Adviser Privacy Notice
This notice describes how we collect, store, use and share personal information. It applies to personal information provided to us, both by you or by others on your behalf. It also explains the rights you may have in relation to the personal information that we hold about you.
Some of the information listed in this notice will not be personal information, as it will apply to your firm. However where you are a sole trader or a non-limited liability partnership, your business information would be classed as personal to you. Therefore to ensure we are transparent, we have included our use of firm-level information in this notice.
When we say ‘we’ or ‘us’ in this notice we’re referring to Royal London Mutual Insurance Society Limited, a company registered in England and Wales (registration number:99064).
We may collect and process the following:
- personal information - for example name and date of birth.
- contact information – for example email address, fax and phone number(s). We may also have your home address, if you’ve provided this on agency application forms or this is your correspondence address.
- identifications numbers – for example your National Insurance number and your Royal London Agency Number .
- information about your business – for example business name, business address, FCA registration number, remuneration address, phone fax, email and website.
- financial information – for example bank account details and credit checks.
- contractual information – for example details of your agency agreement with us and remuneration preferences.
- transactional information - details of the business you place with us or amends to your clients’ plans.
- online information – for example cookies and IP address (your computer’s internet address), if you use our websites or tools.
- audio or video recordings – for example voice recording when you contact us, or CCTV footage if you visit our offices. Calls maybe recorded for training and monitoring purposes to help us continually improve our customer service and also to protect you and your client’s information.
- directors’, partners’ and principles’ additional information - for example position at your firm, any other agencies you are or have been linked with and details of your professional standing such as any history of debt, fraud or other criminal offences.
When we collect your information, we’ll let you know if any of it is optional. If it is, we’ll explain why it would be useful to us, and you can decide whether it’s something you’re happy for us to have.
We use the information we obtain directly from you for a number of reasons:
- setting up and administering your agency
- completing any client quotes, applications, amends or requests you make
- verifying your identity and preventing fraud
- researching our advisers’ opinions and exploring new ways to meet your needs
- assessing and developing our products, systems, prices and brand
- fulfilling any legal or regulatory obligations
- sending you marketing information
- monitoring the use of our websites
Most of the information we receive comes directly from you, or at your instruction from your network, your service provider or industry service providers such as Origo. We may also get personal information about you from other sources:
- Financial Conduct Authority – we’ll get information from the Financial Services Register to check the authorisation and permissions of your firm, as well as details of the approved persons(s) under your firm.
- Association of British Insurers (ABI) – we may receive information about you as part of research and analysis for initiatives undertaken in conjunction with other insurers, via the ABI.
- credit reference agencies - we use Experian to verify your identity and conduct a credit check when setting up new agencies and for ongoing due diligence checks. This is to meet our anti-money laundering obligations and to protect against other conduct risks.
- data brokers
- Equifax - we share information on the business placed with us with Equifax, which is stored in their system called Touchstone, to help us and other insurers understand our market share. This is now reported at an agency level, but if you’re a sole trader or part of a partnership, this may also constitute your personal information;
- CRIF decision solutions – we obtain and share information with CRIF, which is a stored on a system called Elixir 2000, in order to meet our regulatory requirement to report remuneration debts and to protect against conduct risk;
- Matrix solutions – we share information on the business placed with us with Matrix Solutions, which is stored on their system called Financial Clarity. This helps us and other insurers understand our market share. This is not reported at an agency level, but if you are a sole trader or part of a partnership this may also constitute your personal information. The information is also used to inform our segmentation model (see section 10 for more details on adviser segmentation) which helps inform our analysis and market research activity.
- comparison services / portals - If you use a comparison service or portal to obtain multiple quotes at once, such as UnderwriteMe’s Comparison Service, the portal provider will share your information with us as well as your client’s information.
- Companies House or other companies who provide access to financial accounts - if we need to verify information on directors, owners or your business, we may obtain information from Companies House or similar companies;
- online resources - if we lose touch with you, we may search for information such as contact details online, so we can get back in touch.
Data Protection gives organisations a number of different conditions to allow us to process your information lawfully.
We’ll only use your personal information when one of these conditions has been met. Below you can see how we use your information and the legal grounds for processing this:
Legal Grounds Use of your information
Your personal information may be processed when we receive your consent.
The consent you provide must be freely given, informed, specific, unambiguous and be given with a positive affirmative action.
Your consent can be withdrawn at any time.
necessary for the performance of a contractYour personal information will be processed when it is necessary in order to enter into or perform a contract. For example where we process your information to assess your agency application or to pay you remuneration.
Setting up and administering your agency
- obtaining quotes, which includes where you use our pre-sale tool as a guest
- processing your application
- managing any changes of business details for example a change of agency, contact details or address
- responding to queries or complaints
- keeping you updated about our service to you, such as letting you know about changes to our Terms of Business or remuneration rates / structures
- assessing and paying your remuneration
Completing any client applications, amends or requests you make
- changing covers, the terms of policies and / or who is covered
- changing your remuneration rates or basis
If we lose touch
We may source information such as contact details so we can get back in contact.
necessary for compliance with a legal obligation
Your personal information may be processed where Royal London has a legal obligation to. For example where we have compliance reporting obligations, we need to conduct checks on new advisers or due to risk indicators.
