Last modified: 01/02/2021
Life Insurance products taken out through Cover Direct Ltd are provided, underwritten and administered by The Royal London Mutual Insurance Society Limited. These notices explain how Cover Direct Ltd and Royal London will use your personal information and your rights under data protection laws.
Please take a few minutes to read this Privacy Notice carefully as it contains important information about how Cover Direct Ltd will use and share your personal information, what your data protection rights are and how you can contact Cover Direct Ltd.
In the Cover Direct Ltd Privacy Notice only, references to, 'we', 'our', or, 'us', shall mean Cover Direct Ltd and, 'you', or, 'your', shall mean you as the customer.
Customer Data
Our aim is to offer products that help you plan your financial future. To provide such products, we need to know about your personal situation and we may request sensitive and private information about you, for example, your income, current financial arrangements, health and family commitments.
If you are unable or unwilling to provide some or all of this information, we will be unable to provide you with some or all of our products. We do not collect personal information from third parties.
Retention
We will keep your personal information confidential and secure and only keep it for as long as is necessary. We will keep your personal information for 10 years, or if you take out a product through us, the length of the product plus 10 years. We will use it with care and it will only be shared in the ways explained in this leaflet, or if we are required to by Law or the Financial Conduct Authority (FCA).
In addition, we will make every effort to ensure that the information you provide is recorded accurately. In most circumstances, your data will only be processed within the UK or EEA. If for any reason we need to have your data processed elsewhere we will inform you of that, any privacy risks involved and what we have done to minimise those risks.
We use your information in a variety of ways:
Legal Basis for Processing
We have a legitimate interest in processing your data because you have asked us to do so, and it is also necessary to allow us to fulfil our contractual obligations to you. If you ask us to apply for a product on your behalf, it is necessary for the performance of a contract to which you are a party as well as compliance with legal obligations to which we as the controller are subject.
Consent
We only need your consent to process information about your health. We will obtain that consent when you first provide us with that information. You can withdraw it at any time.
Marketing
We will only send you marketing material about services other than those that we have previously provided, or discussed with you, with your consent. That consent can be withdrawn by you at any time.
Sharing
All our digital data is stored and processed in the UK by LeadStream (UK) Ltd and off-site by them at a secure "server farm" also in the UK. It may also be shared with our parent company, Money Marketing Group Limited and LeadStream (UK) Ltd.
Much of the information you provide will be passed to the company whose products you ask us to apply for on your behalf, and details of how they use your information are included in their data protection literature. This company may also, where necessary, share your information with us to enable us to contact you to support an enquiry, offer a new product or service or contact you when a payment has been missed.
Were our business to be sold all your data would be transferred to the purchaser so that they could use it in the same way as we do now.
Use of Cookies
We collect information about your computer, including where available your IP address, operating system and browser type using a cookie filer. Cookies help us to improve our website and deliver a better and more personalised service to you. They enable us to personalise your experience on our website, speed up your searches and help us select services or materials for inclusion on the website which may be of interest to you. It also allows us to monitor general traffic patterns and usage of our website to help us to improve our website design and layout. Most browsers accept cookies automatically, but usually, you can alter the settings of your browser to prevent automatic acceptance. If you choose not to receive cookies, you may not be able to use certain features of our website.
This information is completely anonymous.
If you provide us with information about yourself by form filling on our website a session cookie collects that information and stores it during your browsing session so that if you wish to fill another of our forms it will be automatically populated. Information stored in that cookie is deleted as soon as you terminate your browsing session.
Changes to our Privacy Policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
Your Data Protection Rights
You have certain rights under the General Data Protection Regulations. These include the right to:
Ask for a copy of your personal information in a portable format. There is no charge for this.
Stop us sending you marketing material about products and services.
Have any incorrect information we hold about you corrected.
Ask us to restrict processing of your personal data.
As the processing of your personal information is necessary for a legal obligation placed upon us by the FCA and may be required for the establishment, exercise or defence of legal claims, we will not be able to permanently delete your personal information until the end of the period we have deemed necessary.
How to get more information
If you would like further details on how we use your personal information or if you have any data protection queries, please write to:
The Data Protection OfficerYou may receive more information about data protection from the companies that we have introduced you to.
We may record telephone calls so we can check we have acted on your instructions correctly and to ensure we are giving you appropriate service. We may also monitor calls for security and training purposes.
