Our privacy policy

We’ve made our Privacy Policy as clear and transparent as possible. Your privacy matters and it’s important you read the information in this Policy, which we have to explain to you by law.
Throughout this document certain words are displayed in bold type. These are defined terms and have specific meanings when used in this guide. If there’s something you’re particularly interested in, we’ve made it easy to skip through to specific sections. Here, you can find out more about:

  • what personal information we have and how we use it in relation to our products
  • how we collect, use and share your personal information within Aviva and with our business partners
  • your rights in relation to any personal information we hold about you
  • how to contact us with any questions you may have about privacy

Use the links below to find out more about each topic.

1. What personal information we use when you buy one of our products

2. How we collect, use and share personal information

3. Your rights

4. Contact us

What “we” means

This privacy policy is issued on behalf of the Aviva Group companies within the United Kingdom. When we mention "Aviva", "we", "us" or "our", what we mean is the relevant company in the Aviva Group that processes your personal information.

We have separate privacy notices for our products

If you’re one of our customers, we will give you separate privacy notices when we ask for your personal information, for example, when you get a quote or apply for our products. Read them carefully, as they’ll tell you which Aviva company is responsible for managing your personal information and provide more details about how we’ll use it in relation to that product.

You’ll find more privacy notices when you use our apps and platforms such as Drive or MyAviva. This Policy supplements – but doesn’t override – them.

We’ll keep this Policy up to date with the latest legal requirements, so please check back here for the current version.

Sensitive information

Sometimes we’ll ask about your health, details of offences and convictions or other sensitive information about the person(s) who is/are being insured and their family members. We know how sensitive that data is, so protecting it is a top priority.

Payment information

If you buy a product directly from our website or other Aviva sales channel, we’ll ask for payment information. We need this to complete your purchase.

Marketing and customer insights

We carry out customer insight analysis from our interactions with you to help improve our products and services, and keep you informed about offerings that may be of interest to you. Find out more about marketing here.

Information about other individuals

Most of the information we collect relates to the person taking out a product (or persons where it’s taken out jointly). We may also ask for information about other individuals if we need it. Examples include:

  • if you ask us to provide insurance for other household or family members, or members of a group
  •  if we ask an insured person to provide health information about other family members where this is relevant to the risk we’re covering when we arrange a policy
  • if we need information about other individuals when we handle a claim, such as injured third parties

If you provide us with information about someone else, we’ll assume that you have their permission. We’ll process their personal information according to this Privacy Policy so please encourage them to read it if they want to find out more.

Brokers, intermediaries, employers and third parties

Many customers buy our products through an insurance broker, financial adviser or one of our business partners. We also receive personal information from other third parties, including attorneys, trustees and family members. It is their responsibility to make sure they explain to the person whose information is being shared that they are doing so, and ask for permission if needed.

Who we share personal information with

Depending on the product or service, we’ll share personal information with a number of our trusted third parties, including:

  • financial advisers and business partners who help us arrange our products
  • insurers, reinsurers and brokers who help us manage and underwrite our products and provide reinsurance and insurance services
  • data analysts and providers of data services who support us with developing our products and prices
  •  comparison websites and similar companies that offer ways to research and apply for financial services products
  • regulators who regulate how we operate, these include the FCA, PRA, Financial Ombudsman, HMRC, The Pensions Regulator and ICO
  • solicitors and professional service firms who act on our or your behalf, or who represent a third-party claimant
  • third-party administrators who help us manage our products and services
  • loss adjusters and claims experts who help us handle claims
  • assistance providers who can help provide you with assistance in the event of a claim
  • service providers who help operate our IT and back office systems, including our underwriting processes
  • medical professionals, if we need to access health records or assessments for the purposes of arranging and underwriting certain products or facilitating and handling claims
  • third-party case managers, handling your care or treatment pathway
  • employers and third parties that provide services to you and your employer in respect of a pension scheme, including pension planning services for employees
  • media agencies and other providers of marketing and display advertising services, who help us make sure you receive marketing content that’s relevant to you and your preferences

Extraordinary circumstances

Occasionally and only where necessary to fulfil our legal obligations, conduct investigations and/or deliver our services, we may share your information with private investigators, police, courts, external auditors, accountants, DWP or other IT service providers – eg tracing services, medical underwriting, and pension transfers. We also work with anti-fraud and credit reference agencies to help us detect and prevent fraud and manage credit risk.

