Privacy Notice

EQUITABLE LIFE ASSURANCE SOCIETY

PRIVACY NOTICE

1. The personal information we use
2. How we use your personal information and the basis on which we use it
3. Your rights over your personal information
4. Automated decisions about you
5. Information Sharing
6. Information Security and Storage
7. International Data Transfers
8. Cookies
9. Contact Us
10. Changes to the Notice

This privacy notice describes how the Equitable Life Assurance Society ('the Society’, 'we', 'us') collects and processes personal information about you, how we use and protect this information, and your rights in relation to this information.

This privacy notice applies to all personal information we collect or process about you in relation to you as a policyholder or your role when acting on behalf of a policyholder, and when using our website. Personal information is information, or a combination of pieces of information, that could identify you.

1. PERSONAL INFORMATION WE USE

This privacy notice applies to all personal information we collect or process about you in relation to your policy or your role when acting on behalf of a policyholder, and when using our website. We collect personal information from you directly and also from other sources as explained in this notice.

We may be required as a consequence of our relationship with you, or by law, to collect certain personal information about you. Failure to provide this information may prevent or delay the fulfilment of these obligations.

We will inform you at the time your information is collected whether certain information is compulsory and the consequences of the failure to provide such information.

The categories of information that we may collect directly from you, or from a third party, such as authorised representative or trustees:

(a) Individual details - your name, address, telephone number, date of birth, gender, marital status, nationality, occupation
(b) Family details- spouse, partner, next of kin, dependants, trustees and beneficiaries (including their relationship with you)
(c) Identification details – national insurance number, passport number, utility bill, birth certificate, marriage certificate
(d) Financial information – bank details, income, expenditure
(e) Special categories of data (where relevant), including health information
(f) Transactional information (e.g. information relating to any of your requests, queries or complaints)

The categories of information that we may collect from other sources are:

(a) Credit and anti-fraud data – credit history, sanctions and criminal offences, and information received from various anti-fraud organisations or databases relating to you
(b) Health information obtained from your doctor or other medical practitioner or (where relevant) other insurers providing similar insurance to you.

The categories of information that we may collect from you when you use our website are:

(a) Authentication and identification information (e.g. user identification number, username, password, email address and IP address).
(b) Data collected using cookies and other device identifying technologies ('Cookies and Tracking Technologies'). Further information about our use of Cookies and Tracking Technologies is available in section 8 of this notice.

2. HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT

We use your personal information:

(a) to perform our obligations under our contract with you;
(b) to correspond with you regarding your policy and to deal with your enquiries and requests;
(c) for the purposes of security and risk management and prevention of crime, fraud and money laundering;
(d) for the purposes of identity verification;
(e) to better understand your needs and provide you with improved services; and
(f) to facilitate our internal business operations including to fulfil our legal and regulatory requirements, and to manage and defend legal claims.

We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:

(a) Performance of a contract – We may need to collect and use your personal information to enter into a contract with you or to perform a contract that you have with us.
(b) Legal obligation – We may retain or provide to third parties your personal information where we are required to so by law or regulation.
(c) Legitimate interests – We may use your personal information for our legitimate interests to continue to provide and improve pensions and life cover we maintain for you. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
(d) Consent – We may use your personal information, including sensitive information such as health, gender and biometrics, with your consent.

3. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION

You have certain rights regarding your personal information, subject to local law. These include the following rights to:

• access your personal information
• rectify the information we hold about you
• erase your personal information
• restrict our use of your personal information
• object to our use of your personal information
• receive your personal information in a usable electronic format and transmit it to a third party (right to data portability)
• lodge a complaint with your local data protection authority

If you would like further information or would like to exercise your rights, please complete this form.

We will respond to you within one month of receiving your request unless we notify you otherwise. Please address any requests for personal information, questions on this matter or requests to correct any inaccuracies in the information we hold on you to the address set out in the Contact Us below. We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.

We will contact you if we need additional information from you in order to honour your requests.

4. AUTOMATED DECISIONS ABOUT YOU

We may process your personal information by automatic means and without human intervention to make decisions that may impact you. This involves using software that is able to evaluate your personal aspects and predict risks or outcomes. We carry out this automatic processing where:

(a) such decisions are necessary for entering into a contract with you. For example, we may decide not to offer our services to you, or we may decide on the types of services that are suitable for you, or how much to charge you for our products based on your credit history and other financial information we have collected about you; and
(b) such decisions are required or authorised by law, for example for fraud prevention purposes. The effect of this processing is that we may not be able to accept claims and we may be subject to regulatory requirements to report any activities that we think may be suspicious.

If you require further information about automated decision-making, you want to object to our use of automated decision-making, or request an automated decision to be reviewed by a human being please contact us on the details below and we will explain to you what your rights are in relation to the processing in question.

5. INFORMATION SHARING

We may share your personal information with the following third parties:

(a) third-party service providers that perform services on our behalf, such as re-insurers, web-hosting companies, information technology providers and credit reference agencies
(b) law enforcement, other government authorities, or third parties (within or outside the jurisdiction in which you reside) as may be permitted or required by the laws of any jurisdiction that may apply to us (for example, anti-money laundering authorities, the Prudential Conduct Authority and the Financial Conduct Authority)
(c) service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.

The recipients referred to above may be located outside the jurisdiction in which you are located). See the section on "International Data Transfers" below for more information.

6. INFORMATION SECURITY AND STORAGE

We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.

We will retain your personal information for a period of time that enables us to:

• maintain business records for analysis and/or audit purposes
• comply with record retention requirements under the law
• defend or bring any existing or potential legal claims
• deal with any queries or complaints you may have.

We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.

7. INTERNATIONAL DATA TRANSFERS

Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under UK and EU law.

We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

8. COOKIES

A cookie is a small file containing information which a website places into your Internet browser from where it can be retrieved later. It cannot be read by any website other than that which placed the cookie.

We use cookies (utma, utmb, utmc and utmz) to enable us to utilise a service provided by Google Analytics. These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form and cannot identify you as an individual (except for direct online client services), including the number of visitors to the site, the location from which visitors have come to the site and the pages they visited. You can choose whether or not to accept the cookies when entering our site or change your settings to disable them.

Click here for an overview of privacy at Google

If you wish, you may disable cookies by changing the settings on your browser. If you decide you would like to do this, you can find information on browser settings and controlling cookies available at www.aboutcookies.org. However, you will not be able to access any online client servicing area of the site if you disable cookies.

9. CONTACT US

The Society is the controller responsible for the personal information we collect and process about you.

If you have questions or concerns regarding the way in which your personal information has been used, please contact The Information Security Officer, The Equitable Life Assurance Society, Walton Street, Aylesbury, Buckinghamshire HP21 7QW.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to a supervisory authority. The supervisory authority for the UK is the Information Commissioner’s Office who can be contacted via: https://ico.org.uk/.

10. CHANGES TO THIS NOTICE

You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time.

If we change this privacy notice, we will notify you of the changes. Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).

1 MAY 2018