At Phoenix Life we're committed to maintaining the trust and confidence of our customers.
This privacy notice explains when and why we collect our customers’ personal information. It makes it clear how we use it, when we may share it with others and how we keep it secure. It also explains how you can get the information we hold about you, and the choices you have about how we use your information.
If your policy transferred to Phoenix Life Assurance Europe dac (PLAE) on 1 January 2023 you can find details of how your personal information is treated on the PLAE website.
We are Phoenix Life, part of The Phoenix Group – one of the UK's largest providers of insurance services. The Phoenix Group has grown a great deal since it first started in 1782 and is now the UK’s largest long-term savings and retirement business.
You can visit thephoenixgroup.com/privacy-hub/ for more information about the Phoenix Group.
This Privacy Notice applies whenever we use the Phoenix Life brand. This includes, but isn’t limited to, the following:
- Abbey Life Limited
- Phoenix Customer Care Limited
- Pearl Group Services Limited
- PA (GI) Limited
- Phoenix Unit Trust Managers Limited
- Pearl Trustees Limited
- Alba Life Trustees Limited
- London Life Trustees Limited
- Phoenix SCP Trustees Limited
- Phoenix ER1 Limited
- Phoenix ER2 Limited
- Phoenix ER3 Limited
- Phoenix ER4 Limited
- Phoenix ER5 Limited
- Phoenix Pension Trustee Services Limited
- Scottish Mutual Pension Funds Investment Limited
- Pearl Customer Care Limited
- Phoenix Wealth Services Limited
- Phoenix Wealth Trustee Services Limited
- Century Trustee Services Limited
- Other Phoenix Group companies that trade as Phoenix Life such as Phoenix Life Limited, Phoenix Life CA Limited and Phoenix Group Management Services Limited
We collect your personal information when you fill in application forms, speak to us on the phone or use our apps and website. We may get the information direct from you or from your employer if you have a workplace pension. We may also ask you for information as part of our day-to-day business activities, so we can provide you with the services we offer.
What personal information do you collect? | When do you collect it? | Why do you need it? |
---|---|---|
Basic personal details
|
When your employer provides it in connection with a workplace pension. When you ask about or buy a product or service. |
To run your policy with us. To answer your questions and give you important information about your products or services. To give you details of additional products or services that we think might be suitable for you. To understand how customers are using our products and services. |
Proof of identity documents
|
When we need proof of identity. |
To keep your account and financial information secure |
Family details
|
When you fill in an application for one of our products or services. |
To operate your account (for example, to pay beneficiaries, who are the ones who receive benefits from your policy if you die). |
Health
|
As part of running your policy. |
To provide the product or service you’ve requested – if we need the information for this purpose – or to meet our legal duties. |
Information from your devices
|
When you use our website or the MyPhoenix app. When you ask about or buy a product or service. |
To understand how you interact with our website and online services. This allows us to improve the ways we interact with customers and provide you with relevant marketing communications. |
Your preferences – for communications and receiving marketing information |
When you ask about or buy a product or service. When you use our online services. |
To communicate with you and send you marketing communications in ways that suit your needs and how you like to be communicated with. |
We may collect other information during your relationship with us, to help us continue running your policy, such as information from public registers, including Land Registry documents.
If you are a beneficiary or other third party with an interest in the policy, we get personal information from the person who took out the policy (for example, your partner).
In some circumstances we collect information about children. For example, we may need to collect their information to find out if they are beneficiaries of a policy.
If you are a beneficiary or a third party, you have a number of rights over your personal information. We explain how you can exercise these rights in the your rights section.
We will only collect, use and share your information if we have a valid legal reason, known as a legal basis, as set out in data protection law. The main legal bases for using your information are as follows.
1. Contract – the processing is necessary for a contract we have with you to provide a product or service to you, or because you have asked us to take specific steps before entering into a contract with us.
2. Legal obligation – the processing is necessary for us to keep to the law, such as needing proof of identity to meet our fraud and anti-money laundering duties.
3. Legitimate interests – the processing is necessary for our legitimate interests or those of a third party.
Our legitimate interests may include, but are not limited to:- Making you aware of the options that will help you get the best outcome from your product or investment;
- Carrying out transactions by engaging with third parties where the sharing of your personal data is required; and
- Carrying out research so we can better understand your needs and send you relevant communications about the products and services you have with us. (You can opt out of these types of communications by contacting our customer services team, as explained in the how to contact us section of this privacy notice.)
