For full details as to how we collect and process your client’s personal data and their rights in relation to it, please visit www.aviva.co.uk.
Our approach to privacy
The privacy and security of your personal information is very important to us. We want to assure you that your information will be properly managed and protected whilst in our hands.
The information we collect and how we collect it
We collect information about you when you or your firm does business with us, including dealings we have with you through a number of channels, such as:
- if you create an Aviva-for-Advisers account or use the Aviva-for-Advisers website;
- if you use any of our online adviser platform services ("Electronic Services");
- if you use any of our mobile applications;
- if you participate in Aviva-for-Advisers competitions;
- if you record CPD with our CPD certificate;
- if you take part in activities for the Aviva Community Fund;
- If you contact or communicate with us.
We will collect the following personal information about you:
- basic personal details such as your name, address, email address, telephone number and postcode;
- account registration details, including username and passwords;
- information about the firm you work for and your role within the firm, including the firm name, firm size, firm role and FCA number;
- information about your marketing preferences.
If you are a director or partner of your firm, we will collect information about your date of birth, National Insurance Number and current and previous three years’ addresses.
How we use your personal information and our lawful right to do so
Wherever we collect or use personal information, we will make sure we do this for a valid legal reason. This will be for at least one of the following purposes:
1. to allow you and your firm to do business with us - we will use your information to:
- set up an account with us;
- maintain that account;
- allow you to access and make use of the Aviva-for-Advisers portal and our Electronic Services;
- administer and manage products that your clients have with us;
- manage queries and complaints which may involve you, your firm or your client;
- carry out necessary background checks to make sure you and your firm are legitimate persons to do business with in accordance with our Terms of Business for Firms (we explain more about this in our section on fraud prevention and detection).
2. to market our products and services and make improvements to our operations – we will use your personal information to keep you informed about our products and services which we understand will be of interest to you, consistent with your marketing preferences. We explain more about this in our section on marketing and cookies. We will also use your personal information for research and statistical purposes to analyse how advisers use our websites, Electronic Services and other products and services so we can improve our understanding of user needs and enhance our products. We use personal information for the purposes outlined above to support the legitimate interests of our business as an insurer, consistent with the Terms of Business we have in place with your firm and in the interests of providing an efficient service to you, your firm and your clients.
3. to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities – if you are a director or partner of your firm, we will carry out appropriate verification and credit checks. We use personal information for these purposes to comply with requirements we have under financial conduct rules and laws relating to anti-money laundering, financial crime and to prevent and detect fraud (see our section on fraud prevention and detection for more information)
4. where we have obtained appropriate consents from you - to collect or use your personal information for a particular purpose. This will always be explained to you separately when we ask for your consent.
If you would like to know more about any of the legal reasons or legitimate interests that apply to a particular way in which we use personal information you can contact us at any time.
Use of Third-Party information
We obtain information about your firm, your clients and from our third-party suppliers and databases, such as commercial property websites and government websites who assist with marketing insights, pricing research, product development, business strategy and to help us detect and prevent fraudulent activity.
How we share your information with others
We will also share information about you with:
- our regulators and law enforcement as necessary for purposes of fraud prevention and detection;
- online or digital partners we work with so we can communicate with you through their platforms;
- your clients if they have queries about the services between you, them and us.
Important note to advisers handling client data
Your firm is responsible for the lawful collection of personal information relating to any clients with whom you do business. This includes collection and use of personal information about your clients and any third-parties whose details we may need to prepare a policy or personalised quote. Your firm must, at all times, have your client’s authority to share their personal information with us and it is your firm's responsibility to ensure your clients are provided with fair processing notices which explain these arrangements to them and secure any necessary consents required to allow this personal information to be shared with us for these purposes.
Your firm is expected to not act in any way in relation to your handling of client’s personal information which might reasonably damage the reputation or goodwill of Aviva or its relationship with its customers. Your firm must provide to us all information in your possession concerning any unauthorised or accidental disclosure of, or access to, the personal data of your clients including as a result of any unauthorised access to the Electronic Services.
Marketing and cookies
We use your personal information to send you direct marketing communications about our products and services that we feel you’ll be interested in. This may be in the form of email, post, SMS, telephone or display advertising which you may see on websites, social media, or search results.
To protect your privacy rights and your choice and control over the use of your personal information, we will always allow you the opportunity to opt-out of electronic marketing communications when you register your contact information with us. In addition, you can always ‘opt out’ of receiving direct marketing by using the unsubscribe links you will find on our marketing emails.
We rely on third-party advertising technology (such as the deployment of cookies or small text files on our website) to collect information about you, which is used to optimise what you may see on our websites and deliver content when you are browsing elsewhere. We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services.
- Our online advertising complies with the best practice recommendation set by the European Advertising Alliance and you will always see the blue logo on display ads visible on third-party sites.
- You can turn off this type of advertising by visiting: www.youronlinechoices.com and adjusting privacy settings in your browser.
- If we use or share information with online sources, such as websites, social media and information sharing platforms, we will respect any permissions you have set about how you would like your personal information to be used.