Verifying your identity and checking creditworthiness
We’ll need to check your identity and conduct credit checks when we first start our relationship or where risk indicators are flagged, in an attempt to protect against money laundering or other conduct risks.
If we offer the ability to accept directors’ guarantees in the future, we may need to obtain copies of your identification documents or identification numbers, for example passport or driving licence number.
Managing the risks to us and our mutual clients
Where risk indicators are flagged, we may conduct extra checks against the FCA register, Experian, Elixir 2000 or Touchstone systems mentioned in section 4, as well as reviewing our own records.
necessary to protect vital interestsThis will usually only apply in "life‑or-death" scenarios.
We may disclose your information to the police or other authorities if we have serious concerns about your wellbeing.
necessary for preventing or detecting unlawful acts
The UK laws, that will bring the GDPR in to effect, gives legal grounds for processing special category and criminal convictions information in connection with preventing crime.
When an agency applies to join us as an approved adviser, we ask if any of the directors, partners or principals have been convicted of or subject to an investigation relating to fraud, dishonesty or bribery, or been investigated by a professional body.
If the answer is yes, depending on the circumstances described on the form, we may refuse an application.
We may also check with other insurers for further information so we can make a decision, or if we have reason to believe an application isn’t truthful. And we may tell your network or service providers if we have identified unethical behaviour.
Necessary for Legitimate Interests
We also use your information when we have a “legitimate interest” and that interest isn’t outweighed by your privacy rights. Each activity is assessed and your rights and freedoms are taken into account to make sure that we’re not being intrusive or doing anything beyond your reasonable expectation. We’ll assess the information we need, so we only use the minimum.
If you want further information about processing under legitimate interests you can contact us using the details below.
You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. f we have a compelling reason we may still continue to use your information.
We use legitimate interests for the following:
Use of your information Legitimate interest(s)
Assessing and developing our products, systems, prices and brand
Our products are developed with a particular set of clients but also with advisers in mind. In order to make sure our plans are still suitable for clients and are working as we intended, we’ll combine customer records, which includes your information as their adviser, to analyse and segment it. We may use your adviser segment details as part of this analysis (see section 10 for more details on adviser segmentation).
We also analyse and monitor the business advisers submit.
We need to be able to identify groups of clients and advisers who might be interested in any new products or services we’re considering.
We need to develop those products and services, and make sure they suit yours and your clients’ needs, that they are performing as expected and that our product charges are fair.
We need to understand the business that we’re selling to ensure we’re reaching our target markets.We need to make sure we’re treating your clients fairly and check the plans you recommend remain suitable for them.
Researching our advisers'opinions and new ways to meet your needs
We may conduct research before we launch new products or before we make changes or improvements to existing products to make sure it’s the right thing to do. We might also conduct research to ask advisers what they think of Royal London, our products and our services.
Where we don’t have your contact details, we may obtain your email address or telephone number from the FS register or data brokers (for example Matrix Solutions to contact you for a research project. However we always take steps to check this is fair and in line with the data protection laws.
We need to make sure our products are suitable for the intended audience and to identify gaps in the market.
We need to see how many categories of advisers we have and to tailor our products and services accordingly.
We need to make sure our communications are easy to understand and that our products are being sold to the correct audience.
We need to make sure our research is efficient and connects with the right types of people, so we can be confident of any decisions we make based on the results.
We market our products to you, so you are able to provide the right advice to your clients.
Where these communications are marketing and so optional, we’ll make it clear you can opt out.
In the future, we will be looking to
- use information about your interactions with us and your segment to tailor our marketing, as well as your experience while on our website(s)
- if you use our pre-sales tool as a guest, we want to contact you to see if your agency would like to become one of our partner firms
Before we start any new activity, we will assess how we do this to make sure it’s fair, and that your rights (including your right to object to marketing) are respected.
We need to grow and sustain our business and develop our brand.
Monitoring the use of our websites
On our websites we use a variety of technologies that collect information about how visitors use our website.
We need to make sure that our websites are secure and work well.
As you’d expect, our employees will access your records in order to use your information for the uses mentioned above. However, only those employees who need access to particular information are given it. For example, our customer service staff need access to your details to support you when you get in contact, and our research teams will need access to a subset of your information to perform their analysis. We regularly check who has access to our systems.
We may also share your personal information with these categories of third parties:
- Our service providers and agents for example mailing houses for printing, offsite storage companies, confidential waste disposal and IT companies who support our technology.
- Our professional advisers: auditors and legal advisers.
- Identity authentication and fraud prevention agencies.
- HM Revenue & Customs, who have powers to ask us for a return detailing all payments to advisers.
- Regulators such as the Financial Conduct Authority and other authorities like the Information Commissioner’s Office.
- Market research agencies.
- The Association of British Insurers (ABI).
- Data Brokers for example Experian, Equifax, Matrix Solutions and CRIF Decisions Solutions.
- Your network or service provider, if we have identified unethical behaviour
We sometimes use third parties located in other countries to provide support services. As a result, your personal information may be processed in countries outside the European Economic Area (EEA).
