< Our products and services

Privacy policy

How we use your personal information

Protecting your information is at the heart of our business. Our privacy policy outlines the type of personal information we ask for, as well as how we use and store it.


How this policy is used

This privacy policy is issued on behalf of the Aviva Group companies within the United Kingdom. When we mention "Aviva", "we", "us" or "our", what we mean is the relevant company in the Aviva Group that processes your personal information.

Your privacy matters and it’s important you read the information in this Policy, which we have to explain to you by law. 

Separate privacy notices for our products

If you purchase a policy with us, we’ll give you separate privacy notices when we ask for your personal information.

The notices will tell you which Aviva company is responsible for managing your personal information and provide more details about how we’ll use it in relation to that product.

You’ll find more privacy notices when you use our apps and platforms such as Drive or MyAviva. This Policy supplements them, but doesn’t override those notices.

Sensitive information

Sometimes we’ll ask about your health, details of offences and convictions or other sensitive information about the person(s) who is/are being insured and their family members. 

Payment information

If you buy a product directly from our website or other Aviva sales channel, we’ll ask for payment information. We need this to complete your purchase.

Marketing and customer insights

We analyse data from our interactions with you to help improve our products and services and keep you informed about offerings that may be of interest to you. 

Information about other individuals

Most of the information we collect relates to the person taking out a product (or persons where it’s taken out jointly). We may also ask for information about other individuals if we need it. For example:

  • if you ask us to provide insurance for other household or family members, or members of a group
  • if we ask an insured person to provide health information about other family members where this is relevant to the risk we’re covering
  • if we need information about other individuals when we handle a claim, such as injured third parties

If you provide us with information about someone else, we’ll assume that you have their permission. We’ll process their personal information according to this privacy policy – so please encourage them to read it if they want to find out more.

Brokers, intermediaries, employers and third parties

Many customers buy our products through an insurance broker, financial adviser or one of our business partners. 

We also receive personal information from other third parties, including attorneys, trustees and family members.

It is their responsibility to make sure they explain to the person whose information is being shared that they are doing so, and ask for permission if needed.

Who we share personal information with

Depending on the product or service, we’ll share personal information with a number of our trusted third parties, including:

  • financial advisers and business partners 
  • insurers, reinsurers and brokers 
  • data analysts and providers of data services 
  • comparison websites and similar companies that offer ways to research and apply for financial services products
  • regulators who regulate how we operate, including the FCA, PRA, Financial Ombudsman, HMRC, The Pensions Regulator and ICO
  • solicitors and professional service firms who act on our or your behalf, or who represent a third-party claimant
  • third-party administrators 
  • loss adjusters and claims experts 
  • assistance providers who can help provide you with assistance in the event of a claim
  • service providers who help operate our IT and back office systems
  • medical professionals, if we need to access health records or assessments for the purposes of arranging and underwriting certain products or facilitating and handling claims
  • third-party case managers handling your care or treatment pathway
  • employers and third parties that provide services to you and your employer in respect of a pension scheme, including pension planning services 
  • media agencies and other providers of marketing and display advertising services

Extraordinary circumstances

Occasionally, and only where necessary to fulfil our legal obligations, conduct investigations and/or deliver our services, we may share your information with private investigators, police, courts, external auditors, accountants, DWP or other IT service providers.


How we use your information when you buy a product

Motor and home insurance

When you take out a motor or home policy, we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.

The personal information we use for these types of policies includes any relevant offences and convictions for each person to be insured under the policy as well as any relevant health information, eg if a claim is made involving a personal injury.

If you take out a motor policy, we’ll also collect and use information about you and your vehicle. We’ll get this information from you, public registers, our trusted third parties and from information already held by us, eg from previous policies or quotes. If you’re seeking a policy with telematics capability, we’ll also use telematics data.

Your driving history

We may ask you to provide the driving licence number so we can quickly get useful data from the DVLA such as the licence status of each driver, their licence entitlement, relevant restriction information, endorsement and conviction details. 

If you do not wish to provide us with your licence information, you can choose to answer the questions about your licence information yourself.

We’ll also add details of the policy to the Motor Insurance Database maintained by the MIB. The MIB may make this information available to authorised bodies such as the DVLA.

About your home

When you take out a home policy, we may obtain information about you and your home from publicly available registers and databases. 

These may include Land Registry or our trusted third parties, such as commercially available property databases to help us underwrite the policy.

