How Aegon use your personal information
Cookies - for information on what cookies are used on our websites and how to manage them, visit our cookies page.
Protecting your personal information
Here at Aegon, we’re committed to protecting and respecting your privacy. Looking after the personal information that we collect on our planholders and their dependants/beneficiaries, investors, scheme members, trustees and so on is our top priority and we want you to be confident that your information is in safe hands. So, we’ve developed this Privacy Statement to let you know:
- how and why we collect personal information;
- what we do with it;
- when and why we share it with other organisations, including the types of organisations involved;
- how long we’ll keep it for; and
- the rights and choices you have with regards to your personal information.
If you have any questions about this notice or data protection, please contact our Data Protection Officer.
Post: Data Protection Officer, Aegon, Edinburgh Park, Lochside Crescent, Edinburgh, EH12 9SE
How and why we obtain personal information about you
You or someone representing you, for example, your financial adviser or your employer, may give us information about you by completing forms (paper versions or through our website, including our online services or social media platforms) or by contacting us by phone, email or otherwise. This includes information you provide when you:
- search for a product;
- submit an application electronically or otherwise;
- call us;
- take part in discussion boards or other forms of social media;
- enter a competition, promotion or survey; or
- when you report a problem with the website
Depending on the circumstances, the personal information we gather about you may include:
- your name;
- date of birth;
- plan number;
- email address;
- phone number;
- financial information;
- medical information; and
- any further personal information required as part of a product application or which you share through the website.
You can find additional information on the more common ways we collect personal information and why below:
Personal information is collected through our application and enrolment process (for example through our paper application forms and online) to enable us to verify your identity, allow a plan to be set up or to assess any claims that are made. We’ll also use your personal information to provide ongoing administration of your plan, for example to collect and apply contributions to your plan, issue yearly statements and so on. We need this information to carry out our obligations and to provide you with the products and services under the terms of your contract with us. Without this we wouldn’t be able to provide you with a plan.
We’ll ask you for some personal details to identify you when you call us and to allow us to confirm that you’re the owner or representative of the plan.
We’ll hold details of the call for audit and administration purposes and to enable us to facilitate the contract. The recording of the call will be kept for seven years and in line with our retention policy, so that we can meet our legal obligations when resolving complaints or legal disputes.
Information obtained automatically through your use of the website and our tools (including cookies)
Where selected, our website will collect and use information such as:
- your name, address, National Insurance number, bank details and so on to enable us to set up an Aegon Retirement Choices (ARC) account(s) and collect payment(s);
- your existing savings and retirement goals, where you use our Retiready score, goals and lifestyle planner tools;
- your email address, password, security question and answer and phone number where you’ve selected to have digital access to view your plan.
If you’ve given us your consent, we may use the information we’ve collected about you to send you marketing offers and news about our products and services using various channels such as mail, phone, email and SMS.
We’ll ask for your consent when you apply for a plan with us through our application form or when you register online. You can remove your consent at any time by writing to or sending an email to our Data Protection Officer, or updating your preferences on your Retiready Account.
We won’t sell your personal information to other organisations outside of the Aegon Group for a marketing purpose.
Competitions and surveys
If you enter any competitions or surveys, we’ll capture some personal information about you. By supplying these details you’re giving us your consent to contact you to let you know if you’re the winner. Your information won’t be used for any other purpose and will be deleted once the winner has been announced, unless you’ve consented to receiving any marketing material from us.
Publicly available information
We may collect and use information about you which has been made publicly available as part of our claims investigation and decision making process.
We may use your information for statistical or research purposes or for testing our systems. If we do this your personal information will be anonymous so that you can’t be identified.
Our data security policies mean that we hold all personal information securely and limit access to those who need to see it. We apply extra security to sensitive personal information, such as medical details, which are necessary to administer particular products, such as our Protection products.
Sharing your personal information
We work with carefully selected service providers that carry out certain functions on our behalf. These include companies that help us with:
- technology services;
- outbound customer communication and scanning of correspondence;
- banking services;
- administration of our protection business; and
- tracing of customers who we’ve lost contact with.
We only share the appropriate level of personal information necessary to enable our suppliers to carry out their services and we require them to keep the information safe and protected at all times. Our suppliers must only act on our instructions and can’t use your personal information for their own purposes.
Other organisations and third parties
It’s sometimes necessary to disclose your personal information or to add to it from other sources. These other sources may include past and present employers, the trustees or administrators of a trust or scheme, your financial adviser or someone officially acting on your behalf (so long as the appropriate authority is in place), as well as those described below.
For example, if you’re an employee in a group personal pension or group stakeholder pension scheme, and your employer would like to change the financial adviser looking after the scheme, we need to share information with the new financial adviser. We’ll only do this if we receive written authorisation from your employer. If you have investments in a broker fund we’d let that broker know your contact details so they can send you statements.
Financial Crime Prevention
We may disclose your information to licensed credit reference and/or fraud prevention agencies to help make financial or insurance proposals and claims decisions (this will be during the application or enrolment process and on an ongoing basis), for you and anyone you’re linked with financially or other members of your household. Our enquiries or searches may be recorded and credit reference agencies may supply us with financial information. We may also use these agencies to complete checks that are designed to verify your identity or bank details.
