Privacy notice

Our commitments to you are:

We protect your personal data

Keeping your personal data safe and secure is a priority. We use safeguards such as firewalls and encryption to help keep your personal data safe.

We do not sell your personal data

We sometimes share your data with other companies to provide the products and services you want. It will only be used for the specific purposes that we agree in advance, not for marketing additional products or services.

We use your data to improve our products and services

We use personal data to continually improve our services and create better investment products to offer you.

In this Privacy Notice you can find out more about:

We may amend this Privacy Notice from time to time to keep it up to date with current legal requirements, the way we operate our business or if we are advised to do so by our regulator. We will always inform you of any significant changes to the way we use your personal data when this deviates from information originally provided by us when the data was first collected.

The information is important, so we have tried to make it easy to navigate.

Aviva Investors Group of Companies

When we mention "Aviva Investors", "we", "us" or "our" we are referring to the relevant company in the Aviva Investors Group that processes your personal information, including activity undertaken on behalf of our clients.  

For information concerning companies within the wider Aviva Group, please visit www.aviva.com

What personal information do we collect and use?

Section A applies to all personal information we collect and use:

  • Personal information we collect;
  • Personal Information about other individuals;
  • Personal Information collected through intermediaries and third parties;
  • Other organisations we work with; and
  • Using personal information to improve our products and services.

Section B applies to specific product groups and describes that we collect and use:

  • When you invest directly in our product as an individual;
  • Where you invest in our product as an institutional or wholesale client;
  • When you interact with us as a broker or financial adviser;
  • Where we provide you with debt finance; and
  • Where we manage investments in real estate and infrastructure assets.

Personal information we collect

We will only collect the personal data that we need, if you chose not to provide the necessary information this can have an impact on your service or product.

We collect personal information when you contact us through any of our offline channels (e.g. application forms, telephone and email) or use one of our websites or online services.

In addition to managing our investment and financial products we also collect personal data in connection with other activities, for example if you:

  • work with us as a supplier or service provider;
  • are part of our Request for Proposal (RFP) process to bid for new business;
  • visit an office or register to attend an Aviva Investors event;
  • are introduced to us by third parties for legitimate marketing purposes; or
  • enter an Aviva Investors' competition.

We will ask for the personal information from you or persons who are authorised to act on your behalf.

Personal Information about other individuals

Whilst most of the personal information we collect relates to the person taking out a product (or persons if taken out jointly), there may be occasions when we need to obtain information about other individuals.  Common examples include:

  • we may require personal information of persons who are authorised to act on a client's behalf.  This may include an attorney or (in the case of a corporate investor) such other individuals who work for or are otherwise authorised to represent it;
  • where we invest in properties, we  will collect information on the owner of the property we plan to acquire, in particular for the purpose of fulfilling our obligations in terms of anti-money laundering; we will also collect information about the person(s) to whom any such property is leased or who reside in the property (or, where the  tenant is an organisation, about key members of that organisation such as its directors or partners);
  • where we make financial products available to a borrower, we may need to collect personal information about the borrower. Where the financial products are made available to an organisation we may need to collect personal information about: key members of that organisation such as its directors, shareholders, partners and/or beneficial owners/ultimate controllers, and information about guarantors where required; and
  • where we enter into relationships with suppliers, we may need to collect personal information on directors, shareholders, partners and/or beneficial owners/ultimate controllers, and also information about guarantors where required.

If you provide information about another individual, we expect you to ensure that they know you are doing so and are content with their information being provided to Aviva Investors.

We will process their personal information in accordance with this Privacy Notice so please encourage them to read it if they want to find out more.

Personal Information collected through intermediaries and third parties

Many clients invest in an Aviva Investors’ product through a financial adviser or one of our business partners and in doing so they may provide us with personal information in respect of that client. We may also receive personal information from other third parties, including attorneys, trustees and family members. It is their responsibility to make sure they explain to the person whose information is being shared that they are doing so and ask for permission if needed.  Depending on the product, we may also share your personal information with the financial adviser who helped you invest in an Aviva Investors’ product or who are otherwise linked to your investment.