In some cases when you apply for motor or home insurance, we may share your information with credit reference agencies so they can carry out searches relating to you. 

We also work with anti-fraud and credit reference agencies to help us detect and prevent fraud and manage credit risk.

Automated decisionmaking

We need your personal information when you apply for a policy to decide if we can offer a policy to you and, if so, on what terms.

We use an automated underwriting engine as part of that process, which takes account of the information you have provided including address, postcode, and age, (for motor policies, we use marital status, employment details and details of health and relevant offences and convictions for you and any other drivers).

The automated engine may also validate information you provide against other records we hold about you in our systems and third party databases, including public databases. 

We may supplement the information you provide with information from third parties who can provide more information about your vehicle or property (including DVLA databases, land registries and commercially available property databases). 

Throughout the term of these types of policies we’ll hold your personal information to enable us to properly administer the policy, such as offering renewal or dealing with claims. We may use the information to perform analytics and ensure we’re appropriately pricing our products.

Verifying claims

If a claim is made, we use your personal information to verify the claim and ensure that we pay out to the right person. 

We’ll also need to collect and use the following personal information:

  • for a claim following a motor accident, we’ll ask for details of the claim, information about those involved and any personal injury you or others may have suffered
  • for a claim under a home policy, we’ll ask you to confirm your identity and provide details of the claim

Travel and health insurance

Where you take out a travel or health policy we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.

The personal information we use for these types of policies includes health information for each person to be insured, eg other family members who are to be covered under the insurance policy.

For health policies, we may also ask you to authorise your healthcare provider to supply relevant supporting information, including, where relevant, health information about the family or personal history of each person to be insured.

Automated decisionmaking

We need your personal information when you apply for a policy to decide if we can offer a policy to you and, if so, on what terms. 

We use an automated underwriting engine as part of that process, which takes account of the information you have provided including address, age and any medical conditions of the policyholder and any other people to be insured.

The automated engine may also validate information you provide against other records we hold about you in our systems and third party databases, including public databases. 

Throughout the term of these types of policies we’ll hold your personal information to enable us to properly administer the policy, such as offering renewal or dealing with claims. We may use the information to perform analytics and ensure we’re appropriately pricing our products.

Verifying claims

If a claim is made, we use your personal information to verify the claim and ensure that we pay out to the right person. 

We’ll also need to collect and use the following personal information:

  • for claims under a travel policy, we’ll ask you to confirm your identity and provide details of the claim, including information about any illness or personal injury suffered. We’ll share information with assistance providers where necessary to help deal with a claim
  • for claims under a health policy, we’ll ask you to confirm the identity of the person making the claim and provide details of the health condition to which the claim relates. To assist with your claim, we may also ask you to authorise your healthcare provider to supply information. We may also pass information you have given us to your treating healthcare provider or case manager

Pet, mobile/gadget and personal accident insurance

We’ll collect and use your personal information to arrange, underwriteand manage your policy, as well as prevent fraud and handle claims.

The personal information we use for these types of policies include:

  • For pet, information about your pet including name, gender, date of birth, medical conditions, if your pet has been chipped/tagged and/or neutered, if your pet has been involved in any incidents or accidents that may give rise to legal action against you
  • For mobile/gadget, information about the type of gadget, make, model, value, date of purchase and serial number or IMEI number
  • For personal accident, your age and the chosen level of cover

Automated decisionmaking

We need your personal information when you apply for a policy to decide if we can offer a policy to you and, if so, on what terms. 

We use an automated underwriting engine as part of that process, which takes account of the information you have provided.

Throughout the term of these types of policies we’ll hold your personal information to enable us to properly administer the policy, such as offering renewal or dealing with claims. We may use the information to perform analytics and ensure we’re appropriately pricing our products.

Verifying claims

If a claim is made, we use personal information to verify the claim and ensure that we pay out to the right person. 

We’ll also need to collect and use the following personal information:

  • For pet insurance claims, we’ll collect information about any illness or injury in relation to the pet and we may also seek information from the treating vet. Where a claim arises because a pet has caused damage or personal injury to another person, we’ll also need to collect information in relation to this
  • For mobile/gadget claims, we’ll need to verify your identity and collect details of the circumstances of the claim and the IMEI number of the mobile device
  • For personal accident policies, we’ll need to verify your identity and collect details of the accident or injury leading to the claim. We may also need to ask you to authorise your healthcare provider to provide information to assist in assessing the claim

Life insurance

Where you take out life insurance with us, we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.

