Intermediary protection privacy notice

1. Who we are

When we say ‘we’ or ‘us’ in this notice we’re referring to Royal London Mutual Insurance Society Limited, a company registered in England and Wales (registration number: 99064). This includes plans originally taken out with Bright Grey and those plans that are still branded as Scottish Provident.

2. What kinds of personal information can we hold about you?

We may collect and process the following:

Information about you – for example name, age, gender, date of birth, and nationality. We need this information to help us identify you, but also to allow us to contact you at the right time - such as when you’re approaching the end of your plan term.
Government identifiers – for example identification document (driving license, passport) information.
Contact information – for example email, address, postcode and phone number.
Online information – for example cookies and IP address (your computer’s internet address), if you use our websites.
Financial information – for example salary and bank account details for any payments you make to us or we make to you.
Audio or video recordings – for example voice recording when you contact us, complete a survey at the end of a call to our Customer Services Team or CCTV footage if you visit our offices. Calls may be recorded for training and monitoring purposes to help us continually improve our customer service and also to protect you and your information.
Contractual Information – for example details about your products and benefits.
Socio-demographic information – for example your education and where you sit within the UK’s social and income groups.
Family & beneficiaries information – for example marital status, next of kin or nominated beneficiaries.
Underwriting information – for example your job, interests, travel, health and family history. For larger cases we may need additional financial information. We use this information to decide if, and on what terms, we can offer you insurance cover.

When we collect your information, we’ll let you know if any of it's optional. If it is, we’ll explain why it would be useful to us, and you can decide whether it’s something you’re happy for us to have.

3. How do we use your personal information?

We use the information we obtain directly from you or your adviser for a number of reasons:

Setting up and administering your plan.
Completing any requests or claims you make.
Verifying your identity and preventing fraud.
Researching our customers’ opinions and exploring new ways to meet their needs.
Assessing and developing our products, systems, prices and brand.
Fulfilling any legal or regulatory obligations.
Sending you marketing information.
Monitoring the use of our websites.

4. Where do we get your information from?

Most of the information we receive comes directly from you or your financial adviser. We may also get personal information about you from other sources:

Tracing companies - if we lose touch with you, we may source information such as contact details so we can get in touch and remind you about your product.
Medical professionals – for example, if we need information for underwriting purposes or to support an ill health claim.
Data brokers (e.g. Experian)
- if we need contact information (email and phone numbers) to carry out customer research, promote brand awareness or remind you about the benefits of your plan; or
- to help put our customers into groups for product development and assessment purposes.
Credit reference agencies - so we can check your identity.
'Third party’ cookies - to collect information on how visitors use our website. Our cookie policy can give you more information.
Comparison services/portals - if your adviser used a comparison service or portal to obtain multiple quotes at once, the portal provider may share your underwriting information with us.
Companies House or other companies who provide access to financial accounts - if we need to verify information on your finances, we may obtain copies of reports and accounts from Companies House or similar companies.

5. What are our legal grounds for using your personal information?

Data Protection gives organisations a number of different conditions to allow us to process your information lawfully.

We'll only use your personal information when one of these conditions has been meet. Below you can see how we use our information and the legal grounds for processing this.

