Last updated: June 2021
We are sending you this notice to give you more details on how we gather, use and share your information, as well as providing information on the rights you have on how this information is processed. You don’t need to do anything, but you may want to take time to read this.
For the purposes of the General Data Protection Regulation (GDPR), we are the data controller for the personal information that the trustee (or a third party acting on behalf of the trustee) or an insurance provider has given us. This means we have a responsibility to make sure your information is kept safe and not misused.
Where do you get my information from?
The trustee, trustee adviser of the scheme or other third party may give us any or all of the following personal information about you.
- Personal details such as your name, sex, age, date of birth, email address, postal address and phone number.
- Family circumstances such as details about your current marriage or partnerships, your marital history and details of your family and dependants.
- Employment details such as pensionable pay, length of service, employment and career history and job title.
- Financial details such as your income, salary and bank account details to process pension payments or benefits.
We would only hold special-category data (sensitive information), such as a description of your physical or mental health, if you have given us permission (consent) to hold this because you need to retire early due to ill health.
How do you use my information?
When we receive your personal information, we will use, analyse, store and keep it for a number of purposes, including the following.
- To provide quotations for either removing risk from the scheme or providing reinsurance for another insurance provider.
- To administer and support an insurance contract that the trustee may buy or has bought from us to protect scheme member benefits or provide reinsurance benefits.
- To make sure that we accurately pay the correct benefits and claims to the appropriate scheme members in connection with the insurance contract or reinsurance benefits. In some cases we may use computer systems to make automated decisions or to carry out profiling (automated processing of personal information, including using personal information to evaluate certain personal aspects, and in particular to analyse or predict aspects concerning that person’s health, including assessing risks) based on the personal information we have received from the trustee, the trustee adviser or an insurance provider. We will automatically process your information along with information about the other members of the scheme to help us manage the scheme risks or reinsurance contract, (for example, setting mortality assumptions (rates of death) for specific schemes), and to report on longevity risks (risks relating to how much longer people live) and related demographic risks (risks relating to the social and economic characteristics of a population, such as age, gender, income level, marital status, occupation and so on).
- To carry out the obligations we have under our contract with you, or the trustees, to provide you with the options available to you, which may include us asking you for special-category sensitive information (for example, medical information if you need to retire early due to ill health).
- To keep to any laws or regulations that apply.
- To carry out market research, statistical analysis and customer profiling to help us develop and improve our processes, products and services, which can include creating a database of the social and economic characteristics of our customers.
Who do you share my personal information with?
We may also share your personal information with any or all of the following in connection with insuring longevity risks and related demographic risks.
- Our group companies and group functions, including those involved in setting scheme-specific mortality assumptions (rates of death), financial reporting, legal and marketing.
- The reinsurers (organisations which provide insurance for insurance companies) of longevity risks and related demographic risks. (You can find a list of the reinsurers that we normally use, and links to each of their privacy policies, at legalandgeneral.com/privacy-policy/consent-controllers/.)
- Third parties who check for people who are at higher risk of bribery and corruption because of their position (known as politically exposed persons or PEPs), carry out sanctions screening (the process of reviewing sanctions lists to check if any person is involved in financing crime or terrorism, so that appropriate action can be taken, as needed, to keep within the law).
- Data-tracing and verification agencies, to make sure we hold your most up-to-date address before we post anything to you. We also use agencies to trace members and check they are still alive.
- Third parties instructed by the trustee, such as external auditors.
We, reinsurers or third-party service providers (those able to provide better value for money or who provide a specialist service) will use, analyse, store and maintain your personal information for a number of purposes, including the following.
- Assessing it to prevent fraud.
- Making decisions relating to the transaction being underwritten (analysis of the risk).
- Other purposes we may decide on from time to time.
Reinsurers may also share your personal information with retrocessionaires (large organisations who insure reinsurers) or other providers, who will use, analyse, store and keep your personal information for the same or similar purposes as those set out above.
We and each of the organisations and people listed above will rely on a condition under the GDPR known as ‘legitimate interests’ to use your personal information for any other purpose described in this privacy notice. This means it must be in our legitimate interests to collect your personal information as it gives us the information we need to allow us to deal with the risks we face and to provide our services more effectively.
