Intermediary pensions privacy notice

1. Who we are

Throughout this notice, when we say ‘we’ or ‘us’ we’re referring to the Royal London Mutual Insurance Society Limited, a company registered in England and Wales, and authorised by the FCA. (registration number:99064)

2. What is personal data and why do we collect and process it?

Personal data is defined under the General Data Protection Regulation (GDPR) as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In essence, personal data is your personal information. Please see section 3 below for the type of personal data that we collect. We collect and process personal data primarily in order to provide you with our products and to administer a policy you have with us. Section 4 of this privacy notice tells you what you can expect us to do with your personal data when you make contact with us or use one of our services.

3. What kinds of personal data do we hold about you?

When we collect your personal data, we’ll let you know if any of it is optional. If it is, we’ll explain why it would be useful to us, and you can decide whether it’s something you’re happy for us to have.

Dependent on the type of product and service provided we may collect and process the following personal data about you:

Information about you - such as your name, age, gender, date of birth and nationality.
Special category data - this is personal data that needs more protection because it is sensitive. Where it is relevant to your policy, we will collect information relating to your medical history, health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, and biometric data, where it is used for identification purposes.
Government identifiers – for example, information from your identification documents, such as National Insurance number, your driving license or passport.
Contact information – for example, your address, postcode, email address and phone numbers.
Online information – for example, cookies and IP address (your computer’s internet address), if you use our websites.
Financial information – for example, salary and your bank account details for any payments you make to us or we make to you. If we need to verify information on your finances, we may require copies of your financial accounts.
Telephone calls or video recordings – for example, voice recording when you contact us, complete a survey at the end of a call to our Customer Services Team or CCTV footage if you visit our offices.
Contractual Information – for example, details about your products and benefits.
Socio-demographic information – for example, employment status, work or profession, education and where you sit within the UK’s social and income groups.
Family & beneficiaries’ information – for example, your marital status, dependants, next of kin or nominated beneficiaries. If you provide information on another individual it’s important you ensure they are aware of the detail you`ve provided to us. Their personal data will be processed in accordance with this Privacy Notice, so please let them know it’s important that they read this policy

4. How we use your personal data

We use your personal data for a number of reasons:

Providing a quote, processing your application, setting up and administering your plan.
Completing any requests, making and receiving payments, or managing any queries or claims you make.
Verifying your identity, preventing fraud and financial crime. If you make a big deposit into your pension, we ask where the money has come from to comply with money laundering laws.
Researching our customers’ opinions and exploring new ways to enhance the servicing experience we provide to meet your needs.
Assessing, developing and managing our products, systems, prices, our business and brand.
Providing optional tools for you to assess your plan/retirement savings.
If you’re a member, sending you membership information and managing your rights.
Fulfilling any other legal or regulatory obligations.
Sending you information relating to your product.
Sending you marketing information by post or where you have provided permission to be contacted by email, text and other electronic means – you can easily change your mind and “opt out” of receiving marketing information anytime. Please Contact us , this gives an option to call, email, fill out a form to change details or ask a question or customers can write to us.
Telephone calls may be recorded to allow you to give us instructions by phone to analyse, assess and improve our customer service, for training and quality purposes, to manage complaints and to protect you and your information from fraud and financial crime.
Identifying vulnerable customers to help determine whether we need to take further steps to ensure these customers are not disadvantaged in any way (please refer to section 11 for further information).
Managing the relationship with your Financial Adviser if you have appointed one.
Monitoring the use of our websites – for further information, please see our Cookie Policy.

5. Where do we get your personal data from?

Most of the personal data we receive comes directly from you, your Financial Adviser or your employer when you apply for one of our products or services. We may also obtain personal data about you from other sources.