How we use your information	Legal grounds
Buying in information We may obtain your email address from data brokers if, for example we’d like to use it for a research project. We’ll always take steps to check the data broker has obtained your consent to the sharing of your information. Cookies On our website we use ‘third party’ cookies that collect information about how visitors use our website. Please see our cookie policy for further information.	Consent Your personal information may be processed when we receive your consent The consent you provide must be freely given, informed, specific, unambiguous and be given with a positive affirmative action. Your consent can be withdrawn at any time.
Setting up and administering your plan This covers: Processing your application. Managing any changes of personal details for example a change of address or name. Responding to queries or complaints. Keeping you updated about your plan, such as sending you reminders about your product benefits and features such as our Helping Hand service, an independent nurse advisory service. Completing any requests or claims you make This includes: Changing your cover. Changing the terms of your plan and who is covered. Processing a claim in the unfortunate event of your ill health. If we lose touch We may source information such as contact details so we can get in contact and tell you about your product.	Necessary for the performance of a contract The personal information you provide or that of a joint party to the contract may be processed when it's necessary in order to enter into or perform a contract. For example, where we process your information to assess your application or to provide your plan.
Keeping you safe from theft and identity fraud To protect our customers we may have to verify your identity or the identity of certain individuals connected to a policy. We do this electronically to make things easier for you. If you'd prefer us not to do this electronically please call us on 0345 6094 500 so we can talk you through what you need to send us. We sometimes need copies of your identification documents, or identification numbers. For example a passport or driving licence number, if we need to do extra checks. This is to make sure we meet our obligations with anti-money laundering or other laws. Fulfilling any legal or regulatory obligations These will vary according to the nature of your product you have taken out. For example we’ll need to let you know when the government changes the rate of Income Premium Tax as required by the Financial Conduct Authority.	Necessary for compliance with a legal obligation Your personal information may be processed where Royal London has a legal obligation to. For example where we share information with our regulators or the courts.
We may disclose your information to the police or other authorities if we have serious concerns about your wellbeing.	Necessary to protect vital interests This will usually only apply in "life‑or-death" scenarios.
Our Helping Hand service gives you and your immediate family (partner and children) access to a dedicated nurse provided by RedArc, an independent personal nurse advisory service. Using the service doesn’t cost you anything and your calls won’t be discussed with Royal London. Customers tell us that talking to a nurse is really valuable, so we’ll share your contact details and the reason for your claim with RedArc, who’ll arrange for a nurse with the most appropriate skills to call you within 48 hours. If you'd prefer not to use this service that's fine - you can opt out using the claim form. Helping Hand is a package of support services, provided by third parties that aren't regulated by the Financial Conduct Authority. These services aren't part of our terms and conditions, so can be amended or withdrawn at any time.	Necessary for the provision of healthcare
We’ll obtain information about you from medical professionals if it’s needed for underwriting your plan or for claims assessment, and where you’ve provided your permission under the Access to Medical Reports Act. We’ll also obtain information from a medical professional in the event of a death claim. We’ll share your information with our reassurers if we need another opinion on our underwriting, so we can offer terms for specialist cases that are more complex or for large sums assured. We’ll use your underwriting responses and claims information to analyse how we can redesign products or make our underwriting process easier, with better outcomes for potential customers and plan holders. We’ll also use your underwriting and claims information for wider pricing analysis.	Necessary for an insurance product The UK laws that will bring the GDPR into effect give legal grounds for processing your medical information in connection with an insurance product.
Necessary for Legitimate Interests We also use your information when we have a “legitimate interest” and that interest isn’t outweighed by your privacy rights. Each activity is assessed and your rights and freedoms are taken into account to make sure that we’re not being intrusive or doing anything beyond your reasonable expectation. We’ll assess the information we need, so we only use the minimum. If you want further information about processing under legitimate interests you can contact us using the details below. You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason we may still continue to use your information. We use legitimate interests for the following:
How we use your information	Legitimate interest(s)
Assessing and developing our products, systems, prices and brand Our products are developed with a particular set of customer needs in mind. In order to make sure your plan is still suitable for you and is working as we intended, we combine your information with other customers’ to analyse and segment it. We also combine your information with other customers’ to assess how much money we need to have available at any time.	We need to be able to identify groups of customers who might be interested in any new products or services we’re considering. We need to develop those products and services, and make sure our product charges are fair. We need to make sure we’re treating you fairly and check your plan remains suitable for you. We need to make sure we’re looking after your money.
Researching our customers’ opinions and new ways to meet our customers’ needs We may conduct research before we launch new products or before we make changes or improvements to existing products to make sure it’s the right thing to do. We might also conduct research to ask customers what they think of Royal London, our products and services. Where we don’t have your contact details, we may obtain your telephone number from data brokers (for example Experian) to contact you for a research project. However we always take steps to check you haven’t objected to such contact, for example by checking the Telephone Preference Service (TSP).	We need to make sure our products are suitable for the intended audience and to identify gaps in the market. We need to see how many categories of customers we have and to tailor our products and services accordingly. We need to make sure our communications are easy to understand and that our products are being sold to the correct audience. We need to make sure our research is efficient and connects with the right types of people, so we can be confident of any decisions we make based on the results.
Marketing We don’t currently market other products to you. We’re looking to start communicating with you more frequently about your plan and also finances generally. Where these communications are marketing and so optional, we’ll make it clear you can opt out.	We need to ensure our communications are in line with Royal London’s values as a member-owned organisation. We also need to grow and sustain our business and develop our brand.
Monitoring the use of our websites On our websites we use a variety of technologies that collect information about how visitors use our website.	We need to make sure that our websites are secure and work well.

