Updated 20 February 2019
Protecting your personal information
Here at Aegon, we’re committed to protecting and respecting your privacy. Looking after the personal information that we collect on our clients, planholders and their dependants/beneficiaries, investors, scheme members, trustees and so on is our top priority and we want you to be confident that your information is in safe hands. So, we’ve developed this Privacy Statement to let you know:
- how and why we collect personal information;
- what we do with it;
- when and why we share it with other organisations, including the types of organisations involved;
- how long we’ll keep it for, and
- the rights and choices you have with regards to your personal information.
Our data security policies mean that we hold all personal information securely and limit access to those who need to see it. We apply extra security to sensitive personal information, such as medical details, which are necessary to administer particular products, such as our Protection products.
Details of the companies that are part of Aegon Group can be found here.
The use of 'intermediary' throughout this privacy notice can mean either your adviser or your intermediary, as relevant to you.
If you have any questions about this notice or data protection, please contact our Data Protection Officer.
Data Protection Officer,
Aegon, Edinburgh Park,
Edinburgh, EH12 9SE
How and why we obtain personal information about you
You or someone representing you, for example, your intermediary or your employer, may give us information about you by completing forms (paper versions or through our website, including our online services or social media platforms) or by contacting us by phone, email or otherwise. This includes information you provide when you:
- search for a product;
- submit an application electronically or otherwise;
- call us;
- take part in discussion boards or other forms of social media;
- enter a competition, promotion or survey, or
- when you report a problem with the website.
Depending on the circumstances, the personal information we gather about you may include:
- your name;
- date of birth;
- plan number;
- email address;
- phone number;
- financial information;
- medical information, and
- any further personal information required as part of a product application or which you share through the website.
You can find additional information on the more common ways we collect personal information and why below:
Personal information is collected through our application and enrolment process (for example through our paper application forms and online) to enable us to verify your identity, allow a plan to be set up or to assess any claims that are made. We’ll also use your personal information to provide ongoing administration of your plan, for example to collect and apply contributions to your plan, issue yearly statements and so on. We need this information to carry out our obligations and to provide you with the products and services under the terms of your contract with us. Without this we wouldn’t be able to provide you with a plan.
Trust based schemes
Where you join your employer’s pension scheme with appointed scheme trustees, we'll obtain personal information about you from your employer or the nominated scheme trustees in order to administer the scheme on behalf of the trustees. Data protection law allows us to obtain your personal data in this way because it is in our legitimate business interests to do so in order to fulfil the contract we have with the trustees of the pension scheme you have joined.
We’ll ask you for some personal details to identify you when you call us and to allow us to confirm that you’re the owner or representative of the plan.
We’ll hold details of the call for audit and administration purposes and to enable us to facilitate the contract. The recording of the call will be kept for 16 years and in line with our retention policy so that we can meet our legal obligations when resolving complaints or legal disputes.
Information obtained automatically through your use of the website and our tools (including cookies)
Where selected, our website will collect and use information such as:
- your name, address, National Insurance number, bank details and so on to enable us to set up an Aegon plan and collect payment(s);
- your existing savings and retirement goals, where you use our Retiready and myTarget score, goals and lifestyle planner tools;
- your email address, password, security question and answer and phone number where you’ve selected to have digital access to view your plan.
If you’ve given us your consent, we may use the information we’ve collected about you to send you marketing offers and news about our products and services using various channels such as mail, phone, email and SMS.
We’ll ask for your consent when you apply for a plan with us through our application form or when you register online. You can remove your consent at any time by writing to or sending an email to our Data Protection Officer or updating your preferences on your Retiready Account.
We won’t sell your personal information to other organisations outside of the Aegon Group for a marketing purpose.
If you enter any competitions, we’ll capture some personal information about you. By supplying these details you’re giving us your consent to contact you to let you know if you’re the winner. Your information won’t be used for any other purpose and will be deleted once the winner has been announced, unless you’ve consented to receiving any marketing material from us.
Market research and surveys
We may use your personal information to contact you to carry out market research, to ask you to complete a survey or to request feedback on the products and services we provide to you (including for a short period of time after you are no longer a customer of Aegon). Where we contact you for such purpose, you are under no obligation to participate.