1. What personal information we use when you buy one of our products

1.1 Motor and home insurance

When you take out a motor or home policy, we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.

The personal information we use for these types of policies includes any relevant offences and convictions for each person to be insured under the policy as well as any relevant health information, for example if a claim is made involving a personal injury.

If you take out a motor policy we’ll also collect and use information about you and your vehicle. We’ll get this information from you, public registers, our trusted third parties such as the MIB and from information already held by us, eg from previous policies or quotes. If you’re seeking a policy with telematics capability, we’ll also use telematics data.

Your driving history

We may ask you to provide the driving licence number so we can quickly get useful data from the DVLA such as the licence status of each driver, their licence entitlement, relevant restriction information, endorsement and conviction details. If you do not wish to provide us with your licence information, you can choose to answer the questions about your licence information yourself.

We’ll also add details of the policy to the Motor Insurance Database maintained by the MIB. The MIB may make this information available to authorised bodies such as the DVLA, DVLNI and IFB.

About your home

When you take out a home policy, we may obtain information about you and your home from publicly available registers and databases. These may include land registers, as well as information already held by us, such as information about previous policies or claims, or from our trusted third parties, such as commercially available property databases where this will help us underwrite the policy.

In some cases when you apply for motor or home insurance, we may share your information with credit reference agencies so they can carry out searches relating to you. Find out more about how we work with credit reference agencies here.

Automated decision making

We need your personal information when you apply for a policy to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided including address, post code, and age, (and, for motor policies, we use marital status, employment details and details of health and relevant offences and convictions for you and any other drivers). The automated engine may also validate information you provide against other records we hold about you in our systems and third party databases, including public databases. We may supplement the information you provide with information from third parties who can provide more information about your vehicle or property (including DVLA databases, land registries and commercially available property databases). More details on your rights in relation to automated decision making are here.

Throughout the term of these types of policies we’ll hold your personal information to enable us to properly administer the policy, such as offering renewal or dealing with claims. We may use the information to perform analytics and ensure we’re appropriately pricing our products.

Verifying claims

If a claim is made, we use your personal information to verify the claim and ensure that we pay out to the right person. In addition we’ll need to collect and use the following personal information:

  • for a claim following a motor accident, we’ll ask for details of the claim, information about those involved and any personal injury you or others may have suffered
  •  for a claim under a home policy, we’ll ask you to confirm your identity and provide details of the claim.

1.2 Travel and health insurance

Where you take out a travel or health policy we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.

The personal information we use for these types of policies includes health information for each person to be insured, for example other family members who are to be covered under the insurance policy.

For health policies we may also ask you to authorise your healthcare provider to supply relevant supporting information, including, where relevant, health information about the family or personal history of each person to be insured.

Automated decision making

  • We need your personal information when you apply to us to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including address, age and any medical conditions of the policyholder and any other people to be insured). The automated engine may also validate information you provide against other records we hold about you in our systems and third party databases, including public databases. Find more details on automated decision making here.

Throughout the life of these types of policies, we’ll hold your personal information to enable us to properly administer the policy such as offering renewal or dealing with claims. We may also use the personal information to perform analytics and ensure that our products are appropriately priced.

Verifying claims

If a claim is made, we use personal information to verify the claim and ensure that we pay out to the right person. In addition, we’ll need to collect and use the following personal information:

·                     for claims under a travel policy we’ll need to ask you to confirm your identity and provide details of the claim, including information about any illness or personal injury suffered. We’ll share information with assistance providers where necessary to help deal with a claim.

·                     for claims under a health policy we’ll ask you to confirm the identity of the person making the claim and provide details of the health condition to which the claim relates. To assist with your claim we may also ask you to authorise your healthcare provider to supply information. We may also pass information you have given us to your treating healthcare provider or case manager.

