Data Privacy Policy

Background

Eleos Life Limited understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, https://www.eleos.co.uk (“Our Site”) and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

Please read this Data Privacy Policy (the “Policy”) carefully and ensure that you understand it. By using Our Site you agree to the collection and use of your personal data in accordance with this Policy.

1. Information About Us

Our Site is owned and operated by Eleos Life Limited, a limited company registered in England under company number 14010855.

Registered address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

2. What Is Personal Data

Personal data is defined by the UK GDPR and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

It is important that your personal data is accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves however, so please contact us first, using the details in Part 13.

3. What Are Your Rights

Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:

• a) The right to be informed. You have the right to be informed about our collection and use of your personal data. This Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 13.
• b) The right to access your personal data. You have the right to access the personal data we hold about you. Part 11 will tell you how to do this.
• c) The right to have your personal data rectified. If any of your personal data held by us is inaccurate or incomplete, you are entitled to it being rectified. Please contact us using the details in Part 13 to find out more.
• d) The right to be forgotten. This means that you have the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Part 13 to find out more.
• e) The right to restrict. In other words, you have the right to prevent the processing of your personal data.
• f) The right to object. You are entitled to object to us using your personal data for a particular purpose or purposes.
• g) The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
• h) The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
• i) Rights relating to automated decision-making and profiling. We make automated decisions about you based on your information and instructions given to us by the Insurer. These decisions can include whether or not you are eligible for one of our plans.

4. What Data Do We Collect and How

Depending upon your use of Our Site, we may collect and hold some or all of the personal data set out in the table below, using the methods also set out in the table. Please also see Part 12 for more information about Our use of Cookies and similar technologies and Our Cookie Policy. We do not collect any personal data relating to children under the age of 16 or data relating to criminal convictions and/or offences.

5. How Do We Use Your Personal Data?

We may share your personal data with our partners in order to provide you with the services you have requested. This may include insurance-related support (such as guidance or advice about your options) through our trusted partners, Cover Direct and Life Search, or access to wellbeing services offered through Eleos Perks, such as GP consultations, physiotherapy, or mental health counselling. We will only share the minimum amount of data necessary to deliver these services, and only where you have given us consent to do so.

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email and/or telephone and/or text message and/or post with information, news, and offers on our products or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with Our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

If you agree, we may also provide you with information about our partners’ promotions or offers which we think might be of interest to you and allow our partners to provide you with information about their products or services. You will always be able to opt out at any time.

We use the following automated systems for carrying out certain kinds of decision-making and/or profiling. If at any point you wish to query any action that we take on the basis of this or wish to request ‘human intervention’ (i.e. have someone review the action themselves, rather than relying only on the automated method), the Data Protection Legislation gives you the right to do so. Please contact us to find out more using the details in Part 13.

We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in Part 13. If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.

We may use data analytics to improve and optimise our products, services, and user experience. This involves collecting and analysing data to gain insights into how our products are used, identify trends, and make data-driven decisions.

• Usage data: Information about how you interact with Our Site or services, such as pages visited, time spent on Our Site, and features used.
• Device and technical data: Information about the devices you use to access Our Site, including IP address, browser type, operating system, and device identifiers.
• Performance data: Information about how Our Site performs on your device, including errors, load times, and system activity.

• Enhance the functionality and performance of Our Site and our services.
• Tailor our products to meet customer needs and preferences.
• Identify and resolve issues or inefficiencies.
• Improve security.

Where possible, we anonymise or aggregate the data used for analytics to protect your privacy.

In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

6. Sensitive Personal Data

In order to provide you with our products and services, we may need to process sensitive personal data. This could be information about your health, genetic or biometric data, sex life, sexual orientation, racial or ethnic origin and religious or philosophical beliefs. Your data will always be treated with strict confidentiality and handled in line with our legal obligations.

• Health data: includes information about your current or past physical and mental health conditions, test results, diagnoses, treatments, prescriptions, lifestyle habits, and other information that may be necessary to provide you with the services that you have requested.
• Other sensitive data: in limited cases, we may process information such as religious beliefs if relevant to your medical treatment preferences.

If you choose to use the GoGP platform on Our Site, you may need to share your sensitive personal data, such as health information, with the healthcare professionals who may be involved in your care through the GoGP platform. This sharing is necessary to provide you with the medical services and advice you request, as well as to enable us to provide and administer the insurance products and services that we offer to our customers.

7. How Long Will We Keep Your Personal Data

We will only keep your personal data for as long as reasonably necessary to fulfil the purposes we collected it for or in line with relevant laws. We may keep your personal data for a longer period in order to comply with applicable financial regulations including those set by the Financial Conduct Authority.

8. How and Where Do We Store or Transfer Your Personal Data?

We will only store your personal data in the UK. This means that it will be fully protected under the Data Protection Legislation.

We will only store or transfer personal data in or to countries that are deemed to provide an adequate level of protection for personal data. For further information about adequacy decisions and adequacy regulations, please refer to the Information Commissioner’s Office.

Please contact us using the details below in Part 15 for further information about the particular data protection safeguards used by us when transferring your personal data to a third country.

The security of your personal data is essential to us and to protect your data, we take a number of important measures, including the following:

• limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
• procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so;

9. Do We Share Your Personal Data?

We do not sell, trade or otherwise transfer to third parties your personal data. This does not include trusted third parties who assist us in operating our site, conducting our business or providing the Services to you, so long as those third parties keep your personal data confidential.

If we sell, transfer, or merge parts of Our business or assets, your personal data may be transferred to a third party. Any new owner of Our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Data Privacy Policy.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, Our obligations, and the third party’s obligations under the law, as described above in Part 8.

10. Can You Withhold Information?

You may access Our Site without providing any personal data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.

For more information, see Part 12 and Our Cookie Policy.

11. How Can You Access Your Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 13. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover Our administrative costs in responding.

We will respond to your subject access request within 28 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of Our progress.

12. How Do You Use Cookies

Cookies are small files that save your settings and record your visits to Our Site, or any interactions with our communications. Our Site may place and access certain first-party cookies on your computer or device. First-party cookies are those placed directly by us and are used only by us. We use cookies to facilitate and improve your experience of Our Site and to provide and improve Our products and/or services. Before cookies are placed on your computer or device, you will be shown a prompt requesting your consent to set those cookies. By giving your consent to the placing of cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of cookies; however certain features of Our Site may not function fully or as intended.

For more details, please refer to Our Cookie Policy

13. How Do You Contact Us?

14. Changes to this Data Privacy Policy

We may change this Data Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change Our business in a way that affects personal data.

Any changes will be immediately posted on Our Site and we encourage you to review it periodically to stay informed of any updates. This Policy was last updated on 23 May 2025.