Medical professionals – for example, if we need information to support an ill health claim. We will only do this if you provide us with consent.
Comparison services/portals - If your Financial Adviser used a quotation service to obtain premium quotes for you, the service provider will share some of your information with us.
Tracing companies - if we lose touch, we may use a trusted 3rd party to find you and reunite you with your policy, if we can.
Credit reference agencies, such as Experian to verify your identity.
Data brokers
- if it’s necessary and reasonable to obtain contact information (email and phone numbers) to carry out customer research, promote brand awareness or remind you about the benefits of your plan; or;
- to help put our customers into groups for product development and assessment purposes.
‘Third party’ cookies - collect information on how visitors use our website. Our Cookie policy can give you more information.
Information may be provided by the policyholder on behalf of another party to the policy. For example, a beneficiary.
Publicly available information - Companies House or other companies who provide access to financial accounts. If we need to verify information on your finances, we may obtain copies of Reports and Accounts from Companies House or similar companies - including specialist database companies, such as the Dow Jones and the electoral register for verifying your identity.

As you’d expect, our employees will access your records for the purposes mentioned above. However, only those employees who need access to particular information are given it. For example, our customer service staff need access to your policy details to support you when you get in contact and our research team will need access to a subset of your information to perform their analysis. We regularly check who has access to our systems.

We may also share your personal data with these third parties:

Your Financial Adviser, if you have appointed one. For example, you may have authorised your Financial Adviser to:
- Make changes to your policy on your behalf.
- Obtain copies of your documentation to look after your policies.
- Use designated online portals to manage your policies on your behalf.
- Receive reports on your policy status and the remuneration they earn based on this. This information helps your Financial Adviser provide advice and services to you.
Your employer - for example, they’ll receive reports to highlight employees who:
- Paid more than their tax free allowance into their pension.
- Who aren’t contributing.
- Are investing in high risk funds and may want to seek financial advice.
Where you have a workplace scheme, we may share personal data with third parties such as any advisers that your employer has procured to provide collated benefits information to you. Please contact your employer for information as to whether this is relevant.
Our annuity bureau panel of providers who help us to provide quotes for you – if you have a pension and choose to use the service when you retire.
Trustees – where your pension scheme is managed by trustees, we’ll need to share some information with them o that they can meet their legal obligations to help look after your money.
Our service providers, e.g. those who perform some underwriting activities for us, mailing houses for printing, market research agencies, offsite storage, confidential waste disposal companies and approved IT specialists who support our technology.
Our professional advisers: auditors, medical professionals, legal advisers.
Our Reinsurers* who require data including policy details, claims, medical and suspected fraud and other financial crime data.
Identity authentication, law enforcement and fraud prevention agencies.
Legal and Regulatory bodies e.g. HM Revenue & Customs, The Financial Conduct Authority, Information Commissioner`s Office and the UK Financial Services Compensation Scheme.
Data Brokers in order for us to source contact details for research, where appropriate.
Our bank, if you pay your premium by Direct Debit.
Companies within the Royal London Group.
Companies you ask us to share your information with.
In the event Royal London was to merge or sell any part of its business or assets, it will be necessary to pass your personal data to the prospective buyer/party.
We may share your information with advertising partners (e.g. Facebook) to help us identify and market to new customers. We will always consider your rights and freedoms before we do this and assess the balance between our interests and yours.

Please note that any third parties will only process your personal data on our instructions and where they have agreed to treat the data confidentially and to keep it secure.

* Reinsurance, or insurance for insurers, allows us to insure some of our risk with another company or companies. Our Reinsurers will use your personal data for purposes such as, but not limited to, deciding whether to provide reinsurance cover to us, assessing and dealing with claims and to meet legal requirements. They’ll keep your personal data for as long as needed for the relevant purposes, in line with their obligations under GDPR, and may need to disclose it to other companies within their group, their agents, third party service providers, law enforcement or regulatory bodies. Let us know if you want further details of the Reinsurers specific to your policy by using the details in the Contact Us section.

7. What are our legal grounds for using your personal information?

The GDPR and associated legislation set outs specific grounds under which your personal data may be lawfully processed. The legal grounds for the processing of personal data by us will depend on the purpose for which the processing is being carried out.