Data protection law allows us to contact you in this way because it is in our legitimate business interests to conduct such market research, surveys or feedback requests. Our business interests include our ability to:
- understand our customer needs;
- assess and improve our services and products;
- ensure that we are treating our customers fairly, and
- carry out research and analysis on our products and services.
Where we collect and use personal information for the above purposes, we only use the minimum data necessary to achieve the relevant purpose.
Publicly available information
We may collect and use information about you which has been made publicly available as part of our claims investigation and decision making process.
We may use your personal information for the purposes of testing our IT systems. Data protection law permits us to use your data in this way because it is in our legitimate business interests to ensure the integrity and functionality of our IT systems however, if we do this, your personal information will be anonymous so that you can’t be identified.
Sharing your personal information
We work with carefully selected service providers that carry out certain functions on our behalf. These include companies that help us with:
- technology services;
- outbound customer communication and scanning of correspondence;
- banking and payroll services;
- administration of our protection business, and
- tracing of customers who we’ve lost contact with.
We only share the appropriate level of personal information necessary to enable our suppliers to carry out their services and we require them to keep the information safe and protected at all times. Our suppliers must only act on our instructions and can’t use your personal information for their own purposes.
Other organisations and third parties
It’s sometimes necessary to disclose your personal information or to add to it from other sources. These other sources may include past and present employers, the trustees or administrators of a trust or scheme, your intermediary or someone officially acting on your behalf or on behalf of your employer or the trustees (so long as the appropriate authority is in place), as well as those described below.
For example, if you’re an employee in a group personal pension or group stakeholder pension scheme, and your employer would like to change the intermediary looking after the scheme, we need to share information with the new intermediary. We’ll only do this if we receive written authorisation from your employer. If you have investments in a broker fund we’d let that broker know your contact details so they can send you statements.
Platform accounts set up through your employer
If you have an account(s) set up through your employer, your scheme intermediary may ask us to provide them with some information about you and your account(s).
This is the information given to us to set up and administer your account(s) with Aegon, together with a list of the investments you hold under your account(s) and their value. We’ll only share information where:
- we have an agreement with the scheme intermediary to do this;
- the scheme intermediary is providing additional service(s) that may be of benefit to you in relation to your account(s) with Aegon, and
- you haven’t opted out of this.
Some examples of these additional services are:
- overall scheme design;
- tailored pension planning for you, for example by reference to your age, contributions, fund value and retirement date;
- advice on pension areas which may be relevant to you such as the lifetime allowance or the annual allowance;
- communications to you by the scheme intermediary about your account(s);
- bespoke financial services such as retirement seminars based on your age, contribution level, guidance and investment reviews, to make sure you’re still on target to meet your retirement goals.
The scheme intermediary is the person who advises your employer. Employer is the person (including a company or other legal entity) that employs you and gives you initial access to your account(s).
This includes any subsequent person who employs you and who offers you access to the service we provide to you and your intermediary to manage your investments in your plan(s). This will continue if you leave this employer unless you tell us otherwise.
Financial Crime Prevention
We may disclose your information to credit, fraud and financial crime prevention agencies to enable us to verify your identity (including bank details) and make decisions regarding the ongoing administration of your plan. This will be undertaken during the application or enrolment process and on an ongoing basis. Our enquiries or searches may be recorded and these agencies may supply us with financial and/or other personal information.
To protect providers like ourselves and, ultimately, customers and customers’ payments against fraudulent claims and crimes such as money laundering, tax evasion and terrorist financing, we and other providers may use information exchange registers to share information. When we’re dealing with applications we may search these registers.
If a claim is made under your plan, information about you (including details provided on the application and claim form) will be put on the registers so that other insurers can see them if necessary.
If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud, money laundering, tax evasion and terrorist financing, for example, when:
- recovering debt, and
- checking details on proposals and claims for all types of insurance.
Please contact the Data Protection Officer if you’d like to receive details of the agencies used by Aegon UK.
We and other organisations may access and use the information recorded by credit, fraud, and financial crime agencies from other countries.
Sharing of special categories of personal information, for example medical information
If we request medical information from you or a medical practitioner who has cared for you or from other insurers, this will be sufficiently protected. We may ask for information from other insurers or medical practitioners to check, clarify or expand answers you’ve given us for example, on a claim or application.
