Aviva Save Privacy Policy
Introduction
Welcome to the Aviva Save privacy policy. The Aviva Save platform ("Aviva Save" or the "Aviva Save Platform") is a registration and management platform that enables you to register your details just once in order to access and manage multiple savings products from our panel of partner banks.
Aviva Save is brought to you by Aviva Savings Limited ("Aviva" "we", "us" or "our"), in combination with Raisin Platforms Limited ("Raisin") and the UK FSCS protected and FCA regulated bank with whom Raisin has contracted to provide Transaction Accounts to its customers (the "Service Bank") for use by Aviva customers who can access savings products from our partner banks. For more information about our relationship with these platform partners please see "Our relationship with third parties" below.
Your privacy is important to us
Aviva respects your privacy and is committed to protecting your personal data. This privacy policy aims to give you information on how Aviva collects and processes your personal data including any instances where your data is processed by our platform partners.
Aviva, and our platform partners are also independently responsible for making decisions about how your personal data is processed when you sign up to our respective services. This means we are independent controllers of your personal data for the purposes of data protection laws and so this privacy policy should be read in conjunction with any privacy policy which we provide when you first access their services (see "Our relationship with third parties" below).
This privacy policy only applies to the Aviva Save Platform and does not extend to other third-party websites accessed from Aviva Save. It should be read in conjunction with the Aviva Save Terms and Conditions and any other documents referred to in it.
For more information concerning Aviva visit www.aviva.com.
Our relationship with third parties
- Aviva: we, with the help of our partner Raisin, provide the Aviva Save Platform which is a registration and management platform that enables you to register an Aviva Save Profile (as defined in the Aviva Save Terms and Conditions) in order to access and manage multiple savings products from our panel of partner banks.
- Raisin: we use Raisin, a leading European financial services technology company, to provide the Aviva Save Platform to you. Raisin is responsible for the registration and management of customer data when customers register for an Aviva Save Profile and start investing in savings products. Raisin is both a data controller and data processor in relation to those processing activities. For more information of how Raisin processes your personal data please see Raisin's privacy policy which is available here.
- Service Bank: when registering for an Aviva Save Profile you will also be applying to open a transaction account ("Transaction Account") with our Service Bank. Your Transaction Account will be the settlement account for any payment orders you make from any Nominated Account (as defined below) and any savings accounts with partner banks. Our Service Bank, is responsible for the personal data processed in connection with your Transaction Account, they process your data in accordance with their privacy policy which is available here.
- Partner Banks: the Aviva Save products are brought to you from our panel of partner banks. When you open and use savings accounts through Aviva Save, you will be signing up to savings products with those entities. Their processing will be governed under their respective privacy notices, which will be made available to you on application for these savings products.
- Meteor: Our partner banks may also work with Meteor, who are a deposit administrator for some of our partner banks and will, as required, provide administration services in order to execute your instructions. Meteor comprises of Meteor Asset Management Limited incorporated under the laws of England and Wales with corporate registration number 05712610, authorized and regulated by the FCA, Financial Services Register number 4593325 and Meteor Trustees Limited incorporated under the laws of England and Wales with Corporate registration number 12909750, an unregulated entity, both having their registered office at 24/25 The Shard, 32 London Bridge Street,London,SE1 9SG. Meteor is responsible for the personal data processed in connection with these administration services. Where applicable, Meteor processes your data in accordance with its terms and conditions which are available here.
Our principles
The protection of your privacy is very important to us:
- we treat your data responsibly and only process it for specified purposes;
- we are aware of the sensitivity of the data you have entrusted to us;
- we do not process any personal data without a legal basis;
- we will never pass on your data to third parties unless there is a lawful basis to do so;
- we use several well-established measures (such as encryption) to prevent any misuse of your data;
- we follow the principle of data minimisation;
as such we only receive and process limited amounts of your information, as necessary to make the Aviva Save Platform available to you in combination with our trusted platform partners.
What information does Aviva Save collect about me?
Information you provide
You choose to provide certain information when using Aviva Save.
This includes:
- Aviva Save Profile and contact details: when you create an account, you provide your login credentials, as well as some basic details necessary for the service to work, such as your name, email address, mobile telephone number and date of birth.
- Nominated and Transaction Account details: when you register for an Aviva Save Profile you must provide information necessary to set up your Aviva Save Transaction Account which is provided by our Service Bank. You must also nominate a UK bank or building society account ("Nominated Account") from which you will fund your Transaction Account.
- Applications for savings products: when you complete forms on the Aviva Save Platform including registrations for new customer accounts and applications for any of our savings products or any other services (including instructions in writing), we collect information necessary to support that application.
