Aviva

We read Aviva's privacy policy so you don't have to.

  • Find out what they do with data about you
  • Contact them if you have a request about that data
Make a data request

Organisation information

Description

Insurance company

Registration country

United Kingdom

Registration number

02468686

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Role

Data Protection Officer

Email address

DATAPRT@aviva.com

Postal address

The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH

Data categories collected

Organisations must give details about what categories of data are stored and processed.

Aviva's privacy policy says they collect the following categories of data:

Our Observations

Aviva's policy does not offer a full breakdown of every piece of personal data they collect.

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This privacy notice does not appear to mention any unusual processing purposes.

Third parties

Organisations must give details about other parties that personal data is shared with.

Aviva's privacy policy says they share data with the following third parties:

List of third parties

  • Financial advisors and business partners who help Aviva arrange products

  • Insurers, reinsurers and brokers who help Aviva manage and underwrite products

  • Data analysts

  • Comparison websites

  • Regulators who regulate how Aviva operates

  • Solicitors representing data subjects or third-party claimants

  • Third-party administrators who help Aviva manage products and services

  • Loss adjusters and claims experts

  • Assistance providers who provide customers with assistance in the event of claims

  • IT service providers

  • Medical professionals if health records need to be accessed for insurance claims

  • Third-party case managers handling customer care

  • Employers and third parties that provide pension services to customers

  • Media agencies who provide marketing and display advertising services

How specific is this information?

Third parties are listed as groups

Retention rules

Organisations must give details about how long data is kept.

Summary

Aviva "generally only keep personal information for as long as is reasonably required for the reasons explained in this privacy policy." They do not provide more specific information about retention periods.

How specific is this information?

  • Retention rules are given without mentioning specific categories of data

  • Unspecific times for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

Aviva's privacy policy says they use the following lawful bases to collect and use data:

  • Consent

    "where we have obtained appropriate consents to collect or use your personal information for a particular purpose"

  • Contract

    "to arrange, underwrite or manage our products, or handle claims in accordance with their terms"

  • Legal obligation

    "to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities"

  • Legitimate interests

    "to operate and improve our products and services and keep people informed about our products and services or for any other purposes we identify as relevant to further our business interests but never at the expense of your privacy rights (we refer to these activities as our legitimate interests)"

Our Observations

Aviva do not provide a comprehensive breakdown of which data falls under which of the lawful bases, but do indicate that data subjects can contact the data protection team to find out more "about the legal reasons or legitimate interests that apply to a particular way in which we use personal information".

Security standards

Organisations must ensure that data is stored and processed securely.

This privacy notice does not appear to have this information.

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

Summary

This organisation uses automated decision making

Our Observations

Aviva use automated decision making to decide whether they can offer particular products to customers. The policy contains a breakdown of what data is used as part of the automated decision making process and also breaks this down further depending on the category of product.

How specific is this information?

The organisation mentions use of automated decision making for specific purposes

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Make a data request

You have rights to control data about you. Click on the rights to see why you might want to use each one.

We've also prepared email templates to help you contact Aviva to use the rights.

  • See data they hold about you

    You can ask to see what data Aviva has about you. They usually can’t charge for this, and they must respond to your request within a month.

    Why you might make this request

    You might want a copy of the data about you to understand what data the organisation has collected about you.

    Contact the organisation through their website

    https://www.aviva.co.uk/legal/subject-access-request/

    You might want to use the template message below to help you know what to say.

    Copy and paste this template into an email and send it to Aviva at

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH

    Use this template message above to help you write a letter to the organisation.

  • Change data they hold about you

    You can ask Aviva to change inaccurate or incomplete data about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    If an organisation is using information about you which is incorrect, you can ask them to correct it.

    Email the organisation

    Copy and paste this template into an email and send it to Aviva at DATAPRT@aviva.com

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH

    Use this template message above to help you write a letter to the organisation.

  • Delete data they hold about you

    You can ask that Aviva delete information about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    You might want to delete data about you if, for example, you have stopped using an organisation’s services.

    Email the organisation

    Copy and paste this template into an email and send it to Aviva at DATAPRT@aviva.com

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH

    Use this template message above to help you write a letter to the organisation.

  • Limit how they use data about you

    You can ask that Aviva only store data about you and not use it. They must respond to your request within a month.

    Why you might make this request

    You might want the accuracy of the data to be verified or you might want the organisation to hold on to data so you can make a legal claim against them.

    Email the organisation

    Copy and paste this template into an email and send it to Aviva at DATAPRT@aviva.com

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH

    Use this template message above to help you write a letter to the organisation.

  • Stop their use of data about you

    You can ask Aviva to stop using your data for particular reasons. They must respond to your request within a month.

    Why you might make this request

    You might want to stop the organisation using your data to for direct marketing.

    Email the organisation

    Copy and paste this template into an email and send it to Aviva at DATAPRT@aviva.com

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH

    Use this template message above to help you write a letter to the organisation.

  • Export data they hold about you

    You can ask Aviva to move data about you to another service or provide it in a format that can be used by another service.

    Why you might make this request

    You might want to move your data to another organisation to get a better deal.

    Email the organisation

    Copy and paste this template into an email and send it to Aviva at DATAPRT@aviva.com

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH

    Use this template message above to help you write a letter to the organisation.

  • Challenge an automated decision

    You can ask Aviva to give you information about how they use automated decision making, or ask for a person to review an automated decision.

    Why you might make this request

    You might want to find out about an automated decision if, for example, you were rejected for a bank loan or account.

    Email the organisation

    Copy and paste this template into an email and send it to Aviva at DATAPRT@aviva.com

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH

    Use this template message above to help you write a letter to the organisation.

Last updated 2019-01-22 at 11:01:14 • Download as JSONAPI documentationView on GitHubView on OpenCorporates