Who we are
When we say ‘we’ or ‘us’ in this notice we are referring to Royal London Insurance Designated Activity Company, a company registered in Ireland (registration number: 630146).
What kinds of personal information do we hold about you?
We may collect and process the following information about you:
- Information about you - such as your name, age, gender, date of birth or nationality. We need this information to help us identify you, but also to allow us to contact you at the right time - such as when you’re approaching the end of your policy term
- Government identifiers – for example information from your identification documents, such as your driving licence or passport
- Contact information – for example your address, Eircode, email address, or phone numbers
- Online information – for example cookies and IP address (your computer’s internet address), if you use our websites
- Financial information – for example salary and your bank account details for any payments to us or we make to you. If we need to verify information on your finances, we may require copies of your financial accounts
- Audio or video recordings – for example voice recording when you contact us, complete a survey at the end of a call to our Customer Services Team or CCTV footage if you visit our offices. Calls may be recorded for training and monitoring purposes to help us continually improve our customer service
- Contractual information – for example details about your products and benefits
- Family & beneficiaries information – for example your marital status, dependants, next of kin or nominated beneficiaries
- Underwriting information – for example your job, interests, travel, health, family history and other relevant risk factors. For larger cases we may need additional financial information. We use this information to establish if, and on what terms, we can offer you insurance cover
When we collect your information, we’ll let you know if any of it is optional. If it is, we’ll explain why it would be useful to us, and you can decide whether it’s something you’re happy for us to have.
How we use your personal information
We use the information we obtain directly from you or your Financial Broker for a number of reasons:
- Setting up and administering your policy
- Completing any requests or claims you make
- Verifying your identity and preventing fraud
- Researching our customers’ opinions and new ways to meet our customers’ needs
- Assessing and developing our products, systems, prices and brand
- Fulfilling any legal or regulatory obligations
- Sending you information
- Monitoring our websites
Where do we get your information from?
Most of the information we get comes directly from you or your Financial Broker. We may also obtain personal information about you from other sources:
- Tracing companies - if we lose touch we may use a trusted 3rd party to find you and reunite you with your policy, if we can.
- Medical professionals – for example if we need information for underwriting purposes or to support an ill health claim.
- Data brokers;
- If we need contact information (email and phone numbers) to carry out customer research, promote brand awareness or remind you about the benefits of your plan or;
- To help put our customers into groups for product development and assessment purposes.
- Credit reference agencies - so we can check your identity.
- Premium quotation services - If your Financial Broker used a quotation service to obtain premium quotes for you, the service provider may share some of your information with us.
What are our legal grounds for using your personal information?
Data Protection gives organisations a number of different conditions under which your information may be processed lawfully. We’ll only use your personal information when one of these conditions has been satisfied. Below you can see how we use your information and the legal grounds for processing this:
|Legal Grounds||Use of your information|
Your personal information may be processed when we receive your consent. The consent you provide must be freely given, informed, specific, unambiguous and given with a positive, affirmative action. Your consent can be withdrawn at any time.
Necessary for the performance of a contract
The personal information you provide or that of a joint party to the contract may be processed when it is necessary in order to enter into or perform a contract. E.g. where we process your information to assess your application or to provide your policy.
Setting up and administering your policy
This covers all the usual activities, such as:
Completing any requests or claims you make
If we lose touch
We may use a trusted 3rd party to find you and reunite you with your policy.
Necessary for compliance with a legal obligation
Your Personal information may be processed where Royal London has a legal obligation to perform such processing. E.g. where we share information with our regulators or the courts.
Verifying your identity and preventing fraud
We may need to check your identity at relevant times to protect you from risks. This is not a credit check and does not affect your credit rating.
We sometimes need copies of your identification documents, or identification numbers, for example, passport or driving licence number, if we need to do extra checks. This is to make sure we meet our obligations with anti-money laundering or other laws.
Fulfilling any legal or regulatory obligations
These will vary according to the nature of the product you have taken out. For example we will need to let you know when government levies are changed.
