Privacy notice
This privacy notice describes how Utmost Life and Pensions Limited ('we', 'us') collects and processes personal information about you, how we use and protect this information, and your rights in relation to this information.
This privacy notice applies to all personal information we collect or process about you in relation to you as a policyholder or potential policyholder, or your role when acting on behalf of a policyholder or potential policyholder. This would also apply when using our website and any online facility we offer. Personal information is information, or a combination of pieces of information, that could identify you.
PERSONAL INFORMATION WE USE
This privacy notice applies to all personal information we collect or process about you. We collect personal information from you directly and also from other sources as explained in this notice.
We may be required as a consequence of our relationship with you, or by the potential provision of services to you, or by law, to collect certain personal information about you. Failure to provide this information may prevent or delay the fulfilment of these obligations.
We will inform you at the time your information is collected whether certain information is compulsory and the consequences of the failure to provide such information.
The categories of information that we may collect directly from you, or from a third party, such as authorised representatives or trustees:
(a) Individual details - your name, address, telephone number, date of birth, gender, marital status, nationality, occupation
(b) Family details- spouse, partner, next of kin, dependants, trustees and beneficiaries (including their relationship with you)
(c) Identification details – national insurance number, passport number, utility bill, birth certificate, marriage certificate, taxpayer identification number
(d) Financial information – bank details, income, expenditure
(e) Special categories of data (where relevant), including health information
(f) Transactional information (e.g. information relating to any of your requests, queries or complaints)
The categories of information that we may collect from other sources are:
(a) Credit and anti-fraud data – credit history, sanctions and criminal offences, and information received from various anti-fraud organisations or databases relating to you.
(b) Electoral Register, credit reference or similar agencies’ data to confirm your identity. Any such agency may record details of any search.
(c) Health information obtained from your doctor or other medical practitioner or (where relevant) other insurers providing similar insurance to you.
The categories of information that we may collect from you by use of our website and MyUtmost are:
(a) Data collected using cookies. Further information about our use of Cookies can be found at www.utmost.co.uk/cookie-policy.
HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT
We use your personal information:
(a) to perform our obligations under our contract with you;
(b) to correspond with you regarding your policy and to deal with your enquiries and requests;
(c) for the purposes of security and risk management and prevention of crime, fraud and money laundering;
(d) for the purposes of identity verification
(e) to provide access to MyUtmost;
(f) to better understand your needs and provide you with improved services; and
(g) to facilitate our internal business operations including to fulfil our legal and regulatory requirements, and to manage and defend legal claims
(h) pseudonymised data is used for actuarial and business analysis, which helps us develop our products and services.
We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
(a) Performance of a contract – We may need to collect and use your personal information to enter into a contract with you or to perform a contract that you have with us.
(b) Legal obligation – We may retain or provide to third parties your personal information where we are required to so by law or regulation, including where we are authorised by local law to process your special category data (for example, health data).
(c) Legitimate interests – We may use your personal information for our legitimate interests to provide, continue to provide and/or improve pensions and life cover we do or may maintain for you. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
(d) Consent – We may use your personal information, including sensitive information such as health, gender and biometrics, with your consent. You may withdraw your consent to our processing of your personal information. Please Contact Us to discuss any impact on your policy.
YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
You have certain rights regarding your personal information, subject to local law. These include the following rights to:
If you would like further information or would like to exercise your rights, please Contact Us. We will respond to you within one month of receiving your request unless we notify you otherwise. Please address any requests for personal information, questions on this matter or requests to correct any inaccuracies in the information we hold on you to the address set out in the Contact Us section below. We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.
We will contact you if we need additional information from you in order to honour your requests.
AUTOMATED DECISIONS ABOUT YOU
We may process your personal information by automatic means and without human intervention to make decisions that may impact you. This involves using software that is able to evaluate your personal aspects and predict risks or outcomes. We carry out this automatic processing where:
(a) such decisions are necessary for entering into a contract with you. For example, we may decide not to offer our services to you, or we may decide on the types of services that are suitable for you, or how much to charge you for our products based on your credit history and other financial information we have collected about you; or
(b) such decisions are required or authorised by law, for example for fraud prevention purposes. The effect of this processing is that we may not be able to accept claims and we may be subject to regulatory requirements to report any activities that we think may be suspicious.
If you require further information about automated decision-making, you want to object to our use of automated decision-making, or request an automated decision to be reviewed by a human being please contact us on the details below and we will explain to you what your rights are in relation to the processing in question.