Other organisations we work with

We sometimes share personal information with trusted third parties who work with us to help deliver our products and services, or to fulfil our legal and regulatory obligations, including:

  • business partners and transfer agents who help us arrange and administer our products;
  • solicitors and professional service firms who assist in conducting due diligence checks as part of arranging our products and who provide us with legal support in relation to our products or any litigation;
  • service providers external and within the Aviva Group, who help operate our IT systems, real estate management, marketing and other operational processes;
  • credit reference and anti-fraud agencies to carry out identity checks and detect and prevent fraud and fight financial crime.
  • regulators who regulate how we operate.
  • investments exchanges, settlement systems and banks, clearing houses and agencies and securities depositories;
  • banking services providers, providers of payment processing systems and services, industry messaging and matching utilities; and
  • providers of data and information relating to unit, securities and investments prices, currency exchange rates, interest rates, corporate actions, income and tax data, and credit rating.

You can contact us to find out more about this sharing of your personal data.

Using personal information to improve our products and services

We collect information through cookies and other similar technologies (e.g. pixel tags or links) when you visit our website. These tools are used by Aviva Investors and our third-party service providers to help improve our and their products and services, the functionality and performance of our website and to support more effective advertising. For example, we use some of these tools to save you time by not having to re-enter your details each time you visit our website, so we are able to offer you our services in the language you prefer.

We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you as well as improve our own products and services, including the functionality and performance of our website.

To learn more about these technologies and how you can use browser settings to manage your privacy controls, see our Cookie Notice.

When you invest directly in our product as an individual 

We will collect contact and identity information and payment information.  We need this information to arrange and administer your investment and your account with Aviva Investors.  We also need this information to verify your identity and prevent fraud.

We will collect this information when you apply to us by completing and submitting our application form which can be downloaded from our website or posted out to you on request.  

Depending on the type of investment you seek, we may require additional information, such as the source of the wealth/funds for an investment in order to comply with anti-money laundering regulation checks.

Administering your investment product entails providing you with ongoing customer service, assisting you when you want to make additional investments, changing current investments or assisting with any queries you may have about your existing investment.

Please note that we do not collect, use or share information of customers of investment platform providers.  The platform providers are the controllers of any personal information you provide to their platform.  If you are a customer of a platform provider, please refer to your platform provider's Privacy Notice.

Important information

This will involve disclosing your personal information to credit reference agencies, which carry out searches relating to you on our behalf. We work with reputable anti-fraud and credit reference agencies to detect and prevent fraudulent practices and fight financial crime to meet our regulatory responsibilities. To find out more see section working with credit reference agencies and fraud prevention agencies.

Where you invest in our product as an institutional or wholesale client

We will collect the contact and identity personal information of the attorneys, directors, partners, authorised signatories, beneficial owners and other relevant contacts within your organisation that are authorised to represent you, in order to establish a relationship with you.  We also collect information about your organisation such as the trading name, number of employees and the nature of your business.  We collect this information in order to arrange and administer your investment product.  We also use this information to carry out Know Your Customer (KYC) checks required under the Anti-Money Laundering (AML) regulations checks and to prevent fraud.

Important information

This will involve disclosing the personal information provided to credit reference agencies, which carry out searches on our behalf.  We work with reputable anti-fraud and credit reference agencies to detect and prevent fraudulent practices and fight financial crime to meet our regulatory responsibilities. To find out more see section working with credit reference agencies and fraud prevention agencies.

When you interact with us as a broker or financial adviser

We will collect contact and identity personal information and business information from you and key members of your organisation.  We collect this information to open or continue to operate an adviser / broker account with you and arrange and administer the investments of your clients.  To carry out Know Your Customer (KYC) checks required by the Anti-Money Laundering (AML) regulations checks and to prevent fraud, we will undertake identity checks on you as a broker or financial adviser and on key members of your organization, such as the directors and/or partners.

During our dealings you may provide us with the personal information of clients which you introduce to us.  You are responsible for (i) collecting this information in a lawful manner and (ii) ensuring that your disclosure to us of such personal information is fair and lawful.

