;
if we (or any member of the Bupa group) sell or buy any business or assets, the potential buyer or seller of that business or those assets; and
a third party who takes over any or all of the Bupa Group’s assets (in which case Personal Information we hold about our customers or visitors to the website may be one of the assets the third party takes over).
If we provide insurance, we share your information with:
the policy holder or their agent if you are not the main member under an individual policy (we will send them all membership documents and confirmation of how we have dealt with a claim, and all people who are insured on the policy may have access to correspondence and other information we provide through our online portal);
your employer (or their broker or agent) for product or service administration purposes if you are a member or beneficiary under your employer’s group scheme;
your broker or agent (or both);
other third parties we work with to provide our products and services, such as agents working on our behalf, other insurers and reinsurers, actuaries, auditors, solicitors, translators and interpreters, tax advisers, debt-collection agencies, credit-reference agencies, fraud-detection agencies (including health-insurance counter-fraud groups), regulators, data-protection supervisory authorities, health-care professionals, health-care providers and medical-assistance providers; and;
organizations who provide your treatment and other benefits, including travel-assistance services.
If we share your Personal Information, we will make sure appropriate protection is in place to protect your Personal Information in line with data-protection laws.
We deal with many international organizations and use global information systems. In order to provide you with the services and functionality available through this website, and to allow us to process your Personal Information in line with the purposes set out in this Privacy Notice, we may send and store the Personal Information you provide us with in countries outside those from which you reside, and from which you access the Site. This includes the United States of America and other countries.
We are committed to protecting the privacy and security of Personal Information when it is transferred. Where such transfers occur, we take appropriate steps to make sure that, when we transfer your Personal Information to another country, appropriate protection and security is in place, in line with data-protection laws. Often, this protection is set out under a contract with the organization who receives that Personal Information.
By using and accessing our website, users residing or located in countries outside the United States of America agree and consent to the transfer and processing of Personal Information in the United States of America and other countries where we have legal basis to do so. For further details on such transfers and protection of Personal Information, please contact us with the details provided in the below Questions and Contacts section.
Because Bupa respects your privacy and values your trust, the only persons to whom we give access to information about you are those who use it to provide services to you or conduct other activities described in this Privacy Notice.
We use technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of your Personal Information. These safeguards are periodically reviewed, tested, and designed to protect your information from unauthorized access, disclosure, use and modification.
However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. We cannot and do not guarantee that communications to or from the Site, or that data transmitted or stored on or through the Site, are or will be totally secure from loss, misuse or unauthorized access by third parties.
We keep your Personal Information in line with set periods calculated using the following criteria:
How long you have been a customer with us, the types of products or services you have with us, and when you will stop being our customer.
How long it is reasonable to keep records to show we have met the obligations we have to you and by law.
Any time limits for making a claim.
Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
Any relevant proceedings that apply. .
A cookie, also known as a browser cookie, is a text file containing small amounts of information which a server may download to your computer, mobile or tablet when you visit a website or use an app. Cookies reside on your computer and allow us to recognize you if you return to the Site from the same computer and through the same browser, however Bupa cannot identify you from the data that cookies collect; we collect anonymous user preferences and website behaviors only, for marketing purposes. There are different types of cookies which are used to do different things, such as letting you navigate between different pages on a website efficiently, remembering preferences you have given and helping us to identify ways to improve your overall site experience. Others are used to provide you with advertising which is more tailored to your interests or to measure the number of site visits and the most popular pages users visit.
Each type of cookie can be set and controlled by the operator of the website which the user is browsing such as Bupa (known as a ‘first party cookie’) or a third party such as Facebook, for example to display advertisements and social sharing features, (known as a ‘third party cookie’).
Due to their core role of enhancing and enabling usability or site processes, disabling certain cookies may prevent you from using certain aspects of the Bupa website, such as generating a quote or placing an order. Broadly speaking, there are two different types of browser cookies:
Persistent cookies are stored on the user's computer and are not deleted when the browser is closed. Persistent cookies can be used to retain user preferences for a particular website, allowing those preferences to be used in future browsing sessions. Persistent cookies usually assign a unique ID to the user’s browser and they are usually configured to identify a user for a prolonged period of time, from days to months or even years.
