Last modified: 9th February 2021
Co-op Insurance Services Privacy Notice
Co-op Life Cover is provided, underwritten and administered by The Royal London Mutual Insurance Society Limited. These notices explain how Co-op Insurance Services and Royal London will use your personal information and your rights under data protection laws.
Please take a few minutes to read this Privacy Notice carefully as it contains important information about how Co-op Insurance Services will use and share your personal information, what your data protection rights are and how you can contact Co-op Insurance Services.
In this Privacy Notice only, references to, 'we', 'our', or, 'us', shall mean Co-op Insurance Services and, 'you', or, 'your', shall mean you as a customer of the Co-op Life Cover (Life Cover) which is provided, administered and underwritten by The Royal London Mutual Insurance Society Limited (Royal London).
Co-op Insurance Services Limited trading as Co-op Insurance Services (which is part of the Co-op Group) is classed as a 'data controller' of your personal information. Our registered office address is at 6th Floor, 1 Angel Square, Manchester, Lancashire, M60 0AG. Co-op Insurance Services has appointed a Data Protection Officer who can be contacted by letter: Data Protection Officer, Co-op Insurance Services, 6th Floor, 1 Angel Square, Manchester, M60 0AG.
We are introducing you to Royal London who are also a data controller of your personal information. Royal London will collect your personal information in order to provide you with your Life Cover and will share it with us for marketing and product management purposes. Further information about how Royal London uses your personal information can be seen below. It is important that you read Royal London’s Privacy Notice because it sets out your rights when it comes to their handling of your personal information, and also explains their privacy and data protection obligations.
When you apply for a quotation, purchase Life Insurance, make a claim and/or complaint, Royal London collect certain information from you such as your name, gender, marital status, address, email address and contact telephone number. Royal London shares this personal information with us for the purposes set out below.
We may use your personal information:
- where applicable, to fulfil Co-op Group membership requirements in relation to our Co-op Group membership scheme;
- to send to you Co-op Group membership offers where appropriate;
- to manage the overall performance of the Life Insurance;
- to monitor the performance of Royal London;
- to offer you incentives from time to time;
- to ask for your feedback, assess customer service and satisfaction and to improve our overall operations;
- to develop new services and products for you;
- to communicate with you, where you have consented to receive communications or by sending you information about similar Co-op Group products or services which we think may be of interest to you. We will not send you marketing communications if you have opted out to receive marketing. You will be able to opt-out of such communications at any time using the contact details below or by calling 0345 268 6081;
- to comply with our legal obligations; and
- to help us improve our service and our communications to you, so that we can contact you at the most appropriate time with relevant offers.
We will only use your personal information where it is permitted by law and where:
- we need to use your personal information to comply with our legal or regulatory obligations;
- you have given us consent to use your personal information (if consent is needed);
- it is in our interests or the interests of Royal London to fulfil their contractual obligations to you and where there is no disadvantage to you.
We will share your personal information with:
- service providers and third party partners who process and store data on our behalf;
- professional advisors;
- law enforcement, taxation and legal authorities;
- any member of the Co-op Group, which means Co-operative Group Limited, and other companies which may be added to the Co-op Group from time to time; and
- our marketing and advertising partners.
We may also share your personal information with third parties in the event that our Co-op business or substantially all of its assets are acquired by a third party and if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or to protect our rights, property, or the safety of our employees, customers, members or others.
We may need to transfer your personal information outside of the UK to countries where data protection laws may not provide the same level of protection as those in the European Economic Area. We shall ensure that any such transfers are lawful and that your personal information is kept secure.
We keep personal information for as long as we need to for the purposes we have set out in the "How do we use your personal information?" section above. Usually, we will retain your information for up to seven years, unless there is an exceptional business purpose in which case this time period needs to be extended. If you would like further information about our retention procedures, please contact us using the details below.
Data protection laws give you a number of rights as set out below. If you would like to exercise any of your rights in relation to the personal information we hold about you, please contact us using the details below.
Please note that we can only assist you with exercising your rights in relation to the personal information that we hold about you. If you would like to exercise your rights in
respect of the personal information that Royal London collected from you and holds about you, please contact Royal London directly using the details below.
Right to access your personal information: you may requestaccess to a copy of your personalinformation. Please send all requestsfor access to us in writing.
Right to withdraw consent: if you have given us consent to use your personal information to send you marketing, you can withdraw your consent at any time. You can do this at any by calling 0345 268 6081.
Right to rectification: you may ask us to rectify any inaccurate information we hold about you. If you would like to update the personal information we hold about you, please contact us.
Right to erasure: you may ask us to delete your personal information. If you would like us to delete the personal information we hold about you, please contact us, specifying why you would like us to delete your personal information.
Right to portability: you may ask us to provide you with the personal information that we hold about you in a structured, commonly used, machine readable format, or ask for us to send such personal information to another data controller.