Except for certain types of life insurance which are not underwritten (ie Over 50s Life Insurance and Free Parent Life Cover), the personal information we use includes health information, lifestyle information and employment status (including, for income protection only, level of earnings) of each insured person. 

We’ll also collect the family or personal history of the insured person, or details of appointed trustees where policies are placed under trust.

Automated decisionmaking

We need your personal information when you apply for a policy to decide if we can offer a policy to you and, if so, on what terms. 

We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including your age, whether you smoke, your answers to our health and lifestyle questions, including your family medical history) along with the amount of cover you wish to obtain.

Where we collect and use health information, we may ask each insured person to authorise a healthcare provider to supply relevant supporting information, including, where relevant, health information about their family or personal history.

Throughout the term of these types of policies we’ll hold your personal information to enable us to properly administer the policy or dealing with claims. We may use the information to perform analytics and ensure we’re appropriately pricing our products.

Verifying claims

If a claim is made, we use your personal information to verify the claim and ensure that we pay out to the right person. 

We’ll also need to collect and use the following personal information:

  • For claims under a life insurance policy, we’ll ask you to confirm your identity, provide details of the policyholder and (if different) the insured person, including details of their death so that we can assess the claim
  • For claims under a critical illness or income protection policy, we’ll ask you to confirm your identity and provide details of your health condition. We may also ask you to authorise your healthcare provider to provide information to assist in assessing the claim

Equity release

Where you take out an equity release lifetime mortgage product we’ll collect and use your personal information to decide if we can offer you a product and, if so, on what terms. We’ll also use it to arrange and manage your account, as well as prevent fraud.

The personal information we use for this type of product may include how long you have lived at the property, the estimated property value, the purpose of the loan, the ownership status of your home and what proportion is owned by you as well as information about your legal adviser and existing lender.

If you select certain features of the product, we’ll also collect health information to assess risk and eligibility for the product. 

We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including your age, whether you smoke and your answers to our health and lifestyle questions). We’ll collect information about you and any person to be a joint account holder as well as any occupants of the property.

Throughout the duration of your product we’ll hold your personal information to enable us to properly administer the product for example to provide you with information and process payments.

Annuities

Where you take out an annuity, we’ll collect and use your personal information to arrange, underwrite and manage your annuity and prevent fraud.

The personal information we use for these types of products includes health information and lifestyle information about you and anyone else to be insured under the policy. 

We use this information to decide whether, and on what terms, we can offer you a policy. 

We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including your age, whether you smoke and your answers to our health and lifestyle questions). 

Occupational pension schemes

Trustees of an occupational pension scheme may take out an annuity for the purposes of the scheme. 

Where they do this, we may collect personal information about members of the scheme to arrange, underwrite and manage the policy, as well as prevent fraud.

Throughout the life of these types of product, we’ll hold your personal information to enable us to properly administer the policy, for example, to pay benefits.

Pensions, savings and investments

Where you take out a pension, savings or investment product we’ll collect and use your personal information to arrange and manage your policy, as well as prevent fraud.

We may also collect and use your personal information for these purposes if you:

  • join your employer’s pension scheme and they use an Aviva pension product for their scheme
  • are a member of your employer’s pension scheme and the trustees of the scheme use an Aviva investment product for the purposes of the scheme

The personal information we use for these types of products may include your:

  • employment status
  • details and value of your pension
  • salary details
  • marital status
  • tax information
  • National Insurance number

Throughout the life of these types of product, we’ll hold your personal information to enable us to properly administer the product, for example to process investment instructions and withdrawals from your product.

Business insurance including motor and non-motor business insurance and corporate specialty risks

Where you take out a business insurance policy with us, we may collect and use personal information to arrange, underwrite, manage your policy, prevent fraud and handle claims.

The personal information we use for these types of policies may include information about your business, including the business name, the contact person for your business, details of directors, partners or individual traders for the business and payment information.

We may also collect details about the number of employees, details of employees (including any offences and convictions that we need to know about to allow us to underwrite the policy), their role in the company and details of the business assets or liabilities to be insured.

For business health, life, travel and personal accident insurance

The information we collect may include health information for each person to be insured, for example employees who are to be covered under the insurance policy. 

We may also ask you to authorise your healthcare provider to supply relevant supporting information, including, where relevant, health information about the family or personal history of each person to be insured. We need this information to underwrite and manage the policy and facilitate and handle claims.