Important information

We will use the personal and business information you have provided as well as information we have obtained from other sources such as credit reference agencies.  This will involve disclosing the personal information provided to credit reference agencies, which carry out searches on our behalf.  We work with reputable anti-fraud and credit reference agencies to detect and prevent fraudulent practices and fight financial crime to meet our regulatory responsibilities.  To find out more see section working with credit reference agencies and fraud prevention agencies.

Where we provide you with debt finance

We will collect contact and personal information, together with payment information from you.  This could be where Aviva Investors makes a finance facility available to you (as the borrower).  Where the borrower owns a property, we may also obtain personal information of the tenants through the borrower. We may also require information about guarantors and key members of your organisation (such as directors, shareholders, and/or partners and/or beneficial owners/ultimate controllers). We will also collect information about your business, such as its trading name, business contact information, the type and nature of the business and its sectors.  We use this information to arrange and administer your finance facility.  We also use this information to carry out Know Your Customer (KYC) checks, to verify the identity and address of all parties involved in the transaction, to carry out Anti-Money Laundering (AML) checks and to prevent fraud.

To provide you with the best terms for your finance facility, we will collect information about your security asset or portfolio for example the address of your property, if any part of the property is occupied as a residence, information about any tenants in the property, any registered charges, information about any lenders who have taken the asset as a security. We use this information to put together a financial product package, which is shared with various teams which carry out the necessary due diligence checks.  Our Investment Committee and where required the Investor client will then decide whether or not to provide you with the financial product.

Important information

We will use the personal and business information you have provided as well as information we have obtained from other sources such as credit reference agencies.  This will involve disclosing the personal information provided to credit reference agencies, which carry out searches on our behalf.  We work with reputable anti-fraud and credit reference agencies to detect and prevent fraudulent practices and fight financial crime to meet our regulatory responsibilities.  To find out more see section working with credit reference agencies and fraud prevention agencies.

Where we manage investments in real estate and infrastructure assets

We will collect contact and personal information, together with payment information from you during the acquisition or sale of a property or an infrastructure asset, or where Aviva Investors owns a property which you occupy (as a tenant or a leaseholder).  

We may also collect personal information about guarantors and key members of your organisation (such as directors, shareholders, partners and/or beneficial owners/ultimate controllers).  We will also collect information about your business, such as its trading name, business contact information, the type and nature of the business and its sectors.  We use this information to carry out due diligence on sellers, purchasers and suppliers at the acquisition stage and the ongoing management of the property and at the point of sale.  We will undertake credit checks on the parties involved in the transaction and on tenants or leaseholders.  We use this information to carry out Know Your Customer (KYC) checks, to verify the identity and address of all parties involved in the transaction and to carry out anti-money laundering checks and to prevent fraud.

In certain circumstances, we may collect personal information of persons, such as tenants or leaseholders residing in a property to provide property management services. 

Important information

We will use personal and business information you have provided as well as information we have obtained from other sources such as credit reference agencies. This will involve disclosing the personal information provided to credit reference agencies, which carry out searches on our behalf.  We work with reputable anti-fraud and credit reference agencies to detect and prevent fraudulent practices and fight financial crime to meet our regulatory responsibilities. To find out more see section working with credit reference agencies and fraud prevention agencies.

How we collect, use and share personal information

We are committed to respecting and protecting your personal information in accordance with applicable data protection laws.

We will only use your personal data when the law allows us to (legal basis). We may process your personal data without your knowledge or consent where this is required or permitted by law.  Most commonly, we will use your personal data in the following circumstances and for the following purposes:

  • Where we need to perform a contract, we are about to enter into or have entered into with you (“Contractual Necessity”).
  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”) to verify your identity, help detect and prevent fraud and fight financial crime.
  • Where we need to comply with the Anti-Money Laundering (AML) Directive, it specifies that AML/Counter Terrorist Financing should be processed under the legal basis of Public Interest (“Public Interest”).
  • Where it is in our legitimate interests, we will always make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. 
  • Where we have your consent to carry out the processing (“Consent”). 

