Last updated: November 2018
Protecting your personal information is extremely important us to Legal & General. It’s especially important for a large financial company like ours, as our customers trust us to look after a huge amount of sensitive information on everything from their business affairs to their medical history.
The way we collect, use, store and share your information is equally important. Our customers expect us to manage their information privately and securely. If we don’t, they’ll lose their trust in us.
This policy tells you how we collect and process your personal information. Please take a few minutes to read it, and show it to anyone else connected to your product. This policy may be subject to future change.
What does this policy cover?
What is personal information?
When we talk about personal information we mean information about an individual that can identify them, like their name, address, e-mail address, telephone number and financial details. It can relate to customers (including prospective customers), employees, shareholders, business contacts and suppliers. Any reference to “information” or “data” in this policy is a reference to personal information about a living individual.
What information do we hold?
We may collect and process the following personal information about you:
Type of data
Examples of how we use it
- Who you are
- Where you live
- How to contact you
- Servicing your product
- Analysis & profiling
- Enhancing our product and service offering
- Product underwriting and pricing
- Family details
- Visual images & personal appearance
- Financial Details
- Lifestyle and social circumstances
- Analysis & profiling
- Product underwriting and pricing
- Bank and/or card details
- How you use your product
- Changes you make to your product or account
- Servicing your product
- Making sure our products and services are fit for purpose
- Your claims history
- Your creditworthiness
- Product underwriting and pricing
- Making sure the product is right for you
Consent & preferences
- Ways you want us to market to you
- Details on the devices and technology you use
- Making sure our products and services are fit for purpose
Open data & public records
- Electoral register
- Land register
- Other information about you that is openly available on the internet
- Product administration
Documentary data & national identifiers
- Details about you that are stored in documents like:
- Your passport
- Drivers licence
- Birth certificate
- National Insurance number
- Prevent financial crime
Where do we get our information from?
- Directly from you - information you provide when you fill in forms or contact us by phone, e-mail etc.
How do we use your information?
We use personal information that we hold about you:
- To carry out our responsibilities resulting from any agreements you’ve entered into with us (e.g. to underwrite and administer your product, including processing claims) and to provide you with the information, products and services that you’ve asked from us.
- To provide you with marketing information about services and products we offer across the Legal & General group which may be of interest to you. If you have opted in to receive marketing from us based on your marketing preferences, we may deliver this information by post, telephone, e-mail, SMS or personalised online marketing via our own systems such as My Account, social media platforms and/or other third party websites e.g. YouTube. Please note that if you choose not to receive online marketing, you will not see personalised messages using your personal data, however you may still see generic online advertising about our products and services. We will not sell your data to third parties for them to market to you. We may also send marketing to you using our “legitimate interests”, please see below for further information.
- To tell you about changes to our services and products.
- To comply with any applicable legal or regulatory requirements (including “know your customer” checks, or to comply with any applicable regulatory reporting or disclosure requirements).
- For carrying out market research, statistical analysis and customer profiling to help us to improve our processes, products and services and generate new business (e.g. to understand digital behaviours, identify financial attitudes and develop more engaging communications).
- To define our actuarial, pricing and underwriting strategies.
- To run our business in an efficient and proper way. This includes testing our systems, managing our financial position, business capability, planning, communications, corporate governance, and audit.
- For any other purpose that we’ve agreed with you from time to time.
When you apply for a product or to receive a service from us, the application form you fill out or the resulting contract may contain additional conditions relating to the way we use and process your personal information. These will apply in addition to the uses described in this document.
In some cases, we may use software or systems to make automated decisions (including profiling) based on the personal software or systems information we have, or collect from others. These may include:
- The prevention and detection of fraud and financial crime.
To perform transaction monitoring, identity verification, money laundering and sanctions checks, and to identify politically exposed individuals. We are required by law to perform these activities which may be achieved using solely automated means to make decisions about you. We may use these activities to decline the services you have requested or to stop providing existing services to you.
- Providing quotes, calculating premiums and underwriting decisions.
We may assess a number of factors including information about you and your health, lifestyle information such as your postcode, occupation and hazardous pursuits that you perform. These factors will be assessed against our pricing and underwriting criteria which may include statistics regarding life expectancy, illness, injury and demographic risks. For general insurance the factors may include your claims history, where you live, and the value of items you wish to insure. We may use these activities to determine the price of your product and whether we should undertake the risk of insuring you - including how much insurance should be granted to you, how much you should pay for it and whether or not to insure you in the first place.