Information we receive from others
In addition to the information you provide directly, we may receive information about you from others, including:
- Raisin: on occasion, Raisin may share aggregated information with us about the use of the Aviva Save Platform by Aviva customers. Raisin also provides us with individual level reports relating to failed financial crime and fraud prevention checks. Raisin may also provide us with your personal data to enable us to perform analytics and ensure that our products and services are appropriately priced. Raisin also provides us with the personal data you provided when you created an Aviva Save account for use in accordance with your Marketing and contact preferences and to conduct surveys and research.
- Service Bank: we may receive information relating to your Transaction Account details, setup (credit and AML checks/verifications), activity, performance and investments. These may include individual level reports relating to failed financial crime and fraud prevention checks.
- Partner Banks: we may receive information relating to those accounts, their setup, (credit and AML checks/verifications), activity, performance and investments. These may include individual level reports relating to failed financial crime and fraud prevention checks.
- Credit check, AML and fraud prevention providers: we may also process your personal data where we obtain information from third parties such as fraud prevention agencies or other organisations, when you register for an Aviva Save Profile with us or apply for any of our savings products, or other services which you or they give to us at any time.
Information collected when you use our services
We use Adobe's analytics and on-site personalisation services to measure your use of the Aviva Save Platform. This may include information such as the link you followed to reach the Aviva Save Platform, your IP address and how you interact with Aviva Save Platform.
You can find more about our use of cookies in our Cookie Policy.
What does Aviva use my personal information for?
To provide the service
You need to provide us and our Aviva Save Platform partners with your personal data if you want to access and use the Aviva Save Platform. If you decide not to provide us with the personal data that we request from you then we may not be able to perform the contract we have or are trying to enter with you, meaning you may not be able to access and use the Aviva Save Platform. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
The protection of your privacy is very important to us, as such Aviva only collects and uses a limited amount of personal data in connection with your use of the Aviva Save Platform, this includes for the purposes of:
- Creating and managing your Aviva Save Profile;
- Sharing data with platform partners to facilitate your transactions and investments; and
- Managing queries and complaints when you contact us.
To improve our services
- Conduct research and analysis of users' behaviour to improve our services and content (for instance, we may decide to change the "look and feel" or even substantially modify a given feature based on users' behaviour);
- Develop new features and services (for example, we may decide to build a new interests-based feature further to requests received from users);
- Analyse your choices within Aviva Save so we can understand what other Aviva products and services are relevant to you; and
- To conduct surveys and other research about our products and services.
To prevent, detect and fight fraud or other illegal or unauthorised activities
We perform personal information analysis to better understand and design countermeasures against these activities and retain personal information related to fraudulent activities to prevent against recurrences.
To ensure legal compliance
To comply with legal requirements, assist law enforcement and enforce or exercise our rights, for example our Aviva Save Terms and Conditions.
For financial crime purposes
We may receive customer personal data if, when applying for the Aviva Save Profile, the customer fails a financial crime check or process. In this scenario, Aviva may request the customer's personal data solely for the purpose of auditing of financial crime processes and controls performed by Raisin (and its platform partners if applicable), and the associated results of such processes and controls. In particular, Aviva may want to make sure that: (i) adequate financial crime controls and processes are adhered to by Raisin; (ii) processes are completed to resolve the customer outcome of the applicable financial crime check or process; and (iii) the result of the customer outcome of the applicable financial crime check or process is in line with Aviva's expectation or Aviva's understanding of the customer if such customer already holds other products with Aviva.
Marketing Purposes
We may use your personal data to send direct marketing communications about our products and services that we feel you'll be interested in. This may include marketing relating to products offered by other brands or companies within the Aviva group, as well as communications about promotions and prize draws. You can find out more information about some of the different companies in the Aviva Group here: Aviva company details - Aviva - Aviva and the different products we offer here: Insurance, Savings, Investments, Retirement and Health - Aviva
Marketing communications may be sent by email, post, SMS, telephone and push notification. We will only ever do this in accordance with the Aviva Marketing and communication preferences that we hold about you. You can opt-out from receiving further marketing emails by clicking the "unsubscribe" link contained in any marketing emails. You can also alter your marketing preferences or stop all forms of marketing at any time by contacting us using details in the How can I contact Aviva section below or by using the preference centre on the Aviva Save Platform (available in the "Profile" section which is accessible from the drop down menu after logging in).
Please remember that if you opt out of receiving marketing, we will still send you communications relating to your products.
Cookies and similar technologies
We rely on third-party advertising technology (such as the deployment of cookies or small text files on our website or pixels within emails) to collect information about you. This technology is used to optimise what you may see on our websites and deliver content when you are browsing elsewhere. We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services.
For further information about cookies and other technologies we use on the Aviva Save Platform and how to manage cookies, please see our Cookie Policy.
Social media and online platforms
We share personal data with media agencies and social media and other online platforms to help us target our online marketing. Social media and other online platforms may also use personal data they hold and combine it with personal data received from us to create target audiences.