Complaints
Our aim is always to provide an exceptionally high level of service to all of our customers. Where customers feel they have cause to raise a complaint it is important to us that these are dealt with objectively, fairly and within an acceptable time frame. Please follow this link to be directed to complaints coverdirect.com/complaints
You also have the right to refer your complaint to the Information Commissioner.
Who we are
Throughout this notice, when we say 'we' or 'us' we're referring to the Royal London Mutual Insurance Society Limited, a company registered in England and Wales, authorised and regulated by the FCA (registration number:99064).
This is the 'parent' company of the Royal London Group and is your main point of contact for all of our companies. We have several different companies who sit underneath. Within the Royal London Group, one or more of the following authorised and regulated firms will process information to provide your products and services:
What is personal data and why do we collect and process it?
Personal data is defined under the General Data Protection Regulation (GDPR) as any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
In essence, personal data is your personal information. Please see section 3 below for the type of personal data that we collect. We collect and process personal data primarily in order to provide you with our products and to administer a policy you have with us. Section 4 of this privacy notice tells you what you can expect us to do with your personal data when you make contact with us or use one of our services.
What kinds of personal data do we hold about you?
When we collect your personal data, we'll let you know if any of it is optional. If it is, we'll explain why it would be useful to us, and you can decide whether it's something you're happy for us to have.
Dependent on the type of product and service provided we may collect and process the following personal data about you:
How we use your personal data
We use your personal data for a number of reasons:
Where do we get your personal data from?
Most of the personal data we get comes directly from you when you apply for one of our products or services, or from your Financial Adviser if you have appointed one. We may also, where necessary, obtain personal data about you from other sources.
Who do we share your personal information with?
As you'd expect, our employees will access your records for the purposes mentioned above. For example, our customer service staff need access to your policy details to support you when you get in contact and our research team will need access to a subset of your data to perform their analysis. We regularly check who has access to our systems.
We will also share your personal data with these third parties:
Please note that any third parties will only process your personal data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
Reinsurers
Our Reinsurers require information including policy details, claims, medical and suspected fraud and other financial crime information. Reinsurance, or insurance for insurers, allows us to insure some of our risk with another company or companies. Our Reinsurers will use your information for purposes such as, but not limited to, deciding whether to provide reinsurance cover to us, assessing and dealing with claims and to meet legal requirements.
They'll keep your information for as long as needed for the relevant purposes, in line with the requirements under GDPR, and may need to disclose it to other companies within their group, their agents, third party service providers, law enforcement or regulatory bodies. Let us know if you want further details of the Reinsurers specific to your policy by using the details in the Contact Us section.
What are our legal grounds for using your personal information?
The GDPR and associated legislation sets outs specific grounds under which your personal data may be lawfully processed. The legal grounds for the processing of personal data by us will depend on the purpose for which the processing is being carried out.
We`ll only use your personal data when one of these grounds has been satisfied. Below you can see how we use your personal data and the legal grounds for processing this:
Use of your information:
Buying in Information
We may obtain your email address from data brokers if, for example we'd like to use it for a research project. We will ensure the data broker has obtained your consent to the sharing of your information.
Medical Information
To set up your policy we may need to contact a medical professional or your GP. However, we will only do so when you provide consent, by signing our declaration form. In order to assess a claim, we will also ask for your consent before we contact your medical practitioner or your GP so they can provide the necessary information.
Helping Hand
If you wish to avail of our Helping Hand service, we will need your consent to pass your contact details to Red Arc who administer the service.
Vulnerability Information
We process your information to be able to treat you as a vulnerable customer (if due to personal circumstances you are in a vulnerable position). You may, at your discretion provide us with this type of information on a voluntary basis and based on your consent.
Marketing Communications
Where appropriate, we may also contact you, and send marketing communications which may be of interest, if you have given us consent to do so. (Further information on marketing can also be found in the Legitimate Interest section below)
Cookies
On our website we use 'third party' cookies that collect information about how visitors use our website. Please see our Cookie Preferences for further information.
Legal Grounds:
Consent
Your personal data may be processed when we receive your consent.The consent you provide must be freely given, informed, specific, unambiguous and given with a positive affirmative action.
Your consent can be withdrawn at any time.
Use of your information:
Setting up and administering your policy
This covers all the usual activities, such as
- Processing your application.
- Calculating your premium.
- Making and receiving payments.
- Managing any changes of personal details such as changes of address or name.
- Servicing your policy.