So that we can administer your plan, we may need to give your information to others who are, in turn, providing us with information about you, such as reinsurers, medical practitioners, private investigators and healthcare management companies, and access to this type of information is restricted.
Additional data sharing obligations
Other than the circumstances detailed above, we won’t disclose your personal information to any third parties, except:
- to the extent that we’re required to do so by law, by a government body, by regulatory bodies (such as the Financial Conduct Authority (FCA), Information Commissioner's Office (ICO), The Pensions Regulator), by a law enforcement agency, or for crime prevention purposes (including financial crime protection and credit risk reduction);
- when protecting your interests or the interests of other individuals or for reasons of substantial public interest;
- in connection with any legal proceedings (including prospective legal proceedings);
- in order to establish or defend our legal rights;
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets, or
- if we, or substantially all of our assets, are acquired by a third party, we may disclose your personal data to that third party in connection with the acquisition.
With your consent, we would also share your information with the Financial or Pensions Ombudsmans or other appropriate persons if the need arises.
Personal information processed outside of the European Economic Area (EEA)
The personal information that we collect may be transferred to, and stored at a destination outside the European Economic Area (EEA), in connection with the above purposes.
This could be to other companies within the Aegon Group or to service providers working on our behalf. Where any such processing takes place, appropriate controls, such as the adoption of agreements containing the appropriate standard clauses, are in place to ensure that your information is protected to the same standard as if it were in the UK.
Retention of personal information
In most circumstances, we’ll keep your personal information for the lifetime of your plan or product and up to 16 years after your relationship with us ends, for example, if you move your plan to another provider or you settle your benefits. This is to ensure that we comply with our retention obligations, as set out by the Financial Conduct Authority (FCA) and other regulatory and legislative requirements.
In very limited circumstances, we’re required to keep some specific information for longer, for example, pension transfer information, but we regularly review our retention obligations to ensure we don’t keep personal information longer that we’re legally obliged to.
You have a number of rights under the Data Protection laws, including:
- the right to request a copy of the personal information we hold on you. When you request this information, this is known as making a Subject Access Request (SAR). In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee;
- the right to have personal information we hold about you transferred securely to another service provider in electronic form;
- the right to have any inaccurate personal information corrected;
- the right to have any out of date personal information deleted once there’s no business need or legal requirement for us to hold it;
- the right to object or restrict some processing, in limited circumstances and only when we don’t have legitimate grounds for processing your personal information;
- the right to object to your personal information being used to send you marketing material. As mentioned above, we’ll only send you marketing material where you’ve given us your consent to do so. You can remove your consent at any time, and
- the right to ask for a decision to be made manually, where a decision is made using automated means and this adversely impacts you.
To exercise any of these rights, please contact our Data Protection Officer.
Making a complaint
If you believe we haven’t processed your personal information in accordance with our Data Protection obligations, and that you’ve been affected by our non-compliance, you can make a complaint to us by contacting our Data Protection Officer. You also have the right to ask us to escalate your complaint to our Group Data Protection Officer if you don’t think it’s been handled appropriately.
If you’re not satisfied with our response, you can raise a complaint with the Information Commissioner’s Office, the UK’s independent authority set up to enforce the Data Protection Regulations. You can contact them by visiting ico.org.uk/global/contact-us/
Automated decision-making tools
Where you apply for one of our protection products, for example critical illness, we’ll use an automated decision-making tool during the underwriting process. We’ve built rules into our underwriting engine which will either generate an automated decision or refer to one of our underwriters. We can manually review decisions if requested.
We’re committed to ensuring your information is protected and held securely. However, the internet is not a secure medium and we can’t accept responsibility for the security of an email during transmission or for non-delivery of that email.
There are a few simple steps you can take to protect your computer and internet connection – view our tips here.
We’ve put security policies, rules and technical measures in place to protect the personal data that we have under our control from:
- unauthorised access;
- improper use or disclosure;
- unauthorised modification, and
- unlawful destruction or accidental loss.
All our employees and service providers who have access to personal information, are obliged to protect it and keep it confidential.
This website may contain links to other websites. If you use the links to leave this website and visit a website operated by a third party, then we don’t have any control over that website. So we can’t be held responsible for the protection and privacy of any information that you provide while visiting such websites.
Changes to this privacy statement
We keep our privacy notice under regular review. This privacy statement was last updated on 7 January 2019.