Please note that Authorised Users can only access to the OGP and
use personal data if they are located within the European Economic
Area (EEA) or in one of the countries that has been deemed by the
EU Commission as being a country of adequate protection.
Should OGP Authorised Users access from outside of the EEA or
change access to outside of the EEA, they must inform Vhi at
B2Bcustomercare@vhi.ie in order to implement adequate measures to
protect personal data.
In the event that the Company or an Authorised User does not
comply with the obligations under these Terms and Conditions, or
Vhi becomes aware about the use of OGP outside of the EEA without
any notification, Vhi reserves the right in it's sole discretion
to either (i) suspend the relevant Authorised User’s access to the
OGP, or (ii) immediately terminate the Company and /or that
Authorised User's access to the OGP.
Please read the following terms and conditions carefully. These
terms and conditions form an agreement between you and the Company
(as defined below) and Vhi Insurance DAC (“Vhi”). By clicking on
the “I Agree” button below you confirm that you have authority to
enter into these Terms and Conditions on behalf of the Company.
The following definitions apply:
"Data Controller” has the meaning given to it in the GDPR.
“Company” means the company referred to in the OGP Registration
Form, which pays for, administers or otherwise facilitates, via a
Vhi group scheme the provision of private medical insurance.
“Authorised User” means an employee of a Company that it
authorises to use the OGP, who has been approved by Vhi and
provided with appropriate log in details by Vhi for access to the
OGP.
“Data Protection Legislation” means the EU General Data Protection
Regulation (Regulation 2016/679) (the “GDPR”), the Data Protection
Acts 1988 to 2018 and any regulations, codes and guidance issued
by the Data Protection Commission (DPC) and any other applicable
data privacy laws and regulations, it shall also include any
superseding data protection legislation that comes into force.
“European Economic Area” (EEA) means the GDPR applies to all EU
countries plus Iceland, Liechtenstein and Norway.
“OGP” means the online group account platform made available by
Vhi to assist in the operation of Vhi group schemes.
“OGP Registration Form” means the form completed by an Authorised
User on behalf of the Company in order to be provided with access
to the OGP.
“Personal Data” has the meaning given to it in the GDPR.
“Personal Data Breach” has the meaning given to it in the GDPR.
Access to Personal Data
Vhi shall provide Authorised Users with access to the OGP
via Multi Factor Authentication (MFA) method. There are two
MFA options which OGP Authorised Users can avail:
• A verification code sent by SMS; or
• A verification code generated by Google Authenticator. To
complete the login to OGP you will need to have your phone
or device to hand and have downloaded the Google
Authenticator app. (The first time you log in you will be
provided with instructions on how to set this up).
Access to the OGP is provided for the sole purpose of
facilitating the verification of policy details/alterations
and breakdown of payments of Vhi group scheme members. Use
of the OGP for any other purpose is strictly prohibited.
With regard to the processing of Personal Data involving the
OGP, Vhi and the Company agree that they are separate Data
Controllers, independently determining the purposes and
means of processing the Personal Data that is transferred
between them. Personal Data is shared between Vhi and the
Company using the OGP in order for Vhi to provide health
insurance and for the Company to manage its employee
relationships.
Personal Data of Vhi members retrieved from the OGP is
highly confidential, it is provided through the OGP for the
sole purpose of verifying Vhi policy details/alterations and
breakdowns of payments of Vhi group scheme members and must
not be disclosed to any third party. The Company agrees that
it will process Personal Data received through the OGP in
accordance with these Terms and Conditions and its
obligations under Data Protection Legislation.
The Company and OGP Authorised Users agree to notify Vhi of
any incident that may result in a Personal Data Breach in
connection with the OGP immediately (or in any event no
later than 24 hours) upon becoming aware of such incident
and shall provide all reasonable co-operation and assistance
to Vhi as may be necessary.
Authorised Users can only access to OGP and use personal
data if they are located within the European Economic Area
(EEA) or in one of the country that has been deemed by the
EU Commission as being a country of adequate protection.