How we use your information

Legal grounds

Buying in information

We may obtain your email address from data brokers if, for example we’d like to use it for a research project. We’ll always take steps to check the data broker has obtained your consent to the sharing of your information.

Cookies

On our website we use ‘third party’ cookies that collect information about how visitors use our website. Please see our cookie policy for further information.

Consent

Your personal information may be processed when we receive your consent

The consent you provide must be freely given, informed, specific, unambiguous and be given with a positive affirmative action.

Your consent can be withdrawn at any time.

Setting up and administering your plan

This covers:

Processing your application.
Managing any changes of personal details for example a change of address or name.
Responding to queries or complaints.
Keeping you updated about your plan, such as sending you reminders about your product benefits and features such as our Helping Hand service, an independent nurse advisory service.

Completing any requests or claims you make

This includes:

Changing your cover.
Changing the terms of your plan and who is covered.
Processing a claim in the unfortunate event of your ill health.

If we lose touch

We may source information such as contact details so we can get in contact and tell you about your product.

Necessary for the performance of a contract

The personal information you provide or that of a joint party to the contract may be processed when it's necessary in order to enter into or perform a contract. For example, where we process your information to assess your application or to provide your plan.

Keeping you safe from theft and identity fraud

To protect our customers we may have to verify your identity or the identity of certain individuals connected to a policy. We do this electronically to make things easier for you. If you'd prefer us not to do this electronically please call us on 0345 6094 500 so we can talk you through what you need to send us.

We sometimes need copies of your identification documents, or identification numbers. For example a passport or driving licence number, if we need to do extra checks. This is to make sure we meet our obligations with anti-money laundering or other laws.

Fulfilling any legal or regulatory obligations

These will vary according to the nature of your product you have taken out. For example we’ll need to let you know when the government changes the rate of Income Premium Tax as required by the Financial Conduct Authority.

Necessary for compliance with a legal obligation

Your personal information may be processed where Royal London has a legal obligation to. For example where we share information with our regulators or the courts.

We may disclose your information to the police or other authorities if we have serious concerns about your wellbeing.

Necessary to protect vital interests
This will usually only apply in "life‑or-death" scenarios.

Our Helping Hand service gives you and your immediate family (partner and children) access to a dedicated nurse provided by RedArc, an independent personal nurse advisory service. Using the service doesn’t cost you anything and your calls won’t be discussed with Royal London.

Customers tell us that talking to a nurse is really valuable, so we’ll share your contact details and the reason for your claim with RedArc, who’ll arrange for a nurse with the most appropriate skills to call you within 48 hours. If you'd prefer not to use this service that's fine - you can opt out using the claim form.

Helping Hand is a package of support services, provided by third parties that aren't regulated by the Financial Conduct Authority. These services aren't part of our terms and conditions, so can be amended or withdrawn at any time.

Necessary for the provision of healthcare

We’ll obtain information about you from medical professionals if it’s needed for underwriting your plan or for claims assessment, and where you’ve provided your permission under the Access to Medical Reports Act. We’ll also obtain information from a medical professional in the event of a death claim.

We’ll share your information with our reassurers if we need another opinion on our underwriting, so we can offer terms for specialist cases that are more complex or for large sums assured.

We’ll use your underwriting responses and claims information to analyse how we can redesign products or make our underwriting process easier, with better outcomes for potential customers and plan holders. We’ll also use your underwriting and claims information for wider pricing analysis.