For business motor insurance

We’ll collect identity information in relation to employees or other people to be insured under the policy. Information may include any relevant offences and convictions or health information for drivers to be insured under the policy. 

We also collect and use information about drivers and vehicles to be insured from public registers, from our trusted third parties, such as the MIB, and information already held by Aviva, eg from previous policies or quotes.

If you’re seeking a policy with telematics capability, we’ll also use telematics data. 

We’ll add details of the policy to the Motor Insurance Database maintained by the MIB. The MIB may make this information available to authorised bodies such as the DVLA.

Automated decisionmaking

We need the personal information when you apply to us to decide if we can offer a policy and, if so, on what terms. 

We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including health information or offences and convictions data, where appropriate). 

The automated engine may also validate information you provide against other records we hold in our systems and third party databases, including public databases. 

We may supplement the information you provide with information from third parties who can provide more information about the vehicles or property to be insured. 

Throughout the life of these types of policies, we’ll hold the personal information to enable us to properly administer the policy, for example to offer renewal, make mid-term changes you request and deal with claims. 

We may use the personal information to perform analytics and ensure that our products are appropriately priced.

Verifying claims

If a claim is made, we use the personal information to verify the identity of the policyholder and (if different) provide details of the insured, so that we can identify them. 

We’ll also need you to provide details of the claim so that we can assess the claim. Where necessary, this will include providing details of any accidents or personal injuries that have been suffered as part of the claim, either by an insured person or third party. 

In certain circumstances (for example where personal liability is covered) it may be necessary to collect details of alleged offences in relation to an insured person.

Preventing fraud

We’ll use your personal information to detect and prevent fraudulent practices, fight financial crime and meet our regulatory responsibilities. 

If you’re making a claim, we may use profiling and other forms of automated processing to assess if your claim may be fraudulent. This assessment may involve the use of your sensitive personal information. For example, we may use your past motoring convictions for motoring insurance.


How we collect, share and use your information

Respecting privacy rights

We’re committed to collecting and using personal information in accordance with applicable data protection laws.

Where we collect or use this information, we’ll make sure we do this for a valid legal reason. This will be for at least one of the following purposes:

  • to arrange, underwrite or manage our products, or handle claims in accordance with their terms
  • to meet the responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities
  • to operate and improve our products and services and keep people informed about our products and services or for any other purposes we identify as relevant to further our business interests but never at the expense of your privacy rights (we refer to these activities as our legitimate interests)
  • where we have obtained appropriate consents to collect or use your personal information for a particular purpose

We can only collect and use sensitive personal information in limited circumstances, where we’ve obtained your explicit consent, where we need this information to arrange, underwrite or manage our products or to handle claims, or where we have another legal basis for doing so as explained in this privacy policy.

Marketing and marketing preferences

We may use personal information to send direct marketing communications about our products and services that we feel you’ll be interested in. 

This may be in the form of email, post, SMS, telephone or display advertising you may see on websites, social media, television or search results.

To protect your privacy rights and give customers choice and control over the use of their personal information, you can:

  • always ‘opt out’ of receiving direct marketing when registering with us, requesting an online quote, purchasing a product or service online at any time. All our marketing communications include unsubscribe links to help you manage your marketing preferences
  • change your marketing preferences in MyAviva (if you’re registered) or by contacting us if you change your mind. Opting out of one type of marketing, for example, by email or telephone, doesn’t mean you’re opted out of all marketing. Bear this in mind when you manage your preferences

You can always contact us directly if you would like us to stop all forms of direct marketing. We try to limit direct marketing and only send you offers and promotions that you might be interested in, based on information we have about you. We won’t send you spam.

We rely on third-party advertising technology (such as the deployment of cookies or small text files on our website) to collect information about you, which is used to optimise what you may see on our websites and deliver content when you are browsing elsewhere. 

We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services.

Our online advertising complies with the best practice recommendation set by the European Advertising Alliance and you will always see the blue logo on display ads visible on third-party sites.

If we use or share information with online sources, such as websites, social media and information sharing platforms, we will respect any permissions you have set about how you would like your personal information to be used.

We recommend you routinely review the privacy notices and preference settings that are available to you in MyAviva and on social media platforms you use as they will dictate how adverts and other messages are displayed and shared across those platforms.

If you choose to opt-out of tailored offers and advertising, you’ll still continue to see generic advertising displayed online, it just might not be as relevant to you.

  • For further information about cookies and other technologies we use on our website, please see our Cookie Policy.