To protect insurers like ourselves and, ultimately, customers and customers’ payments against fraudulent claims and crimes such as money laundering, we and other insurers use information exchange registers to share information. When we’re dealing with applications we may search these registers.
If a claim is made under your plan, information about you (including details provided on the application and claim form) will be put on the registers so that other insurers can see them if necessary.
If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
- checking details on applications for credit and credit related or other facilities;
- managing credit and credit related accounts or facilities;
- recovering debt; and
- checking details on proposals and claims for all types of insurance.
Please contact the Data Protection Officer if you’d like to receive details of the fraud prevention agencies used by Aegon UK.
We and other organisations may access and use the information recorded by fraud prevention agencies from other countries.
Sharing of special categories of personal information, for example medical information
If we request medical information from you or a medical practitioner who has cared for you or from other insurers, this will be sufficiently protected. We may ask for information from other insurers or medical practitioners to check, clarify or expand answers you’ve given us for example, on a claim or application.
So that we can administer your plan, we may need to give your information to others who are, in turn, providing us with information about you, such as reinsurers, medical practitioners, private investigators and healthcare management companies, and access to this type of information is restricted.
Additional data sharing obligations
Other than the circumstances detailed above, we won’t disclose your personal information to any third parties, except:
- to the extent that we’re required to do so by law, by a government body or by a law enforcement agency, or for crime prevention purposes (including financial crime protection and credit risk reduction);
- when protecting your interests or the interests of other individuals or for reasons of substantial public interest;
- in connection with any legal proceedings (including prospective legal proceedings);
- in order to establish or defend our legal rights;
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
- if we, or substantially all of our assets, are acquired by a third party, we may disclose your personal data to that third party in connection with the acquisition.
With your consent, we would also share your information with the Financial or Pensions Ombudsmans or other appropriate persons if the need arises.
Personal information processed outside of the European Economic Area (EEA)
The personal information that we collect may be transferred to, and stored at a destination outside the European Economic Area (EEA), in connection with the above purposes.
This could be to other companies within the Aegon Group or to service providers working on our behalf. Where any such processing takes place, appropriate controls, such as the adoption of agreements containing the appropriate standard clauses, are in place to ensure that your information is protected to the same standard as if it were in the UK.
Retention of personal information
In most circumstances, we’ll keep your personal information for the lifetime of your plan or product and up to seven years after your relationship with us ends, for example, if you move your plan to another provider or you settle your benefits. This is to ensure that we comply with our retention obligations, as set out by the Financial Conduct Authority (FCA) and other regulatory and legislative requirements.
In very limited circumstances, we’re required to keep some specific information for longer, for example, pension transfer information, but we regularly review our retention obligations to ensure we don’t keep personal information longer that we’re legally obliged to.
You have a number of rights under the Data Protection laws, including:
- the right to request a copy of the personal information we hold on you. When you request this information, this is known as making a Subject Access Request (SAR). In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee;
- the right to have personal information we hold about you transferred securely to another service provider in electronic form;
- the right to have any inaccurate personal information corrected;
- the right to have any out of date personal information deleted once there’s no business need or legal requirement for us to hold it;
- the right to object or restrict some processing, in limited circumstances and only when we don’t have legitimate grounds for processing your personal information;
- the right to object to your personal information being used to send you marketing material. As mentioned above, we’ll only send you marketing material where you’ve given us your consent to do so. You can remove your consent at any time; and
- the right to ask for a decision to be made manually, where a decision is made using automated means and this adversely impacts you.
To exercise any of these rights, please contact our Data Protection Officer.
Making a complaint
If you believe we haven’t processed your personal information in accordance with our Data Protection obligations, and that you’ve been affected by our non-compliance, you can make a complaint to us by contacting our Data Protection Officer. You also have the right to ask us to escalate your complaint to our Group Data Protection Officer if you don’t think it’s been handled appropriately.
If you’re not satisfied with our response, you can raise a complaint with the Information Commissioner’s Office, the UK’s independent authority set up to enforce the Data Protection Regulations.
Automated decision-making tools
Where you apply for one of our protection products, for example critical illness, we’ll use an automated decision-making tool during the underwriting process. We’ve built rules into our underwriting engine which will either generate an automated decision or refer to one of our underwriters. We can manually review decisions if requested.
We’re committed to ensuring your information is protected and held securely. However, the internet isn’t a secure medium and we can’t accept responsibility for the security of an email during transmission or for non-delivery of that email.
There are a few simple steps you can take to protect your computer and internet connection which you can view here.
We’ve put security policies, rules and technical measures in place to protect the personal data that we have under our control from:
- unauthorised access;
- improper use or disclosure;
- unauthorised modification; and
- unlawful destruction or accidental loss.
All our employees and service providers who have access to personal information, are obliged to protect it and keep it confidential.
This website may contain links to other websites. If you use the links to leave this website and visit a website operated by a third party, then we don’t have any control over that website. So we can’t be held responsible for the protection and privacy of any information that you provide while visiting such websites.
Changes to this privacy statement
We keep our privacy notice under regular review. This privacy statement was last updated on 01 February 2018.