INFORMATION SHARING
We may share your personal information with the following third parties:
(a) third party service providers that perform services on our behalf, such as re-insurers, web-hosting companies, information technology providers and credit reference agencies. Details of the third parties we may share your data with can be found on our website https://www.utmost.co.uk/privacy-notice/
(b) law enforcement, other government authorities, or third parties (within or outside the jurisdiction in which you reside) as may be permitted or required by the laws of any jurisdiction that may apply to us (for example, anti-money laundering authorities, the Prudential Regulation Authority and the Financial Conduct Authority)
(c) service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.
The recipients referred to above may be located outside the jurisdiction in which you are located. See the section on "International Data Transfers" below for more information.
INFORMATION SECURITY AND STORAGE
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
We will retain your personal information for a period of time that enables us to:
We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.
INTERNATIONAL DATA TRANSFERS
Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under UK and EU law.
We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
COOKIES
A cookie is a small file containing information which a website places into your Internet browser from where it can be retrieved later. It cannot be read by any website other than that which placed the cookie.
In addition to strictly necessary cookies that enable our website to operate, we use statistical cookies to enable us to utilise a service provided by Google Analytics. These cookies are used to collect information about how visitors use our website or MyUtmost portal. We use the information to compile reports and to help us improve the site. Statistical cookies collect information in an anonymous form and cannot identify you as an individual, but provide information including the number of visitors to the sites, the location from which visitors have come to the sites and the pages they visited. You can choose whether or not to accept the cookies when entering our site or change your settings to disable them.
Our Cookie Policy can be found at www.utmost.co.uk/cookie-policy.
CONTACT US
Utmost Life and Pensions is the controller responsible for the personal information we collect and process about you.
If you have questions or concerns regarding the way in which your personal information has been used, please contact us at Utmost Life and Pensions, Walton Street, Aylesbury, Buckinghamshire HP21 7QW.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to a supervisory authority. The supervisory authority for the UK is the Information Commissioner’s Office who can be contacted via: https://ico.org.uk/.
CHANGES TO THIS NOTICE
You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time.
If we change this privacy notice, we will notify you of the changes. Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).
PRIVACY NOTICE
This privacy notice describes how Equitable Life Assurance Society ('we', 'us') collects and processes personal information about you, how we use and protect this information, and your rights in relation to this information.
This privacy notice applies to all personal information we collect or process about you in relation to you as a policyholder or your role when acting on behalf of a policyholder, and when using our website. Personal information is information, or a combination of pieces of information, that could identify you.
PERSONAL INFORMATION WE USE
This privacy notice applies to all personal information we collect or process about you in relation to your policy or your role when acting on behalf of a policyholder, and when using our website. We collect personal information from you directly and also from other sources as explained in this notice.
We may be required as a consequence of our relationship with you, or by law, to collect certain personal information about you. Failure to provide this information may prevent or delay the fulfilment of these obligations.
We will inform you at the time your information is collected whether certain information is compulsory and the consequences of the failure to provide such information.
The categories of information that we may collect directly from you, or from a third party, such as authorised representatives or trustees:
(a) Individual details - your name, address, telephone number, date of birth, gender, marital status, nationality, occupation
(b) Family details- spouse, partner, next of kin, dependants, trustees and beneficiaries (including their relationship with you)
(c) Identification details – national insurance number, passport number, utility bill, birth certificate, marriage certificate, taxpayer identifiecation number
(d) Financial information – bank details, income, expenditure
(e) Special categories of data (where relevant), including health information
(f) Transactional information (e.g. information relating to any of your requests, queries or complaints)
The categories of information that we may collect from other sources are:
(a) Credit and anti-fraud data – credit history, sanctions and criminal offences, and information received from various anti-fraud organisations or databases relating to you.
(b) Electoral Register, credit reference or similar agencies' data to confirm your identity. Any such agency may record details of any search.
(c) Health information obtained from your doctor or other medical practitioner or (where relevant) other insurers providing similar insurance to you.
The categories of information that we may collect from you when you use our website are:
(a) Data collected using cookies
(b) Further information about our use of Cookies can be found at www.utmost.co.uk/cookie-policy
HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT
We use your personal information:
(a) to perform our obligations under our contract with you;
(b) to correspond with you regarding your policy and to deal with your enquiries and requests;
(c) for the purposes of security and risk management and prevention of crime, fraud and money laundering;
(d) for the purposes of identity verification;
(e) to better understand your needs and provide you with improved services; and
(f) to facilitate our internal business operations including to fulfil our legal and regulatory requirements, and to manage and defend legal claims.