Necessary to protect vital interests
This will usually only apply in "life-or-death" scenarios.
|We may disclose your information to An Garda Síochána or other authorities if we have serious concerns about your wellbeing.|
Necessary for an insurance product
The Irish laws that brought GDPR into effect gave legal grounds for processing your medical information in connection with an insurance product.
We’ll obtain information about you from medical professionals if it’s needed for underwriting your policy or for claims assessment. We’ll also obtain information from a medical professional in the event of a death claim.
We’ll share your information with our reinsurers if we need another opinion on our underwriting, so we can offer terms for specialist cases that are more complex or for large sums assured.
Necessary for legitimate interests
We also use your information when we have a “legitimate interest” and that interest isn’t outweighed by your privacy rights. Each activity is assessed and your rights and freedoms are taken into account to ensure that we’re not being intrusive or doing anything beyond your reasonable expectation. We’ll assess the information we need, so we only use the minimum.
If you want further information about processing under legitimate interests you can contact us using the details below.
You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason we may still continue to use your information.
We use legitimate interests for the following:
|Use of your information||Legitimate Interests|
Assessing and developing our products, systems, prices and brand
Our products are developed with a particular set of customer needs in mind. In order to make sure your policy is still suitable for you and is working as we intended, we combine your information with other customers’ to analyse and segment it.
We also combine your information with other customers’ to assess how much money we need to have available at any time.
We need to be able to identify groups of customers who will want new products or services that we are considering developing.
We need to develop those products and services, and make sure our product charges are fair.
We need to make sure we are treating you fairly and check your product is suitable for you.
We need to make sure we have enough money to pay our customers when the time comes.
We’ll use your underwriting responses and claims information to analyse how we can redesign products or make our underwriting process easier, with better outcomes for potential customers and policyholders. We’ll also use your underwriting and claims information for wider pricing analysis.
Researching our customers' opinions and new ways to meet our customers' needs
We may conduct research before we launch new products or before we make changes or improvements to existing products to make sure it’s the right thing to do. We might also conduct research to ask customers what they think of Royal London, our products and services.
Where we don’t have your contact details, we may obtain your telephone number from data brokers (e.g. Experian) to contact you for a research project. However we always take steps to check that you have not objected to such contact, e.g. by checking the National Directory Database.
We need to make sure our products are suitable for the intended audience and to identify gaps in the market.
We need to see how many categories of customers we have and to tailor our products and services accordingly.
We need to make sure our communications are easy to understand and that our products are being sold to the correct audience.
We need to make sure our research is efficient and connects with the right types of people, so we can be confident of any decisions we make based on the results.
We don’t currently market other products to you, but we reconsider this at regular intervals and may choose to do this in the future. Where these communications are marketing and therefore optional, we will make it clear that you can opt out of these.
We need to ensure our communications are in line with Royal London’s values as a member-owned organisation.
We also need to grow and sustain our business and to develop our brand.
Monitoring the use of our websites
On our websites we use a variety of technologies that collect information about how visitors use our website.
|We need to make sure that our websites work well and are secure.|
We sometimes use third parties located in other countries to provide support services. As a result, your personal information may be processed in countries outside the European Economic Area (EEA).
These services will be carried out by experienced and reputable organisations on terms which safeguard the security of your information and comply with the European data protection requirements. Some countries have been assessed by the EU as being ‘adequate’, which means their legal system offers a level of protection for personal information which is equal to the EU’s protection. Where the country hasn’t been assessed as adequate, the method we have chosen to safeguard your information is standard contractual clauses.
The European Commission has recognised ‘standard contractual clauses’ as offering adequate safeguards to protect your rights and we’ll use these where required ensuring adequate protection for your information. The European Commission approved standard contractual clauses are available here.