Using personal information to improve our products and services

We use digital tools when you visit our websites or use our mobile apps to gain insights into our products, services and the functionality and performance of our websites, apps and platforms. For example, we use some of these tools to save your language preferences on our website, so we’re able to offer you our services in the language you prefer.

To learn more about these technologies and how you can change your browser settings to manage your privacy controls, see our Cookie Policy. If you have downloaded one of our mobile apps, we recommend that you also refer to the app’s privacy policy.

Working with Credit Reference Agencies (CRA)

For certain products, to ensure we have the necessary facts to assess your insurance risk, verify your identity, help prevent fraud and provide you with our best premium and payment options, we may obtain information relating to you at quotation, renewal and, in certain circumstances, where policy amendments are requested. This may include a quotation search that will appear on your credit report and be visible to other credit providers.

Where you agree to pay monthly under an Aviva credit agreement, the status of your quotation search from our CRA will be updated to reflect your credit application and this will be visible to other credit providers. CRAs may keep a record of this search.

To assess your application, we’ll supply your personal information to our CRAs and they’ll give us information about you, such as your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We’ll also continue to exchange the information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.

Our CRA and the ways in which it uses and shares personal information are explained in more detail here.

Working with regulators and fraud prevention and detection agencies

We may use your personal information to help us to detect and prevent fraudulent applications and claims, fight financial crime and meet our regulatory responsibilities. This may involve checking public registers (eg the electoral roll or registers of county court judgments, bankruptcy orders or repossessions), conducting online searches from websites, social media and other information sharing platforms and using databases managed by credit reference agencies see here for more details and other reputable organisations. This will help us verify your identity, make decisions about providing you with our products and related services, and trace debtors or beneficiaries. We may also share your information and undertake searches with third party organisations such as police, public bodies, credit reference agencies, fraud prevention agencies and our regulators (which include the FCA, PRA and ICO).

If you give us false or inaccurate information and we suspect fraud, we’ll record this to prevent further fraud and money laundering.

We can supply on request further details of the agencies and databases we access or contribute to and how this information may be used. If you require further details contact us at Policy Investigation Unit, Aviva, Cruan Business Centre, Westerhill Business Park, 123 Westerhill Road, Bishopbriggs, Glasgow G64 2QR. Telephone 0345 300 0597. Email: PIUUKDI@AVIVA.COM or using the details below.

Working with Reinsurers

We may share (either directly or through brokers) your personal information, including sensitive personal information, with reinsurers who provide reinsurance services to Aviva and for each other in respect of risks underwritten by Aviva and with insurers who cover Aviva and under its group insurances policies. They will use your data to decide whether to provide reinsurance and insurance cover, assess and deal with reinsurance and insurance claims and to meet legal obligations. They will keep your data for the period necessary for these purposes and may need to disclose it to other companies within their group, their agents and third party service providers, law enforcement and regulatory bodies.

We can supply on request further details of the reinsurers and insurers we provide your data to and how this information may be used. If you require further details contact us.

Using personal information to create profiles and create better products

Where we underwrite products, we use an automated underwriting engine to process the personal information you provide as part of your application process, together with information provided by third party sources (this could include sensitive information such as health information and offences and convictions) along with the amount of cover you wish to obtain. Other data may be used to calculate these decisions such as telematics data which may have been collected from your vehicle (for motor insurance) or your device. We do this to calculate how much that cover will cost you. Without this information we’re unable to provide a price that is relevant to your individual circumstances and needs.

We regularly check the way our underwriting engine works and before using data obtained from third parties we rigorously test it to identify whether the data provides any actionable insight. This is done using the bare minimum amount of hashed or obscured data we hold about our customers. We do this in order to continually improve the quality of our services, the efficacy of our algorithms and to help us to continue to be fair to our customers.

If you are making a claim, we may use profiling or other forms of automated processing to assess the probability that your claim may be fraudulent or suspect in some way.

Where sensitive personal information is relevant to the profiling, such as medical history for life insurance or offences and convictions for motor insurance, your sensitive personal information may also be used in the profiling models.

You have certain rights in respect of this type of automated decision making. To learn more about your rights click here.

Retaining personal information in our systems

We generally only keep personal information for as long as is reasonably required for the reasons explained in this privacy policy. We do keep certain transactional records - which may include personal information - for more extended periods if we need to do this to meet legal, regulatory, tax or accounting needs. For instance, we’re required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you or others might raise later. We’ll also retain files if we reasonably believe there is a prospect of litigation.