1.3 Pet, mobile/gadget and personal accident insurance

When you take out a pet, mobile/gadget or personal accident policy we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.

The personal information we use for these types of policies include:

  • For pet – information about your pet including name, gender, date of birth, medical conditions, if your pet has been chipped/tagged and/or neutered, if your pet has been involved in any incidents or accidents that may give rise to legal action against you
  • For mobile/gadget – information about the type of your gadget, its make, model, value, date of purchase and serial number or IMEI number
  • For personal accident - your age and the level of cover you choose
  • We need your personal information when you apply to us to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided, which includes the information listed above. For more detail about automated decision makingplease click here.

Throughout the life of these types of policies, we’ll hold your personal information to enable us to properly administer the policy, such as allowing you to exercise any cover change options you have under the policy, offering renewal, where applicable, and dealing with claims.

Verifying claims

If a claim is made, we use personal information to verify the claim and ensure that we pay out to the right person. This will differ, depending on the type of policy:

  • For pet insurance claims we’ll also collect information about any illness or injury in relation to the pet and we may also seek information from the treating vet. Where a claim arises because a pet has caused damage or personal injury to another person we’ll also need to collect information in relation to this
  • For mobile/gadget claims we’ll need to verify your identity and collect details of the circumstances of the claim and the IMEI number of the mobile device
  • For personal accident policies we’ll need to verify your identity and collect details of the accident or injury leading to the claim. We may also need to ask you to authorise your healthcare provider to provide information to assist in assessing the claim

1.4 Life insurance

Where you take out life insurance with us (for example, life, critical illness or income protection policy), we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.

Except for certain types of life insurance which are not underwritten for example, over 50s life insurance and free parent life cover, the personal information we use includes health information, lifestyle information and employment status (including, for income protection only, level of earnings) of each insured person. We’ll also collect the family or personal history of the insured person, or details of appointed trustees where policies are placed under trust.

Automated decision making

We need your personal information when you apply to us to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including your age, whether you smoke, your answers to our health and lifestyle questions, including your family medical history) along with the amount of cover you wish to obtain. We’ll make clear to you in the application for each policy whether automated underwriting is used. For more detail on automated decision making please click here.

Where we collect and use health information, we may ask each insured person to authorise a healthcare provider to supply relevant supporting information, including, where relevant, health information about their family or personal history.

Throughout the life of these types of policies, we’ll hold your personal information to enable us to properly administer the policy, such as allowing you to exercise any options you may have under the policy. We may also use the information (including health information) to perform analytics and ensure that our products are appropriately priced.

Verifying claims

If a claim is made, we use your personal information to verify the claim and ensure that we pay out to the right person. This will differ, depending on the type of policy:

  • For claims under a life insurance policy, we’ll need to ask you to confirm your identity, provide details of the policyholder and (if different) the insured person, including details of their death so that we can assess the claim
  • For claims under a critical illness or income protection policy, we’ll need to ask you to confirm your identity and provide details of your health condition. We may also ask you to authorise your healthcare provider to provide information to assist in assessing the claim

1.5 Equity release

Where you take out an equity release lifetime mortgage product we’ll collect and use your personal information to decide if we can offer you a product and, if so, on what terms. We’ll also use it to arrange and manage your account, as well as prevent fraud.

The personal information we use for this type of product may include how long you have lived at the property, the estimated property value, the purpose of the loan, the ownership status of your home and what proportion is owned by you as well as information about your legal adviser and existing lender.

If you select certain features of the product, we’ll also collect health information to assess risk and eligibility for the product. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including your age, whether you smoke and your answers to our health and lifestyle questions). For more detail on automated decision making please click here. We’ll collect information about you and any person to be a joint account holder as well as any occupants of the property.

Throughout the duration of your product we’ll hold your personal information to enable us to properly administer the product for example to provide you with information and process payments.

1.6 Annuities

Where you take out an annuity policy we’ll collect and use your personal information to arrange, underwrite and manage your policy and prevent fraud.

