Royal London pensions and services app privacy notice

This notice describes how we collect, store, use and share personal information in relation to our pensions and services mobile app (the “App”). 

1. Who we are

When we say ‘we’, ‘us’ or “Royal London” in this notice we’re referring to The Royal London Mutual Insurance Society Limited, a company registered in England and Wales (registration number: 99064), registered office: 80 Fenchurch Street, London, EC3M 4BY. This notice describes how we collect, store, use and share personal information in relation to our Pensions and Services App.

2. What kinds of personal data do we hold about you and how we use it?

As a customer of Royal London, we use your information in a number of ways.

App Access and Identification

To access your pension plan details through the App, you will need to provide the following information when you first download the App so that we can identify you and your pension plan details:

• Information about you – your surname and date of birth
• Contact information – postcode, email address and mobile phone number
• Government identifiers – your National Insurance number
• Contractual Information – your pension plan number

Ongoing Access

To access the App on an ongoing basis, we will ask for the following information:

• Username (your email address)
• Password
• Mobile phone number

Your mobile number and email address will be used for security purposes in identifying you and communicating with you regarding your policy. This information is stored with your username and password and we retain these details whilst you continue to be a customer of Royal London.

You can also activate “Touch ID” or “Face ID” to access the App. Please note that this biometric data is held on your mobile device and Royal London doesn’t have access to this information.

Pension Plan Changes and Authorisation

For certain features within the App, we’ll use the information you provide via the App to process your request.  For example, where you are using our ‘pay in’ feature and are authorising a transfer of an existing pension plan to Royal London, or you are adding nominated beneficiaries to your pension plan, information entered into the App that we would use to process your request may include:

• Pension plan number you are thinking of transferring
• Name of ceding provider that the pension plan is held with
• The estimated pension plan value that you are transferring
• Beneficiary name, relationship and % allocation
• Your electronic authorisation to proceed with the request

Information we already hold about you which we would use with the ceding provider to process your request would include:

• Name
• Address
• Date of birth
• National Insurance number
• Relevant contact details, such as your address, mobile phone number and email address

Push Notifications

Where you opt in to receive push notifications, we’ll send notifications to your device through the App. We’ll use notifications to provide you with:   

• information about Royal London and its initiatives (for example, ProfitShare and membership information)
• information produced by Royal London on financial affairs and financial wellbeing
• information in relation to pension plan(s) you have with us 

Analytics and App Development

Where you have given us your permission, we collect information through Google Analytics. We use this data to develop and improve our App by using your anonymous usage data.

We’ll collect information on how and when you use our App, including:

• the screens you access
• the time and date you access the App
• the make and model of your mobile device
• the operating system, like iOS and Android

You can review or change your permission at any time by logging into the Account section of the App.

Security and usage

We use third party security software which also collects and analyses how and when you use the App. Royal London uses this information, alongside existing information we hold about you and your pension plan to identify errors, enhance our App and improve your experience.  

Marketing and Communications

From time to time, we will send you information about our offers and products that are relevant to you. This can be by post, email, text, other electronic means or where you have not previously opted out. You can easily change your mind and “opt out” of receiving marketing information anytime by contacting us on 0345 605 0050 or by using our online form Write to us - get in touch by email - Royal London or by writing to us using the contact details in Section 10 below.

3. What are our legal grounds for using your personal information?

The UK General Data Protection Regulations 2018 sets out specific grounds under which your personal data maybe lawfully processed. The legal grounds for the processing of personal data by us will depend on the purpose for which the processing is being carried out.

We’ll only use your personal data when one of these grounds has been satisfied.  Below you can see how we use your personal data when using the App and the legal grounds for processing this:

• Necessary for the performance of a contract, e.g. to provide access to the App and or where you authorise us to complete transactions or make changes to your pension plan.
• Consent - where you provided consent we will send you push notifications and/or collect information through Google Analytics.
• Legitimate Interests – information to help develop our digital platforms, e.g. security and usage of the App and its functions. This enables us to grow and sustain our business, meet our customer’s needs, develop our brand and communicate with our members effectively.  We may send you servicing communications, and, or offers, that we think may be relevant to you, unless you`ve previously objected to receiving these. Contact details are provided above in the “Marketing and Communications” section 2 above if you do not want to receive marketing communications.

Royal London Pensions Privacy Notice

For further information on how we use your personal information, legal grounds and for your pension plan in general, please visit royallondon.com/privacy.