Necessary for an insurance product

The UK laws that will bring the GDPR into effect give legal grounds for processing your medical information in connection with an insurance product.

Necessary for Legitimate Interests

We also use your information when we have a “legitimate interest” and that interest isn’t outweighed by your privacy rights. Each activity is assessed and your rights and freedoms are taken into account to make sure that we’re not being intrusive or doing anything beyond your reasonable expectation. We’ll assess the information we need, so we only use the minimum.

If you want further information about processing under legitimate interests you can contact us using the details below.

You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason we may still continue to use your information.

We use legitimate interests for the following:

How we use your information

Legitimate interest(s)

Assessing and developing our products, systems, prices and brand

Our products are developed with a particular set of customer needs in mind. In order to make sure your plan is still suitable for you and is working as we intended, we combine your information with other customers’ to analyse and segment it.

We also combine your information with other customers’ to assess how much money we need to have available at any time.

We need to be able to identify groups of customers who might be interested in any new products or services we’re considering.

We need to develop those products and services, and make sure our product charges are fair.

We need to make sure we’re treating you fairly and check your plan remains suitable for you.

We need to make sure we’re looking after your money.

Researching our customers’ opinions and new ways to meet our customers’ needs

We may conduct research before we launch new products or before we make changes or improvements to existing products to make sure it’s the right thing to do. We might also conduct research to ask customers what they think of Royal London, our products and services.

Where we don’t have your contact details, we may obtain your telephone number from data brokers (for example Experian) to contact you for a research project. However we always take steps to check you haven’t objected to such contact, for example by checking the Telephone Preference Service (TSP).

We need to make sure our products are suitable for the intended audience and to identify gaps in the market.

We need to see how many categories of customers we have and to tailor our products and services accordingly.

We need to make sure our communications are easy to understand and that our products are being sold to the correct audience.

We need to make sure our research is efficient and connects with the right types of people, so we can be confident of any decisions we make based on the results.

Marketing

We don’t currently market other products to you. We’re looking to start communicating with you more frequently about your plan and also finances generally. Where these communications are marketing and so optional, we’ll make it clear you can opt out.

We need to ensure our communications are in line with Royal London’s values as a member-owned organisation.

We also need to grow and sustain our business and develop our brand.

Monitoring the use of our websites

On our websites we use a variety of technologies that collect information about how visitors use our website.

We need to make sure that our websites are secure and work well.

As you’d expect, our employees will access your records in order to use your information for the reasons mentioned above. However, only those employees who need access to particular information are given it. For example, our customer service staff need access to your plan details to support you when you get in contact, and our research team will need access to a subset of your information to perform their analysis. We regularly check who has access to our systems.

We may also share your personal information with these categories of third parties:

Your financial adviser, who you may have authorised to:
- make changes for you
- obtain copies of documentation to look after your products.

If you've appointed an adviser they'll receive reports on your plan status and the commission they earn based on this. This information helps your adviser provide advice and services to you.

RedArc, an independent personal nurse advisory service.
Our service providers and agents, for example mailing houses for printing, offsite storage companies, confidential waste disposal and IT companies who support our technology.
Reassurers - as it’s quite complicated for us to explain which reinsurer is tied to which plan, contact us for details of your current reassurer. See below for further information on reassurers.
Other professional advisers: auditors; medical agencies and legal advisers.
ID authentication and fraud prevention agencies. To protect our customers we may have to verify your identity or the identity of certain individuals connected to a policy*.
HM Revenue & Customs, regulators such as the Financial Conduct Authority and other authorities like the Information Commissioner’s Office;
Trustees - if your plan is held in trust we'll need to share limited information with the trustee(s).
UK Financial Services Compensation Scheme.
Other insurance providers.
Market research agencies.
Data Brokers, for example Experian.
Direct debit (DD) scheme - if you use DDs.
Companies you ask us to share your information with.
We may share your information with advertising partners (e.g. Facebook) to help us identify and market to new customers. We will always consider your rights and freedoms before we do this and assess the balance between our interests and yours.