If we use or share personal data with third parties in order to send you direct marketing, we will respect the marketing preferences you have set.
Marketing profiles
We use automated processes to help us provide more personalised marketing of our products. To do this, our automated process creates a marketing profile for you using information such as: contact data, ID data, age, gender, behavioural and product data. This allows us to determine the most relevant products, services, offers and benefits to send you.
Information obtained in relation to one product may be used in relation to marketing other products from the Aviva group.
What are Aviva's legal bases for processing my personal data?
Processing is necessary to perform a contract we have entered with you and/or for taking steps to comply with a request made by an individual with a view to entering into a contract (Article 6(1)(b) of the UK GDPR). By way of example:
- we process your personal data when you provide us with pre-contractual information at the point of registering with us. This allows us to carry out our obligations to provide services to you under the Aviva Save Platform contract and also so we can carry out other relevant required activities.
Processing is necessary to comply with our legal obligations as a data controller (Article 6 (1)(c) of the UK GDPR).
- we may process personal data, solely or combination with Aviva Save platform partners for the purpose of fulfilling various legal obligations such as carrying out obligations in respect of the provision of your savings products and the provision of our online services, verification of your identity and making financial risk assessments including anti-money laundering checks and the use of your personal data for crime and fraud prevention purposes.
Legitimate interests (Article 6 (1)(f) of the UK GDPR)
- Circumstances may arise where we or a third party may need to process your personal data beyond the performance of our contract to protect our legitimate interests or the legitimate interests of a third party. This processing could include:
- testing and optimisation of requirements analysis and direct customer approach;
- measures to manage the business (including adjustments to pricing and our commercial models);
- to improve services and to recover customers and advertising or marketing and opinion research;
- for the purposes of marketing;
- processing your personal data to ensure content from the Aviva Save Platform is presented in the most effective manner for you and your device;
- to meet our regulatory compliance, fraud detection and reporting obligations, enforce any of our rights against you and to pursue other legal purposes;
- developing and improving our services to you and notifying you about changes to our services.
Consent (Article 6 (1)(a) of the UK GDPR)
We may ask for your consent to use your personal information for certain specific reasons.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Please contact us using the details below if you need details about the specific legal ground, we are relying on to process your personal data.
Who does Aviva share your personal data with and why?
We will never sell, trade, or rent your personal data to others, however, we may share your personal data with selected third parties in the following instances:
With our service providers and partners
We use third parties in order to provide savings products, to carry out marketing and research and to manage your Aviva Save Profile. For more information about how our Aviva Save partners process your data see the "Our relationship with third parties" section above.
With other Aviva Group businesses
We may disclose your information to any member of the Aviva Group including in connection with the financial crime purposes outlined earlier in this policy. This means if we receive information relating to failed checks we may disclose this information to our ultimate holding company and its subsidiaries, as necessary to review and update our wider group practices in this area. We may also share your personal data with certain Aviva Group Companies who are involved in our customer relationship management, marketing, compliance and support. The Aviva Group ensures the protection of any personal data shared within the Aviva Group through data sharing agreements.
For a list of Aviva Group Companies visit Aviva company details - Aviva.
In corporate transactions
We may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganisation, dissolution, bankruptcy or other change of ownership or control.
When required by law
We are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, as part of legal proceedings, to enforce or apply our terms and conditions which apply to your savings products or to protect the rights, property, or safety of Aviva, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
To enforce legal rights
We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
We require all third-party service providers, to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. When you use Aviva Save, you will contract directly with our Service Bank, and our partner banks where you purchase or use their products. In such instances these parties may also process your personal data for their own purposes in accordance with their privacy policies (see "Our Relationship with third parties") above.
How to complain
If you have a query or complaint about how we process your personal data, please contact us using the contact details below. We will investigate your concerns and take all reasonable steps to resolve the matter promptly.
If you're not happy with the way we're handling your personal data , you have a right to make a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). You have the right to make a complaint at any time to the ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. You can contact the ICO through their website: www.ico.org.uk.
How can I contact Aviva?
You can contact us about how we use your personal data or to exercise your data subject rights in relation to Aviva Save or if you have any other concerns as follows:
- Email: avivasave@aviva.com
- Telephone: 0345 301 2029
If you wish to exercise your data subject rights in relation to any other Aviva product you hold you can do so by contacting our Data Protection Officer:
- Post: The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH
- Email: DATAPRT@aviva.com
If you wish to amend your marketing preferences, change how you would like us to communicate with you, or tell us to stop marketing to you, you can do so in the following ways:
- Update in: Aviva Save Platform (the Preference Centre is available in the "Profile" section which is accessible from the drop down menu after logging in)
- By phone: 01603 622200
- By email: contactus@aviva.com
- By Post : Aviva, Freepost, Mailing Exclusion Team, Unit 5, Wanlip Road Ind Est, Syston, Leicester, LE7 1PD
How does Aviva send information outside of my country?