  • The personal information we use for these types of products includes health information and lifestyle information about you and anyone else to be insured under the policy. We use this information to decide whether, and on what terms, we can offer you a policy. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including your age, whether you smoke and your answers to our health and lifestyle questions). Learn more about automated decision making here.

Occupational pension schemes

Trustees of an occupational pension scheme may take out an annuity policy for the purposes of the scheme. Where they do this we may collect personal information about members of the scheme to arrange, underwrite and manage the policy, as well as prevent fraud.

Throughout the life of these types of product, we’ll hold your personal information to enable us to properly administer the policy, for example, to pay benefits.

1.7 Pensions, savings and investments

Where you take out a pension, savings or investment product we’ll collect and use your personal information to arrange and manage your policy, as well as prevent fraud.

We may also collect and use your personal information for these purposes if you:

  • join your employer’s pension scheme and they use an Aviva pension product for their scheme
  • are a member of your employer’s pension scheme and the trustees of the scheme use an Aviva investment product for the purposes of the scheme

The personal information we use for these types of products may include your:

  • employment status
  • details and value of your pension
  • salary details
  • marital status
  • tax information
  • national insurance number.

Throughout the life of these types of product, we’ll hold your personal information to enable us to properly administer the product, for example to process investment instructions and withdrawals from your product.

1.8 Business insurance including motor and non-motor business insurance and corporate specialty risks

Where you take out a business insurance policy with us we may collect and use personal information to arrange, underwrite, manage your policy, prevent fraud and handle claims.

The personal information we use for these types of policies may include information about your business, including the business name, the contact person for your business, details of directors, partners or individual traders for the business and payment information.

We may also collect details about the number of employees, details of employees (including any offences and convictions that we need to know about to allow us to underwrite the policy), their role in the company and details of the business assets or liabilities to be insured.

For business health, life, travel and personal accident insurance

The information we collect may include health information for each person to be insured, for example employees who are to be covered under the insurance policy. We may also ask you to authorise your healthcare provider to supply relevant supporting information, including, where relevant, health information about the family or personal history of each person to be insured. We need this information to underwrite and manage the policy and facilitate and handle claims.

For business motor insurance

We’ll collect identity information in relation to employees or other people to be insured under the policy. Information may include any relevant offences and convictions or health information for drivers to be insured under the policy. We also collect and use information about drivers and vehicles to be insured from public registers, from our trusted third parties, such as the MIB, and information already held by Aviva, eg from previous policies or quotes.

If you’re seeking a policy with telematics capability, we’ll also use telematics data. We’ll also add details of the policy to the Motor Insurance Database maintained by the MIB. The MIB may make this information available to authorised bodies such as the DVLA, DVLNI and IFB.

Automated decision making

We need the personal information when you apply to us to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including health information or offences and convictions data, where appropriate). The automated engine may also validate information you provide against other records we hold in our systems and third party databases, including public databases. We may supplement the information you provide with information from third parties who can provide more information about the vehicles or property to be insured. For more details on automated decision making, please click here.

Throughout the life of these types of policies we’ll hold the personal information to enable us to properly administer the policy, for example to offer renewal, make mid-term changes you request and deal with claims. We may use the personal information to perform analytics and ensure that our products are appropriately priced.

Verifying claims

If a claim is made, we use the personal information to verify the identity of the policyholder and (if different) provide details of the insured, so that we can identify them. We’ll also need you to provide details of the claim so that we can assess the claim. Where necessary, this will include providing details of any accidents or personal injuries that have been suffered as part of the claim, either by an insured person or third party. In certain circumstances (for example where personal liability is covered) it may be necessary to collect details of alleged offences in relation to an insured person.

Preventing fraud

We’ll also use your personal information to detect and prevent fraudulent practices, fight financial crime and meet our regulatory responsibilities. To find out more about how we use your personal information in this regard, click here.

  • If you’re making a claim, we may use profiling and other forms of automated processing to assess if your claim may be fraudulent. This assessment may involve the use of your sensitive personal information. For example, we may use your past motoring convictions for motoring insurance. To learn more about how we use your personal information for automated decision making and profiling, click here.