* We verify identity electronically to make things easier for you. If you'd prefer us not to do this electronically please call us on 0345 609 4500 so we can talk you through what you need to send us.

Reassurers

We may need to share your personal information, including policy, claims, medical, and suspected fraud and other financial crime information, with our reassurers. Reassurers provide insurance policies to providers such as us, so we can get cover for some of our risk.

We may share your information with them if your application meets certain criteria, such as a high sum assured or if you have a specific medical condition. We also let them know if you make a claim, as we then re-claim some of this from them.

They’ll use your information to decide whether to provide reinsurance cover to us, assess and deal with claims and to meet legal requirements. They’ll keep your information for as long as needed for these purposes, and may need to disclose it to other companies within their group, their agents, third party service providers, law enforcement and regulatory bodies.

Let us know if you want further details of the reassurers specific to your plan by using the details in the Contact Us section.

7. Overseas Transfers

We sometimes use third parties located in other countries to provide support services. As a result, your personal information may be processed in countries outside the European Economic Area (EEA).

These services will be carried out by experienced and reputable organisations on terms which safeguard the security of your information and comply with the European data protection requirements. Some countries have been assessed by the EU as being ‘adequate’, which means their legal system offers a level of protection for personal information which is equal to the EU’s protection. Where the country hasn’t been assessed as adequate, the method we have chosen is standard contractual clauses.

The European Commission has recognised ‘standard contractual clauses’ as offering adequate safeguards to protect your rights and we’ll use these where required ensuring adequate protection for your information. The European Commission approved standard contractual clauses are available here.

We use standard contractual clauses for the below activities, to help us provide:

IT support and technology development with operations based in India.
Global reassurance partners with operations based in the United States.
Other service providers, research partners and administrators with operations based in India and the United States.

We always ensure all personal information is provided with adequate protection and all transfers of personal information outside the EEA are done lawfully.

8. Security

We use Transport Layer Security (TLS) to encrypt and protect email traffic. However if your email service doesn’t support TLS, any emails you send won’t be protected. We recommend you don’t send anything confidential to us by email.

Once we receive your information, we use strict procedures and security features to protect your information from unauthorised access.

9. How long do we keep personal information for?

We’ll keep your personal information for as long as it’s considered necessary, for the purpose for which it was collected, and to comply with our legal and regulatory requirements. This will involve keeping your information for a reasonable period of time after your plan or your relationship with us has ended.

In the absence of specific legal, regulatory or contractual requirements, any other personal information is kept for our baseline retention period - this is seven years after your plan has exited.

However, there are a few exceptions to this rule. We keep underwriting and quote information for ten years, to allow us to assess whether our plan cover is appropriate. We need information for the longer period, to make sure we can evaluate a large enough number of cases and make informed decisions.

We’re also running a programme as part of our need to treat our customers fairly. Until this finishes, we’ll be keeping your information beyond seven years.

10. Do we make solely automated decisions about you or profile you?

Automated decisions are where a computer makes a decision about you without a person being involved. We also profile our customers, which means we make assumptions about you to help us treat you fairly.

Underwriting

We make automated decisions about you as part of the underwriting journey. Our usual process is for us to ask relevant information about your job, interests, travel, health and family history – for example we need to know if one of your interests is skydiving, as this could increase your risk and potentially your premium.
The online system makes a decision based on rules that have been created by specialist rule developers. These rules are based on the internal underwriting guidance.

For life and critical illness cover, if you were unlikely to get an automatic accept or not accept decision, we use ‘machine learning’ to predict the decision that would have been made if you followed the full underwriting process. The machine learns from our own database of existing quote, application and claims information as well as socio-economic data based on your postcode that we obtain from Experian. It decides whether your application would be likely to be accepted or not accepted.

We’ll then indicate whether we can offer our standard premium, an increased premium or exclusions to your cover.