- Servicing activities such as (i) Personalising the content and design of communications and online services (such as My Account) and (ii) Determining when to provide tailored servicing communications about your Legal & General product (e.g. as a result of changes in your personal circumstances or lifestyle), and the appropriate channel(s) to use.
These may be achieved using profiling in order to predict certain characteristics about you (e.g. your economic situation, interests, personal preferences or transactional behaviour). The activities will not have a detrimental effect on you.
Using your information in accordance with data protection laws
- Providing our contracts & services to you: We’ll process your personal information to carry out our responsibilities resulting from any agreements you’ve entered into with us and to provide you with the information, products and services you’ve asked from us, which may include online services.
- Complying with applicable laws: We may process your personal information to comply with any legal obligation we’re subject to.
- Carry out market research and product development, which can include creating customer demographics and/or profiling.
- Continue to send marketing information, via post only, to customers who purchased a product before 25th May 2018 and did not opt-out, until such time as they have reviewed their marketing preferences (which can be done at any time).
- Send marketing information, via post only, to customers who have a relevant and appropriate relationship with Legal & General.
- Develop and test the effectiveness of marketing activities.
- Develop, test and manage our brands, products and services.
- Study and also manage how our customers use products and services from us and our business partners.
- Manage risk for us and our customers.
This requires us to carry out an assessment of our interests in using your personal data against the interests you have as a citizen and the rights you have under data protection laws.
- Consent: We may provide you with marketing information about our services or products where you’ve provided your consent for us to do so.
You may opt out of marketing at any time by e-mailing or telephoning your customer servicing team. Alternatively, you can also use the Contact Us section of our website. You can also manage your marketing preferences on our customer self-service systems, My Account.
- Special category (sensitive) data: Where you have consented, we will process any medical & health, racial & ethnic origin, genetic & biometric or sex life & sexual orientation information you have provided, and any other sensitive information obtained from a third party (e.g. your GP or other medical professional), solely for the purposes of allowing us to underwrite and administer your policy and deal with claims.
- Criminal Conviction Data: Where you have consented, we will process this type of information solely for the purposes of allowing us to underwrite and administer your policy and deal with claims.
Please be aware that the personal information you provide to us, and which we collect about you, is required for us to be able to provide our services to you and without it we may not be able to do so.
How long do we keep your information for?
We’ll keep your personal information in accordance with our internal retention policies. We’ll determine the length of time we keep it for based on the minimum retention periods required by law or regulation. We’ll only keep your personal information after this period if there’s a legitimate and provable business reason to do so.
For pension products, we may retain your personal information indefinitely using the legitimate interests condition in order to support future enquires from you, your family or financial adviser and our regulators.
For certain research and statistical activities, we may indefinitely retain minimised personal information about you, including medical information, to solely to define our actuarial, underwriting and pricing risk strategies. These activities will not be used to make a decision, or take measures, against you.
Who do we share your personal information with?
We’ll only disclose your information to:
- Other companies within the Legal & General Group, third-party suppliers, contractors and service providers for the purposes listed under “How do we use your information” above.
- Selected third parties, so that they can contact you with details of the services that they provide, where you have expressly opted-in or consented to the disclosure of your personal data for these purposes.
- Our regulators, government (e.g. HMRC) and law enforcement or fraud prevention agencies, reassurers, as well as our professional advisers etc. You can find an up to date list of reassurers on our website.
Additionally, we may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we’ll disclose your personal data to the prospective seller or buyer of such business or assets.
- If we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
- If you have been dealing with a financial adviser, we’ll provide information about your product and, where appropriate, with other information about your dealings with us, to enable the adviser to give you informed advice.
- For employer sponsored schemes, we may share some details of your plan with your employer and any professional advisor(s) they appoint on their or your behalf to service and provide accurate financial advice about the scheme.
- In order to enforce or apply the terms of any contract with you.
- If we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
- To protect you and Legal & General from financial crime, Legal & General may be required to verify the identity of new and sometimes existing customers. This may be achieved by using reference agencies to search sources of information relating to you (an identity search). This will not affect your credit rating. If this fails, Legal & General may need to approach you to obtain documentary evidence of identity.
- If you make a claim, we’ll share your information (where necessary) with other insurance companies to prevent fraudulent claims.
