Privacy policy

Effective Date: 16/01/2026

1. Quick Summary – What You Need to Know

Topic Lateral's Commitment
Who We Are Live Lateral Limited (Lateral) - Your health and financial wellbeing partner, the Data Controller.
What We Collect Health Data (medical history, claims, health check results), Contact, Financial, and Policy Details.
Why We Use It To deliver your policy and care (Contract), ensure suitability, meet legal duties, and improve our services (Legitimate Interests).
Sharing We share data with trusted partners under contract to deliver our services including our Underwriters Tokio Marine HCC and Care Providers Patient Advocate, Bluecrest, HealthHero and Reframe to run your plan.
Your Rights You have the right to access your data, object to direct marketing and profiling, and complain if you are unhappy.
Contact For any privacy questions, please email us at DataProtection@Lateral.uk.

2. Introduction and Our Commitment

Lateral is a specialist health and financial wellbeing partner for the UK’s over-60s. To deliver your health plan, proactive care, and develop future products, we need to collect, store, share, and use your personal data.

Lateral is absolutely committed to protecting your personal information. This Privacy Notice clearly sets out what information we collect, how we protect and use it, and the choices and controls you have.

Our Compliance Promise: Lateral will only use your personal information in accordance with this Notice, our internal Data Protection and information Security Policies (which sets out the principles, rules, and guidelines we follow when processing your data, and all relevant data protection laws including the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 and Common Law Duty of Confidentiality. 

This privacy notice, along with our terms and conditions for use of our services, form the basis for our use of your personal data.

Contact Details

If you have any queries about this policy or your data, please contact us at the following email address DataProtection@Lateral.uk

3. Who We Are (The Data Controller)

Under this notice, 'we' and 'Lateral' refer to Live Lateral Limited.

We are based in the United Kingdom and are subject to the relevant UK Data Protection Laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

Our registration number with the Information Commissioners Office is: ZB896296.

Live Lateral Limited is the Data Controller for the personal information processed for your health plan, nursing advocacy, advisory services and marketing information. Whilst we are the Data Controller for the personal data we use to refer you to our virtual GP and Cancer Support Services we are not the data controller for the medical records they hold. 

4. Our Legal Bases for Processing Your Data

Under data protection law, we need a lawful basis to collect and use your personal data. The law allows for six ways to process personal data, but only the following five are relevant to the types of processing that we carry out. This includes information that is processed based on:

  • Contract: Necessary for fulfilling the contract we have with you (your health and insurance plan and health services).
  • Legal Obligation: Necessary for us to comply with the law (e.g., tax or fraud reporting).
  • Vital Interests: Necessary to protect a life (yours or someone else's) in an emergency.
  • Legitimate Interests: Necessary for our business interests (e.g., improving security or developing new products), but only when these interests are balanced against and do not override your privacy rights.
  • Consent: Where you have given clear, specific, and explicit permission for us to process your data for a specific purpose (e.g. marketing and id).

This table shows the main activities we carry out and the legal grounds we rely on under the UK GDPR and Data Protection Act 2018:

Why We Use Your Data Basis for Personal Data Basis for Special Category Data and DPA 2018 Condition What Data Is Included
To provide you policy and healthcare services
(Administering your policy, processing claims, providing nurse led care, virtual GP access and your annual health check) 		Contract Managing Health and Care Services and providing insurance.
UK GDPR 9(2)(h), UK GDPR 9(2)(f) and DPA 2018 Sch 1 Para 2 		Health/Medical Data, Contact, Financial, Policy Details and complaints.
To Protect Life in an emergency Vital Interest Protecting Vital Interests (Art 9(2)(c)) Critical Health/Medical Data.
To run and improve Lateral services
(Internal Reporting and Security) 		Legitimate Interests Not applicable Contact, Policy Details and aggregated usage data that does not directly identify individuals.
To meet our Legal Obligations
(tax reporting, anti-money laundering, fraud detection.) 		Legal Obligation Public Interest (Art 9(2)(g) and Sch 1, Para 10: Unlawful Acts) Financial, Identity, Policy Details.
For Optional service enhancements including the sharing of limited details of referrals made and the creation of a unique needs profile from our Market Development Data. Your explicit consent Explicit Consent (Art 9(2)(a)) Personal identification details and summary health data integrated into unique profiles

5. Data Collection, Flows, and Consent

A. Core Service Delivery 

The delivery of your care relies on a necessary flow of data with our clinical partners:

  • Nurse Navigation Our Nurse Navigation Partner (Patient Advocate) accesses your personal and coverage details to check claim eligibility and benefit limits. They will then work with you to find the best path forward utilising either NHS services and/or private benefits in your health plan. This navigation service is part of your insurance cover and as part of this provision under contract, Lateral will receive information back related to provision of the service, including the medical history and context behind the diagnosis and the agreed treatment plan.