There are some cases where we won’t be able to offer a decision online and need your application to be reviewed by our underwriting team. They may request further information from you or, with your permission, from your doctor before we’ll be able to confirm whether we can offer you cover, and on what basis. There will be a small proportion of cases where we aren’t able to offer cover online and we’ll flag this indicative decision during the online journey. As this is an indicative decision, it means that you don’t have to disclose this, if asked, on other insurance applications. However, you have the right to ask for someone to review the automated decision, so you can also ask for the decision to be made via our manual underwriting process. Note that if the decision is still that we are unable to offer you cover, this would need to be disclosed if you applied for insurance elsewhere.

Profiling

Socio-economic

We use Experian software, to provide us with insight into our customers. The software uses a variety of publicly available and market research sources to divide the UK population into a series of categories. The categories are a way of grouping people who are likely to have similar social, demographic (i.e. age, location) and financial circumstances. The results are assessed and combined so we get a picture of our customers as a whole.

In the future we’d like to keep a note of the category you fall into, against your records, so we can tailor our communications to suit you. Before we do this we’ll assess if this is fair.

Vulnerability

The Financial Conduct Authority defines a vulnerable consumer as someone who, due to their personal circumstances, is especially likely to experience disadvantage. It’s been identified that a lot of people will be vulnerable at some point in their life, so we need to make sure we can identify who these customers are and support them.

We’ve created our own method, using socio-economic data from Experian and additional research with consumers, to help us assess levels of vulnerability within the UK population. We then use this information to help identify how many of our customers are likely to be more vulnerable, and ensure our products are designed with this in mind. For example, we may provide additional information on our statements where we suspect our customers might be less financially capable or less engaged in financial matters.

In the future we’d like to keep a note of the category you fall into, against your records, so we can tailor our communications to suit you. Before we do this we’ll assess if this is fair.

11. What are my rights?

Your rights are outlined below. The easiest way to exercise any of your rights would be to contact our Data Protection Officer at using the contact details provided below in section 15 - Contact us.

Accessing your personal information

You have the right to find out what personal information we hold about you, in many circumstances.

Correcting or adding to your personal information

If any of your details are incorrect, inaccurate or incomplete you can ask us to correct them or to add information.

Data portability

In some circumstances you can ask us to send an electronic copy of the personal information you have provided to us, either to you or to another organisation.

Objecting to the use of your personal information for legitimate interests

You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason we may still continue to use your information.

Objecting to direct marketing

You have a specific right to object to our use of your information for direct marketing purposes, which we'll always act upon.

Restricting the use of your personal information

If you're uncertain about the accuracy or our use of your information, you can ask us to stop using your information until your query is resolved. We'll let you know the outcome before we take any further action in relation to this information.

Right to Erasure

In some circumstances you can ask us to delete your personal information, such as if your plan has ended and we don't need to keep your information for legal or regulatory reasons. If we're using consent to process your information and you withdraw it, you can ask us to erase your information.

12. Right to complain to the supervisory authority

If you’re unhappy with how we’re using your information, you have the right to complain to the Information Commissioner’s Office. We’d encourage you to contact us first, so we can help with your concerns.

The Information Commissioner’s Office can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Changes to the way we use your information

If we want to use your personal information for a new purpose which we haven’t previously told you about, we’ll contact you to explain the new use of your information. We’ll set out why we’re using it and our legal reasons.

14. Changes to our Privacy Notice

Making sure that we keep you up to date with privacy information is a continuous responsibility and we keep this notice under review. We’ll update our notice as changes are required.

This privacy notice was last updated on the 1 April 2021 and is version 1.5.

15. Contact us

If you have any questions or comments regarding this privacy notice, or if you’re not happy with the way Royal London uses your information, please contact us using the details below. You can also call for a recorded version or if you want this in another format.

Post: Data Protection Officer
Royal London
Royal London House
Alderley Park
Congleton Road
Nether Alderley
Macclesfield
SK10 4EL

Email: GDPR@royallondon.com

Phone: 0800 085 8352

Life Insurance

Illness and Income Protection

Insurance customers

Insurance guides

Our pensions & investments

Pension customers

Retirement planning

Pension guides

Using your pension

Insurance in retirement

Retirement guides

Money guides

Planning ahead

Life events

Product guides

Help and support

Manage your products

Other useful information

Our Purpose

How we are run

Our performance

Media