Wherever we collect or use this information, we’ll make sure we do this for a valid legal reason.  This will be for at least one of the following purposes:

Type of individual Purpose Types of personal data

Legal Basis

Clients, Suppliers and providers of goods and services to us To take you on as a new account and manage our ongoing relationship with you.

- Identity
- Contact
- Financial

- Contractual necessity
- Compliance with Law

Clients, Suppliers and providers of goods and services to us To meet our legal and regulatory responsibilities by undertaking relevant identity, anti-money laundering, anti-corruption, anti-terrorism and conflict checks to ensure we can enter into a contract with you.

- Identity
- Contact
- Financial
- Political
- Criminal Offences
- Beneficiaries

- Contractual necessity
- Compliance with Law
- Public Interest

Clients, Suppliers and providers of goods and services to us To deliver services to you including managing payments, fees and charges and collecting and recovering any money owed to us. - Identity
- Contact
- Financial
- Transaction

- Contractual necessity
- Legitimate interests – to recover debts due to us

Clients, Prospective clients, employees and/or contractors

To contact you to provide you with information about us and our services.

To invite you to seminars, events and/or workshops and to manage your attendance at those seminars, events and/or workshops.

- Identity
- Contact
- Legitimate interests – to grow and expand our business.
All website visitors To administer and protect our business and our website including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data. - Identity
- Contact
- Technical

- Compliance with Law 
- Legitimate interests – to run our business, IT services and network security.
- Consent – for certain types of cookies.

Website visitors and Marketing contacts  To use data analytics to improve our portfolio of products, website, services, marketing, customer relationships and experiences.

- Usage
- Identity
- Contact
- Behavioural

- Legitimate interests – to identify individuals for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
- Consent where required – for marketing activities.

To help detect and prevent fraud, fight financial crime and meet our regulatory responsibilities, we may share your information with Credit Reference Agencies (CRA), Fraud Prevention Agencies (FPA).  We may also share your information and undertake searches with third party organisations such as police, public bodies and our regulators.  We need to do this to assess creditworthiness, including affordability, and product suitability, check your identity, manage your account, trace and trace debtors or beneficiaries and prevent criminal activity.  If you give us false or inaccurate information and we suspect fraud, we will record this to prevent further fraud and money laundering.

Some of our checks may involve checking public registers (e.g., the electoral roll or registers of county court judgments, bankruptcy orders or repossessions), conducting online searches from websites, social media and other information sharing platforms and using databases managed by credit reference agencies and other reputable organisations.  We can supply further details of the agencies and databases we access or contribute to and how this information may be used. If you require further details, contact us.

We may use your personal information to send direct marketing communications about our products and our related services where we feel they will be of interest to you.

  • To protect privacy rights and give customers choice and control over the use of their personal information. You can ask us to stop direct marketing at any time.  All our marketing communications include unsubscribe links to help you manage your marketing preferences.
  • Opting out of one type of marketing, for example, by email or telephone, doesn’t mean you’re opted out of all marketing. Bear this in mind when you manage your preferences. 
  • We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms you use as they will dictate how adverts and other messages are displayed and shared across those platforms.
  • For further information about cookies and other technologies we use on our website, please see our Cookie Notice.

We are committed to keeping your personal information secure. We maintain appropriate organisational and technical security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We limit access to your personal information to those employees and other third parties who have a business need to have such access.  All such people are subject to a contractual duty of confidentiality.

We have procedures to deal with any actual or suspected personal data breach, including notification to regulators when required.

Retaining personal information on our systems

We generally only keep personal information for as long as is reasonably required for the purposes explained in this Privacy Notice. We do keep certain transactional records - which may include personal information - for more extended periods if we need to do this to meet legal, regulatory, tax or accounting needs. For instance, we are required to retain an accurate record of dealings with us, so we can respond to any complaints or challenges you or others might raise later. We will also retain files if we reasonably believe there is a prospect of litigation.

To support us in managing how long we hold your data and our record management, we maintain a Record Retention Policy which includes clear guidelines on data deletion.

We may also retain personal information in an aggregated form which allows us to continue to develop/improve our products and services.

Transfers and disclosures of Personal information

Some of the organisations we share information with may be located outside of your country, state, province or other jurisdiction where the data protection laws may differ from your jurisdiction.