- For insurance purposes, whereby we may share your data with one of our reassurance partners to ensure we manage our risks appropriately.
- Responding to queries or complaints.
- Keeping you updated about your products, such as sending you yearly statements and reminders.
- Managing your funds and deciding what funds are invested in / what options are available.
- Managing the relationship with your Financial Adviser, if you have appointed one.
Completing any requests or claims you make
This includes
- Paying a lump sum.
- Paying a regular income.
- Changing your cover.
- Changing the terms of your policy or who is covered.
- Processing a claim in the unfortunate event of your ill health or death.
If we lose touch
We may use a trusted 3rd party to find you and reunite you with your policy.
Legal Grounds:
Necessary for the performance of a contract
The personal data you provide or that of a joint party to the contract may be processed when it is necessary to enter into or perform a contract. E.g. where we process your information to assess your application, calculate your premium or to provide your policy.
Use of your information:
We use your personal data & special category data, where necessary, to comply with legal obligations including:
-Establishing your identity, residence and tax status in order to comply with laws and regulations on taxation and the prevention of money laundering, fraud and terrorist financing.
-Providing you with statutory and regulatory information and statements.
-Preparing tax and other returns to regulators and the HM Revenue and Customs.
-Complying with the requirements of Legal and Regulatory bodies e.g. The HM Revenue and Customs, The Financial Conduct Authority, Information Commissioner`s Office and the Financial Ombudsman Service.
-Keeping proper books and records and risk management governance to ensure the company stays financially sound.
-Carrying out internal reporting, quality checking, compliance controls and audits to help meet these obligations.
-Reporting to and, where relevant, conducting searches on industry registers. This includes screening all customers against sanction lists and Politically Exposed Persons lists.
-Complying with court orders.
Legal Grounds:
Necessary for compliance with a legal obligation
Your Personal data may be processed where Royal London has a legal obligation to perform such processing.
Use of your information:
We may disclose your information to the Police or other authorities if we have serious concerns about your wellbeing.
Legal Grounds:
Necessary to protect vital interests
This will usually only apply in "life-or-death" scenarios.
Use of your information:
In certain cases, and where necessary, the special category data provided may be processed for the following purposes:,
- To defend legal and prospective claims,
- To pursue legal proceedings or prospective legal proceedings, or
- For the purposes of establishing, exercising or defending legal rights.
Legal Grounds:
Necessary to provide legal advice and legal proceedings
The 2018 Data Protection Act provides legal grounds for processing special category data (medical information) for legal advice and legal proceedings.
Use of your information:
The medical information you, or your medical practitioner, or GP provided will be used, where necessary, for underwriting your policy or for claims assessment.
In certain cases, the information provided may be for another individual or family member who is party to your policy.
We'll also obtain information from a medical professional in the event of a death claim.
We'll share your information with our reinsurers for example, if we need another opinion or on specialist cases.
Legal Grounds:
Necessary for an insurance product
The 2018 UK Data Protection Act also provides legal grounds for processing your special category data (medical information) in connection with an insurance or pension product.
Necessary for legitimate interests
We also use your personal data when we have a "legitimate interest" and that interest isn't outweighed by your privacy rights. Each activity is assessed, and your rights and freedoms are considered to ensure that we're not being intrusive or doing anything beyond your reasonable expectation. We'll assess the information we need, so we only use the minimum.
If you want further information about processing under legitimate interests, you can contact us using the details below.
You also have the right to object to any processing done under legitimate interests. We'll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason, we may still continue to use your personal data.
We use legitimate interests for the following:
Use of your personal data:
Our products are developed with a particular set of customer needs in mind. In order to make sure your policy is still suitable for you and is working as we intended, we combine your information with other customers to analyse and segment it.
We'll use your underwriting responses and claims information to analyse how we can redesign products or make our underwriting process easier, with better outcomes for potential and existing customers and policyholders.
Legitimate interests:
To assess and develop our products, systems, prices, business and brand
We need to be able to identify groups of customers who will want new products or services that we are considering developing.
We need to develop those products and services, and make sure our product charges are fair.
We need to make sure we are treating you fairly and check your product is suitable for you.
We need to make sure that we are looking after your money and that we have enough money to pay our customers when the time comes.
Use of your personal data:
We collect and provide service information on your policy.
We financially assess the performance of our business; we conduct risk management exercises and we carry out long-term statistical modelling.