We’ll only use your personal data when one of these grounds has been satisfied. Below you can see how we use your personal data and the legal grounds for processing this:

Uses of your Personal Data	Legal Grounds
Buying in Information We may obtain your email address from data brokers if, for example, we’d like to use it for a research project. We will ensure the data broker has obtained your consent to the sharing of your information. Medical Information For an ill health claim or to assess your capacity, we will also ask for your consent before we contact your medical practitioner or your GP so they can provide the necessary information Vulnerability Information We process your information to be able to treat you as a vulnerable customer (if due to personal circumstances you are in a vulnerable position). You may, at your discretion, provide us with this type of information on a voluntary basis and based on your consent. We have tools and calculators available on our website designed to help you and / or your adviser to assess your finances. Any information you submit to these tools and calculators is optional and we explain, in detail, how it’s used. Cookies On our website, we use ‘third party’ cookies that collect information about how visitors use our website. Please see our Cookie policy for further information.	Consent Your personal data may be processed when we receive your consent. The consent you provide must be freely given, informed, specific, unambiguous and given with a positive affirmative action. Your consent can be withdrawn at any time.
Setting up and administering your policy This covers all the usual activities, such as Processing your application. Calculating your premium. Making and receiving payments. Managing any changes of personal details such as changes of address or name Servicing your policy. Responding to queries or complaints. Keeping you updated about your products, such as sending you yearly statements and reminders. Managing your funds and deciding what your funds are invested in / what options are available. Managing the relationship with your Financial Adviser, if you have appointed one. For insurance purposes. We may share your data with one of our reassurance partners to ensure we manage our risks. Completing any requests or claims you make This includes Paying a lump sum. Paying a regular income. Processing a claim in the unfortunate event of your ill health or death. If we lose touch We may use a trusted 3rd party to find you and reunite you with your policy.	Necessary for the performance of a contract The personal data you provide or that of a joint party to the contract may be processed when it is necessary to enter into or perform a contract. E.g. where we process your personal data to assess your application, calculate your premium or to provide your policy.
We use your personal data & special category data, where necessary, to comply with legal obligations including: Establishing your identity, residence and tax status in order to comply with laws and regulations on taxation and the prevention of money laundering, fraud and terrorist financing. Providing you with statutory and regulatory information and statements. Preparing tax and other returns to regulators and the HM Revenue and Customs. Complying with the requirements of Legal and Regulatory bodies e.g. HM Revenue and Customs, The Financial Conduct Authority, Information Commissioner`s Office, and the Financial Ombudsman’s Service. If you’re a member of Royal London, we need to provide you with mandatory information about our Annual General Meeting (AGM) so you can attend and vote. We also have a legal obligation to provide a copy of our members register to anyone who requests it – this includes your name, address and the date you became a member and eligible to vote. Keeping proper books and records and risk management governance to ensure the company stays financially sound. Carrying out internal reporting, quality checking, compliance controls and audits to help meet these obligations. Reporting to and, where relevant, conducting searches on industry registers. This includes screening all customers against sanction lists and Politically Exposed Persons lists. Complying with court orders.	Necessary for compliance with a legal obligation Your personal data may be processed where Royal London has a legal obligation to perform such processing.
We may disclose your information to the Police or other authorities if we have serious concerns about your wellbeing.	Necessary to protect vital interests This will usually only apply in "life‑or-death" scenarios.
In certain cases, and where necessary, the special category data provided may be processed for the following purposes: To defend legal and prospective claims, To pursue legal proceedings or prospective legal proceedings, or For the purposes of establishing, exercising or defending legal rights.	Necessary to provide legal advice and legal proceedings The 2018 Data Protection Act provides legal grounds for processing special category data (medical information) for legal advice and legal proceedings.