Right to restriction: you can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
Right to object: you may object to our processing of your personal information pursuant to this Notice. Please contact us, providing details of your objection
Right to make a complaint: you may make a complaint about our data processing activities by contacting us using the details below. Alternatively, you may make a complaint to the UK supervisory authority, which is the Information Commissioner’s Office, by visiting their website at www.ico.org.uk, by phoning 0303 123 1113 (local rate) / +44 1625 545 700 (from outside the UK), or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
We will treat all of your personal information in strict confidence and we will take all reasonable steps to keep your personal information secure once it has been transferred to our systems. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information. Please note that we cannot guarantee the security of any data you disclose to us online. You accept the inherent security risks of providing information and dealing online and will not hold us responsible for any loss or damage that you incur.
We may modify this Privacy Notice from time to time, so please review it regularly. We will let you know when we make any material changes to this Privacy Notice by means of notice on our site homepage or if appropriate, by contacting you directly. This Privacy Notice was last amended on 9th February 2021.
If you have any queries relating to this Notice or our use of your personal information or wish to exercise any of your rights, please contact our Data Protection Officer by writing a letter to: Data Protection Officer, Co-op Insurance Services Limited, 6th Floor, 1 Angel Square, Manchester, M60 0AG.
If you have any queries about how Royal London uses your personal information please contact Royal London directly by emailing GDPR@royallondon.com , or by letter to Royal London, Royal London House, Alderley Park, Congleton Road, Nether Alderley, Macclesfield, SK10 4EL.
Royal London Privacy Notice
The Royal London Mutual Insurance Society Limited are also a data controller of your personal information.
When we say ‘we’ or ‘us’ in this Notice we’re referring to the Royal London Mutual Insurance Society Limited, a company registered in England and Wales (registration number: 99064). This is the ‘parent’ company of the Royal London Group, which consists of the Royal London Mutual Insurance Society Limited (Royal London) and its subsidiaries and is your main point of contact for all of our companies.
We use the information we obtain from you as part of this application for a number of reasons:
- setting up and administering your plan;
- completing any requests or claims you make;
- verifying your identity and preventing fraud;
- researching our customers’ opinions and exploring new ways to meet their needs;
- assessing and developing our products, systems, prices and brand;
- fulfilling any legal or regulatory obligations.
Certain personal information collected by Royal London during quotation/purchase of Life Insurance, when you make a claim and/or complaint will be shared with Co-op Insurance Services as the introducer of this scheme.
Most of the information we get we will have received directly from you. We may also obtain personal information about you from other sources:
- tracing companies – if we lose touch with you we may source information such as contact details so we can get in touch and remind you about your product;
- medical professionals – for example if we need information for underwriting purposes or to support an ill health claim;
- credit reference agencies - so we can check your identity;
Data Protection gives organisations a number of different conditions to allow us to process your information lawfully. We’ll only use your personal information when one of these conditions has been satisfied. In the following table you can see how we use your information and the legal grounds for processing this:
|Legal grounds||Use of your information|
Necessary for the performance of a contract
The personal information you provide or that of a joint party to the contract may be processed when it is necessary in order to enter into or perform a contract. For example, where we process your information to assess your application or to provide your policy.
Administering your policy including arranging, providing, underwriting, administering your policy and managing any queries, complaints or claims.
If we lose touch we may source information, such as your contact details, so we can get in contact with you to tell you about your policy.
Necessary for compliance with a legal obligation
Your personal information may be processed where Royal London has a legal obligation to perform such processing. For example, where we share information with our regulators or the courts.
Verifying your identity and preventing fraud.
We verify your identity with credit references agencies when you apply for a policy. We may also need to check this again when relevant, in an attempt to protect you from risks. This isn’t a credit check and doesn’t affect your credit rating.
We sometimes need copies of your identification documents, or identification numbers, for example passport or driving licence number, if we need to do extra checks. This is to make sure we meet our obligations with anti-money laundering or other laws.
Fulfilling any other legal or regulatory obligations.
These will vary according to the nature of your product you have taken out. For example, we’ll provide yearly statements when required by the Financial Conduct Authority.
Necessary to protect vital interests
This will usually only apply in “life or-death” scenarios.
We may disclose your information to the police or other authorities if we have serious concerns about your wellbeing.
Necessary for an insurance product
The UK laws that will bring the GDPR in to effect give legal grounds for processing your medical information in connection with an insurance product.
We’ll obtain information about you from medical professionals if it’s needed for underwriting your product or for claims assessment for protection policies ill health.
Necessary for legitimate interests
We also use your information for other activities. Where we do this we need to have a ‘legitimate interest’. Activities are assessed and your rights and freedoms are taken into account to ensure that nothing we do is too intrusive or beyond your reasonable expectations. We use legitimate interests for:
As you’d expect, our employees will access your records in order to use your information for the uses mentioned above. However, only those employees who need access to particular information are given it.
