This privacy notice explains the type of information ReAssure collects about you, why we need this information and how we protect it.  This notice also explains your rights in relation to the information we hold.

ReAssure is a life assurance and pensions provider, and is classed as a ‘Data Controller’ under the Data Protection Act 2018. This means we’re responsible for looking after the information you share with us.  We process and store your information to help us administer your policy and provide products and services to you.

We collect personal information to help us administer your policy.  This includes your name, address and date of birth.  We may also need your financial information, details about your employment and lifestyle together with any other information relevant to the type of policy you have or wish to apply for with us.

To be able to contact you and send you information about your policy, we’ll collect your contact details including your phone number and email address.

We’ll only ask for the minimum amount of information we need to process your policy.  We may also need you to send us documents to support and verify what you’ve told us.

Sometimes we need to collect medical information about your health, known as sensitive information.

We need your information to offer and provide products and services to you, administer your policy, process claims and deal with complaints. If we don’t have this information, we won’t be able to do this or keep you informed.

We may need to collect and process your medical information to adminster your policy, assess any claims, or offer a new policy.

We may need to collect personal information about you from a third party, but will only ask for the minimum information we need.  A third party may be:

  • Your employer or pension scheme trustee if you’re a pension scheme member.
  • Credit reference agencies to help us find you if we lose touch with you.
  • Service companies who provide third party administration.
  • Law enforcement and fraud prevention agencies to prevent and detect crime.
  • Medical professionals to help us assess a claim (but we’ll always ask for your permission first).
  • Regulators, for example the Financial Conduct Authority who make sure we’re operating in your best interests.
  • Government offices, for example HM Revenue and Customs (HMRC) who are responsible for the collection of taxes.
  • Third parties acting on your behalf.
  • Any other publicly available information, as needed.

When processing personal and sensitive information we must have an appropriate reason for doing so.  This is called a "legal basis".  Our legal bases for processing your information are:

This applies to the majority of the information we collect and process about you. We need your information to offer and administer your policy, or to assess and pay any claims.

We also rely upon performance of a contract:

  • To provide you with information and services you request from us.
  • For policy renewals.
  • To provide you with information on your policy options and products in certain circumstances including:
    • Options available to you as you near retirement if you have a pension policy.
    • Details of other life insurance policies if the value of your policy no longer supports your benefits.
  • To inform you of any changes to our services.
  • To reinsure policies to support claims.

This means we have a business reason for needing to process your information, but we’ll always make sure our approach is fair.

We rely upon legitimate interest in the circumstances listed below.  You have the right to object to your information being processed in these ways. However if you do object, we may be unable to administer your policy or make payments to you.

We’ll need to evidence your identity, which we can do electronically. This leaves a soft footprint on your credit file, but this won’t affect your credit rating. However, if the electronic match is not sufficient we’ll need you to send us proof of your identity.

This is to help us improve our service, for your protection and could help us to resolve any concerns you might raise.

We process your information to make sure our products continue to meet customer needs. This may lead to further product enhancement or development.

Information may be used to bring about, defend and manage legal claims.

We review policy information to make sure customer premiums are in line with claims paid out. We may ask you to take part in customer satisfaction surveys or join our customer panel to help us improve our communications and service.

You may tell us who you’d like to benefit from your policy in the event of your death, or appoint representatives on your behalf such as trustees or a power of attorney. We’ll process and store this on our systems and our partners’ systems.

This makes sure appropriate safeguards are in place to protect all information held on our systems.

In the event of corporate operational requirements, or a merger or acquisition we may need to share your information internally within our Group, and with third parties as part of our due diligence and transaction.

Whilst we have appropriate controls in place to protect your information, in the event of a cyber-breach your data may be processed to identify whether it was compromised.

We may need to use your information to meet legal and regulatory requirements with our regulators, including the Financial Conduct Authority (FCA), and HM Revenue & Customs (HMRC) to comply with tax law, including overseas tax offices where appropriate.

We’re also obliged to comply with requests made by law enforcement agencies.

We do not currently rely on consent to process your information.

In some circumstances we may identify a reason where information needs to be shared with a third party for your protection.

We’ll only disclose your personal information to other companies within our Group and to selected third parties.  We’ll do this to help us administer your policy or for them to provide services to us.