The medical information you, or your medical practitioner, or GP provided will be used, where necessary, for assessing your capacity to work and or for a claims assessment. We will verify that your GP has completed their section on the form if your plan value is over a certain amount. We may also share your information with our Chief Medical Officer, if we need further help to check whether you meet HM Revenue & Custom’s rules around accessing your pension early.	Necessary for an insurance product The 2018 Data Protection Act also provides legal grounds for processing your special category data (medical information) in connection with an insurance or occupational pension.
Necessary for legitimate interests We also use your information when we have a “legitimate interest” and that interest isn’t outweighed by your privacy rights. Each activity is assessed, and your rights and freedoms are taken into account to ensure that we’re not being i Necessary for legitimate interests We also use your personal data when we have a “legitimate interest” and that interest isn’t outweighed by your privacy rights. Each activity is assessed, and your rights and freedoms are considered to ensure that we’re not being intrusive or doing anything beyond your reasonable expectation. We’ll assess the information we need, so we only use the minimum. If you want further information about processing under legitimate interests, you can contact us using the details below. You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason, we may still continue to use your personal data. We use legitimate interests for the following:
Use of your personal data	Legitimate interest(s)
Our products are developed with a particular set of customer needs in mind. In order to make sure your policy is still suitable for you and is working as we intended, we combine your information with other customers’ to analyse and segment it. For example, we may look at a segment of the plans that don’t have an adviser or employer attached to see if we need to offer different services to these customers. We also combine your information with other customers’ to assess how much money we need to have available at any time.	To assess and develop our products, systems, prices, business and brand We need to be able to identify groups of customers who will want new products or services that we are considering developing. We need to develop those products and services, and make sure our product charges are fair. We need to make sure we are treating you fairly and check your product is suitable for you. We need to make sure that we are looking after your money and that we have enough money to pay our customers when the time comes.
We collect and provide service information on your policy. We financially assess the performance of our business, we conduct risk management exercises and we carry out long-term statistical modelling. We manage our network and information security (for example, developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions.) We also use CCTV at our premises. We share your personal data with Royal London Group and our service providers.	To manage our business: To improve our service quality and for training purposes. To help us understand our risks, provide management information and help us to manage our business. To ensure that our systems are always secure and that your data is always protected. To prevent and detect fraud, dishonesty and other crimes (for example, to prevent someone trying to steal your identity). To protect our staff and visitors for health and safety reasons and security purposes. For internal administrative, audit, statistical, or research purposes. Where possible, we will make your data anonymous. Your data will only be transmitted within the Group and to our service providers when appropriate safeguards, including contractual provisions, are in place.
We may conduct research before we launch new products or before we make changes or improvements to existing products to make sure it’s the right thing to do. We might also conduct research to ask customers what they think of Royal London, our product and services.	To research our customers’ opinions and new ways to meet our customers’ needs We need to make sure our products are suitable for the intended audience and to identify gaps in the market. We need to see how many categories of customers we have and to tailor our products and services accordingly. We need to make sure our communications use the right language and that our products are being sold to the correct audience. We need to make sure our research is efficient and connects with the right types of people, so we can be confident of any decisions we make based on the results. Where we don’t have your contact details, we may obtain your telephone number from data brokers (e.g. Experian) to contact you for a research project. However, we always take steps to check that you have not objected to such contact, e.g. by checking the Telephone Preference Service (TPS).
We’ll send marketing to you as a member of Royal London, which includes updates from our business and helpful information about things that may affect your finances. We don’t currently market other products to you. However, we’re looking to start communicating with you more frequently about your policy and also finances generally, with tailored communications that are more relevant to you. Where these communications are marketing and so optional, we’ll make it clear you can opt out. We won’t do this if you have told us not to.	Marketing We need to ensure our communications are in line with Royal London’s values We also need to grow and sustain our business, develop our brand and effectively communicate with our policyholders.

