FAQ
Search
FAQ

How we protect our insured members' data

Understanding our consent and data protection requirements

Why this information is important to you?

Allianz works closely with employers (e.g. HR teams in client companies) and brokers, to support members insured under their group health insurance policies.

Because health insurance involves highly sensitive personal and medical information, Allianz must ensure that such information is only shared where a member has clearly authorised it.

This page explains:

  • why consent is required.
  • how consent must be provided.
  • and what HR teams and brokers need to do when assisting members.

What is GDPR — and why does Allianz apply it globally?

The General Data Protection Regulation (GDPR) is a data protection framework designed to protect individuals’ personal and sensitive information – particularly health data.

Although GDPR originates in the European Union, Allianz applies these principles globally, including for non-EU policies, because:

  • health data requires a consistently high level of protection.
  • members expect the same security wherever they live.
  • one global standard reduces risk for employers, brokers and insured members.

In practice, GDPR ensures that personal and medical information is only shared with people and organisations that the member has authorised.

Importance of data accuracy

As your employees’ health insurance journey begins with the provision of their personal data, it is critical that all information provided to Allianz is accurate.

The provision of inaccurate data can lead to personal data protection breaches whereby the wrong person ends up receiving the insurance documentation belonging to another family. Unauthorised disclosures may cause privacy intrusions, discrimination, emotional distress, and delays in access to care or claims. In the wrong hands, this data can be used for malicious purposes such as fraud and identity theft.

We recommend that all membership information is checked before it is shared with Allianz. Clearly identifying the correct members to be allocated to each policy and their correct contact details is very important. If not legally required, please do not include the document number of your members’ official national identification in the membership list, for their own safety.

Why delegation of authority / third party consent (“consent”) is essential in health insurance

To access health insurance, members need to provide medical information, treatment details, claims data and payment information.
This type of data can only be shared with their employers, brokers or other parties if the member has voluntarily given Allianz explicit permission to do so.

Clear consent:

  • protects the member’s privacy.
  • protects employers and brokers from unintended data privacy exposure.
  • ensures Allianz can support all parties effectively

Who needs consent?

HR teams, brokers, family members and other third parties do not automatically have authority to receive or discuss a member’s personal or medical information – the member needs to authorise them by providing explicit consent.

This applies even if:

  • their employer pays the premium.
  • their HR Team is assisting them.
  • a broker arranged the policy.
  • or the member has already shared information with them.

Adults aged 18 and over control access to their own data.

How a member must provide consent

For Allianz to discuss or share information with a broker, HR team or other third party, consent must be provided by the member themselves by completing the Third Party Consent Form and specify who Allianz is authorised to share information with.

Key points:

  • A separate form is required for each adult member (18+)
  • The consent remains valid until it is revoked or the policy is cancelled
  • The completed and signed form should be returned as instructed on the form, by the person granting the consent to the 3rd party

Important scenarios explained

Member’s HR Team sharing information with a broker

If a member sends medical or claim-related information to their HR Team, and the HR Team wishes to involve a broker:

  • the HR Team should not simply forward that information.
  • the member must explicitly confirm that their HR Team may share the information with the broker.
  • this confirmation should be visible (e.g. the member copies their HR Team, the broker and Allianz in an email).

Broker receives information directly from a member

Where a broker receives sensitive information directly from a member:

  • Allianz cannot assume this means the broker is authorised to act.
  • The member must still confirm that Allianz may liaise with the broker by completing the Third Party Consent Form.

Having information alone does not automatically equal authority.

Once consent is in place

Once valid consent has been provided via the Third Party Consent Form and recorded:

  • Allianz can communicate directly with the authorised broker or HR contact.
  • the member does not need to be copied on every future interaction, unless they choose to be.
  • consent remains valid until withdrawn or changed by the member.

Emergency situations

In rare situations where a member is unable to give consent (for example, a serious medical emergency), limited information may be shared where necessary to protect the member’s vital interests, in line with data protection principles.

What this means for HR teams and brokers

To avoid delays and protect all parties:

  • encourage members to provide clear, explicit consent.
  • avoid forwarding sensitive information without visible authorisation.
  • expect Allianz to redirect requests back to the member where consent is unclear.

The Allianz teams will always help clarify what is needed, and support consent being put in place quickly.

In summary

Clear consent helps everyone:

  • Members remain confident that their data is protected.
  • Employers and brokers avoid unnecessary risk.
  • Allianz can deliver consistent, compliant service worldwide.