These services will be carried out by experienced and reputable organisations on terms which safeguard the security of your information and comply with the European data protection requirements. Some countries have been assessed by the EU as being ‘adequate’, which means their legal system offers a level of protection for personal information which is equal to the EU’s protection. Where the country hasn’t been assessed as adequate, the method we have chosen is standard contractual clauses.
The European Commission has recognised ‘standard contractual clauses’ as offering adequate safeguards to protect your rights and we’ll use these where required ensuring adequate protection for your information. The European Commission approved standard contractual clauses are available here.
We use standard contractual clauses for the below activities, to help us provide:
- IT support and technology development with operations based in India
- Other service providers, research partners and administrators with operations based in India and the United States
We always ensure all personal information is provided with adequate protection and all transfers of personal information outside the EEA are done lawfully.
We use Transport Layer Security (TLS) to encrypt and protect email traffic. We also use industry standard tools when information is shared, which use standardised formats and which encrypt information in transit - such as Unipass (provided by Origo), Edi (provider by Opentext) and Unipass (provided by Clearswift). We will always share information such as client information or your remuneration statements via one of these applications which ensure encryption.
However if your email service doesn’t support TLS and you don’t use an encryption tool, the emails you send won’t be protected. We recommend you don’t send anything confidential to us by unsecured email.
Once we receive your information, we use strict procedures and security features to protect your information from unauthorised access.
We’ll keep your personal information for as long as it’s considered necessary, for the purpose for which it was collected, and to comply with our legal and regulatory requirements. This’ll involve keeping your information for a reasonable period of time after your relationship with us has ended.
In the absence of specific legal, regulatory or contractual requirements, information relating to you in our advisor records will be retained for 7 years after the end of your relationship with us. Your information which is included within your client’s plan will be kept for 7 years after the client’s plan has ended.
There are also a few exceptions to this rule, where we need to keep plan information for longer periods. We keep underwriting and quote information for 10 years, to allow us to assess whether our policy cover is appropriate. We need information for the longer period, to make sure we can evaluate a large enough number of cases and make informed decisions. For pension schemes, we need information for all the payments in and out of the scheme to be kept for seven years after the scheme closes. So your information may be kept for a long time.
We’re also running a programme as part of our need to treat our customers fairly. Until this finishes, we’ll be keeping your information beyond seven years.
Automated decisions are where a computer makes a decision about you without a person being involved. We do use credit reference agencies to check your credit report, which we then score using our own rules, but there is always a person involved in this assessment.
We use firm level and business data, to provide us with insight into the distribution market place. We use a variety of publicly available and purchased sources of information to divide the distribution market into categories and sub-categories. The categories and sub-categories are a way of grouping intermediary firm and advisers who are likely to have similar business models, business strategies and potentially have similar customers. The results are assessed and combined so we get a picture of as the distribution market as a whole. Your segment information may also be used in our product and proposition assessments.
In the future we’d like to keep a note of the category you or your agency falls into, against your records, so we can tailor our communications to suit you. Before we do this we’ll assess if this is fair.
Your rights are outlined below. The easiest way to exercise any of your rights would be to contact our Data Protection Officer using the contact details below in section 15 – Contact us. We’ll provide a response within 30 days, if not sooner. There’s normally no charge for exercising any of your rights.
Accessing your personal information
You have the right to find out what personal information we hold about you, in many circumstances.
Correcting or adding to your personal information
If any of your details are incorrect, inaccurate or incomplete you can ask us to correct them or to add information.
In some circumstances you can ask us to send an electronic copy of the personal information you have provided to us, either to you or to another organisation.
Objecting to the use of your personal information for legitimate interests
You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason we may still continue to use your information.
Objecting to direct marketing
You have a specific right to object to our use of your information for direct marketing purposes, which we’ll always act upon.
Restricting the use of your personal information
If you’re uncertain about the accuracy or our use of your information, you can ask us to stop using your information until your query is resolved. We’ll let you know the outcome before we take any further action in relation to this information.
Right to erasure
In some circumstances you can ask us to delete your personal information, such as if your agency agreement has ended and we don’t need to keep your information for legal or regulatory reasons. If we’re using consent to process your information and you withdraw it, you can ask us to delete your information.
If you’re unhappy with how we’re using your information, you have the right to complain to the Information Commissioner’s Office. We’d encourage you to contact us first, so we can help with your concerns.
The Information Commissioner’s Office can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If we want to use your personal information for a new purpose which we haven’t previously told you about, we’ll contact you to explain the new use of your information. We’ll set out why we’re using it and our legal reasons.
Making sure that we keep you up to date with privacy information is a continuous responsibility and we keep this notice under review. We’ll update our notice as changes are required.
This privacy notice was last updated on the 25th May 2018 and is version 1.0.
If you have any questions or comments regarding this privacy notice, or if you’re not happy with the way Royal London uses your information, please contact us using the details below.
Post: Data Protection Officer, Royal London, Royal London House, Alderley Road, Wilmslow, Cheshire, SK9 1PF.
Phone: 0800 085 8352