Privacy Policy
1. Who we are
Health Well Solutions Limited ("Health Well", "we", "us", "our") is a company registered in England and Wales (company number 11653361), whose registered office is at Suite 329 Salisbury House, Finsbury Circus, London, EC2M 5SQ.
We are authorised and regulated by the Financial Conduct Authority (FCA reference number 841234). We provide private medical insurance (PMI) and international PMI broking services, preventative health screening (trading as Health Span), and a digital health application. We are the data controller for the personal data we collect and process.
If you have any questions about this policy or how we handle your data, please contact us at privacy@healthwell.io or in writing to the address above.
2. What personal data we collect
Website Visitors
When you visit healthwell.io we may collect:
Technical data: IP address, browser type, device information, pages visited, and time spent on the site, collected via cookies and analytics tools (see Section 8).
Contact data: name and email address if you submit an enquiry form or sign up for communications.
Brokerage Clients (PMI and IPMI)
To provide regulated insurance broking services we collect:
Identity data: full name, date of birth, nationality.
Contact data: address, email address, telephone number.
Employment and financial data: employer details, salary information where relevant to policy eligibility.
Policy and claims data: existing and previous insurance policies, insurer correspondence, and claims history.
Health data (special category): information about pre-existing conditions, treatments, and medical history as required by insurers for underwriting and policy administration.
Health Screening Clients (Health Span)
To provide preventative health screening services we collect:
Identity and contact data as above.
Health and biometric data (special category): blood test results, biomarker data, clinical screening outcomes, and related health information provided during or following a screening appointment.
App Users
Where you use our digital health application we collect data as described in the in-app privacy notice presented at the point of registration, which supplements this policy.
3. How we use your data
We use your personal data for the following purposes:
To provide and administer PMI, IPMI, and other insurance broking services, including obtaining quotes, placing policies, and handling renewals and claims. Lawful basis: performance of contract and compliance with legal obligations.
To provide health screening services and deliver results and recommendations. Lawful basis: performance of contract; for health data, explicit consent.
To comply with our regulatory obligations as an FCA-authorised firm, including record-keeping, suitability assessments, and Consumer Duty requirements. Lawful basis: legal obligation.
To communicate with you about your policy, renewal, or screening results. Lawful basis: performance of contract or legitimate interests.
To send you marketing communications about our services where you have consented or we have a legitimate interest and you have not opted out. Lawful basis: consent or legitimate interests.
To analyse website usage and improve our services. Lawful basis: legitimate interests.
To respond to enquiries submitted via our website or contact channels. Lawful basis: legitimate interests.
4. Special category (sensitive) data
Health and medical data is classified as special category data under UK GDPR. We process this data only where:
You have given us explicit consent (for example, when completing a health declaration for insurance purposes or registering for a health screening).
Processing is necessary for the provision of health or insurance services you have requested.
We take additional steps to protect special category data, including restricting access to authorised staff only and storing it within secure, access-controlled systems.
5. Who we share your data with
We share personal data only where necessary:
Insurers and underwriters: to obtain and administer insurance policies on your behalf.
Clinical and laboratory partners: to conduct health screening and return results (Health Span clients only).
Technology service providers: including HubSpot (CRM and marketing, EU-hosted), Google Workspace (email and document storage), and our app infrastructure provider. These parties act as data processors under written data processing agreements.
Regulatory bodies: including the FCA and ICO where we are required to report or disclose information.
Professional advisers: including legal, compliance, and accounting advisers, bound by confidentiality obligations.
We do not sell your personal data to third parties.
6. International transfers
Our primary operations and data storage are within the UK and EU. Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including the use of standard contractual clauses approved by the ICO or equivalent transfer mechanisms.
7. How long we keep your data
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, and in accordance with our legal and regulatory obligations:
Brokerage client records: a minimum of 5 years from the end of the client relationship, in line with FCA requirements.
Health screening records: a minimum of 8 years from the date of the screening, in line with clinical best practice.
Website and marketing data: until you withdraw consent or we determine the data is no longer required, typically no more than 3 years from last engagement.
At the end of the applicable retention period, data is securely deleted or anonymised.
8. Cookies and analytics
Our website uses cookies and similar tracking technologies. We use Google Analytics to understand how visitors use our site. This involves the collection of anonymised usage data including pages visited, session duration, and device information.
You can control cookie settings via the cookie banner presented on your first visit to the site, or through your browser settings. Withdrawing consent for non-essential cookies will not affect your ability to use the site.
9. Your rights
Under UK GDPR you have the right to:
Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erasure of your data in certain circumstances ("right to be forgotten").
Restrict or object to processing in certain circumstances.
Data portability where processing is based on consent or contract.
Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us at privacy@healthwell.io. We will respond within one calendar month.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
10. Marketing communications
Where you have consented, or where we have a legitimate interest and you have not opted out, we may contact you with information about our services using HubSpot as our marketing platform. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.
11. Changes to this policy
We may update this policy from time to time. The current version will always be available at healthwell.io/privacy. Where changes are material, we will notify existing clients directly.
Health Well Solutions Limited - Registered in England and Wales No. 11653361 - FCA No. 841234 Suite 329 Salisbury House, Finsbury Circus, London, EC2M 5SQ - privacy@healthwell.io.
Last updated: 08/06/2026