Cigna Global Wellbeing Solutions Data Protection Notice
This data protection notice (“Data Protection Notice”) describes how Cigna Global Wellbeing Solutions Limited, a company with corporate address 13th Floor, 5 Aldermanbury Square, London EC2V 7HR (“we” or “us”), collects and processes Personal Data (as defined below) about you (“you”) in connection with your use of the health and wellbeing programmes (“Service”) available on this website (“Site”). Please read this Data Protection Notice carefully before you register for or access the Service.
In addition to this Data Protection Notice, some of our products and services may have their own notices (for example, our telephonic coaching service) which describe in more detail how your Personal Data is used in a particular context.
“Personal Data” is the information that identifies and relates to you. Due to the nature of the Service you are entitled to, your Personal Data may contain sensitive data including, but not necessarily limited to, your health status.
The Service is only available to individuals who are at least 18 years old. As such, we do not collect any Personal Data about minors in connection with the Service.
The types of Personal Data we collect
If you register for the Service, you may be required to share certain Personal Data with us, for example, your name and address, contact information, profile and other information which relates to you, or that can be used to identify you.
We may supplement this information that you submit to us online with other Personal Data that we legally obtain about you from your employer, other Cigna group companies or that come across programmatically from our Cigna Wellbeing App®, such as:
- General information including, for example, your email address, employee ID, name of your employer, date of birth, gender and demographic information; and
- Sensitive data including biometric data.
When you return to the Service, this Personal Data may be used to confirm your identity in order to secure access to the Service.
If you elect to complete one of the health assessment modules available on the Site, to enable us to provide you with assessment results that are relevant to you, we will need to know a little more about you. In this regard, we will ask you to provide us with Personal Data such as information related to the quality of your sleep, sleeping and eating habits and patterns, your general satisfaction with work and life, your activity levels, your nutrition, your stress levels, exercise routines, your state of health and any other connected with each type of assessment.
Some of the Personal Data that we collect may be of a sensitive nature. You should only provide information that you are comfortable revealing.
Feedback and contacting us
We will collect Personal Data about your opinions in connection with any feedback you provide us about the Service, and surveys or polls that you complete on the Site.
If you contact us, we will also collect Personal Data from you and relating to your enquiry. For example, we may collect:
- General information such as your name, address, contact details; and
- Information relevant to your enquiry and to the Service.
Other situations in which we collect your Personal Data
We may use "cookies" from time to time on the Site to deliver personalised content and functionality specific to your interests. For more information, you may check the Cookies Policy available on the Site.
In all other cases, before we collect Personal Data about you, we will: (i) identify the Personal Data we require in order to provide the related Service; and (ii) describe how and why we will use the information you provide.
As we are required to collect your Personal Data as a consequence of the terms and conditions you accept when you register for the Service, by not answering questions, you may limit our ability to generate assessment results or the results may be less informative.
Purpose and use of Personal Data
The Personal Data you provide us, or that we collect through your use of the Site or the Service will be used to provide the Service.
We use your Personal Data to:
- Tailor the Service to your stated preferences;
- Bring to your attention, by e-mail or through the Site, editorial content and information regarding new Service functions and features that may be of interest to you;
- Make automated decisions or conduct profiling about you to provide tailored health and wellbeing products to your specific needs. However, these decisions will neither produce legal effects concerning you nor similarly significantly affect you;
- Send e-mails to your e-mail address relating to technical support, changes to our policies and other terms and conditions or to encourage and support your goal of achieving better health and wellbeing;
- Deal with your enquiries and requests;
- Conduct polls and surveys via e-mail, which help us better understand the needs and interests of all users of the Service;
- Help us develop new features and services;
- Generate anonymised and aggregated statistical data relating to all users of the Service;
- Provide improved quality, training and security;
- Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; business continuity; and records, document and print management;
- Comply with applicable laws and regulatory obligations, including those relating to anti-money laundering and anti-terrorism; and respond to requests from public and governmental authorities and litigation; and
- Establish and defend legal rights; protect our operations or those of any of our group companies or insurance business partners; safeguard our rights, privacy, safety or property, and/or that of our group companies, you or others; and pursue available remedies or limit our damages.
As outlined above, we may use your Personal Data for a number of different purposes that are always connected with the Service we provide. Consequently, we will rely on the following legal grounds to use your Personal Data:
The use of your Personal Data is necessary for the performance of the terms and conditions you are required to accept when you register for the Service;
- We have a legal or regulatory obligation to use your Personal Data. For example, we will rely on this ground to comply with anti-money laundering and anti-terrorism obligations; and
- We have a legitimate interest in using your Personal Data. We may rely on this legal ground for the purpose of providing improved quality, training and managing our infrastructure and operations. When collecting and processing your Personal Data under this ground we put in place robust safeguards to ensure that your privacy is protected and that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
Due to the nature of the Service we provide, we may process sensitive data connected with the provision of such Service. In any case, we will obtain your explicit consent for our use of this Personal Data.
Disclosure of your Personal Data
If necessary for providing you with the Service, or for any of the purposes described in this Data Protection Notice, we may disclose your Personal Data with other parties. Disclosing your Personal Data means that we will provide your Personal Data to and/or that your Personal Data will be accessed by:
- Cigna group companies. Access to Personal Data within Cigna is restricted to those individuals and entities who have a requirement to access the information for the purposes described in this Data Protection Notice;
- External third-party service providers, such as IT systems, support and hosting service providers; document and records management providers; translators; and similar third-party vendors and outsourced service providers that assist us in carrying out business activities;
- External professional advisors and partners such as medical professionals, accountants, actuaries, auditors, experts, consultants, lawyers; banks and financial institutions that service our accounts;
- Our regulators and other governmental or public authorities where necessary to comply with a legal or regulatory obligation;
- The police and other third parties or law enforcement agencies, court, regulator, government authority or other similar third parties where necessary for the prevention or detection of crime or to comply with a legal or regulatory obligation; or otherwise to protect our rights or the rights of a third party;
- Selected third parties in connection with any sale, transfer or disposal of our business;
- Your employer will not have access to the Personal Data we collect as a result of your use of the Site of the Service. However, if your employer offers an incentive plan which rewards employees who complete our online programmes, with your explicit consent via the tick box, we may share certain Personal Data with your employer, including your name, employee ID, and details of which online programmes you have completed, including the date. Neither the scores nor responses from your online programmes will be disclosed to your employer as part of an incentive service.