Should OGP Authorised Users access OGP from outside of the
EEA, they must inform Vhi at B2Bcustomercare@vhi.ie in order
to implement adequate measures to protect personal data.
Should OGP Authorised users change access location from a
country located in the EEA to a country located outside the
EEA, they must immediately inform Vhi at
B2Bcustomercare@vhi.ie to put in place appropriate
safeguards. In the event that the Company or an Authorised
User does not comply with the obligations under these Terms
and Conditions, or Vhi becomes aware about the use of OGP
outside of the EEA without any notification, Vhi reserves
the right in its sole discretion to either (i) suspend the
relevant Authorised User’s access to the OGP, or (ii)
immediately terminate the Company and /or that Authorised
User's access to the OGP.
Use of the OGP
The Company shall ensure that each Authorised User:
(i) agrees to keep secret and secure their log in details
and not to allow any other person to use the same;
(ii) shall not disclose their log in details to any other
person (nor shall they log onto OGP so that someone who is
not an Authorised User can use OGP);
(iii) shall not copy, save, print, disseminate or send to
any person or another electronic device (including mobile
phones) a copy of the Personal Data that is accessible from
the OGP (this applies to both paper and electronic copies
including screen shots);
(iv) where possible, does not access the OGP in their home
or at any other sites external to their work space; in case
of remote working, OGP users are responsible to ensure that
their devices (e.g. laptops) are in a safe location that is
not within easy access to other individuals. Also every
device used remotely should not be left unattended and a
lock screen should be set when device is not in use or after
several minutes of inactivity; and
(v) does not make the OGP screen visible to any person who
is not an Authorised User.
The Company is responsible for all use of the OGP by each
Authorised User and any use of the OGP using an Authorised
User’s log in details. The Company shall ensure that it
complies with all applicable law in connection with its use
of the OGP. In the event that the Company or an Authorised
User does not comply with the obligations under these Terms
and Conditions, or Vhi has reason to believe that the
Company or an Authorised User is using the OGP in any manner
which is contrary to these Terms and Conditions, Vhi
reserves the right in its sole discretion to either (i)
suspend the relevant Authorised User’s access to the OGP, or
(ii) immediately terminate the Company and /or that
Authorised User's access to the OGP.
All use of the OGP by the Authorised User may be tracked and
monitored by Vhi. Vhi may conduct audits on the use of OGP
from time to time.
Third-Parties
Vhi may share Authorised Users’ Personal Data with third
parties that provide services in relation to IT security
(e.g. access controls). Where Personal Data is transferred
to another party, Vhi ensure appropriate contractual
clauses, technical and organisational safeguards to protect
Authorised Users’ personal Data. When Vhi engage a third
party to provide a service, Vhi ensure the provider has
taken appropriate technical and organisational measures to
process, store, and safeguard Authorised Users Personal
Data.
Authorised Users information is stored in the EEA by third
party. However, if Authorised users information is
transferred outside the EEA for processing purposes (e.g.
SMS service for authentication) the relevant party will
ensure that same safeguards are in place to protect it at
least the standard applied within the EEA.
Vhi’s provision of the OGP
Vhi will endeavour to provide access to the OGP at the
agreed times but no warranty is given as to availability and
the OGP is provided on an “as is” and “as available” basis.
Vhi may terminate access to the OGP at its sole discretion.
Except as expressly set out in these Terms and Conditions,
all representations, warranties, terms and conditions
whether express or implied in relation to the OGP or the
information contained therein are hereby excluded to the
fullest extent permitted by law. Vhi does not accept any
liability for any loss or damage whatsoever arising out of
or in connection with the OGP or the contents thereof,
whether under theories of contract, tort (including
negligence), strict liability or otherwise.
Governing Law and Execution
The parties agree that these Terms and Conditions can be
executed electronically. These Terms and Conditions shall be
governed by and construed in accordance with the laws of
Ireland and you and the Company hereby submit to the
exclusive jurisdiction of the Irish Courts.