Third parties who currently provide us with services include:

  • Policy administrators to help us administer your policy.
  • Regulators to ensure we comply with regulatory requirements.
  • Law enforcement agencies to help them to comply with legal and regulatory requirements.
  • Fraud prevention agencies to help us to prevent and detect financial crime and fraud.
  • Providers of IT infrastructure, digital support, disaster recovery contingencies and data centre management to help us to protect the security of your information, ensure our online services remain fit for purpose and perform systems testing.
  • Telephony services providers for communication.
  • Mailing and printing companies to efficiently send you information about your policy.
  • Offsite data storage facilities, for efficient data management and security.
  • Employers to help us provide and receive information in connection with your pension scheme.
  • Reinsurers to help us to share the risk of claims payments.
  • Other insurers to share information to prevent and detect fraud and also to transfer your policy at your request.
  • External auditors to independently assess us.
  • Banks to receive premium payments and pay claims.
  • Confidential waste management companies to help us to protect your information.
  • Credit reference agencies to help us to find you if we lose touch with you.
  • Providers of electronic tools to help us verify your identity.
  • Public Relations agency to liaise with journalists on our behalf in respect of media enquiries.
  • Customer feedback companies to conduct surveys on various customer services and initiatives to improve the service we provide.
  • Property management companies for equity release customers.
  • Private investigators to help us to verify your information or to prevent or detect fraud.
  • External actuarial service providers to perform statistical analysis, actuarial calculation services for specialist pension cases and actuarial services needed for valuation and experience analysis.
  • Facilities management companies, including the supply of CCTV to protect the business and you at our premises.

If we share your information with a third party, we require it to be treated with the same level of protection as if we were dealing with it.

For more information on the types of data we’ve sent to these third parties you can write to: The Data Protection Officer, ReAssure, Windsor House, Telford, TF3 4NB.

We use automated tools to give you quotes and policy values, to decide on what terms we can offer you insurance (for example policy reviews and renewals), carry out fraud checks and deal with claims.

To administer your policy, we may need to transfer your information to another country, including those outside the European Economic Area (EEA). Some administration services are carried out in India for our former Barclays Life and our Retirement Account customers, which means some information can be viewed in India. No other customer information is transferred outside the EEA for administration services.

We require any organisation who receives your information from us, to treat it with the same level of protection as if we were dealing with it.

We only keep personal information for as long as necessary to administer your policy and deal with claims and queries on your policy. Information is retained after our relationship with you has ended, to make sure we have an accurate record in the event of any complaints or challenges, carry out relevant fraud checks, or where we are required to do so for legal, audit, regulatory review or tax purposes.

Your Rights

You can request a copy of all the personal information we hold about you. You can do this by phone, email or in writing, and it’s known as a subject access request (SAR). You don’t have to pay for this, but we’ll need to verify your identity and carry out reasonable checks before we send the information to you within one month.  We may ask you to send us identification documents such as a passport or driving licence.

We won’t send any medical records we hold directly to you. We always send this information to your doctor for them to decide whether it’s passed on to you.

To protect you we won’t send your information (including a SAR) by email, as it’s not secure.  This means if anyone intercepted it, they may be able to read its content.

You can ask for the personal information that you gave when you took out your policy or have since updated, to be sent to you or another provider in a machine-readable format. This is known as data portability.  We’ll need to confirm your identity first, and we’ll send your information to you for free within one month.

Data portability is restricted to the information you have given us, and is therefore usually limited to basic personal information.

You can request that we remove or delete your personal data if there isn’t a reason for us to continue to process it. Our regulator requires us to keep some information for a specific period, for example if you transfer a pension from elsewhere into your ReAssure pension we must keep these records indefinitely.

We’ll consider each request to delete information on its own merits. If we can’t delete your information we’ll explain to you why we need to keep it.

If we agree to delete your information, we’ll also ask any third parties to remove any of your data that we shared with them.

If you believe we hold incorrect or incomplete data about you, please contact us as soon as possible. We’ll update any incorrect information once we’ve checked it, but we might need evidence of the changes (for example a birth certificate to correct your date of birth).

You have the right to object if you feel it’s not in your best interests. You can ask us to restrict how we process your personal information or for an automated decision to be reviewed by a person.

However, restricting the way we process your information may affect our ability to administer your policy. Further information will be given to you at the time if you make a request.

We’ll protect the confidentiality and security of your information using the following:

  • Appropriate security measures.
  • Robust and secure processes.
  • Technical measures.
  • Fully trained staff.
  • Continuous monitoring of our safeguarding measures.

If you’d like to contact our Data Protection Officer (DPO) or you’d like more information, you can write to:

The Data Protection Officer, ReAssure, Windsor House, Telford, TF3 4NB.

We make every effort to get things right first time, but we know that sometimes things can go wrong. If this happens let us know, and we’ll do everything we can to put it right. You can call or write to us to make a complaint by using the contact details in our letters or by visiting the Contact us page.

If you’re not happy with our response you can raise your concerns with the Information Commissioners Office (ICO) by visiting ico.org.uk. They also have a helpline that’s open Monday to Friday 9am to 5pm on 0303 123 1113.

We may update this privacy notice from time to time to keep it up to date or to comply with legal requirements. If there are any significant changes to the use of your personal information, we’ll tell you by posting a notice on our website.