2. How we collect, use and share personal information

2.1 Respecting privacy rights

We’re committed to collecting and using personal information in accordance with applicable data protection laws.

Wherever we collect or use this information, we’ll make sure we do this for a valid legal reason. This will be for at least one of the following purposes:

  • to arrange, underwrite or manage our products, or handle claims in accordance with their terms
  • to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities
  • to operate and improve our products and services and keep people informed about our products and services or for any other purposes we identify as relevant to further our business interests but never at the expense of your privacy rights (we refer to these activities as our legitimate interests)
  • where we have obtained appropriate consents to collect or use your personal information for a particular purpose

We can only collect and use sensitive personal information in limited circumstances, where we’ve obtained your explicit consent, where we need this information to arrange, underwrite or manage our products or to handle claims, or where we have another legal basis for doing so as explained in this privacy policy.

  • You can find more information about when and why we use personal information in other parts of this privacy policy, as well as the notices we provide when we collect information from you. If you would like to know more about the legal reasons or legitimate interests that apply to a particular way in which we use personal information you can contact us at any time.

2.2 Marketing and marketing preferences

We may use personal information to send direct marketing communications about our products and services that we feel you’ll be interested in. This may be in the form of email, post, SMS, telephone or display advertising you may see on websites, social media, television or search results.

To protect your privacy rights and give customers choice and control over the use of their personal information, you can:

  • always ‘opt out’ of receiving direct marketing when registering with us, requesting an online quote, purchasing a product or service online at any time. All our marketing communications include unsubscribe links to help you manage your marketing preferences.
  • change your marketing preferences in MyAviva (if you’re registered) or by contacting us if you change your mind. Opting out of one type of marketing, for example, by email or telephone, doesn’t mean you’re opted out of all marketing. Bear this in mind when you manage your preferences. You can always contact us directly if you would like us to stop all forms of direct marketing. We try to limit direct marketing and only send you offers and promotions that you might be interested in, based on information we have about you. We won’t send you spam.

We rely on third-party advertising technology (such as the deployment of cookies or small text files on our website) to collect information about you, which is used to optimise what you may see on our websites and deliver content when you are browsing elsewhere. We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services.

  • Our online advertising complies with the best practice recommendation set by the European Advertising Alliance and you will always see the blue logo on display ads visible on third-party sites.
  • You can turn off this type of advertising by visiting: youronlinechoices.com and adjusting privacy settings in your browser.

If we use or share information with online sources, such as websites, social media and information sharing platforms, we will respect any permissions you have set about how you would like your personal information to be used.

  • We recommend you routinely review the privacy notices and preference settings that are available to you in MyAviva and on social media platforms you use as they will dictate how adverts and other messages are displayed and shared across those platforms.
  • If you choose to opt out of tailored offers and advertising, you’ll still continue to see generic advertising displayed online, it just might not be as relevant to you.
  • For further information about cookies and other technologies we use on our website, please see our Cookie Policy.

2.3 Using personal information to improve our products and services

We use digital tools when you visit our websites or use our mobile apps to gain insights into our products, services and the functionality and performance of our websites, apps and platforms. For example, we use some of these tools to save your language preferences on our website, so we’re able to offer you our services in the language you prefer.

To learn more about these technologies and how you can change your browser settings to manage your privacy controls, see our Cookie Policy. If you have downloaded one of our mobile apps, we recommend that you also refer to the app’s privacy policy.

2.4 Working with Credit Reference Agencies (CRA)

For certain products, to ensure we have the necessary facts to assess your insurance risk, verify your identity, help prevent fraud and provide you with our best premium and payment options, we may obtain information relating to you at quotation, renewal and, in certain circumstances, where policy amendments are requested. This may include a quotation search that will appear on your credit report and be visible to other credit providers.

Where you agree to pay monthly under an Aviva credit agreement, the status of your quotation search from our CRA will be updated to reflect your credit application and this will be visible to other credit providers. CRAs may keep a record of this search.