We manage our network and information security (for example: developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions.) We use CCTV at our premises.
We use CCTV at our premises.
We share your information with Royal London Group and our service providers. Your data will only be transmitted within the Group and to our service providers when appropriate safeguards, including contractual provisions, are in place.
Legitimate interests:
To manage our business:
To improve our service quality and for training purposes.
To help us understand our risks, provide management information and help us to manage our business.
To ensure that our systems are always secure and that your data is always protected.
To prevent and detect fraud, dishonesty and other crimes (for example, to prevent someone trying to steal your identity).
To protect our staff and visitors for health and safety reasons and security purposes.
For internal administrative, audit, statistical, or research purposes. Where possible, we will make your data anonymous.
Use of your personal data:
We may conduct research before we launch new products or before we make changes or improvements to existing products to make sure it's the right thing to do. We might also conduct research to ask customers what they think of Royal London, our products and services.
Where we don't have your contact details, we may obtain your telephone number from data brokers to contact you for a research project. However, we always take steps to check that you have not objected to such contact, e.g. by checking the National Directory Database.
Legitimate interests:
To research our customers' opinions and new ways to meet our customers' needs
We need to make sure our products are suitable for the intended audience and to identify gaps in the market.
We need to see how many categories of customers we have and to tailor our products and services accordingly.
We need to make sure our communications are easy to understand and that our products are being sold to the correct audience.
We need to make sure our research is efficient and connects with the right types of people, so we can be confident of any decisions we make based on the results.
Overseas Transfers
We sometimes use third parties located in other countries to provide support services. As a result, your personal data may be processed in countries outside the European Economic Area (EEA).
These services will be carried out by experienced and reputable organisations on terms which safeguard the security of your information and comply with the European data protection requirements. Some countries have been assessed by the European Commission (EC) as being 'adequate', which means their legal system offers a level of protection for personal information which is equal to the EC's protection. Where the country hasn't been assessed as adequate, the method we have chosen to safeguard your information is 'standard contractual clauses' within the legal agreement to safeguard the processing of your personal data.
The European Commission and the UK have recognised 'standard contractual clauses' as offering adequate safeguards to protect your rights and we'll use these where required ensuring adequate protection for your information as prescribed by the GDPR. The European Commission approved standard contractual clauses are available here.
We use 'standard contractual' clauses for the below activities, to help us provide:
We will always ensure your personal data is provided with adequate protection and all transfers of personal information outside the EEA are done lawfully.
Security
We have put in place security measures designed to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We use Transport Layer Security (TLS) to encrypt and protect email traffic. We also use the Clearswift Managed Email Security Service to protect our outgoing email traffic. However, if your email service doesn't support TLS or if you do not wish to use our Clearswift Managed Email Security Service, we may not be able to communicate with you by email, and any emails we do send or receive will not be protected by encryption, and could be intercepted. We may also change our Email Security Service provider at any time without notice and without changing the provision in this notice.
Once we receive your information, we use strict procedures and security features to protect your information from unauthorised access.
In the event of a potential data security breach we will notify you and the Data Protection Commissioner's Office if we are legally required to do so, or there is a risk to your rights and freedoms as a result of the breach.
How long do we keep personal information for?
We will retain your personal data for as long as it is considered necessary for the purpose for which it was collected, and to comply with our legal and regulatory requirements. This will involve retaining your personal data for a reasonable period of time after your policy or your relationship with us has ended.
In the absence of specific legal, regulatory, contractual requirements or technical reasons, your personal information is kept for 7 years after our relationship with you has ended.
There are some exceptions to this rule:
Do we make solely automated decisions about you or profile you?
Automated Decisions
Automated decisions are where a computer makes a decision about you without a person being involved. We also profile our customers, which means we make assumptions about you to help us treat you fairly.
Underwriting
We make automated decisions about you as part of the underwriting journey. We ask relevant information about your job, interests, travel, health and family history - for example we need to know if one of your interests is skydiving, as this would increase your risk and potentially your premium.
You have the right to ask for a person to review the automated decision, so you can also ask for the decision to be made via our manual underwriting process
There are some cases where we won't be able to offer a decision online and will need your application to be reviewed by our underwriting team. They may request further information from you or from your medical professional before we'll be able to confirm whether we can offer you cover, and on what basis.