To support us in managing how long we hold your data and our record management, we maintain a data retention policy which includes clear guidelines on data deletion.

We may also retain personal information where we have identified a legal basis for doing so in an aggregated form which allows us to continue to develop/improve our products and services.

Protecting information outside the UK

Some of the organisations we share information with may be located outside of the European Economic Area ("EEA"). We’ll always take steps to ensure that any transfer of information outside the EEA is carefully managed to protect your privacy rights:

  • transfers within the Aviva Group will be covered by an agreement entered into by members of the Aviva Group (an intra-group agreement) which contractually obliges each member to ensure that your personal information receives an adequate and consistent level of protection wherever it is transferred within the Group;
  • where we transfer your data to non-Aviva Group members or other companies providing us with a service, we’ll obtain contractual commitments and assurances from them to protect your personal information. Some of these assurances are well recognised certification schemes such as standard contractual clauses and the EU - U.S. Privacy Shield for the protection of personal information transferred from within the EU to the United States of America
  • we’ll only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and
  • any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed

You have a right to ask us for more information about the safeguards we have put in place as mentioned above. To learn more, please read your rights section.


Your rights

You have legal rights under data protection laws in relation to your personal information. 

We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information where we know we’re dealing with the right individual.

We’ll not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we’ll inform you before proceeding with your request.

We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we’re otherwise legally entitled to deal with the request in a different way.

Accessing personal information

You can ask us to:

  • confirm whether or not we have and are using your personal information
  • get a copy of your personal information

Withdrawing consent

Where we’ve asked for your consent to use your personal information, you’ll always have the right to withdraw such consent. 

Please contact us if you want to do this. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.

Correcting / erasing personal information

You can ask us to:

  • correct any information about you which is incorrect. We’ll be happy to correct such information but will need to verify the accuracy of it first
  • erase your personal information if you think we no longer need to use it for the purpose we collected it from you
  • erase your personal information if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, where we have used it unlawfully or where we’re subject to a legal obligation to erase your personal information

We may not always be able to comply with your request, for example, if we need to keep using your personal information in order to comply with our legal obligation or where we need to use it to establish, exercise or defend legal claims.

Restricting our use of personal information

You can ask us to restrict our use of your personal information in certain circumstances, for example, where:

  • you think the information is inaccurate and we need to verify it
  • our use of your personal information is not lawful but you do not want us to erase it
  • the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
  • you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it

We can continue to use your personal information following a request for restriction if we have your consent to use it; or you need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.

Objecting to use of personal information

You can object to any use of your personal information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use the personal information if we can demonstrate that we have compelling legitimate interests to use the information.

You can also object to use of your personal information for direct marketing purposes. We explain in the marketing section of this privacy policy more about our approach to direct marketing and how you can easily manage your marketing preferences.

Requesting a transfer of personal information

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (eg another company).

You may only exercise this right where we use your personal information in order to perform a contract with you, or where we asked for your consent to use your personal information. This right does not apply to any personal information which we hold or process based on our legitimate interest or which is not held in digital form.

Contesting decisions based on automated decision making

If we made a decision about you based solely by automated means (ie with no human intervention), and our decision produces a legal effect concerning you (such as the rejection of your claim), or significantly affects you, you may have the right to contest that decision, express your point of view and ask for a human review. These rights do not apply where we’re authorised by law to make such decisions and have adopted suitable safeguards in our decision-making processes to protect your rights and freedoms.

Obtaining a copy of our safety measures

You can ask for a copy of, or reference to, the safeguards we have put in place when your personal information is transferred outside of the European Economic Area. We’re not required to share details of these safeguards if sharing such details would affect our commercial position, or create a security risk.

Contacting us for more information

If you’re not happy with the level of information provided in this privacy policy, you can ask us about:

  • what personal information we have about you
  • what we use it for
  • who we share it with
  • whether we transfer it abroad
  • how we protect it
  • how long we keep it for
  • what rights you have
  • how you can make a complaint
  • where we got your data from
  • whether we have carried out any automated decision making using your personal information.

If you have any questions about this privacy policy or how to exercise your rights please contact our Data Protection Officer.

Write to: The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH

Email us: DATAPRT@aviva.com

If you'd like to submit a subject access request, please fill out this form or write to us at the above address.

Your right to complain

If you’re not happy with the way we’re handling your information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioners Office (ICO).

We ask that you please attempt to resolve any issues with us before contacting the ICO.