- Legal & General Surveying Services may use a third party surveyor to carry out the survey or valuation of the property.
Additionally, your information, including special category and criminal conviction data, may be disclosed to our reassurer and to any other insurance company to whom you apply for products or services.
If you’ve been introduced to us by another company (e.g. bank, insurer, building society) your employer or their financial adviser), we may share your information with them to enable them to:
- Administer and service your product.
- Carry out market research, statistical analysis and customer profiling.
- Where you have consented, send you marketing information by post, telephone, e-mail and SMS about their products and those of carefully selected third parties.
- Assist you with your application process (aggregator and price comparison websites only).
Legal & General will check your details with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We may also share information about you with other organisations and public bodies, including the police and we may check and/or file your details with fraud prevention agencies and databases.
Legal & General and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
- Checking details on applications for credit and credit related or other facilities.
- Managing credit and credit related accounts or facilities.
- Recovering debt.
- Checking details on proposals and claims for all types of insurance.
- Checking details of job applicants and employees.
Legal & General and other organisations may access and use from other countries the information recorded by fraud prevention agencies. Please contact our Group Financial Crime department if you wish to receive the relevant details of the fraud prevention agencies:
Address: Group Financial Crime, 7th Floor, Brunel House, 2 Fitzalan Road, Cardiff CF24 0EB
Legal & General may also check the details of other parties related to your contract, including verification of identity. This includes beneficiaries, trustees, settlors, third party premium payers, executors or administrators of your estate, parties with power of attorney and any other beneficial owner.
General insurance only: claims history
Under the conditions of your product you must tell us about any insurance-related incidents, whether or not they give rise to a claim. When you tell us about an incident we’ll pass information relating to it to a database.
We may search these databases when you apply for insurance, in the event of any incident or claim or at a time of renewal, to validate your claims history or that of any other person or property likely to be involved in the product or claim.
Transferring your data outside the EU
We’ll only transfer your data to a recipient outside the EEA where we’re permitted to do so by law (for instance, (A) where the transfer is based on standard data protection clauses adopted or approved by the European Commission, (B) where the transfer is to a territory that is deemed adequate by the European Commission, or (C) where the recipient is subject to an approved certification mechanism and the personal information is subject to appropriate safeguards, etc.).
Unfortunately, sending information via e-mail is not completely secure; anything you send is done so at your own risk. Once received, we will secure your information in accordance with our security procedures and controls.
You have rights under data protection law that relate to the way we process your personal data. More information on these rights can be found on the Information Commissioner’s website. If you wish to exercise any of these rights, please get in touch with your customer services team. Alternatively, you can also use the Get in touch section of our website.
- The right to access the personal data that we hold about you.
- The right to make us correct any inaccurate personal data we hold about you.
- The right to make us erase any personal data we hold about you. This right will only apply where for example:
- We no longer need to use the personal data to achieve the purpose we collected it for
- You withdraw your consent if we’re using your personal data based on that consent
- Where you object to the way we use your data, and there is no overriding legitimate interest.
- The right to restrict our processing of the personal data we hold about you. This right will only apply where for example:
- You dispute the accuracy of the personal data we hold
- You would like your data erased, but we require to hold it in order to stop its processing
- You have the right to require us to erase the personal data but would prefer that our processing is restricted instead
- Where we no longer need to use the personal data to achieve the purpose we collected it for, but you need the data for legal claims.
- The right to object to our processing of personal data we hold about you (including for the purposes of sending marketing materials to you).
- The right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to make us transfer this personal data to another organisation.
- The right to withdraw your consent, where we’re relying on it to use your personal data (for example, to provide you with marketing information about our services or products).
- For automated decisions (including profiling), you have right to:
- Obtain an explanation of the decision and challenge it
- Request for the decision to be reviewed by a human being.
Contacts and complaints
Legal & General contact or your customer services team. Alternatively, you can also use the Get in touch section of our website.
If you have any concerns about the way we process your personal data, or are not happy with the way we’ve handled a request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office. Their address is:
First Contact Team
Information Commissioner's Office
Data Protection Officer
Legal & General has appointed a Data Protection Officer to provide independent expert advice and monitor compliance with data protection laws:
Name: Liz Gaspar
E-mail address: Data.Protection@landg.com
Address: 1 Coleman Street, London, EC2R 5AA