To provide you with information about services and products that may interest you, we may send you marketing information by post, if this is in our legitimate interest. We will only send you marketing information if you have become a Legal & General policyholder as part of a pension-scheme buyout, where we have taken over responsibility for your pension benefits. We will not send marketing information if your pension benefits are still the responsibility of the scheme’s administrator or trustee, which is known as a buy-in arrangement. Your information will never be given to a third party for the purposes of them sending you marketing information.
If you have become a Legal & General policyholder as part of a pension-scheme buyout, you can opt out of receiving marketing information by phoning our Defined Benefits Retirements Team on 03450 778 778 or sending an email to firstname.lastname@example.org
Protecting you data outside the UK
We and the other organisations and people mentioned above can transfer the personal information we get from the trustee or a trustee adviser to an organisation outside the UK. These organisations will take all reasonably necessary steps to make sure that they keep your information secure and confidential, in line with this privacy notice
We will only transfer your information outside the UK if we’re allowed to do so by law, such as if:
- the transfer is based on standard data protection clauses adopted or approved by the UK’s Information Commissioner’s Office;
- the transfer is to a territory that is considered ‘adequate’ by the Information Commissioners Office, or
- the person or organisation receiving the information has an approved system for protecting personal information.
How long we keep your information
We and the other organisations and persons mentioned above will each keep your personal information in line with our and their retention policies. We and they decide on the length of time the information is kept for, based on the minimum retention periods required by law or regulation. We and they will only keep your personal information after this period if there’s a legitimate and provable business reason to do so. Our own policy is to delete or anonymise (so that it can no longer be identified as being about you) all personal information provided for the purpose of providing a quote for no more than six months after the date on which we are told that the quote was not taken up or acted on.
Under the legitimate interests condition of the GDPR, we may keep your personal information indefinitely to help us deal with any enquires we receive in the future from you, your family or financial adviser, or our regulators. For certain research and statistical activities, we may also keep limited personal information about you indefinitely, including medical information, to define our actuarial, underwriting and pricing risk strategies only. We will not use this information to make a decision about, or take measures against, you.
We will check your details with fraud prevention agencies. If you provide false or inaccurate information or we identify it, we will pass details to fraud prevention agencies. Law enforcement agencies may access and use this information. We may also share information about you with other organisations and public bodies, including the police, and we may check or file your details with fraud prevention agencies and databases.
We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
- checking details on applications for credit and credit-related or other facilities;
- managing credit and credit-related accounts or facilities;
- recovering debt;
- checking details on proposals and claims for all types of insurance; or
- checking details of job applicants and employees.
We and other organisations may access and use the information recorded by fraud prevention agencies in other countries. Please contact our Group Financial Crime department if you want to receive the relevant details of the fraud prevention agencies:
Group Financial Crime, 7th Floor, Brunel House, 2 Fitzalan Road, Cardiff, CF24 0EB
We may also check the details of other parties related to your contract, including checking their identity. This includes beneficiaries, trustees, settlors, third-party premium payers, executors or administrators of your estate, parties with power of attorney and anyone else who may benefit from the contract.
Under data protection law, you have rights that relate to the way we process your personal information. You can find more information on these rights on the ICO’s website. If you want to enforce any of these rights, please get in touch with your customer services team. Or, you can also use the Contact Us section of our website.
1. The right to access the personal information that we hold about you.
2. The right to make us correct any inaccurate personal information we hold about you.
3. The right to make us erase any personal information we hold about you. This right will only apply if, for example:
4. The right to restrict how we process the personal information we hold about you. This right will only apply if, for example:
5. The right to object to us processing personal information we hold about you, including for the purposes of sending you marketing material or using your personal information for profiling (where your personal information is processed by a computer system to assess certain things about you).
6. The right to receive personal information, which you have given us, in a structured, commonly used and
7. The right to withdraw your permission (consent), if we’re relying on it to use your personal information.
8. For automated decisions (including profiling), you have the right to ask for:
If you have any questions about this privacy notice or want to enforce any of your rights, please phone our Defined Benefits Retirements Team on 03450 778 778 or email them at email@example.com.
If you have any concerns about the way we process your personal information, or are not happy with the way we have handled a request in relation to your rights, you also have the right to make a complaint to the Information Commissioner’s Office. Their address is: First Contact Team, Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
We have appointed a data protection officer to provide independent expert advice and make sure we are keeping to data protection laws. Her details are as follows.
Name: Liz Gaspar
Address: One Coleman Street, London, EC2R 5AA