To assess your application we’ll supply your personal information to our CRAs and they’ll give us information about you, such as your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We’ll also continue to exchange the information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.

Our CRA and the ways in which it uses and shares personal information are explained in more detail here.

2.5 Working with regulators and fraud prevention and detection agencies

We may use your personal information to help us to detect and prevent fraudulent applications and claims, fight financial crime and meet our regulatory responsibilities. This may involve checking public registers (eg the electoral roll or registers of county court judgments, bankruptcy orders or repossessions), conducting online searches from websites, social media and other information sharing platforms and using databases managed by credit reference agencies see here for more details and other reputable organisations. This will help us verify your identity, make decisions about providing you with our products and related services, and trace debtors or beneficiaries. We may also share your information and undertake searches with third party organisations such as police, public bodies, credit reference agencies, fraud prevention agencies and our regulators (which include the FCA, PRA and ICO).

If you give us false or inaccurate information and we suspect fraud, we’ll record this to prevent further fraud and money laundering.

We can supply on request further details of the agencies and databases we access or contribute to and how this information may be used. If you require further details contact us at Policy Investigation Unit, Aviva, Cruan Business Centre, Westerhill Business Park, 123 Westerhill Road, Bishopbriggs, Glasgow G64 2QR. Telephone 0345 300 0597. Email: PIUUKDI@AVIVA.COM or using the details below.

2.6 Working with Reinsurers

We may share (either directly or through brokers) your personal information, including sensitive personal information, with reinsurers who provide reinsurance services to Aviva and for each other in respect of risks underwritten by Aviva and with insurers who cover Aviva and under its group insurances policies. They will use your data to decide whether to provide reinsurance and insurance cover, assess and deal with reinsurance and insurance claims and to meet legal obligations. They will keep your data for the period necessary for these purposes and may need to disclose it to other companies within their group, their agents and third party service providers, law enforcement and regulatory bodies.

We can supply on request further details of the reinsurers and insurers we provide your data to and how this information may be used. If you require further details contact us.

2.7 Using personal information to create profiles and create better products

Where we underwrite products, we use an automated underwriting engine to process the personal information you provide as part of your application process, together with information provided by third party sources (this could include sensitive information such as health information and offences and convictions) along with the amount of cover you wish to obtain. Other data may be used to calculate these decisions such as telematics data which may have been collected from your vehicle (for motor insurance) or your device. We do this to calculate how much that cover will cost you. Without this information we’re unable to provide a price that is relevant to your individual circumstances and needs.

We regularly check the way our underwriting engine works and before using data obtained from third parties we rigorously test it to identify whether the data provides any actionable insight. This is done using the bare minimum amount of hashed or obscured data we hold about our customers. We do this in order to continually improve the quality of our services, the efficacy of our algorithms and to help us to continue to be fair to our customers.

If you are making a claim, we may use profiling or other forms of automated processing to assess the probability that your claim may be fraudulent or suspect in some way.

Where sensitive personal information is relevant to the profiling, such as medical history for life insurance or offences and convictions for motor insurance, your sensitive personal information may also be used in the profiling models.

  • You have certain rights in respect of this type of automated decision making. To learn more about your rights click here.

2.8 Retaining personal information in our systems

We generally only keep personal information for as long as is reasonably required for the reasons explained in this privacy policy. We do keep certain transactional records - which may include personal information - for more extended periods if we need to do this to meet legal, regulatory, tax or accounting needs. For instance, we’re required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you or others might raise later. We’ll also retain files if we reasonably believe there is a prospect of litigation.

To support us in managing how long we hold your data and our record management, we maintain a data retention policy which includes clear guidelines on data deletion.

We may also retain personal information where we have identified a legal basis for doing so in an aggregated form which allows us to continue to develop/improve our products and services.

