Your data – Privacy Notice

About this notice

This privacy notice explains how we handle (i.e. collect, store, use, update, share and ultimately destroy) your personal data, and your rights in relation to the personal data we hold.

Who are we?

We are Utmost Life and Pensions, a life insurance and pension provider. Utmost Life and Pensions acts as a data controller, which means we decide how your personal data is handled and for what purposes. Data controllers are registered with the UK Information Commissioner’s Office.

Personal data - what is it?

Personal data is information about a living individual who can be identified from that data; either from the data alone or with any other information already in, or likely to come into, our possession. The handling of personal data is governed by the General Data Protection Regulation (the ‘GDPR’).

How do we care for your personal data?

We comply with our obligations under the GDPR by:

• keeping personal data up-to-date;
• storing and destroying it securely;
• not collecting or retaining excessive amounts of data; and
• protecting personal data from loss, misuse and unauthorised access and disclosure.

What do we use your personal data for?

We use your personal data for the following purposes:

• To be able to administer your policy with us and be able to pay claims;
• To comply with our regulatory or statutory requirements; and
• To maintain our own accounts and records.

What is the legal basis for handling your personal data?

• for the performance of your contract with us;
• to comply with our legal obligations; or
• for the purposes of our legitimate interests (e.g. recording phone calls to ensure call quality, or to fulfil our responsibility to pay benefits correctly).

Where you have given a separate consent for receiving any Utmost Life and Pensions-related marketing information you can withdraw your consent if you wish to.

Where we ask you for any medical data you give explicit consent and this is recorded.

Sharing your personal data

We may pass your data to Utmost Group of Companies, our third party service providers, reinsurers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (e.g. to carry out administrative mailings and to ensure that your data remains accurate).

When we use third parties to provide a service, we disclose only the data that is necessary to deliver that service and we have contracts in place that require them to keep your data secure and not to use it for their own direct marketing purposes.

We will not release your data to third parties beyond this unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. We will not share your data with third parties for marketing purposes.

We will not sell or rent your data to third parties.

International data transfers

Some of your personal data that we handle may be transferred to, and stored at, a destination outside the European Economic Area (‘EEA’) (e.g. where one of our service providers operates outside the EEA). In these circumstances, your personal data would only be transferred on one of the following bases:

• Where the transfer is subject to one or more of the appropriate safeguards for international transfers prescribed by applicable law;
• A European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
• There exists another situation where the transfer is permitted under applicable law (e.g. where we have your explicit consent)

How long do we keep your personal data?

We will securely destroy your data when we no longer have a legal basis for retaining it. Subject to any other notices that we may provide to you, we may retain your personal data for a period of 15 years after your final contract with us has come to an end. However some information may be kept indefinitely where required by law or regulation.

Your rights and personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data that we hold:

• to request a copy;
• to request that we correct it if it is found to be inaccurate or out of date;
• to request that we erase it where it is no longer necessary for us to retain it;
• to withdraw at any time your consent to us using it where the basis for its use is your consent;
• to request that, where possible, we provide it to you or transmit it directly to another data controller, (this is known as “the right to data portability”)*;
• where there is a dispute in relation to the accuracy or use of your personal data, to request that a restriction is placed on its further use;
• to object to the handling of personal data, where processing is based on our legitimate interests;
• to lodge a complaint with the Information Commissioners Office. However, you should normally raise your complaint with us in the first instance. If you are dissatisfied with our response to a complaint, you may contact the Financial Ombudsman Service at www.financial-ombudsman.org.uk, by email or telephone 0800 023 4567 or 0300 123 9 123.

*Note that although it is not currently possible, we will support data portability when a recognised industry standard becomes established.

Further uses of your personal data

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice prior to doing so, explaining this new use and setting out the new purpose and how the data will be used. Where necessary, we will seek your prior consent to using your data for the new purpose.

Contact details

To exercise all relevant rights, queries or complaints please in the first instance contact our Customer Services team at: