Aviva Save Privacy Policy

Introduction

Welcome to the Aviva Save privacy policy. The Aviva Save platform (“Aviva Save” or the “Aviva Save Platform”) is a registration and management platform that enables you to register your details just once in order to access and manage multiple savings products from our panel of partner banks.

Aviva Save is brought to you by Aviva Savings Limited (“Aviva” “we”, “us” or “our”), in combination with Raisin Platforms Ltd (“Raisin”) and Starling Bank Limited (“Starling Bank”) for use by Aviva customers who can access savings products from our partner banks. For more information about our relationship with these platform partners please see “Our relationship with third parties” below.

Your privacy is important to us

Aviva respects your privacy and is committed to protecting your personal data. This privacy policy aims to give you information on how Aviva collects and processes your personal data including any instances where your data is processed by our platform partners.

Aviva, and our platform partners are also independently responsible for making decisions about how your personal data is processed when you sign up to our respective services. This means we are independent controllers of your personal data for the purposes of data protection laws and so this privacy policy should be read in conjunction with any privacy policy which we provide when you first access their services (see “Our relationship with third parties” below).

This privacy policy only applies to the Aviva Save Platform and does not extend to other third-party websites accessed from Aviva Save. It should be read in conjunction with the Aviva Save Terms and Conditions and any other documents referred to in it.

For more information concerning Aviva visit www.aviva.com.

Our relationship with third parties

  • Aviva: we, with the help of our partner Raisin, provide the Aviva Save Platform which is a registration and management platform that enables you to register an Aviva Save Profile (as defined in the Aviva Save Terms and Conditions) in order to access and manage multiple savings products from our panel of partner banks.
  • Raisin: we use Raisin, a leading European financial services technology company, to provide the Aviva Save Platform to you. Raisin is responsible for the registration and management of customer data when customers register for an Aviva Save Profile and start investing in savings products. Raisin is both a data controller and data processor in relation to those processing activities. For more information of how Raisin processes your personal data please see Raisin’s privacy policy which is available here.
  • Starling Bank: when registering for an Aviva Save Profile you will also be applying to open a holding account (“Holding Account”) with our Holding Account provider, Starling Bank. Your Holding Account will be the settlement account for any payment orders you make from any Nominated Account (as defined below) and any savings accounts with partner banks. Starling Bank, is responsible for the personal data processed in connection with your Holding Account, they process your data in accordance with their privacy policy which is available here.
  • Partner Banks: the Aviva Save products are brought to you from our panel of partner banks. When you open and use savings accounts through Aviva Save, you will be signing up to savings products with those entities. Their processing will be governed under their respective privacy notices, which will be made available to you on application for these savings products.
  • Meteor Asset Management Limited (“MAM”): Our partner banks may also work with MAM, who as a deposit administrator for some of our partner banks will, as required, provide administration services in order to execute your instructions. MAM is an entity authorised and regulated by the Financial Conduct Authority (FRN 459325) and incorporated under the laws of England and Wales with corporate registration number 05712610 and its registered office at 55 King William Street, London, EC4R 9AD. MAM is responsible for the personal data processed in connection with these administration services. Where applicable, MAM processes your data in accordance with its terms and conditions which are available here.

Our principles

The protection of your privacy is very important to us:

  • we treat your data responsibly and only process it for specified purposes;
  • we are aware of the sensitivity of the data you have entrusted to us;
  • we do not process any personal data without a legal basis;
  • we will never pass on your data to third parties unless there is a lawful basis to do so;
  • we use several well-established measures (such as encryption) to prevent any misuse of your data;
  • we follow the principle of data minimisation;

as such we only receive and process limited amounts of your information, as necessary to make the Aviva Save Platform available to you in combination with our trusted platform partners.

What information does Aviva Save collect about me?

Information you provide

You choose to provide certain information when using Aviva Save.

This includes:

  • Aviva Save Profile and contact details: when you create an account, you provide your login credentials, as well as some basic details necessary for the service to work, such as your name, email address, mobile telephone number and date of birth.
  • Nominated and Holding Account details: when you register for an Aviva Save Profile you must provide information necessary to set up your Aviva Save Holding Account which is provided by Starling Bank. You must also nominate a UK bank or building society account (“Nominated Account”) from which you will fund your Holding Account.
  • Applications for savings products: when you complete forms on the Aviva Save Platform including registrations for new customer accounts and applications for any of our savings products or any other services (including instructions in writing), we collect information necessary to support that application.

Information we receive from others

In addition to the information you provide directly, we may receive information about you from others, including:

  • Raisin: on occasion, Raisin may share aggregated information with us about the use of the Aviva Save Platform by Aviva customers. Raisin also provides us with individual level reports relating to failed financial crime and fraud prevention checks. Raisin may also provide us with your personal data to enable us to perform analytics and ensure that our products and services are appropriately priced. Raisin also provide us with the personal data you provided when you created an Aviva Save account for use in accordance with your Marketing and contact preferences and to conduct surveys and research.
  • Starling Bank: we may receive information relating to your Holding Account details, setup (credit and AML checks/verifications), activity, performance and investments. These may include individual level reports relating to failed financial crime and fraud prevention checks.
  • Partner Banks: we may receive information relating to those accounts, their setup, (credit and AML checks/verifications), activity, performance and investments. These may include individual level reports relating to failed financial crime and fraud prevention checks.
  • Credit check, AML and fraud prevention providers: we may also process your personal data where we obtain information from third parties such as fraud prevention agencies or other organisations, when you register for an Aviva Save Profile with us or apply for any of our savings products, or other services which you or they give to us at any time.

Information collected when you use our services

We use Adobe’s analytics and on-site personalisation services to measure your use of the Aviva Save Platform. This may include information such as the link you followed to reach the Aviva Save Platform, your IP address and how you interact with Aviva Save Platform.

For more information, including details of how to block these cookies specifically, please visit their website.

What cookies and similar technologies does Aviva use?

We use and may allow others to use cookies and similar technologies (e.g. web beacons, pixels) to recognize you and/or your device(s), collect statistics, and in order to measure the effectiveness of promotions and perform analytics.

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of websites may become inaccessible or not function properly.

Please see the Aviva Save Cookie Policy for more information on why these technologies are used and how you can better control them, through your browser settings and other tools. If you would like more information on how cookies work, please visit aboutcookies.org.

What does Aviva use my personal information for?

To provide the service

You need to provide us and our Aviva Save Platform partners with your personal data if you want to access and use the Aviva Save Platform. If you decide not to provide us with the personal data that we request from you then we may not be able to perform the contract we have or are trying to enter with you, meaning you may not be able to access and use the Aviva Save Platform. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

The protection of your privacy is very important to us, as such Aviva only collects and uses a limited amount of personal data in connection with your use of the Aviva Save Platform, this includes for the purposes of:

  • Creating and managing your Aviva Save Profile;
  • Sharing data with platform partners to facilitate your transactions and investments; and
  • Managing queries and complaints when you contact us.

To improve our services

  • Conduct research and analysis of users’ behaviour to improve our services and content (for instance, we may decide to change the look and feel or even substantially modify a given feature based on users’ behaviour); and
  • Develop new features and services (for example, we may decide to build a new interests-based feature further to requests received from users).
  • Analyse your choices within Aviva Save so we can understand what other Aviva products and services are relevant to you.
  • To conduct surveys and other research about our products and services.

To prevent, detect and fight fraud or other illegal or unauthorised activities

We perform personal information analysis to better understand and design countermeasures against these activities and retain personal information related to fraudulent activities to prevent against recurrences.

To ensure legal compliance

To comply with legal requirements, assist law enforcement and enforce or exercise our rights, for example our Aviva Save Terms and Conditions.

For financial crime purposes

We may receive customer personal data if, when applying for the Aviva Save Profile, the customer fails a financial crime check or process. In this scenario, Aviva may request the customer’s personal data solely for the purpose of auditing of financial crime processes and controls performed by Raisin (and its platform partners if applicable), and the associated results of such processes and controls. In particular, Aviva may want to make sure that: (i) adequate financial crime controls and processes are adhered to by Raisin; (ii) processes are completed to resolve the customer outcome of the applicable financial crime check or process; and (iii) the result of the customer outcome of the applicable financial crime check or process is in line with Aviva’s expectation or Aviva’s understanding of the customer if such customer already holds other products with Aviva.

Marketing Purposes

To send you marketing materials in relation to other Aviva goods and services that we think will be of interest to you. We will only ever do this in accordance with the Aviva Marketing and communication preferences that we hold about you. You can opt-out from receiving further marketing emails by clicking the “unsubscribe” link contained in any marketing emails. You can also alter your marketing preferences at any time by contacting us using details in the How can I contact Aviva section below.

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

What are Aviva’s legal basis to process my personal data?

Processing is necessary to perform a contract we have entered with you and/or for taking steps to comply with a request made by an individual with a view to entering into a contract (Article 6(1)(b) of the GDPR). By way of example:

  • we process your personal data when you provide us with pre-contractual information at the point of registering with us. This allows us to carry out our obligations to provide services to you under the Aviva Save Platform contract and also so we can carry out other relevant required activities.

Processing is necessary to comply with our legal obligations as a data controller (Article 6 (1)(c) of the GDPR).

  • we may process personal data, solely or combination with Aviva Save platform partners for the purpose of fulfilling various legal obligations such as carrying out obligations in respect of the provision of your savings products and the provision of our online services, verification of your identity and making financial risk assessments including anti-money laundering checks and the use of your personal data for crime and fraud prevention purposes.

Legitimate interests (Article 6 (1)(f) of the GDPR)

  • Circumstances may arise where we or a third party may need to process your personal data beyond the performance of our contract to protect our legitimate interests or the legitimate interests of a third party. This processing could include:
    • testing and optimisation of requirements analysis and direct customer approach;
    • measures to manage the business (including adjustments to pricing and our commercial models);
    • to improve services and to recover customers and advertising or marketing and opinion research;
    • for the purposes of marketing;
    • processing your personal data to ensure content from the Aviva Save Platform is presented in the most effective manner for you and your device;
    • to meet our regulatory compliance, fraud detection and reporting obligations, enforce any of our rights against you and to pursue other legal purposes;
    • developing and improving our services to you and notifying you about changes to our services.

Consent (Article 6 (1)(a) of the GDPR)

We may ask for your consent to use your personal information for certain specific reasons. You may withdraw your consent at any time by contacting us at the address provided at the end of this privacy policy.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Please contact us using the details below if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.

Who does Aviva share your personal data with and why?

We will never sell, trade, or rent your personal data to others, however, we may share your personal data with selected third parties in the following instances:

With our service providers and partners

We use third parties in order to provide savings products and to manage your Aviva Save Profile. For more information about how our Aviva Save partners process your data see the “Our relationship with third parties” section above.

With other Aviva Group businesses

We may disclose your information to any member of the Aviva Group including in connection with the financial crime purposes outlined earlier in this policy. This means if we receive information relating to failed checks we may disclose this information to our ultimate holding company and its subsidiaries, as necessary to review and update our wider group practices in this area. We may also share your personal data with certain Aviva Group Companies who are involved in our customer relationship management, marketing, compliance and support. The Aviva Group ensures the protection of any personal data shared within the Aviva Group through data sharing agreements which contractually oblige each member of the Aviva Group to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within the Aviva Group Companies.

For a full list of Aviva Group Companies visit www.aviva.co.uk.

In corporate transactions

We may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganisation, dissolution, bankruptcy or other change of ownership or control.

When required by law

We are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, as part of legal proceedings, to enforce or apply our terms and conditions which apply to your savings products or to protect the rights, property, or safety of Aviva, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

To enforce legal rights

We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

We require all third-party service providers, to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. When you use Aviva Save, you will contract directly with Starling Bank, and our partner banks where you purchase or use their products. In such instances these parties may also process your personal data for their own purposes in accordance with their privacy policy (see “Our Relationship with third parties”) above.

How to complain

If you have a query or complaint about how we process your personal data, please contact us using the below contact details. We will investigate your concerns and take all reasonable steps to resolve the matter promptly. You also have the right to complain to an EU Data Protection Supervisory Authority. That authority should be located where you live, where we are based, or where you feel the issue you wish to complain about took place.

In the UK, the relevant EU Data Protection Supervisory Authority is the Information Commissioner’s Office (ICO). You have the right to make a complaint at any time to the ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. You can contact the ICO through their website: www.ico.org.uk.

How can I contact Aviva?

You can contact us about how we use your personal data or to exercise your data subject rights in relation to Aviva Save or if you have any other concerns as follows:

If you wish to exercise your data subject rights in relation to any other Aviva product you hold you can do so by contacting our Data Protection Officer:

  • Post: The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH
  • Email: DATAPRT@aviva.com

If you wish to amend your marketing preferences, change how you would like us to communicate with you, or tell us to stop marketing to you, you can do so in the following ways:

  • Update in MyAviva
  • By phone: 01603 622200
  • By email: contactus@aviva.com
  • By Post : Aviva, Freepost, Mailing Exclusion Team, Unit 5, Wanlip Road Ind Est, Syston, Leicester, LE7 1PD

You can also view our full privacy policy at www.aviva.co.uk/privacypolicy

How does Aviva send information outside of my country?

When we send your personal information outside of your country, we have in place adequate safeguards to do so. This includes EU standard contract clauses approved by the European Commission or other suitable safeguard to permit personal information transfers from the European Economic Area (“EEA”) to other countries recognised as having an adequate level of protection by the European Commission.

Your data protection rights

Under certain circumstances, if you are an EEA resident, you may exercise the rights available under data protection laws as follows:

  1. Right of information (Article 15 of the GDPR): You can request a copy of the personal data that we hold about you and further information about how we process your personal data. This is known as a ‘Data Subject Access Request’, and we normally have one month to respond to such a request. You can make a Data Subject Access Request by contacting the Data Protection Officer. A Data Subject Access Request will usually be free of charge. We will ask you to provide forms of identification accepted by Aviva so we can verify your identity before we can respond to a Data Subject Access Request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to ensure we fully understand the information requested.
  2. Right to rectification (Article 16 of the GDPR): If your information is no longer correct you have the right to request that we rectify it. We take reasonable steps to keep your information accurate, complete and current. Please remember that it is your responsibility to tell us about any updates to your information. We may need to verify the accuracy of the new data that you provide to us. You may also edit your details at any time by logging into your Aviva Save Account or by contacting our Customer Services team by phone on 0330 777 2775 or by email to service@email.avivasave.aviva.co.uk.
  3. Right to erasure (Article 17 of the GDPR): In certain circumstances, you have the right to ask us to delete your personal data, for example; if your personal data is no longer necessary for the purpose(s) it was collected for, or your personal data has been processed unlawfully. There are legitimate reasons that we must retain some of your personal data after you have requested its deletion, including compliance with legal or regulatory obligations to which we are subject, or for the establishment, exercise of defence of legal claims. We will notify you of any decision to retain or erase your personal data.
  4. Right to restrict processing (Article 18 of the GDPR): You can request that we restrict our processing of your personal data in specific circumstances. Where a restriction is in place, we can continue to store your information, but we will only process it with your consent, for the establishment, exercise or defence of legal claims, to protect the rights of another individual or legal entity or for important public interest reasons. We will inform you prior to the lifting of any restriction.
  5. Right to object (Article 21 of the GDPR): You can request that we stop processing your personal data where the purpose(s) is based on a ‘legitimate business interest’ and/or the ‘public interest’. We can continue to process your personal data for the establishment, exercise or defence of legal claims if we are satisfied there are compelling legitimate grounds which override your interests, rights or freedoms.
  6. Right to data portability (Article 20 of the GDPR): You have the right to request that we provide your personal data to you in a portable format and also upon request to transmit your personal data to another data controller. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  7. Right to complain: If you believe we are processing your personal data in breach of UK or EU data protection law please get in touch with us. For further information about how to contact us please see the section, ‘How can I contact Aviva?’ You also have the right to complain to the appropriate EU Data Protection Supervisory Authority. If you would like to know how to complain to the appropriate EU Data Protection Supervisory Authority please refer to the section, ‘How to complain’.
  8. Rights related to automated decision making including profiling: Aviva does not use automated decision making in the course of its business relationship as referred to in Article 22 of the GDPR. Our Aviva Save partners processes your personal data by partially automated means to evaluate certain personal aspects (profiling) and to be able to provide the best possible service to you. Please see their respective privacy notices for additional information.

You can exercise your rights at any time by contacting us using the contact details above.

We respond to all requests we receive from users in accordance with applicable data protection laws. We may ask you to provide proof of identity before we can answer the above requests. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user).

How does Aviva protect my personal data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We have also ensured our Aviva Save platform partners are committed to similar security standards. If you would like additional information, on the security of Aviva Save, please visit our platform provider’s (Raisin’s) Security page.

How long does Aviva retain my personal data?

Your personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this privacy policy or as otherwise required by applicable law.

We do keep certain transactional records - which may include personal information - for more extended periods if we need to do this to meet legal, regulatory, tax or accounting needs. For instance, we’re required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you or others might raise later. We’ll also retain files if we reasonably believe there is a prospect of litigation.

We maintain a data retention policy which we apply to the records we hold.

We may also retain personal information where we have identified a legal basis for doing so in an aggregated form which allows us to continue to develop/improve our products and services.

Third-party links

The Aviva Save Platform may include links to third-party websites. If it is not obviously recognisable, we will explicitly point out when such links are to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Aviva Save Platform, we encourage you to read the privacy policy of every website you visit.

Changes to this policy

If necessary, we can adjust this privacy information. If this occurs, we will contact you and give you any notices in connection with this Aviva Save privacy policy by using the email address you have given us.