It is also in your legitimate interests to process your personal data to develop new products and services.
When we process personal information for legitimate business interests, we put safeguards in place. The safeguards make sure your privacy is protected and that our legitimate interests do not override your interests or your data protection rights.
4. Consent – you have given us permission to process your personal information for a specific purpose, such as to send you information about products and services we believe may be of interest to and benefit you.
For example, we’ll need to get your permission to process your medical information or pass your details to a third party who provides a service we don’t. You have the right to withdraw your permission at any time.
In some limited cases we may need to process your personal information without getting your permission, if this is in the public interest and allowed under data protection law. If this is the case, we will take necessary steps to make sure your rights and freedoms are protected.
If we ask for your permission to process your personal information, and you agree, you can withdraw your permission at any time by contacting our customer services team, as explained in the How to contact us section of this privacy notice. Please read section 16, your rights, for more details.
Certain communications we send you, such as your annual statement, are important for you to understand your policy. We must send these to you to meet a legal obligation or regulatory requirement. You can’t opt out of these communications.
Other communications are designed to gather your feedback to help us improve the products and services we offer. This could involve taking part in surveys and questionnaires, perhaps online, on the phone or in person. You can opt out of these communications.
We may send you marketing communication by post and phone. We will send marketing communications by email, text message or other electronic method only if we have your permission. You may receive marketing communications:- Direct from us; or
- From trusted partners, on our behalf, about a product or service that we think may interest you.
You can opt out of marketing communications.
You're in control of how we contact you and the communications you receive. You can manage your communication preferences by contacting our customer services team, as explained in the how to contact us section of this privacy notice.
The way we process your personal information may involve profiling. This means that we may process your personal information using software that can evaluate your personal circumstances and other factors to predict risks or outcomes. We may also use profiling, or other automated methods, to make decisions about you.
We use profiling to help us develop offers, products and services in order to provide you with the best customer experience. We may also use profiling to see how you use and interact with our website and online tools. This helps us to improve our services to you.
From time to time we use your information, sometimes combined with information from third parties, to place you in groups with similar customers. This combined information is then used to:
- Monitor and improve the products and services we offer;
- Enter into transactions with third parties which help us manage our risk;
- Help prevent crime;
- Decide if our customers might be displaying characteristics that show they may need additional support from us; and
- Make sure information is accurate and of a high quality.
An example of customers who are grouped together are those nearing retirement, where we use profiling of that group to provide information about their retirement options.
Before we use any information from profiling, we carry out checks to make sure there are no legal restrictions on using that information. We also consider whether using the information might cause outcomes that are unfair.
Where possible we remove details you could be identified from, such as your name, and replace these with anonymous details. We do this to protect your information.
If you don’t want us to use your personal information for profiling, please contact our customer services team, as explained in the how to contact us section of this Privacy Notice. If you do not want us to use your personal information for profiling, this may mean that we will not be able to provide you with our products or services.
We use automated processes to assess certain things about you in order to make predictions such as customer traits and behaviours. These predictions are called marketing profiles and they help us provide more personalised advertising for our products and services. To create marketing profiles we use information such as:
- Details of your policy;
- Information on your behaviours, such as how you use our website;
- Your age; and
- Your contact details.
We would use your marketing profile to decide the most relevant products, services, offers or benefits to offer you and the best time and way to offer them. For example, we may use marketing profiles to see if customers prefer to use our website to find out about products and services. If they do, we contact customers to let them know about any online services we are offering.
We may use a third party’s services and information to create marketing profiles.
If you don’t want us to use your information to create marketing profiles, please contact our customer services team, as explained in the how to contact us section.
We sometimes use automated decision-making, where decisions are made by a computer system without any person involved. This process uses information that you have given us and that is in records we hold about you, and information we get from third parties. An example of automated decision-making is where an automated process uses information on the value of your annuity to decide the terms and price of a policy.
If we make an automated decision, you have the right to:
- Receive an explanation about the logic behind the decision;
- Challenge the decision; and
- Ask for a person to be involved in making the decision.
For more information about this right and how to exercise it, please see the your rights section.
We make certain decisions based just on automated processing of your personal information. Examples of when we make decisions based just on automated processing are as follows.
- We carry out credit reference checks to decide if you are likely to be able to meet your commitments in any contract you have with us. If you don’t meet the standards required by the check, we will not be able to enter into a contract with you.