We use standard contractual clauses for the below activities, to help us provide:
- IT support and technology development with operations based in India
- Global reassurance partners with operations based in the United States and Bermuda
- Other service providers, research partners and administrators with operations based in India and the United States
We always ensure all personal information is provided with adequate protection and all transfers of personal information outside the EEA are done lawfully.
We use Transport Layer Security (TLS) to encrypt and protect email traffic. We also use the Clearswift Managed Email Security Service to protect our outgoing email traffic. However, if your email service doesn’t support TLS or if you do not wish to use our Clearswift Managed Email Security Service, we may not be able to communicate with you by email, and any emails we do send or receive will not be protected by encryption. We recommend you don’t send anything confidential to us by email. We may also change our Email Security Service provider at any time without notice and without changing the provision in this notice.
Once we receive your information, we use strict procedures and security features to protect your information from unauthorised access.
How long do we keep your personal information for?
We will retain your personal information for as long as it is considered necessary for the purpose for which it was collected, and to comply with our legal and regulatory requirements. This will involve retaining your information for a reasonable period of time after your policy or your relationship with us has ended.
In the absence of specific legal, regulatory or contractual requirements, our retention period for records and other documentary evidence created in the provision of services is seven years after your policy has ended.
However there are a few exceptions to this rule. We keep underwriting and quote information for 10 years, to allow us to assess whether our policy cover is appropriate. We need information for the longer period, to make sure we can evaluate a large enough number of cases and make informed decisions.
Do we make solely automated decisions about you or profile you?
Automated decisions are where a computer makes a decision about you without a person being involved. We also profile our customers which means we make assumptions about you to help us treat you fairly.
We make automated decisions about you as part of the underwriting journey. We ask relevant information about your job, interests, travel, health and family history – for example we need to know if one of your interests is skydiving, as this would increase your risk and potentially your premium.
You have the right to ask for a person to review the automated decision, so you can also ask for the decision to be made via our manual underwriting process.
There are some cases where we won’t be able to offer a decision online and will need your application to be reviewed by our underwriting team. They may request further information from you or from your medical professional before we’ll be able to confirm whether we can offer you cover, and on what basis.
Note that if the decision to decline the business is confirmed, this would need to be disclosed if you apply for insurance elsewhere.
Many people will be vulnerable at some point in their life and when an individual is identified as a potentially vulnerable person, for example due to age, we do make a note of this on our systems, including the category of vulnerability and may tailor our approach to the needs of the individual.
What are my rights?
Your rights are outlined below. The easiest way to exercise any of your rights would be to contact our Data Protection Officer at the contact details provided. We will provide a response within 30 days, if not sooner. There is normally no charge for exercising any of your rights.
Accessing your personal information
You have the right to find out what personal information we hold about you, in many circumstances.
Correcting or adding to your personal information
If any of your details are incorrect, inaccurate or incomplete you can ask us to correct them or to add information.
In some circumstances you can ask us to send an electronic copy of the personal information you have provided to us, either to you or to another organisation.
Objecting to the use of your personal information for legitimate interests
You also have the right to object to any processing done under legitimate interests. We will re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason we may still continue to use your information.
Objecting to Direct Marketing
You have a specific right to object to our use of your information for direct marketing purposes, which we will always act upon.
Restricting the use of your personal information
If you are uncertain about the accuracy or our use of your information, you can ask us to stop using your information until your query is resolved. We will let you know the outcome before we take any further action in relation to this information.
Right to Erasure
You can ask us to delete your personal information in some circumstances, such as if your policy has ended and we do not need to keep your information for legal or regulatory reasons. If we are using consent to process your information and you withdraw it, you can ask us to erase your information.
Changes to the way we use your information
If we want to use your personal information for a new purpose which we haven’t previously told you about, we will contact you to explain the new use of your information. We will set out why we are using it and our legal reasons.
Changes to our Privacy Notice
Making sure that we keep you up to date with privacy information is a continuous responsibility and we keep this notice under review. We will update our notice as changes are required.
This Privacy Notice was last updated on 01 January 2019.