Uses of your Personal Data

Legal Grounds

Buying in Information

We may obtain your email address from data brokers if, for example, we’d like to use it for a research project. We will ensure the data broker has obtained your consent to the sharing of your information.

Medical Information

For an ill health claim or to assess your capacity, we will also ask for your consent before we contact your medical practitioner or your GP so they can provide the necessary information

Vulnerability Information

We process your information to be able to treat you as a vulnerable customer (if due to personal circumstances you are in a vulnerable position). You may, at your discretion, provide us with this type of information on a voluntary basis and based on your consent.

We have tools and calculators available on our website designed to help you and / or your adviser to assess your finances. Any information you submit to these tools and calculators is optional and we explain, in detail, how it’s used.

Cookies

On our website, we use ‘third party’ cookies that collect information about how visitors use our website. Please see our Cookie policy for further information.

Consent

Your personal data may be processed when we receive your consent.

The consent you provide must be freely given, informed, specific, unambiguous and given with a positive affirmative action.

Your consent can be withdrawn at any time.

Setting up and administering your policy

This covers all the usual activities, such as

Processing your application.
Calculating your premium.
Making and receiving payments.
Managing any changes of personal details such as changes of address or name
Servicing your policy.
Responding to queries or complaints.
Keeping you updated about your products, such as sending you yearly statements and reminders.
Managing your funds and deciding what your funds are invested in / what options are available.
Managing the relationship with your Financial Adviser, if you have appointed one.
For insurance purposes. We may share your data with one of our reassurance partners to ensure we manage our risks.

Completing any requests or claims you make

This includes

Paying a lump sum.
Paying a regular income.
Processing a claim in the unfortunate event of your ill health or death.

If we lose touch

We may use a trusted 3rd party to find you and reunite you with your policy.

Necessary for the performance of a contract

The personal data you provide or that of a joint party to the contract may be processed when it is necessary to enter into or perform a contract. E.g. where we process your personal data to assess your application, calculate your premium or to provide your policy.

We use your personal data & special category data, where necessary, to comply with legal obligations including:

Establishing your identity, residence and tax status in order to comply with laws and regulations on taxation and the prevention of money laundering, fraud and terrorist financing.
Providing you with statutory and regulatory information and statements.
Preparing tax and other returns to regulators and the HM Revenue and Customs.
Complying with the requirements of Legal and Regulatory bodies e.g. HM Revenue and Customs, The Financial Conduct Authority, Information Commissioner`s Office, and the Financial Ombudsman’s Service.
If you’re a member of Royal London, we need to provide you with mandatory information about our Annual General Meeting (AGM) so you can attend and vote. We also have a legal obligation to provide a copy of our members register to anyone who requests it – this includes your name, address and the date you became a member and eligible to vote.
Keeping proper books and records and risk management governance to ensure the company stays financially sound.
Carrying out internal reporting, quality checking, compliance controls and audits to help meet these obligations.
Reporting to and, where relevant, conducting searches on industry registers. This includes screening all customers against sanction lists and Politically Exposed Persons lists.
Complying with court orders.

Necessary for compliance with a legal obligation

Your personal data may be processed where Royal London has a legal obligation to perform such processing.

We may disclose your information to the Police or other authorities if we have serious concerns about your wellbeing.

Necessary to protect vital interests

This will usually only apply in "life‑or-death" scenarios.

In certain cases, and where necessary, the special category data provided may be processed for the following purposes:

To defend legal and prospective claims,
To pursue legal proceedings or prospective legal proceedings, or
For the purposes of establishing, exercising or defending legal rights.

Necessary to provide legal advice and legal proceedings

The 2018 Data Protection Act provides legal grounds for processing special category data (medical information) for legal advice and legal proceedings.

The medical information you, or your medical practitioner, or GP provided will be used, where necessary, for assessing your capacity to work and or for a claims assessment. We will verify that your GP has completed their section on the form if your plan value is over a certain amount.