4. Who do we share your personal data with?

Certain employees of Royal London are given access to your personal information. We also share your information with other companies, but we only use trusted third parties, such as:

• Our service providers, approved IT specialists who support our technology
• Your financial adviser, if you have appointed one
• Auditors, legal advisers and legal/regulatory bodies, including the Information Commissioner’s Office (ICO)

For transactions authorised via the App, we’ll share certain information with relevant parties that are required to carry out your wishes.  This would include a ceding provider where you are looking to transfer another pension plan to Royal London.

5. Overseas transfers

Our App is hosted by Royal London in the UK.  However, we may use third parties located in other countries to provide support services.  As a result, your personal data may be processed in countries outside the UK and European Economic Area (EEA). Where this occurs we always ensure your personal data is provided with adequate protection and all transfers of personal data are done lawfully and are compliant with the UK GDPR.

6. How long do we keep your personal information?

If you delete our App from your mobile device, you will still be able to access our online services with your account log-in details.  Deletion of the App will not impact the data that we hold about you to administer your pension. Please visit our royallondon.com/privacy for further details on how long we retain your data.

7. What are my rights?

Your rights are outlined below. The easiest way to exercise any of your rights would be to contact our Data Protection Officer at the contact details provided in Section 10.  We will provide a response within one month, if not sooner.  There is normally no charge for exercising any of your rights. We may ask you for proof of identity when you request to exercise some of these rights to ensure we are dealing with the correct individual.

Access to your personal data

You have the right to find out what personal data we hold about you, in many circumstances. Please see Section 10 below for our contact details.

Correcting or adding to your personal data

If any of your details are incorrect, inaccurate or incomplete, you can ask us to correct them or to add information.

Withdrawing your consent

If you have provided consent for us to use your personal data, you have the right to withdraw it at any time.  If you withdraw consent, then we are not allowed to use your personal data going forward.  However, it would not invalidate processing that was carried out before you withdrew consent.

Withdrawal of consent may impact the product and services we can provide to you or the ability to administer your policy or process your claim.  In this event, we will let you know what the impact would be.

Transferring your personal data to another organisation (Data portability)

In some circumstances, you can ask us to send an electronic copy of the personal data you have provided to us, either to you or to another organisation.

Objecting to the use of your personal data for legitimate interests

You also have the right to object to any processing done under legitimate interests.  We will re-assess the balance between our interests and yours, considering your particular circumstances.  If we have a compelling reason, we may still continue to use your personal data if that interest is not deemed to be outweighed by your privacy rights. However, we will inform you of that decision and reasoning for continuation of processing.

Objecting to direct marketing

You have a specific right to object to our use of your personal data for direct marketing purposes, which we will always act upon.

Objecting to automated decision making

You have a right to object if we have made an automated decision, including profiling, which has legal and / or significant effect against you.  You may also have the right to challenge the decision and ask for a human review.  These rights do not apply if we are authorised by the law to make such decisions and appropriate safeguards are in place to protect your rights.

Restricting the use of your personal data

If you are uncertain about the accuracy or our use of your personal data, you can ask us to stop using your personal data until your query is resolved.  We will let you know the outcome before we take any further action in relation to this personal data.

Right to Erasure

You can ask us to delete your personal data in some circumstances, such as if your policy has ended and we do not need to keep it for legal or regulatory reasons  If we are using consent to process your personal data and you withdraw it, you can ask us to erase it.

8. Right to complain to the supervisory authority?

If you are dissatisfied with how we use your personal data, you have the right to complain to the Information Commissioner’s Office. We would encourage you to contact us first, so we can help with your concerns.

The Information Commissioner`s office can be contacted by:

Visiting their website: www.ico.org.uk

Phone on: 0303 123 1113

Write to: Information Commissioner`s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

9. Changes to our privacy notice

Making sure that we keep you up to date with privacy information is a continuous responsibility and we keep this notice under review.  We will update our notice as changes are required.

For further details of how your personal data is processed please visit royallondon.com/privacy

This privacy notice was last updated on 13th March 2024.

10. Contact us

If you have any questions or comments regarding this privacy notice, or if you’re not happy with the way Royal London uses your information, please contact us using the details below. You can also call if you want this information in another format such as Braille, large print. 

Post: Data Protection Officer, Royal London, Royal London House, Alderley Park, Congleton Road, Nether Alderley, Macclesfield SK10 4EL.

Email: GDPR@Royallondon.com