  • Transfers within our Aviva Group are covered by an agreement entered by members of the Aviva Group (an intra-group agreement) which contractually obliges each member to ensure that your personal information receives an adequate and consistent level of protection wherever it is transferred within our Group;
  • Where we transfer your data to non-Aviva Group members or other companies providing us with a service, we will obtain contractual commitments and assurances from them to protect your personal information;
  • We will only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.

If we are involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Notice.

Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

You have a right to ask us for more information about the safeguards we have put in place as mentioned above.

Your rights

You have legal rights under data protection law.  You are entitled to view what personal information we have about you, what we use it for, who we disclose it to, whether we transfer it abroad, how we protect it, how long we keep it for, what rights you have, where we got your data from and whether we have carried out any automated decision making using your personal information.

We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information or change account details with the right individual. 

Click on the links below to learn more about each right you may have.

We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated.  We will always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about. 

You can ask us to:

  • confirm whether we have and are using your personal information
  • get a copy of your personal information

Please let us know if your information changes as it is important that the information, we hold about you is accurate and up to date.  You can ask us to:

  • rectify any information about you which is incorrect.
  • erase your personal information if you think we no longer need to use it for the purpose we collected it from you.
  • erase your personal information if you have either withdrawn your consent to us using, or exercised your right to object to further legitimate use of your information, where we have used it unlawfully or where we’re subject to a legal obligation to erase your personal information

We may not always be able to comply with your request, for example where we need to keep using your personal information in order to comply with a legal obligation or where we need to use your personal information to establish, exercise or defend legal claims.

You can ask us to restrict our use of your personal information in certain circumstances, for example, where:

  • you think the information is inaccurate and we need to verify it;
  • the information is no longer required for the purposes for which it was collected but it is needed to establish, exercise or defend legal claims; or
  • you have objected to our use of your personal information, but we still need to verify if we have overriding grounds to use it.

You can object to any use of your personal information if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information.  If you raise an objection, there are circumstances where we may continue to use the personal information if we can demonstrate that we have compelling legitimate interests to use the information.

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).  You may only exercise this right where we use your personal information in order to perform a contract with you, or where we asked for your consent to use your personal information.  This right does not apply to any personal information which we hold, or process based on our legitimate interest or which is not held in digital form.

Subject to certain legal and contractual restrictions and reasonable notice, you may refuse or withdraw consent to the processing of your Personal Information at any time by contacting us (e.g. direct marketing or cookies).  We will advise you if withdrawing your consent may affect our ability to respond to your needs.

How to contact us

If you have any questions about this Privacy Notice or how to exercise your rights, please contact our Data Protection Officer.

By email:

DPOffice@avivainvestors.com

By post:

The Data Privacy Office (Floor 6), Aviva Investors Global Services Limited, St Helens, 1 Undershaft, London EC3P 3DQ

You can also contact:

France:

A l’attention du Délégué à la Protection des Données, Aviva Investors France, 14 Rue Roquépine, 75008 Paris, France.

Luxembourg:

Dateschutz Offizéier, 2 r. du Fort Bourbon 1st Floor, 1249 Luxembourg.

If you are not happy with the way we are handling your personal information, our Data Protection Officer will endeavour to resolve any concerns directly with you.  You have a right to lodge a complaint with your local data protection supervisory authority at any time:

These are some of the local data protection supervisory authorities:

UK: The Information Commissioner's Office (ICO)

France: The Commission nationale de l'informatique et des libertés (CNIL)

Germany: Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BFDI)

Jersey: Office of the Information Commissioner (OIC)

Luxembourg: The National Commission for Data Protection /Commission Nationale pour la Protection des Données (CNPD)

Poland: The Inspector General for the Protection of Personal Data / Generalny Inspektor Ochrony Danych Osobowych (UODO)

Sweden: The Swedish Data Protection Authority (DPA) / Datainspektionen

Singapore: Personal Data Protection Commission (PDPC)

Canada: Office of the Privacy Commissioner of Canada (OPC)

Australia: Office of the Australian Information Commissioner (OAIC)