We may also share your information with our Chief Medical Officer, if we need further help to check whether you meet HM Revenue & Custom’s rules around accessing your pension early.

Necessary for an insurance product

The 2018 Data Protection Act also provides legal grounds for processing your special category data (medical information) in connection with an insurance or occupational pension.

Necessary for legitimate interests

We also use your information when we have a “legitimate interest” and that interest isn’t outweighed by your privacy rights. Each activity is assessed, and your rights and freedoms are taken into account to ensure that we’re not being i

Necessary for legitimate interests

We also use your personal data when we have a “legitimate interest” and that interest isn’t outweighed by your privacy rights. Each activity is assessed, and your rights and freedoms are considered to ensure that we’re not being intrusive or doing anything beyond your reasonable expectation. We’ll assess the information we need, so we only use the minimum.

If you want further information about processing under legitimate interests, you can contact us using the details below.

You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason, we may still continue to use your personal data.

We use legitimate interests for the following:

Use of your personal data

Legitimate interest(s)

Our products are developed with a particular set of customer needs in mind. In order to make sure your policy is still suitable for you and is working as we intended, we combine your information with other customers’ to analyse and segment it. For example, we may look at a segment of the plans that don’t have an adviser or employer attached to see if we need to offer different services to these customers.

We also combine your information with other customers’ to assess how much money we need to have available at any time.

To assess and develop our products, systems, prices, business and brand

We need to be able to identify groups of customers who will want new products or services that we are considering developing.

We need to develop those products and services, and make sure our product charges are fair.

We need to make sure we are treating you fairly and check your product is suitable for you.

We need to make sure that we are looking after your money and that we have enough money to pay our customers when the time comes.

We collect and provide service information on your policy.

We financially assess the performance of our business, we conduct risk management exercises and we carry out long-term statistical modelling.

We manage our network and information security (for example, developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions.)

We also use CCTV at our premises.

We share your personal data with Royal London Group and our service providers.

To manage our business:

To improve our service quality and for training purposes.

To help us understand our risks, provide management information and help us to manage our business.

To ensure that our systems are always secure and that your data is always protected.

To prevent and detect fraud, dishonesty and other crimes (for example, to prevent someone trying to steal your identity).

To protect our staff and visitors for health and safety reasons and security purposes.

For internal administrative, audit, statistical, or research purposes. Where possible, we will make your data anonymous. Your data will only be transmitted within the Group and to our service providers when appropriate safeguards, including contractual provisions, are in place.

We may conduct research before we launch new products or before we make changes or improvements to existing products to make sure it’s the right thing to do. We might also conduct research to ask customers what they think of Royal London, our product and services.

To research our customers’ opinions and new ways to meet our customers’ needs

We need to make sure our products are suitable for the intended audience and to identify gaps in the market.

We need to see how many categories of customers we have and to tailor our products and services accordingly.

We need to make sure our communications use the right language and that our products are being sold to the correct audience.

We need to make sure our research is efficient and connects with the right types of people, so we can be confident of any decisions we make based on the results.

Where we don’t have your contact details, we may obtain your telephone number from data brokers (e.g. Experian) to contact you for a research project. However, we always take steps to check that you have not objected to such contact, e.g. by checking the Telephone Preference Service (TPS).

We’ll send marketing to you as a member of Royal London, which includes updates from our business and helpful information about things that may affect your finances.

We don’t currently market other products to you. However, we’re looking to start communicating with you more frequently about your policy and also finances generally, with tailored communications that are more relevant to you. Where these communications are marketing and so optional, we’ll make it clear you can opt out.

We won’t do this if you have told us not to.

Marketing

We need to ensure our communications are in line with Royal London’s values

We also need to grow and sustain our business, develop our brand and effectively communicate with our policyholders.

8. Overseas Transfers

We sometimes use third parties located in other countries to provide support services. As a result, your personal data may be processed in countries outside the European Economic Area (EEA).