As part of our record keeping in this area we use Tandem AI to create a written transcript of calls with your Nurse Navigator. This transcript is verified by the nurse navigator and forms the basis of your records with us.

Our use of Tandem AI for transcription is solely for administrative efficiency and is not used to make any decisions about your policy, pricing, or claim eligibility.

  • Optional Enhanced Virtual Services: Our virtual services provider (HealthHero) will provide you with  Virtual GP/Physio/Nutritionalist Appointments that are booked through our portal. We are made aware of when you book and complete these appointments but will not automatically be informed if you are referred on to further services.

To enhance your Nurse Navigation service from us and the advice; we will ask for your Explicit Consent to be informed of any referrals made by the virtual GP service.

Why we ask for this: Receiving this detail back enhances the advice and support we can offer you, allows us to maintain a more comprehensive record for you, and helps us guide you better through your health journey.

Your Choice: If you decline consent, your virtual consultation or physiotherapy session will still proceed. We will only receive confirmation of the date and type of service used, no other details. 

B. Annual Health Check  

  • Annual Health Check: As part of renewing your insurance services with us we require you to undertake an annual health check through our wellness assessment partner Bluecrest.

We automatically receive a report confirming your completion of the healthcheck and the results of your health assessment to enable us to:

  • To confirm your eligibility for the plan.
  • To manage the overall financial risk of the policies we provide.
  • To comply with our legal obligations and manage the risk of future legal disputes
  • To improve our delivery of services we will pseudonymise your health check responses and combine them with others to generate patterns and create statistical profiles of the over-60s demographic (e.g. the needs of a typical 65-year-old). This data is separated from your direct identifiers for group analysis, and is only re-identified if you provide explicit consent for us to offer you specific, personalised recommendations (see Section 6: Suitability Profiling)

If you proceed with the health check and plan renewal, you agree to the processing of your full health data for these necessary, contractual, and risk-related purposes

C. Reporting to our underwriter  

As part of our agreement with our underwriter, Tokio Marine HCC, we are contractually required to share regular, systematic reports. 

These reports are necessary to manage the insurance risk and meet regulatory and solvency requirements.

This reporting includes the sharing of personal data, including Special Category Data (Health Data). 

Tokio Marine HCC receives this information and acts as an independent Data Controller for their own regulatory purposes, just as Lateral does.

6. Profiling and Automated Decision-Making

We use profiling to create detailed pictures of your health and financial circumstances, this approach allows us to provide you the most relevant advice and services for you by establishing customer personas based on key health markers and patterns. 

The section below tells you more about this.

Activity Purpose and Legal Basis Your Control
Profiling to provide you a personalised service

Purpose: To understand your current health and financial profile so that the active services, care, and insurance options we are providing to you under your contract are delivered effectively and are best suited to your needs.

Basis: Contract + Insurance Purposes.

This is necessary for the core tailored service and cannot be opted out of.
Market Development Profiling
(Better understanding the need in this area)

Purpose: To use aggregated insights from customer patterns to develop future risk-products (e.g. insurance, annuities) and advice services for the benefit of the wider over-60 market.

Basis: Legitimate Interests + Insurance Purposes.

You have the Right to Object to this processing at any time by contacting us via the contact details provided on this notice.
Suitability Profiling

Purpose: Our market development profiling may allow us to identify which of our existing or future products may support your circumstances.

We would therefore like to be able to re-link your pseudonymised profile back to you as an individual for this purpose but will only do so with your explicit consent.

Basis: Explicit consent.

You have the Right to Withdraw your consent at any time and to do so should contact us via the contact details provided on this notice.

Automated Decision-Making (ADM)

We, like many other insurance companies, rely on Automated Decision-Making (ADM) to quickly assess your eligibility for a new policy.

This is a core part of our application process. It utilises rules-based assessment to quickly determine your eligibility by reviewing your answers to pre-defined questions, such as those related to your date of birth, BMI, and health history (including any cancer, cardiovascular problems, or diabetes).

Because this decision is based solely on automated processing, you have certain rights in relation to the outcome. Specifically, you have the right to:

  • Receive meaningful information about the logic involved in the decision.
  • Request human intervention in the assessment process.
  • Obtain an explanation of the decision and subsequently challenge it.