We also aggregate all of the data we obtain from our users for statistical analysis and research purposes. This aggregated data may be used by us or provided to your employer or third parties to enable them to track trends such as how much exercise people living in one country take in comparison to people living in another country. This aggregated data cannot be used to identify you as an individual.
For any of the categories of the recipients listed above, it should be noted that some of them may be located in the European Economic Area, while others can process and access your Personal Information from outside the European Economic Area, as described in the following section of the Data Protection Notice.
International transfer of Personal Data outside the European Economic Area
Due to the global nature of the Service and the need to provide the employer with compliance solutions to meet its needs, your Personal Data can be shared with and/or accessed by parties located in other countries outside the European Economic Area that have a different data protection regime than the one found in the country where the employer, signing the contract with us, is located. The countries to which we may transfer your Personal Data may not be regarded by the European Commission as ensuring an adequate level of protection for Personal Data (for instance, the United States).
In any case, where we transfer your Personal Data to any of these countries, we will conduct the transfer in accordance with applicable data protection law. This may include ensuring that appropriate safeguards, such as contractual obligations, are put in place with respect to the protection of your Personal Data and your fundamental rights and freedoms, and your rights in relation to your Personal Data.
If you would like further information regarding the steps we take to safeguard your Personal Data, or to obtain a copy of the safeguards we put in place to protect it when it is transferred, please contact us using the details in the “Contact Us” section below.
Retaining your Personal Data
We ensure that proper procedures are in place to manage your Personal Data and to remove and/or archive it when necessary.
In general terms, we only retain your Personal Data for as long as is necessary to:
- Provide you with the Service and while your employer pays for your access to the Service;
- Fulfil the purposes outlined in this Data Protection Notice; and
- Comply with our legal obligations and/or protect our rights.
When your employer instructs us to terminate your access to the Service or you inform us, on the Site or otherwise, that you wish to stop using the Service, we will delete your Personal Data from our systems. We will continue to keep any aggregated data that does not identify you as an individual, which may have been originally compiled based in part on information you provided when using the Service.
If you would like further information regarding the periods for which your Personal Data will be stored, please contact us using the details in the “Contact Us” section below.
Under data protection law you have certain rights in relation to the Personal Data that we hold about you. You may exercise, as may be applicable, these rights at any time by contacting us using the details set out in the “Contact Us” section below.
Your rights include:
The right to access your Personal Data
You are entitled to a copy of the Personal Data we hold about you and certain details about how we use it. There will not usually be a charge for dealing with these requests.
Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.
The right to rectification
We take reasonable steps to ensure that the Personal Data we hold about you is accurate and complete and ask that you use the Site to check that your Personal Data is correct and up to date. However, if you do not believe this is the case, and cannot make changes to your Personal Data using the Site, you can ask us to update or amend it.
The right to erasure
In certain circumstances, you have the right to ask us to erase your Personal Data. Please note that in some circumstances exercise of this right will mean we are unable to continue providing you with the Service, and therefore access to the online platform and wellbeing programmes will be removed.
The right to object to, and/or to request restriction of processing
In certain circumstances, you are entitled to object to our processing of your Personal Data, or ask us to stop using your Personal Data. Please note that in some circumstances exercise of these rights will mean we are unable to continue providing you with the Service, and therefore access to the online platform and wellbeing programmes will be removed.
The right to data portability
In certain circumstances, you have the right to ask that we provide your Personal Data to you in a commonly used electronic format, and to transfer any Personal Data that you have provided to us to another third party of your choice.
The right to object to marketing
You can ask us to stop sending you marketing messages at any time.
The right not to be subject to automated decision-making (including profiling)
You have a right in some circumstances to not be subject to a decision based solely on automated means. However, we will not make decisions which produce legal effects concerning you or similarly significantly affect you.
The right to withdraw consent
For certain uses of your Personal Data, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your Personal Data. Please note that in some circumstances exercise of this right will mean we are unable to continue providing you with the Service, and therefore access to the online platform and wellbeing programmes will be removed.
You have a right to complain to your local data protection authority if you believe that any use of your Personal Data by us is in breach of applicable data protection laws and regulations.
Making a complaint will not affect any other legal rights or remedies that you have.
We will take appropriate technical, physical, legal and organisational measures, which are consistent with applicable data protection laws to protect your Personal Data.
You may be required to create an account with a password on your initial visit to the Site and Service, ensuring you have unique identification and a private password. Please keep this information safe.
Changes to this Data Protection Notice
We may update this Data Protection Notice from time to time to ensure that it remains accurate. Please check back each time that you provide additional Personal Data to us. Where changes to the Notice will have a fundamental impact on the nature of our processing of your Personal Data, or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights in relation to your Personal Data.
This Data Protection Notice was last updated May 2018 to comply with the General European Data Protection Regulation effective as of May 25th 2018.
If you require any further information or want to enquire about your Personal Data then please contact our Privacy Officer by clicking here or write to Privacy Officer, Cigna Global Wellbeing Solutions Limited, 13th Floor, 5 Aldermanbury Square, London EC2V 7HR, UK.
Revised May 2018