These services will be carried out by experienced and reputable organisations on terms which safeguard the security of your personal data and comply with the European data protection requirements. Some countries have been assessed by the European Commission (EC) as being ‘adequate’, which means their legal system offers a level of protection for personal data which is equal to the EC’s protection. Where the country hasn’t been assessed as adequate, we use ‘standard contractual clauses’ within the legal agreement to safeguard the processing of your personal data.

The European Commission and Information Commissioner`s Office have recognised ‘standard contractual clauses’ as offering adequate safeguards to protect your rights. We’ll use these clauses, where required, to ensure your personal data is adequately protected to the same standard prescribed by the GDPR. The European Commission approved standard contractual clauses are available here.

We use ‘standard contractual clauses’ in the provision of the following services to Royal London:

IT support and technology development with operations based in India.
Reassurance services with our global reassurance partners who have operations based in the United States and Bermuda.
Services with other providers/suppliers, research partners and administrators who have operations based in India and the United States.

We always ensure your personal data is provided with adequate protection and all transfers of personal data outside the EEA are done lawfully.

9. Security

We have put in place security measures designed to prevent your personal data and special categories of personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We use Transport Layer Security (TLS) to encrypt and protect email traffic. We also use the Clearswift Managed Email Security Service to protect our outgoing email traffic. However, if your email service doesn’t support TLS or if you do not wish to use our Clearswift Managed Email Security Service, we may not be able to communicate with you by email, and any emails we do send or receive will not be protected by encryption, and could be intercepted. We may also change our Email Security Service provider at any time without notice and without changing the provision in this notice.

Once we receive your information, we use strict procedures and security features to protect it from unauthorised access.

In the event of a potential data security breach, we will notify you and the Information Commissioner’s Office if we are legally required to do so, or there is a risk to your rights and freedoms as a result of the breach.

10. How long do we keep personal information for?

We will retain your personal data for as long as it is considered necessary for the purpose for which it was collected, and to comply with our legal and regulatory requirements. This will involve retaining your personal data for a reasonable period of time after your policy or your relationship with us has ended.

In the absence of specific legal, regulatory, contractual requirements or technical reasons, your personal data is kept for 7 years after our relationship with you has ended.

There are a few exceptions to this rule:

We are running a programme as part of our need to treat our customers fairly. Until this finishes, we’ll be keeping your personal data beyond seven years.
The Financial Conduct Authority requires us to keep some pension transfer information indefinitely.
Where there is a dispute

11. Do we make solely automated decisions about you or profile you?

Automated Decisions

Automated decisions are where a computer makes a decision about you without a person being involved. We also profile our customers, which means we make assumptions about you to help us treat you fairly.

Crime Prevention

We will undertake checks for the prevention and detection of crime as we are required by law to do so. These checks use solely automated means to make decisions about you. This may result in declining the services you requested and stopping services currently provided to you. Please see section 12 “What are my rights?” for further information.

Vulnerability

The Financial Conduct Authority defines a vulnerable consumer as someone who, due to their personal circumstances, is especially likely to experience disadvantage. It’s been identified that a lot of people will be vulnerable at some point in their life, so we need to make sure we can identify who these customers are and support them.

We’ve created our own method, using socio-economic data from Experian and additional research with consumers, to help us assess levels of vulnerability within the UK population. We then use this information to help identify how many of our customers are likely to be more vulnerable, and ensure our products are designed with this in mind. For example, we may provide additional information on our statements where we suspect our customers might be less financially capable or less engaged in financial matters.

In the future, we’d like to keep a note of the category you fall into, against your records, so we can tailor our communications to suit you. Before we do this, we’ll assess if this is fair.

Socio-economic profiling

We may analyse your personal data to create a profile so that we can contact you with information relevant to you. When building a profile, we use Experian software to provide us with insight into our customers. The software uses a variety of publicly available and market research sources to divide the population into a series of categories. The categories are a way of grouping people who are likely to have similar social, demographic (i.e. age, location) and financial circumstances. The results are assessed and combined so we get a picture of our customers as a whole, and tailor the products and services we provide. Please see section 12 “What are my rights?” for further information.