We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
(a) Performance of a contract – We may need to collect and use your personal information to enter into a contract with you or to perform a contract that you have with us.
(b) Legal obligation – We may retain or provide to third parties your personal information where we are required to so by law or regulation, including where we are authorised by local law to process your special category data (for example, health data).
(c) Legitimate interests – We may use your personal information for our legitimate interests to continue to provide and improve pensions and life cover we maintain for you. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
(d) Consent – We may use your personal information, including sensitive information such as health, gender and biometrics, with your consent. You may withdraw your consent to our processing of your personal information. Please contact us to discuss any impact on your policy.
YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
You have certain rights regarding your personal information, subject to local law. These include the following rights to:
If you would like further information or would like to exercise your rights, please contact us.
We will respond to you within one month of receiving your request unless we notify you otherwise. Please address any requests for personal information, questions on this matter or requests to correct any inaccuracies in the information we hold on you to the address set out in the Contact us section below. We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.
We will contact you if we need additional information from you in order to honour your requests.
AUTOMATED DECISIONS ABOUT YOU
We may process your personal information by automatic means and without human intervention to make decisions that may impact you. This involves using software that is able to evaluate your personal aspects and predict risks or outcomes. We carry out this automatic processing where:
(a) such decisions are necessary for entering into a contract with you. For example, we may decide not to offer our services to you, or we may decide on the types of services that are suitable for you, or how much to charge you for our products based on your credit history and other financial information we have collected about you; or
(b) such decisions are required or authorised by law, for example for fraud prevention purposes. The effect of this processing is that we may not be able to accept claims and we may be subject to regulatory requirements to report any activities that we think may be suspicious.
If you require further information about automated decision-making, you want to object to our use of automated decision-making, or request an automated decision to be reviewed by a human being please contact us on the details below and we will explain to you what your rights are in relation to the processing in question.
INFORMATION SHARING
We may share your personal information with the following third parties:
(a) third-party service providers that perform services on our behalf, such as re-insurers, web-hosting companies, information technology providers and credit reference agencies
(b) law enforcement, other government authorities, or third parties (within or outside the jurisdiction in which you reside) as may be permitted or required by the laws of any jurisdiction that may apply to us (for example, anti-money laundering authorities, the Prudential Regulation Authority and the Financial Conduct Authority)
(c) service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.
The recipients referred to above may be located outside the jurisdiction in which you are located). See the section on "International Data Transfers" below for more information.
INFORMATION SECURITY AND STORAGE
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
We will retain your personal information for a period of time that enables us to:
We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.
INTERNATIONAL DATA TRANSFERS
Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under UK and EU law.
We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
COOKIES
A cookie is a small file containing information which a website places into your Internet browser from where it can be retrieved later. It cannot be read by any website other than that which placed the cookie.
In addition to strictly necessary cookies that enable our website to operate, we use statistical cookies to enable us to utilise a service provided by Google Analytics. These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. Statistical cookies collect information in an anonymous form and cannot identify you as an individual, but provide information including the number of visitors to the site, the location from which visitors have come to the site and the pages they visited. You can choose whether or not to accept the cookies when entering our site or change your settings to disable them. Our Cookie Policy can be found at www.equitable.co.uk/cookie-policy.
CONTACT US
Equitable Life Assurance Society is the controller responsible for the personal information we collect and process about you.
If you have questions or concerns regarding the way in which your personal information has been used, please contact us at Equitable Life Assurance Society, Walton Street, Aylesbury, Buckinghamshire HP21 7QW.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to a supervisory authority. The supervisory authority for the UK is the Information Commissioner’s Office who can be contacted via: https://ico.org.uk/.
CHANGES TO THIS NOTICE
You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time.
If we change this privacy notice, we will notify you of the changes. Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).
From time to time we may share your data with one or more of our service providers. The companies listed below may receive, transmit, store or process the data. All our service providers are required to hold personal data securely, only for as long as reasonably necessary and in accordance with data protection laws.
abrdn
Apogee Corporation Limited
Atos IT Services UK Limited
Barclays Bank
Bottomline Technologies
Canada Life Ltd
Dow Jones
Fieldfisher LLP
HSBC Bank Plc
ISIS Papyrus
J P Morgan Asset Management
Lexis Nexis
Liverpool Victoria
Mazars LLP
Mimecast Services Ltd
Oasis UK
Paragon Customer Communications
PricewaterhouseCoopers LLP
Royal Mail Group Ltd
Shred-IT
Supercheck de (German) Euro-Pro
Twofold Limited
Unio Ltd
Willis Towers Watson
ZEDRA Limited