Intermediary pensions privacy notice

This notice describes how we collect, store, use and share personal information. It applies to personal information provided to us, both by you or by others on your behalf.  It also explains the rights you may have in relation to the personal information that we hold about you.

Where you submit information about others such as family members and beneficiaries, we’ll explain how their information will be used. Please make sure that they’re aware of this.

Download the pensions privacy notice here.

When we say ‘we’ or ‘us’ in this notice we’re referring to Royal London Mutual Insurance Society Limited, a company registered in England and Wales (registration number:99064).

We may collect and process the following:

  • information about you – for example name, age, gender, date of birth, nationality. We need this information to help us identify you, but also to allow us to contact you at the right time - such as when you’re approaching your retirement date.
  • government identifiers – for example identification document (driving license, passport) information and National Insurance number.
  • contact Information - for example email, address, postcode and phone number
  • online Information – for example cookies and IP address (your computer’s internet address), if you use our websites
  • financial information – for example salary and bank account details for any payments you make to us or we make to you. If you make a big deposit into your pension we ask where the money has come from to comply with money laundering laws.
  • audio or video recordings – for example voice recording when you contact us, complete a survey at the end of a call to our Customer Services Team or CCTV footage if you visit our offices. Calls maybe recorded for training and monitoring purposes to help us continually improve our customer service and also to protect you and your information.
  • contractual Information – for example details about your products and benefits.
  • socio-demographic information – for example employment status, work or profession, education and where you sit within the UK’s social and income groups.
  • family & beneficiaries information – for example marital status, next of kin or nominated beneficiaries. 
  • health information – for example if we need to validate an ill health claim for your pension.

When we collect your information, we’ll let you know if any of it is optional. If it is, we’ll explain why it would be useful to us, and you can decide whether it’s something you’re happy for us to have.

We use the information we obtain directly from you, your adviser or your employer for a number of reasons:

  • setting up and administering your plan
  • completing any requests or claims you make
  • verifying your identity and preventing fraud 
  • researching our customers’ opinions and exploring new ways to meet their needs 
  • assessing and developing our products, systems, prices and brand 
  • fulfilling any legal or regulatory obligations
  • providing optional tools for you to assess your plan/retirement savings
  • sending you marketing information 
  • if you’re a member, sending you membership information and managing your rights
  • monitoring the use of our websites

Most of the information we receive comes directly from you or your financial adviser or your employer. However, we may also get personal information about you from other sources:

  • tracing companies - if we lose touch with you, we may source information such as contact details so we can get in touch and remind you about your product.
  • medical professionals – for example if we need information to support an ill health claim 
  • data brokers (e.g. Experian) 
  • if we need contact information (email and phone numbers) to carry out customer research, promote brand awareness or remind you about the benefits of your plan or; 
  • to help put our customers into groups for product development and assessment purposes. 
  • credit reference agencies - so we can check your identity 
  • third party’ cookies - to collect information on how visitors use our website. Our cookie policy can give you more information. 
  • comparison services / portals - If your adviser used a comparison service or portal to obtain multiple quotes at once, the portal provider may share your underwriting information with us. 
  • Companies House or other companies who provide access to financial accounts - if we need to verify information on your finances, we may obtain copies of Reports and Accounts from Companies House or similar companies.

As you’d expect, our employees will access your records in order to use your information for the uses mentioned above. However, only those employees who need access to particular information are given it. For example, our customer service staff need access to your policy details to support you when you get in contact, and our research team will need access to a subset of your information to perform their analysis. We regularly check who has access to our systems.

We may also share your personal information with these categories of third parties:

  • Your financial adviser, for example you may have authorised your adviser to:
    • Make changes for you.
    • Told them they can only obtain copies to look after your products.

If you've appointed an adviser they'll receive reports on your plan activity.

  • Your employer - for example they’ll receive reports to help them help you, like an annual report highlighting employees who:
    • have paid more than their tax free allowance into their pension;
    • who aren’t contributing; 
    • are investing in high risk funds and may want to seek financial advice.
  • Our annuity bureau panel of providers who help us to provide quotes for you – if you have a pension and choose to use the service when you retire.
  • Trustees – where you pension scheme is the type which involves trustees, we’ll need to share some information with them to help the trustees meet their legal obligations to help look after your money.
  • Our service providers and agents for example mailing houses for printing, offsite storage companies, confidential waste disposal and IT companies who support our technology.
  • Reinsurers, as it’s quite complicated for us to explain which reinsurer is tied to which plan, contact us for details of your current reinsurer. 
  • Other professional advisers: auditors, medical agencies and legal advisers; 
  • Identity authentication and fraud prevention agencies. 
  • HM Revenue & Customs, regulators such as the Financial Conduct Authority and other authorities like the Information Commissioner’s Office; 
  • UK Financial Services Compensation Scheme. 
  • Market research agencies. 
  • Data Brokers (for example Experian). 
  • Direct debit (DD) scheme - if you use DDs 
  • Companies you ask us to share your information with.
  • Where you have a workplace scheme, we may share data with third parties such as employer’s financial adviser has procured to provide collated benefits information to you. Please contact your employer for information as to whether this is relevant.