Again, in the future we’d like to keep a note of the category you fall into, against your records, so we can tailor our communications to suit you. Before we do this, we’ll assess if this is fair.

12. What are my rights?

Your rights are outlined below. The easiest way to exercise any of your rights would be to contact our Data Protection Officer at the contact details provided. We will provide a response within one month, if not sooner. There is normally no charge for exercising any of your rights. We may ask you for proof of identity when you request to exercise some of these rights to ensure we are dealing with the correct individual.

Access to your personal data
You have the right to find out what personal data we hold about you, in many circumstances. Please see section 15 below for our contact details.

Correcting or adding to your personal data
If any of your details are incorrect, inaccurate or incomplete, you can ask us to correct them or to add information.

Withdrawing your consent

If you have provided consent for us to use your personal data, you have the right to withdraw it at any time. If you withdraw consent, then we are not allowed to use your personal data going forward. However, it would not invalidate processing that was carried out before you withdrew consent.

Withdrawal of consent may impact the product and services we can provide to you or the ability to administer your policy or process your claim. In this event, we will let you know what the impact would be.

Transferring your personal data to another organisation (Data portability)

In some circumstances, you can ask us to send an electronic copy of the personal data you have provided to us, either to you or to another organisation.

Objecting to the use of your personal data for legitimate interests

You also have the right to object to any processing done under legitimate interests. We will re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason, we may still continue to use your personal data if that interest is not deemed to be outweighed by your privacy rights. However, we will inform you of that decision and reasoning for continuation of processing.

Objecting to direct marketing

You have a specific right to object to our use of your personal data for direct marketing purposes, which we will always act upon.

Objecting to automated decision making

You have a right to object if we have made an automated decision, including profiling, which has legal and significant effect against you. You may also have the right to challenge the decision and ask for a human review. These rights do not apply if we are authorised by the law to make such decisions and appropriate safeguards are in place to protect your rights.

Restricting the use of your personal data

If you are uncertain about the accuracy or our use of your personal data, you can ask us to stop using your personal data until your query is resolved. We will let you know the outcome before we take any further action in relation to this personal data.

Right to Erasure

You can ask us to delete your personal data in some circumstances, such as if your policy has ended and we need to keep it for legal or regulatory reasons. If we are using consent to process your personal data and you withdraw it, you can ask us to erase it.

13. Right to complain to the supervisory authority

If you are dissatisfied with how we are using your personal data, you have the right to complain to the Information Commissioner. We would encourage you to contact us first so we can deal with your concerns.

The Information Commissioner`s office can be contacted by

Visiting their website www.ico.org.uk
Phone on 0303 123 1113
Write to Information Commissioner`s Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14. Changes to our Privacy Notice

Making sure that we keep you up to date with privacy information is a continuous responsibility and we keep this notice under review. We will update our notice as changes are required.

If we need to use your personal data for a new purpose which we haven’t previously told you about, we will contact you to explain the new use of your personal data. We will set out why we are using it and our legal reasons.

This privacy notice was last updated on the 9th October 2020.

15. Contact us

If you have any questions or comments regarding this privacy notice, or if you are unhappy about the way Royal London uses your personal data, please contact us using the details below.

Post: Data Protection Officer, Royal London, Royal London House, Alderley Park, Congleton Road, Nether Alderley, Macclesfield, SK10 4EL.

Email: GDPR@Royallondon.com

Life Insurance

Illness and Income Protection

Insurance customers

Insurance guides

Our pensions & investments

Pension customers

Retirement planning

Pension guides

Using your pension

Insurance in retirement

Retirement guides

Money guides

Planning ahead

Life events

Product guides

Help and support

Manage your products

Other useful information

Our Purpose

How we are run

Our performance

Media