Aviva Life & Pensions Ireland DAC - Data Protection Notice
1. Introduction
This Data Protection Notice is issued on behalf of Aviva Life & Pensions Ireland DAC (“ALPIDAC”), as the underwriter of your policy. ALPIDAC is a separate and independent Data Controller to Aviva UK Life & Pensions Ltd. The Data Protection Notice, with regards to Aviva UK Life & Pensions Ltd is a separate document.
Privacy policies issued to you on behalf of Aviva group companies within the United Kingdom can be found in the relevant section of the aviva.co.uk. website. The Aviva group company, including Ireland, that provides the policy will be the main company responsible for your Personal Information. Please check the documentation that was provided to you for details of the specific Aviva company.
This Data Protection Notice explains the most important aspects of how We use personal information and what rights can be exercised in relation to such personal information.
If you have any questions about how we use personal information, manage personal information within our business or if you want to exercise your rights stated above, please contact the Data Protection Officer in Ireland. Details of how to do this can be found below in section 8 “Contacting us”.
This Data Protection Notice applies mainly to Applicants/Policy Owners and the life/lives to be insured. This Data Protection Notice and the terms “You” and “Your” applies to the Data Subjects; Applicants/Policy Owners and life/lives to be insured. The Data Controllers responsible for processing this personal information are Aviva group companies and (“We” “Us” “Our”) as the provider of the product.
2. Type of Information/Where Collected
We collect personal information from you and any relevant third parties in relation to the application and the administration of the policy, to include processing payment of benefits and complaints.
As well as collecting personal information about you, we may also use personal information about other people, for example family members you wish to insure on a policy.
Note: If you are providing information about another person, we expect you to show them this Data Protection Notice and ensure that they have given You permission to provide this information to Us. If they have any concerns, please ask them to contact Us in one of the ways described in the “Contacting Us” section below.
|
Note: If the personal information we request is not provided to us, we may not be able to proceed with providing our services. We will let you know what information is required to proceed. |
We may also collect personal information:
- already held about you within the Aviva Group;
- from publicly available information including social media websites and online content, newspaper articles, tv radio and other media content, court judgements, public registers and specialist databases;
- from other insurance and financial services companies.
Health data: We may need to ask for details relating to your health data or the health data of somebody else covered under your policy.
We recognise that information about health data is particularly sensitive information. We will only collect and use such data as follows:
Purpose for which it is used | Our legal basis for using it |
Health data is used for the purposes of providing quotes and underwriting, managing reinsurance arrangements, processing any claims you may have, fraud investigation and handling any complaints you may have. | Irish Data Protection law allows us to use health data in connection with your insurance policy. |
We may also need to use your health and data for the purposes of establishing, exercising or defending legal rights, including in connection with advice, claims, or proceedings, and where authorised by law. | In the legitimate interest of Aviva. |
3. Legal Basis and Purposes for Use
The legal basis We rely on to process your personal information and the purposes for which We collect and use personal information are summarised below:
Purpose | Legal Basis |
To provide you with a quote for an insurance product we sell or service we provide | Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract |
To provide one of our other financial services to you | Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract |
To verify your identity | Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract; To comply with legal obligations |
To administer your insurance contract and make any changes during its term, answer any queries you may have, provide you with updates | Processing is necessary for the performance of a contract |
Health data is used for the purposes of providing quotes and underwriting, managing reinsurance arrangements, processing any claims you may have, defending legal rights, fraud investigation and handling any complaints you may have. | Irish Data Protection law allows us to use health data in connection with your insurance policy. We may also need to use your health data for the purposes of establishing, exercising or defending legal rights, including in connection with advice, claims, or proceedings, and where authorised by law. |
To communicate with you in relation to payments and make and receive any payments in relation to your insurance contract | Processing is necessary for the performance of a contract |
To process a cancellation of your insurance contract | Processing is necessary for the performance of a contract |
To validate, investigate and/or process any claims you or another person makes in relation to your insurance contract | Processing is necessary for the performance of a contract |
To detect and prevent fraud | Processing is necessary to comply with legal obligations and/or in the legitimate interests in managing our business |
To obtain reinsurance for the business we underwrite | Processing is necessary for our legitimate interests |
For marketing purposes, including profiling | For our legitimate interests in managing our business. |
For management information purposes including portfolio assessment, risk assessment, performance reporting and management reporting. | For our legitimate interests in managing our business. |
Market research including; Data analytics including profiling, Staff training, Providing online services | For our legitimate interests in managing our business.