If you wish to exercise any of these rights, please contact us using the details provided.

7. Disclosure and External Suppliers

We will disclose your personal information to trusted third parties as necessary to manage your plan, prevent fraud, and comply with legal requirements.

Service Partner Purpose
Underwriting & Claims Tokio Marine HCC (Underwriters) Details of claims shared for assessment and solvency.
Nurse Navigation Patient Advocate Operating on our instructions as part of the service delivery.
Virtual GP/Physio/Dietician HealthHero Operating on our instructions as part of the service delivery.
Cancer Support Reframe Operating on our instructions as part of the service delivery.
Annual Health Check Bluecrest Collects data for us; we become the Controller of the report.
Fraud/Crime Prevention CIFAS, Law Enforcement Required for crime prevention.

8. Your Rights and Complaints

We want to ensure you remain in control of your personal data and that you understand your legal rights.

Your Data Right What this means
Right to Access To have a copy of the personal data we hold about you (a DSAR).
Right to Rectification To have inaccurate data corrected.
Right to Object An absolute right to object to direct marketing, and a conditional right to object to processing based on Legitimate Interests (e.g. product development profiling).
Right to Erasure To have your data deleted, though this is conditional where we have a legal obligation (e.g. fraud) or need the data for a continuing contract (insurance).
Right to Portability To receive your personal data in a common, machine-readable format and to have it transferred to another provider.
Right to Restriction To limit how we use your personal data. This right is conditional and usually applies when: you contest the accuracy of the data; you object to our Legitimate Interest processing; or you believe our processing is unlawful. We can continue to store the data, but cannot use it further unless you consent or for legal claims.
Right to Portability To receive your personal data in a common, machine-readable format (e.g., CSV). Where technically feasible, you have the right to have that data transmitted directly to another service provider (a Data Controller) of your choice. This right only applies to data processed based on Contract or Consent.

Complaints 

We encourage you to contact us first if you have any concerns, as this often leads to the quickest resolution.

  1. Initial Complaint: Please contact the Privacy Office at DataProtection@Lateral.uk. We will acknowledge your complaint within 30 days and investigate without undue delay.
  2. DPO Escalation: If you are dissatisfied with our initial response, you may escalate the matter directly to our Data Protection Officer (DPO).
  3. Information Commissioner's Office (ICO): You have the right to lodge a complaint with the ICO (the UK’s independent regulator) at any time, regardless of whether you have used our internal complaint process. However, if you remain dissatisfied with the DPO's final review, you may escalate the matter to the ICO.

9. International Data Transfers

The personal data we process is stored within the UK and the European Economic Area (EEA).

10. How long we keep your information for

We keep your personal data only as long as needed for its original purpose.

Activity Retention Period
Administering & Managing your plan 7 years from the last plan.
Health Profile 7 years from life of plan.
Quotes not taken up 13 months.
Renewal data (Data used for renewal process) 13 months.
Marketing Consent (Personalised advice) Upon change by Member (while consent is active).
Management Information (Personal data used for reporting) 7 years.
Verifying Identity (AML/KYC) 7 years.
Suspected Fraud/Misrepresentation 5 years.
Fraud / Money Laundering court cases 3 years after the length of sentence.
Debt Recovery/Collection 7 years from recovery or end of plan.
Telephone Calls (Customer Service/Regulatory) 7 years.
Telephone Calls (Training Purposes) 3 years.
Complaints Handling 3 years from closure.

11. Our Data Processors

Entity Category Role
AWS IT Infrastructure Cloud Hosting AWS Privacy (Chromeless)
Snowflake Analytics Engine A managed database provider that hosts data to enable advanced reporting and business intelligence. Snowflake Privacy Notice
Tandem Health AI Patient call transcription services Supporting patient record production in our Nursing Advocacy Service. Privacy Policy | TandemAI
Braze CRM Customer Relation Platform Managing customer interactions and records Privacy Policy | Braze
Amplitude Website Analytics Tracking and monitoring website activity Privacy Notice | Amplitude
Cloudflare Content delivery network (CDN) and security service. To support the security of our network and allow fast and reliable communication.. Cloudflare's Privacy Policy
Intercom Customer Service Platform To help manage customer service communications Privacy Policy | Intercom
Sentry IT Logging and Monitoring Monitoring the operational health of our network and resolving any performance issues. https://sentry.io/privacy/

This privacy policy is governed by the Laws of England and is incorporated by reference into our Terms and Conditions of Service.