Bupa only uses browser cookies to measure non-Personal Information, for example to learn about the behavior of visitors to our website and how they respond to our marketing communications. The more we learn, the better we are able to provide relevant and interesting content and services.
To help you understand the different types of cookies we use and what they do, we have conducted a full audit of our sites and grouped cookies into four categories:
Strictly necessary cookies
Below, you will find a list of the types of cookies that may be used on our websites and a brief description of the information they gather.
'Strictly necessary' cookies let you move around the website and use essential features such as accessing secure areas of the website and identifying you as being logged in. These cookies don't gather any information about you that could be used for marketing or remembering where you've been on the internet. Accepting these cookies is a condition of using the website, however, as they are required for the proper operation of the website. If you prevent them, we cannot guarantee how it will perform.
We use these cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website.
We use the information to improve our website and enhance the experience of its visitors. All information these cookies collect is aggregated and therefore anonymous.
While the specific cookies we deploy change regularly, examples of more permanent types of Performance or Analytic cookies we use include cookies provided by Google Analytics, Google Tag Manager, and Adobe SiteCatalyst (formerly Omniture). These cookies are all used to give us insights into how many people visit our website, and how our users interact with it. Again please note that Bupa cannot identify you from the data that cookies collect; we collect anonymous user preferences and website behaviors only. For questions or more information regarding these cookies, please contact email@example.com.
By using the website, you agree that we can place these types of cookies on your device.
These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.
By using the website, you agree that we can place these types of cookies on your device.
From time to time, cookies are used to collect information about your browsing habits in order to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign.
The cookies are usually placed either directly by us or by third party advertising networks. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality or content provided by the other organization.
By using the website, you agree that we can place these types of cookies on your device.
Your use of the website constitutes your consent to this website setting cookies on your device.
You may disable cookies by changing your internet browser preferences, however this may limit your full use or functioning of certain features on the website. Note that we do not currently respond to browser “Do Not Track” signals.
For more information about third party advertising networks and similar entities that use these technologies, see http://www.aboutads.info/consumers, and to opt-out of such ad networks’ and services’ advertising practices, go to http://www.aboutads.info/choices.
From time to time, we may change this Privacy Notice and our privacy practices because of changes in applicable legal or regulatory requirements, in our business practices, or in our attempts to better serve your needs and those of our clients. When we do so, we will post a revised Privacy Notice on this Site and a new effective date. Any such change will be effective immediately upon posting on the site. You are responsible for checking the Privacy Notice for such changes, and we recommend visiting the page frequently to stay informed.
If you have any questions, comments, concerns or suggestions relating to how we process information about you, please contact our Legal and Privacy team at firstname.lastname@example.org, or at the below address:
Bupa Global Latin America
Atn.: Funcionario de Privacidad
17901 Old Cutler Road, Suite 400
Palmetto Bay, Florida 33157 USA
For customers in Mexico, the data controller is Bupa México, Compañía de Seguros, SA de CV and you may contact the Legal and Privacy team by email at email@example.com, by phone at (+52 55) 5202 1701, or directly at the address Montes Urales No. 745, 1er piso, Colonia Lomas de Chapultepec, Del. Miguel Hidalgo, C.P. 11000, Ciudad de México. If you are a Bupa Mexico customer you may ask about the process for and exercise your rights of Access, Rectification, Cancellation or Opposition (ARCO Rights) through these same contact details for our Mexico office. However, to exercise your rights, it will be necessary to submit an application in writing, which must contain:
Your full name, address and/or other means to communicate the response to your request;
Documents proving your identity or, where appropriate, the legal basis on which you are acting on behalf of another customer or policy holder;
Clear and precise description of the Personal Information with respect to which you are seeking to exercise any of the rights established in the Federal Law on the Protection of Personal Data Held by Private Parties;
Any other element or document that facilitates us identifying the location and type of Personal Information in question.
Again, for any questions Bupa Mexico customers may have about this process, please email firstname.lastname@example.org.