We may also share your personal information with these third parties:
- Our service providers and agents e.g. mailing houses for printing, offsite storage companies, confidential waste disposal and IT companies who support our technology;
- Co-op Insurance Services as they have introduced you to us;
- Our professional advisers: auditors; underwriters; reinsurers; medical agencies and legal advisers;
- Identity authentication and fraud prevention agencies;
- HM Revenue & Customs, regulators such as the Financial Conduct Authority and other authorities like the Information Commissioner’s Office;
- UK Financial Services Compensation Scheme;
- Market research agencies;
- Direct debit (DD) scheme – if you use DDs Companies you ask us to share your information with.
We sometimes use third parties located in other countries to provide support services. As a result, your personal information may be processed in countries outside the European Economic Area (EEA).
These services will be carried out by experienced and reputable organisations on terms which safeguard the security of your information and comply with the European data protection requirements. Some countries have been assessed by the EU as being ‘adequate’, which means their legal system offers a level of protection for personal information which is equal to the EU’s protection. Where the country hasn’t been assessed as adequate, the method we have chosen to rely on is standard contractual clauses.
The European Commission has recognised ‘standard contractual clauses’ as offering adequate safeguards to protect your rights and we’ll use these where required ensuring adequate protection for your information. The European Commission approved standard contractual clauses are available to view at the European Commission website.
We always ensure all personal information is provided with adequate protection and all transfers of personal information outside the EEA are done lawfully.
We use Transport Layer Security (TLS) to encrypt and protect email traffic. However if your email service doesn’t support TLS, any emails we send or receive won’t be protected. We recommend you don’t send anything confidential to us by email. Once we receive your information, we use strict procedures and security features to protect your information from unauthorised access.
We’ll keep your personal information for as long as it’s considered necessary, for the purpose for which it was collected, and to comply with our legal and regulatory requirements. This will involve keeping your information for a reasonable period of time after your policy or your relationship with us has ended.
In the absence of specific legal, regulatory or contractual requirements, any other personal information is kept for our baseline retention period – this is seven years after your policy has exited. In some circumstances we may retain your information for longer, if we have a legal or regulatory requirement to do so.
We’re also running a programme as part of our need to treat our customers fairly. This information will be kept beyond seven years.
Automated decisions are where a computer makes a decision about you without a person being involved. If you apply for a new policy we’ll make an automated decision. This decides whether we’ll provide cover and at what price, for example, if you apply for life assurance online the system will generate a price and decision based on your age and/or your health information.
We make automated decisions about you as part of the underwriting journey. Our usual process is for us to ask relevant information about your job, interests, travel, health and family history – for example we need to know if one of your interests is skydiving, as this could increase your risk and potentially your premium.
The online system makes a decision based on rules that have been created by specialist rule developers. These rules are based on the internal underwriting guidance.
For life and critical illness cover, if you were unlikely to get an automatic accept or not accept decision, we use ‘machine learning’ to predict the decision that would have been made if you followed the full underwriting process. The machine learns from our own database of existing quote, application and claims information as well as socio-economic data based on your postcode that we obtain from Experian. It decides whether your application would be likely to be accepted or not accepted.
We’ll then indicate whether we can offer our standard premium, an increased premium or exclusions to your cover.
There are some cases where we won’t be able to offer a decision online and need your application to be reviewed by our underwriting team. They may request further information from you or, with your permission, from your doctor before we’ll be able to confirm whether we can offer you cover, and on what basis. There will be a small proportion of cases where we aren’t able to offer cover online and we’ll flag this indicative decision during the online journey. As this is an indicative decision, it means that you don’t have to disclose this, if asked, on other insurance applications. However, you have the right to ask for someone to review the automated decision, so you can also ask for the decision to be made via our manual underwriting process. Note that if the decision is still that we are unable to offer you cover, this would need to be disclosed if you applied for insurance elsewhere.
You have the same rights for personal information used by Royal London as detailed in the “What are your rights?” section of the Co-op Insurance Services Privacy Notice above. The easiest way to exercise any of your rights would be to contact our Data Protection Officer.
By email at: GDPR@royallondon.com
By letter to: Royal London, Royal London House, Alderley Park, Congleton Road, Nether Alderley, Macclesfield, SK10 4EL.
We’ll provide a response within 30 days, if not sooner. There’s normally no charge for exercising any of your rights.
You can also contact our Data Protection Officer if you have any questions or comments regarding this Notice or about how your information is used.
If we want to use your personal information for a new purpose which we haven’t previously told you about, we’ll contact you explaining the new use of your information. We’ll set out why we’re using it and our legal reasons.
We may modify this Notice from time to time, so please review it regularly. We will let you know when we make any material changes to this Notice by means of notice on our site homepage or if appropriate, by contacting you directly. This Notice was last amended on 9th February 2021.