Crime Prevention
We will undertake checks for the prevention and detection of crime as we are required by law to do so. These checks use automated means to make decisions about you. This may result in declining the services you requested and stopping services currently provided to you. Please see section 11 "your rights†for further information.
Vulnerability
The Financial Conduct Authority defines a vulnerable consumer as someone who, due to their personal circumstances, is especially likely to experience disadvantage. It's been identified a lot of people will be vulnerable at some point in their life, so we need to make sure we can identify who these customers are and support them.
We've created our own method, using socio-economic data from Experian and additional research with consumers, to help us assess levels of vulnerability within the UK population. We then use this information to help identify how many of our customers are likely to be more vulnerable, and ensure our products are designed with this in mind. For example, we may provide additional information on our statements where we suspect our customers might be less financially capable or less engaged in financial matters.
In the future we'd like to keep a note of the category you fall into, against your records, so we can tailor our communications to suit you. Before we do this, we'll assess if this is fair.
Socio economic profiling
We may analyse your personal data to create a profile so that we can contact you with information relevant to you. When building a profile, we use Experian software, to provide us with insight into our customers. The software uses a variety of publicly available and market research sources to divide the population into a series of categories. The categories are a way of grouping people who are likely to have similar social, demographic (i.e. age, location) and financial circumstances. The results are assessed and combined so we get a picture of our customers as a whole, and tailor the products and services we provide. Please see section 11 "What are my rights†for further information.
In the future we'd like to keep a note of the category you fall into, against your records, so we can tailor our communications to suit you. Before we do this, we'll assess if this is fair.
What are my rights?
Your rights are outlined below. The easiest way to exercise any of your rights would be to contact our Data Protection Officer at the contact details provided. We will provide a response within 30 days, if not sooner. There is normally no charge for exercising any of your rights. We may ask you for proof of identity when you request to exercise some of these rights to ensure we are dealing with the right individual.
Access to your personal information
You have the right to find out what personal data we hold about you, in many circumstances. Please see section 15 below for our contact details.
Correcting or adding to your personal information
If any of your details are incorrect, inaccurate or incomplete you can ask us to correct them or to add information.
Withdrawing your consent
If you have provided consent for us to use your personal data, you have the right to withdraw your consent at any time. If you withdraw consent, then we may not be allowed to use your data going forward. However, it would not invalidate any processing that was carried out before you withdrew consent.
Withdrawal of consent may impact the product and services we can provide to you, or the ability to administer your policy such as a claim. In this event, we will let you know what the impact would be.
Transferring your personal data to another organisation (Data portability)
In some circumstances you can ask us to send an electronic copy of the personal data you have provided to us, either to you or to another organisation.
Objecting to the use of your personal data for legitimate interests
You also have the right to object to any processing done under legitimate interests. We will re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason, we may continue to use your personal data, if that reason is not outweighed by your privacy rights. However, we will inform you of that decision and reasoning for continuation of processing.
Objecting to direct marketing
You have a specific right to object to our use of your personal data for direct marketing purposes, which we will always act upon.
Objecting to automated decision making
You have a right to object if we have made an automated decision, including profiling, which has legal and significant effect against you. You may also have the right to challenge the decision and ask for a human review. These rights do not apply if we are authorised by the law to make such decisions and appropriate safeguards are in place to protect your rights.
Restricting the use of your personal data
If you are uncertain about the accuracy or our use of your personal data, you can ask us to stop using your personal data until your query is resolved. We will let you know the outcome before we take any further action in relation to this data.
Right to Erasure
You can ask us to delete your personal data in some circumstances, such as if your policy has ended and we do not need to keep it for legal or regulatory reasons. If we are using consent to process your personal data and you withdraw it, you can ask us to erase it.
Right to complain to the supervisory authority
If you're dissatisfied with how we're using your personal data, you have the right to complain to the Information Commissioner. We'd encourage you to contact us first, so we can deal with your concerns.
The Information Commissioner`s office can be contacted by:
Changes to our Privacy Notice
Making sure that we keep you up to date with privacy information is a continuous responsibility and we keep this notice under review. We will update our notice as changes are required.
If we need to use your personal data for a new purpose which we haven't previously told you about, we will contact you to explain the new use of your data. We will set out why we are using it and our legal reasons.
This privacy notice was last updated on the 25th September 2020.
Contact us
If you have any questions or comments regarding this privacy notice, or if you are unhappy about the way Royal London uses your information, please contact us using the details below.
Post:Email: GDPR@Royallondon.com