2.9 Protecting information outside the UK

Some of the organisations we share information with may be located outside of the European Economic Area ("EEA"). We’ll always take steps to ensure that any transfer of information outside the EEA is carefully managed to protect your privacy rights:

  • transfers within the Aviva Group will be covered by an agreement entered into by members of the Aviva Group (an intra-group agreement) which contractually obliges each member to ensure that your personal information receives an adequate and consistent level of protection wherever it is transferred within the Group;
  • where we transfer your data to non-Aviva Group members or other companies providing us with a service, we’ll obtain contractual commitments and assurances from them to protect your personal information. Some of these assurances are well recognised certification schemes such as standard contractual clauses and the EU - U.S. Privacy Shield for the protection of personal information transferred from within the EU to the United States of America
  • we’ll only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and
  • any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed
  • You have a right to ask us for more information about the safeguards we have put in place as mentioned above. To learn more, please read your rights section.

3. Your rights

You have legal rights under data protection laws in relation to your personal information

We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information where we know we’re dealing with the right individual.

We’ll not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we’ll inform you before proceeding with your request.

We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we’re otherwise legally entitled to deal with the request in a different way.

3.1 Accessing personal information

You can ask us to:

  • confirm whether or not we have and are using your personal information
  • get a copy of your personal information

3.2 Withdrawing consent

  • Where we’ve asked for your consent to use your personal information, you’ll always have the right to withdraw such consent. Please contact us if you want to do this. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.

3.3 Correcting / erasing personal information

You can ask us to:

  • correct any information about you which is incorrect. We’ll be happy to correct such information but will need to verify the accuracy of it first
  • erase your personal information if you think we no longer need to use it for the purpose we collected it from you
  • erase your personal information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, where we have used it unlawfully or where we’re subject to a legal obligation to erase your personal information

We may not always be able to comply with your request, for example, if we need to keep using your personal information in order to comply with our legal obligation or where we need to use it to establish, exercise or defend legal claims.

3.4 Restricting our use of personal information

You can ask us to restrict our use of your personal information in certain circumstances, for example, where:

  • you think the information is inaccurate and we need to verify it
  • our use of your personal information is not lawful but you do not want us to erase it
  • the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
  • you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it

We can continue to use your personal information following a request for restriction if we have your consent to use it; or you need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.

3.5 Objecting to use of personal information

You can object to any use of your personal information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use the personal information if we can demonstrate that we have compelling legitimate interests to use the information.

  • You can also object to use of your personal information for direct marketing purposes. We explain in the marketing section of this privacy policy more about our approach to direct marketing and how you can easily manage your marketing preferences.

3.6 Requesting a transfer of personal information

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (eg another company).

You may only exercise this right where we use your personal information in order to perform a contract with you, or where we asked for your consent to use your personal information. This right does not apply to any personal information which we hold or process based on our legitimate interest or which is not held in digital form.

3.7 Contesting decisions based on automated decision making

If we made a decision about you based solely by automated means (ie with no human intervention), and our decision produces a legal effect concerning you (such as the rejection of your claim), or significantly affects you, you may have the right to contest that decision, express your point of view and ask for a human review. These rights do not apply where we’re authorised by law to make such decisions and have adopted suitable safeguards in our decision-making processes to protect your rights and freedoms.

3.8 Obtaining a copy of our safety measures

You can ask for a copy of, or reference to, the safeguards we have put in place when your personal information is transferred outside of the European Economic Area. We’re not required to share details of these safeguards if sharing such details would affect our commercial position, or create a security risk.

3.9 Contacting us for more information

If you’re not happy with the level of information provided in this privacy policy, you can ask us about:

  • what personal information we have about you
  • what we use it for
  • who we share it with
  • whether we transfer it abroad
  • how we protect it
  • how long we keep it for
  • what rights you have
  • how you can make a complaint
  • where we got your data from
  • whether we have carried out any automated decision making using your personal information.

4. Contact us

If you have any questions about this privacy policy or how to exercise your rights please contact our Data Protection Officer.

Write to: The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH

Email us: DATAPRT@aviva.com

If you'd like to submit a subject access request, please fill out this form or write to us at the above address.

Your right to complain

If you’re not happy with the way we’re handling your information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioners Office (ICO).

We ask that you please attempt to resolve any issues with us before contacting the ICO.