- In order to meet our obligations to prevent fraud and money laundering, we analyse patterns of transactions and claims to decide if any transaction or claim may be fraudulent. We may block transactions or reject claims if they're considered suspicious, and we may be required to report the matter to the relevant authorities.
Please contact us if you would like more information about these activities.
Whenever we share your personal information, we do this in line with data protection laws that are in place to keep your information safe and secure. The table that follows shows who we may share your personal information with. We will not share your personal information with any of these third parties until we have carried out checks on those parties.
Who we share your information with | Why we share it |
---|---|
Other companies in the Phoenix Group |
We may use more than one company in our group to deliver our products and services to you. We may share your information with other companies in the Phoenix Group as part of our commitment to offer you financial products and services that may be of interest to you. We may need to share your information to protect your assets held with us and protect our customers against fraud or activities which may have a negative effect on you. |
Service providers |
We use third-party companies to provide services such as policy administration, IT systems and software, so we can run your policy and deliver our services to you. |
Reinsurers (other insurers who take on the risk of when and how much we have to pay customers on their policy) |
So reinsurers can help us manage our risk. |
Anyone you ask us to share your information with |
To share your information with others specified by you, such as a trustee or professional adviser. |
UK regulators, such as the Financial Conduct Authority (FCA) and Information Commissioner’s Office (ICO), who make sure we’re acting in your best interests UK government bodies such as HM Revenue & Customs (HMRC) and the Home Office For our customers in Ireland, regulators such as the Central Bank of Ireland (CBI) and the Data Protection Commission (DPC) Irish government bodies such as the Revenue Commission |
To meet legal and regulatory requirements, and to follow best practice. |
Other UK and Ireland bodies such as:
|
To meet legal and regulatory requirements, and to follow best practice. |
Affinity partners (third parties who provide products or services which we do not provide or which are different from our own) |
To offer you financial products and services that may be of interest to you. |
Customer research partners |
To help us improve the products and services we provide. Note: if you are contacted for research purposes we will be clear about the purposes of the research. We’ll tell you how any information you provide will be used, who will have access to it and how long it will be kept. |
Professional advisers |
To provide services such as legal advice, accountancy services and consultancy services. |
Equitable purchasers of mortgage loans |
As part of our effort to manage our risk, we may share your information with organisations who purchase mortgage loans that you may have borrowed against. |
Other third parties who we may use for specific purposes |
For example, to trace customers we have lost contact with or when we’ve been told customers no longer live at the address we have for them. |
We may need to collect personal information about you from third parties, but we will only ask for the minimum amount of information we need. Third parties we may ask for information include the following:
- Your employer or pension scheme trustee, if you’re a member of a pension scheme.
- Credit reference agencies, to help us find you if we lose touch with you.
- Companies who provide third-party administration services.
- Law enforcement and fraud prevention agencies, to prevent and detect crime.
- Medical professionals, if we have your permission, to help us assess a claim.
- Regulators, such as the FCA, who make sure we’re acting in your best interests
- Government bodies, such as HMRC or The Revenue Commission, who are responsible for collecting taxes.
- Third parties acting on your behalf.
- Any other publicly available source of information.
We automatically use cookies that are necessary for functionality, security and accessibility. There are also optional cookies that we use.
You can read more about how we use cookies, and how to change your preferences relating to cookies, in our cookies policy.
When we send you an email to tell you about the products and services we offer, we use an email pixel. This collects information about how you respond to the email. It tells us when you opened the email, how many times you opened the email and whether you clicked on any of the links in it. This information helps us to better understand the effect of our emails and how useful you find the content about our products and services.
Depending on the device you use to check emails from us, you may be able to disable the email pixel. You will need to check this with your device manufacturer.
We operate mainly in the UK. Sometimes the information we collect from you may be accessed from, transferred to or stored outside the UK (for example, in India or the United States, where some of our servicing partners are based).
If your information is being processed outside the UK, we take extra steps to make sure your information is protected to at least an equivalent level of protection as would be applied in the UK. For example, we put in place legal agreements with our suppliers and do regular checks to make sure they are keeping to the requirements of those agreements.
When we transfer information to a third party outside the UK and EEA, we either put in place data transfer agreements that are based on approved standard clauses or rely on other appropriate safeguards and methods to protect the information. However, this is not necessary if the third party is in a country where the European Commission and the ICO consider data protection laws to be adequate.