We sometimes use third parties located in other countries to provide support services. As a result, your personal information may be processed in countries outside the European Economic Area (EEA).

These services will be carried out by experienced and reputable organisations on terms which safeguard the security of your information and comply with the European data protection requirements. Some countries have been assessed by the EU as being ‘adequate’, which means their legal system offers a level of protection for personal information which is equal to the EU’s protection. Where the country hasn’t been assessed as adequate, the method we have chosen is standard contractual clauses.

The European Commission has recognised ‘standard contractual clauses’ as offering adequate safeguards to protect your rights and we’ll use these where required ensuring adequate protection for your information. The European Commission approved standard contractual clauses are available here.

We use standard contractual clauses for the below activities, to help us provide:

  • IT support and technology development with operations based in India
  • global reassurance partners with operations based in the United States 
  • other service providers, research partners and administrators with operations based in India and the United States

We always ensure all personal information is provided with adequate protection and all transfers of personal information outside the EEA are done lawfully.

We use Transport Layer Security (TLS) to encrypt and protect email traffic. However if your email service doesn’t support TLS, any emails you send won’t be protected. We recommend you don’t send anything confidential to us by email.

Once we receive your information, we use strict procedures and security features to protect your information from unauthorised access.

We’ll keep your personal information for as long as it’s considered necessary, for the purpose for which it was collected, and to comply with our legal and regulatory requirements. This'll involve keeping your information for a reasonable period of time after your plan or your relationship with us has ended.

In the absence of specific legal, regulatory or contractual requirements, any other personal information is kept for our baseline retention period - this is seven years after your plan has exited.

For pension schemes, we need information for all the payments in and out of the scheme to be kept for seven years after the scheme closes. So your information may be kept for a long time.

We’re also running a programme as part of our need to treat our customers fairly. Until this finishes, we’ll be keeping your information beyond seven years.

Automated decisions are where a computer makes a decision about you without a person being involved. We also profile our customers - which means we make assumptions about you to help us treat you fairly.


We use Experian software, to provide us with insight into our customers. The software uses a variety of publicly available and market research sources to divide the UK population into a series of categories. The categories are a way of grouping people who are likely to have similar social, demographic (i.e. age, location) and financial circumstances. The results are assessed and combined so we get a picture of our customers as a whole.

In the future we’d like to keep a note of the category you fall into, against your records, so we can tailor our communications to suit you. Before we do this we’ll assess if this is fair.


The Financial Conduct Authority defines a vulnerable consumer as someone who, due to their personal circumstances, is especially likely to experience disadvantage. It’s been identified that a lot of people will be vulnerable at some point in their life, so we need to make sure we can identify who these customers are and support them.

We’ve created our own method, using socio-economic data from Experian and additional research with consumers, to help us assess levels of vulnerability within the UK population. We then use this information to help identify how many of our customers are likely to be more vulnerable, and ensure our products are designed with this in mind. For example, we may provide additional information on our statements where we suspect our customers might be less financially capable or less engaged in financial matters.

In the future we’d like to keep a note of the category you fall into, against your records, so we can tailor our communications to suit you. Before we do this we’ll assess if this is fair.

Your rights are outlined below. The easiest way to exercise any of your rights would be to contact our Data Protection Officer at using the contact details below in section 15 - Contact us. provided. We’ll provide a response within 30 days, if not sooner. There’s normally no charge for exercising any of your rights.

Accessing your personal information 

You have the right to find out what personal information we hold about you. 

Correcting or adding to your personal information 

If any of your details are incorrect, inaccurate or incomplete you can ask us to correct them or to add information. 

Data portability 

In some circumstances you can ask us to send an electronic copy of the personal information you have provided to us, either to you or to another organisation. 

Objecting to the use of your personal information for legitimate interests 

You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason we may still continue to use your information. 

Objecting to direct marketing 

You have a specific right to object to our use of your information for direct marketing purposes, which we'll always act upon. 

Restricting the use of your personal information 

If you're uncertain about the accuracy or our use of your information, you can ask us to stop using your information until your query is resolved. We'll let you know the outcome before we take any further action in relation to this information. 

Right to Erasure 

In some circumstances you can ask us to delete your personal information, such as if your plan has ended and we don't need to keep your information for legal or regulatory reasons. If we're using consent to process your information and you withdraw it, you can ask us to erase your information.

If you’re unhappy with how we’re using your information, you have the right to complain to the Information Commissioner’s Office. We’d encourage you to contact us first, so we can help with your concerns. 

The Information Commissioner’s Office can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 If we want to use your personal information for a new purpose which we haven’t previously told you about, we’ll contact you to explain the new use of your information. We’ll set out why we’re using it and our legal reasons.

Making sure that we keep you up to date with privacy information is a continuous responsibility and we keep this notice under review. We’ll update our notice as changes are required. 

This privacy notice was last updated on the 25th May 2018 and is version 1.2.

If you have any questions or comments regarding this privacy notice, or if you’re not happy with the way Royal London uses your information, please contact us using the details below. 

You can also call for a recorded version or if you want this in another format.

Post: Data Protection Officer, Royal London, Royal London House, Alderley Road, Wilmslow, Cheshire, SK9 1PF. 


Phone: 0800 085 8352