Sometimes we, or third parties acting on our behalf, may need to transfer personal data outside of the UK. We'll always take steps to ensure that any transfer of personal data outside the UK is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place. This might include transfers to countries that the UK considers will provide adequate levels of protection for your personal data (such as countries in the European Economic Area) or putting contractual obligations in place with the party we are sending information to. Transfers within the Aviva group will be covered by an agreement entered into by members of the Aviva group (an intra-group agreement) which contractually obliges each group company to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within the group.
For more information about data transfers and the safeguards we have put in place, please contact us.
Your data protection rights
You have legal rights under data protection laws in relation to your personal information. Read below to learn more about each right you may have:
- Right of access: You can request a copy of the personal data that we hold about you and further information about how we process your personal data. This is known as a ‘Data Subject Access Request', and we normally have one month to respond to such a request. You can make a Data Subject Access Request by contacting the Data Protection Officer. A Data Subject Access Request will usually be free of charge. We will ask you to provide forms of identification accepted by Aviva so we can verify your identity before we can respond to a Data Subject Access Request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to ensure we fully understand the information requested.
- Right to rectification: If your information is no longer correct you have the right to request that we rectify it. We take reasonable steps to keep your information accurate, complete and current. Please remember that it is your responsibility to tell us about any updates to your information. We may need to verify the accuracy of the new data that you provide to us. You may also edit your details at any time by logging into your Aviva Save Account or by contacting our Customer Services team by phone on 0345 301 2029 or by email to avivasave@aviva.com.
- Right to erasure: In certain circumstances, you have the right to ask us to delete your personal data, for example; if your personal data is no longer necessary for the purpose(s) it was collected for, or your personal data has been processed unlawfully. There are legitimate reasons that we must retain some of your personal data after you have requested its deletion, including compliance with legal or regulatory obligations to which we are subject, or for the establishment, exercise of defence of legal claims. We will notify you of any decision to retain or erase your personal data.
- Right to restrict processing: You can request that we restrict our processing of your personal data in specific circumstances. Where a restriction is in place, we can continue to store your information, but we will only process it with your consent, for the establishment, exercise or defence of legal claims, to protect the rights of another individual or legal entity or for important public interest reasons. We will inform you prior to the lifting of any restriction.
- Right to object: You can request that we stop processing your personal data where the purpose(s) is based on a ‘legitimate business interest' and/or the ‘public interest'. We can continue to process your personal data for the establishment, exercise or defence of legal claims if we are satisfied there are compelling legitimate grounds which override your interests, rights or freedoms.
- Right to data portability: You have the right to request that we provide your personal data to you in a portable format and also upon request to transmit your personal data to another data controller. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to withdraw consent: If we have asked for your consent to use your personal data, you are free to withdraw your consent at any time. If it is the case that we need your consent to provide you with a particular product and you wish to withdraw your consent, we may no longer be able to provide our product to you. Where that is the case, we will inform you before taking any action.
- Rights related to automated decision making including profiling: Aviva does not use automated decision making in the course of its business relationship as referred to in Article 22 of the UK GDPR. Our Aviva Save partners processes your personal data by partially automated means to evaluate certain personal aspects (profiling) and to be able to provide the best possible service to you. Please see their respective privacy notices for additional information.
You can exercise your rights at any time by contacting us using the contact details above.
We respond to all requests we receive from users in accordance with applicable data protection laws. We may ask you to provide proof of identity before we can answer the above requests. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user).
How does Aviva protect my personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We have also ensured our Aviva Save platform partners are committed to similar security standards. If you would like additional information, on the security of Aviva Save, please visit our platform provider's (Raisin's) Security page.
How long does Aviva retain my personal data?
Your personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this privacy policy or as otherwise required by applicable law.
We do keep certain transactional records - which may include personal information - for more extended periods if we need to do this to meet legal, regulatory, tax or accounting needs. For instance, we're required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you or others might raise later. We'll also retain files if we reasonably believe there is a prospect of litigation.
We maintain a data retention policy which we apply to the records we hold.
We may also retain personal information where we have identified a legal basis for doing so in an aggregated form which allows us to continue to develop/improve our products and services.
Third-party links
The Aviva Save Platform may include links to third-party websites. If it is not obviously recognisable, we will explicitly point out when such links are to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Aviva Save Platform, we encourage you to read the privacy policy of every website you visit.
Updates to this policy
This privacy policy is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it's as transparent as possible, so please check back here for the current version. You can see when this privacy policy was last updated by checking below.
Privacy Policy Version Update: December 2023