|
In exceptional circumstances where we may use and/or disclose information to protect you, for example, Ward of Court applications or equivalent processes. | To protect your vital interests |
Compliance by us with all relevant legal and regulatory obligations | Processing is necessary to comply with legal obligations |
For establishment and defence of legal rights;
| To support the legitimate interest that we have as a business in managing our legal affairs including exercising our legal rights and defending claims (including debt management and recovery)
|
For any portfolio transfer, merger, acquisition, a proposed transfer, reorganisation, disposal or other transaction relating to our business.
| For our legitimate interests in managing our business. |
Your Right to Object – Please note that you have a right to object to processing of your personal information where that processing is carried out on the grounds of legitimate interests or public interest. If you do object: we will have an opportunity to demonstrate that there are compelling legitimate grounds which override your rights and freedoms or that processing is necessary for the establishment, exercise or defence of legal claims. A successful objection may have consequences for our continued administration of the policy (e.g., preventing us assessing future claims and/or the policy may be cancelled) and we can discuss these if you want to object. |
4. Who we share your information with
Where relevant, we may share personal information with:
- the Aviva Group companies, with our commercial partners and authorised agents/service providers to provide and administer financial products and services requested by you and to manage our operations effectively.
- Your agents, nominated representatives and other third parties relevant to you and/or the policy, including banks, lenders, policy assignees and legal advisers.
- with reinsurers who provide reinsurance services to Aviva. Reinsurers will use your data to decide whether to provide reinsurance cover, assess and deal with reinsurance claims and to meet legal obligations.
- If we are required to do so to comply with a relevant legal or regulatory obligation: with regulatory bodies, law enforcement bodies, government departments including Revenue Commissioners/ Inspector of Taxes, Criminal Assets Bureau, Central Bank of Ireland, Financial Services and Pensions Ombudsman, Gardaí and the Data Protection Commission.
- With relevant stakeholders in the event of any contemplated or actual reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including any insolvency or similar proceedings).
Some of the organisations with whom we share information in confidence with are located outside of the European Economic Area (“EEA”) and include agents and /or service providers appointed by us. These locations may not provide an adequate level of protection. We’ll always take steps to ensure that any such transfer of information outside of the EEA is carefully managed to protect your privacy rights and that such measures will be in line with the requirements of European Data Protection Laws. We will not disclose your personal data to parties who are not authorised to process it. For more information on this, please contact us.
5.Online information
When customers visit one of the Aviva Group websites, we may record information about computer or mobile devices, including hardware and software used, general location, when and how customers interact with our websites. This information is used to note customers’ interest in our websites and improve customer journeys.
6. How long we keep your personal information for
We maintain a Data Retention Policy to ensure We keep personal information only for as long as We reasonably need it. We need to retain personal information for the period necessary to administer the policy and as long as is required/permitted by law and/or in respect of any potential dispute in relation to the policy. Currently this would commonly be 7 years from the date when the customer relationship ceases.
7. Your rights
You have various rights in relation to your personal information, including the right to:
- request access to your personal information;
- correct any mistakes on our records;
- erase or restrict records where they are no longer required;
- object to our use of personal information based on legitimate interests or public interests;
- ask not to be subject to solely automated decision making if the decision produces legal or other significant effects on you; and
- move (in a structured, commonly used and machine-readable format) certain data to other providers (data portability).
- Where we rely on your consent as our legal basis for use of personal data, consent to such use may be withdrawn.
We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than within one month after receipt of your request. In exceptional cases, we may extend this period by two months and we will tell you why. We may request proof of identification to verify your request. We do this to ensure we only disclose or amend information held where we know we’re dealing with the right individual.
We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we’re otherwise legally entitled to deal with the request in a different way.
For more details in relation to your rights, including how to exercise them, please contact us using the details set out below.
8. Contacting us
If you have any questions about how we use personal information, manage personal information within our business or if you want to exercise your rights stated above, please contact our Data Protection Officer by either emailing them at DPO@aviva.com. Alternatively, you can write to them at Aviva Life & Pensions Ireland DAC, Cherrywood Business Park, Loughlinstown, Dublin 18 Ireland or call them at +353 1 8988000.
If you have a complaint or concern about how we use your personal information, please contact us in the first instance and we will attempt to resolve the issue as soon as possible.
If you are not happy with the manner in which we are handling your personal information you have a right to lodge a complaint with your local data protection supervisory authority at any time. In Ireland this is the Office of the Data Protection Commission. They can be contacted through email at info@dataprotection.ie or by post at 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.
Contact details for all EU supervisory authorities can be found at: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
9.Changes to Our Data Protection Notice
Occasionally, it may be necessary to make changes to this Data Protection Notice, for example to keep it up to date or to comply with legal requirements, and any such amended Data Protection Notice will only apply from the time of amendment.