- If you choose to opt-out of tailored offers and advertising, you’ll still continue to see generic advertising displayed online, it just might not be as relevant to you.
Fraud prevention and detection
In order to prevent and detect fraud we may at any time:
- share information about you with other organisations and public bodies including the Police;
- undertake credit searches and additional fraud searches;
- check and/or file your details with fraud prevention agencies and databases, and if you give us false or inaccurate information and we suspect fraud, we will record this to prevent fraud and money laundering.
We can supply on request further details of the agencies and databases we access or contribute to and how this information may be used. If you require further details contact us at:
Policy Investigation Unit,
Cruan Business Centre,
Westerhill Business Park,
123 Westerhill Road,
0345 300 0597
We and other organisations may also search these agencies and databases to:
- help make decisions about the provision and administration of insurance, credit and related services;
- trace debtors or beneficiaries, recover debt, prevent fraud;
- check your identity to prevent money laundering, unless you furnish us with other satisfactory proof of identity.
Protecting information outside the UK
Some of the organisations we share information with may be located outside of the European Economic Area ("EEA"). We’ll always take steps to ensure that any transfer of information outside the EEA is carefully managed to protect your privacy rights:
- transfers within the Aviva Group will be covered by an agreement entered into by members of the Aviva Group (an intra-group agreement) which contractually obliges each member to ensure that your personal information receives an adequate and consistent level of protection wherever it is transferred within the Group;
- where we transfer your data to non-Aviva Group members or other companies providing us with a service, we’ll obtain contractual commitments and assurances from them to protect your personal information. Some of these assurances are well-recognised certification schemes such as standard contractual clauses and the EU - U.S. Privacy Shield for the protection of personal information transferred from within the EU to the United States of America;
- we’ll only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and
- any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed.
You have a right to ask us for more information about the safeguards we have put in place as mentioned above. To learn more, see our section on your rights.
We are committed to protecting the confidentiality and security of the information that you provide to us and we put in place appropriate technical, physical and organisational security measures to protect against any unauthorised access or damage to, or disclosure or loss of, your information.
Retaining personal information in our systems
We maintain a data retention policy which we apply to the records we hold.
We may also retain personal information, where we have identified a legal basis for doing so, in an aggregated form which allows us to continue to develop and improve our products and services.
You have legal rights under data protection laws in relation to your personal information. Click on the links to learn more about each right you may have:
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information where we know we’re dealing with the right individual.
We’ll not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we’ll inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we’re otherwise legally entitled to deal with the request in a different way.
Accessing personal information
You can ask us to:
- confirm whether or not we have and are using your personal information
- get a copy of your personal information
Where we’ve asked for your consent to use your personal information, you’ll always have the right to withdraw such consent. Please contact us if you want to do this. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.
Correcting / erasing personal information
You can ask us to:
- correct any information about you which is incorrect. We’ll be happy to correct such information but will need to verify the accuracy of it first.
- erase your personal information if you think we no longer need to use it for the purpose we collected it from you.
- erase your personal information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, where we have used it unlawfully or where we’re subject to a legal obligation to erase your personal information.
We may not always be able to comply with your request, for example, if we need to keep using your personal information in order to comply with our legal obligation or where we need to use it to establish, exercise or defend legal claims.
Restricting our use of personal information
You can ask us to restrict our use of your personal information in certain circumstances, for example, where:
- you think the information is inaccurate and we need to verify it;
- our use of your personal information is not lawful but you do not want us to erase it;
- the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
- you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
We can continue to use your personal information following a request for restriction if we have your consent to use it; or you need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
Objecting to use of personal information
You can object to any use of your personal information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use the personal information if we can demonstrate that we have compelling legitimate interests to use the information.
Requesting a transfer of personal information
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).
You may only exercise this right where we use your personal information in order to perform a contract with you, or where we asked for your consent to use your personal information. This right does not apply to any personal information which we hold or process based on our legitimate interest or which is not held in digital form.
Contesting decisions based on automated decision-making
If we made a decision about you based solely on automated means (i.e. with no human intervention), and our decision produces a legal effect concerning you (such as the rejection of your claim), or significantly affects you, you may have the right to contest that decision, express your point of view and ask for a human review. These rights do not apply where we are authorised by law to make such decisions and have adopted suitable safeguards in our decision-making processes to protect your rights and freedoms.
Obtaining a copy of our safety measures
You can ask for a copy of, or reference to, the safeguards we have put in place when your personal information is transferred outside of the European Economic Area. We’re not required to share details of these safeguards if sharing such details would affect our commercial position, or create a security risk.
Contacting us for more information
- what personal information we have about you
- what we use it for
- who we share it with
- whether we transfer it abroad
- how we protect it
- how long we keep it for
- what rights you have
- how you can make a complaint
- where we got your data from
- whether we have carried out any automated decision-making using your personal information.
The Data Protection Team,
Your right to complain
If you’re not happy with the way we’re handling your information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioners Office (www.ico.org.uk).
We ask that you please attempt to resolve any issues with us before contacting the ICO.