Standard Life Assurance Limited (Irish branch)
Standard Life International dac
Standard Life Assurance Limited (Irish branch) and Standard Life International dac (we) are committed to protecting your personal information.
Who we are
We are part of the Phoenix Group, one of the UK's largest providers of insurance services.
How to contact us
Information we collect and use
Information about you that we collect and use includes:
- Information about who you are, for example, your name, date of birth and contact details, proof of identity and address
- Information connected to your product or service with us, for example, your bank account details
- Information about your contact with us, for example, meetings, phone calls, emails, letters
- Information that is automatically collected, for example, via cookies when you visit one of our websites
- Information if you visit one of our offices, for example, images collected via closed circuit television (CCTV)
- Information relating to your health and medical data
- Information you may provide us about other people, for example, lives assured or beneficiaries for products you have with us
- Information about your preferences, interests and demographic information
- Children are not able to buy products and services from us. However, a parent or guardian can, and a child can also be named as a beneficiary on some of our products. In these cases, we collect limited personal information to identify the child (such as their name, date of birth and family relationship). Any communication about these policies will be with the policyholder.
Where we collect and use sensitive personal information, this information will only be collected and used where it’s needed to provide the product or service you have requested or to comply with our legal obligations, and where we have also obtained your explicit consent to process such information.
Where we collect your information
We may collect your personal information directly from you, from a variety of sources, including:
- An application form for a product or service
- Phone conversations with us
- Emails or letters you send to us
- Registering for one of our events, for example, retirement roadshows
- Participating in research surveys to help us understand you better and improve our products and services
- Our online services such as websites, social media and mobile device applications
If you have a financial adviser and/or are a member of your employer’s pension scheme, the information we collect and use will most likely have been provided by them on your behalf.
We may also collect personal information on you from
- places such as business directories and other commercially or publicly available sources, for example, to check or improve the information we hold (like your address) or to give better contact information if we are unable to contact you directly.
- Other companies within the Phoenix Group, to support the products and services we provide.
Why we collect and use your information
We take your privacy seriously and we will only ever collect and use information which is personal to you where we have a valid reason, and it’s fair and lawful to do so. We will collect and use your information only if we are able to satisfy one of the lawful processing conditions set out in the data protection laws. This will be the case where:
- You have given us your permission (consent) to send you information about products and services offered by other parts of the Phoenix Group which we believe may be of interest and benefit to you. All existing consent and preferences gathered have been retained in order to minimise disruption to services we provide you. You can withdraw your consent at any time by emailing email@example.com. Alternatively, you can log into My Standard Life and update your marketing preferences in the ‘My Details’ section
- It’s necessary to provide the product or service you have requested, for example, if you wish to invest in one of our pension or savings products, we will require some personal information including your name, address, date of birth, bank account details
- It’s necessary for us to meet our legal or regulatory obligations, for example, to send you annual statements, tell you about changes to Terms and Conditions, or for the detection and prevention of fraud
- It’s in our legitimate interests
- to deliver appropriate information and guidance so you are aware of the options that will help you get the best outcome from your product or investment;
- where we need to process your information to better understand you and your needs so we can send you more relevant communications about the products you have with us;
- to develop new products and services;
- to conduct research and collate management information to improve the products and services we offer
- It’s in the legitimate interests of a third party (for example, data aggregation suppliers used by your financial adviser)
Where the processing is in our legitimate interests or those of a third party, we will always conduct an assessment to ensure that this use of your personal information is not excessive or unnecessary or otherwise more intrusive than it needs to be.
If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our products or services. If you would like more information about this, please Contact us
We sometimes use systems to make automated decisions based on personal information we have - or are allowed to collect and use from others – about you. These automated decisions can affect the products, services or features we offer you now or in the future. We use automated decisions in the following ways:
Tailoring products and services, for example, placing you in groups with similar customers to make decisions about the products and services we may offer you to help meet your needs
When designing and enhancing our online services to help meet your requirements for ongoing guidance and support
Who we may share your information with
We may share your information with third parties for the reasons outlined in ‘Why we collect and use your information’
These third parties include:
- Companies within the Phoenix Group who support us in the provision of the product or service you have with us, or reinsure risks for us
- Credit and identity check agencies for identity verification and credit reference checks
- Anyone you ask us to share information with, such as your financial adviser or employer, where this is required as part of the product or service you have agreed with us
- Companies we have chosen to support us in the delivery of the products and services we offer to you and other customers, for example, strategic partners; fund managers; research, consultancy or technology companies; or companies who can help us in our contact with you, like an internet service provider
- Our regulators, including the Central Bank of Ireland, the Data Protection Commission
- Law enforcement and other appointed agencies and the courts who support us (or where they request the information) in the prevention and detection of crime
- Tax authorities (for example, Revenue Commissioners, HMRC)
- Relevant industry bodies (for example, Insurance Ireland)
Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
Where your information is processed
The majority of your information is processed in Ireland.
However, some of your information may be processed by us or the third parties we work with outside of the European Economic Area (EEA), including countries such as the UK and USA.
Where your information is being processed outside of the EEA, including in the UK, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by Irish data privacy laws, for example, we will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.
How we protect your information
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake annual training on this.
Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.
How long we keep your information
To provide your product and meet our legal and regulatory obligations, we keep your personal information and copies of records we create (for example, phone calls with us) while you are a customer of ours.
Even when you no longer have a relationship with us, we are required to keep information for different legal and regulatory reasons. The length of time will vary and we regularly review our retention periods to make sure they comply with all laws and regulations.
You have a number of rights under data protection laws which may be exercised in certain circumstances. These are:
- Right to be informed about how and why we are processing your personal information
- Right of access to personal information relating to you
If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request.
- Right to request rectification of inaccurate or incomplete personal information
If your personal information is inaccurate or incomplete, you can request that it is corrected.
- Right to request erasure of your personal information
You can ask for your personal information to be deleted or removed if there is not a compelling reason for us to continue to have it.
- Right to restrict processing of your personal information
You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.
- Right to data portability
You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way. For example, if you were moving your pension to another pension provider.
- Right to object to processing of your personal information
You can object to us processing your personal information where: it’s based on our legitimate interests (including profiling); for direct marketing (including profiling); and if we were using it for scientific/historical research and statistics.
- Right to not be subject to automated decision making, including profiling
You have the right to ask us to:
- give you information about its processing of your personal information
- request human intervention or challenge a decision where processing is done solely by automated processes
- carry out regular checks to make sure that our automated decision making and profiling processes are working as they should.
To exercise your data protection rights, please Contact us
How to make a complaint
While we hope that we can resolve any complaints for you, you do have the option complain to the Data Protection Commission (whether or not you have exhausted our complaints procedure).