We will keep your information for as long as we have a relationship with you. Once our relationship with you has ended, we will keep your personal information for an appropriate period of time that allows us to:
- Maintain business records for analysis and audit purposes;
- Keep to legal requirements relating to keeping records;
- Defend or make any legal claim, now or in the future; and
- Deal with any complaints about our products or services.
We will delete your personal information when we no longer need it for these purposes.
If you need more information on how long we keep information, please contact our Data Protection Officer. The contact details are shown in the how to contact us section.
We take the security of your information very seriously and have safeguards in place to protect your personal information in line with data protection laws. Also, specialist third-party consultants conduct regular, independent audits across our business to assess our security controls.
Your information is protected by controls designed to minimise loss or damage caused by accident or resulting from negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically, and take part in annual training on this.
Our security controls are in line with industry standards and good practice. These controls mean that you can be reassured that we keep your information, as well as your money, safe.
You have legal rights relating to your personal information. We may ask you for proof of identity when you make a request to exercise a right. We do this to make sure we provide information only to the right person.
The legal rights you have are explained below.
The right to object to the use of your personal information
If you don’t want us to use your information, or want us to stop using it for a specific purpose, you can ask us to stop. We will stop using the information as long as there are no reasons why we need to continue using it. If we have to continue using it, we will contact you to explain why.
You can ask us not to send you marketing messages. You can also ask us not to use your personal information for customer profiling.
If you have given us permission to use your personal information, you can withdraw that permission at any time. Whenever we get your permission we will explain the process for withdrawing it, and any consequences of doing so. You can withdraw your permission at any time by contacting our customer services team, as explained in the how to contact us section of this privacy notice.
The right to get copies of your personal information (the 'right of access')
You have the right to ask for a copy of the information we hold about you, and we will usually provide this free of charge. For your security, we will take reasonable steps to confirm your identity before providing any information we may have about you.
The right to have your personal information transferred to another organisation (the 'right to data portability')
You can ask us to transfer any of your personal information to a specific company or person. We will try to transfer the information in the format you request. If this is not possible, we will contact you to agree an alternative format.
The right to get your personal information corrected (the 'right to rectification')
We do our best to make sure that your personal information is kept up to date. If you think that your information is not up to date or is incomplete, please contact us.
The right to limit how organisations use your personal information (the 'right to restriction')
You can ask us to stop using your personal information for specific purposes or for a limited time, such as while we are checking the accuracy of your personal information. We will always try to meet your request, but there may be times where we cannot. If this is the case, we will explain why.
The right to get your personal information deleted (the 'right to be forgotten')
In certain circumstances you can ask us to stop keeping or using your personal information or ask us to restrict how we use it.
If we can delete your information we will, but sometimes we must keep it for legal reasons. If we cannot meet your request, we will contact you to explain why.
Rights relating to automated decision-making and profiling
You have the right not to accept a decision based just on automated processing, unless the decision is:
- Necessary for the purposes of a contract between us and you;
- Allowed by law (for example, to prevent fraud); or
- Based on your clear consent.
In these situations, you do have the right to get an explanation of the decision, ask for a person to be involved in reviewing it, express your views and challenge the decision. We will tell you if we cannot meet your request or how your request might affect you.
If you want to exercise any of the rights listed above, please contact us in any of the ways set out in the how to contact us section below.
If you have any questions about our privacy notice or the information we collect or use about you, please contact:
Data Protection OfficerThe Phoenix Group
1 Wythall Green Way
Wythall
Birmingham
B47 6WG
Email: [email protected]
If you would like to speak to someone about the information we hold about you, please contact our customer services team.
We always aim to collect, use and protect your personal information in line with data protection laws. If you think that we have not kept to this privacy notice, please let us know immediately. We will do our best to put things right.
We hope that we can settle any complaints for you. If you are not satisfied with a response you receive from us, you have the right to complain to the Data Protection Regulator, whether or not you have finished our complaints procedure.
Customers in the UK can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
www.ico.org.uk
We may update this privacy notice from time to time to keep it up to date or when necessary to meet legal requirements. If there are any significant changes to how we use your personal information, we’ll tell you by putting a notice on our website and sending you details by email or post.
You can download a copy of the up to date privacy notice.
This privacy notice was last updated on 18 January 2024.