Arrange: we use information to find a product, provide a price and complete product formalities. This may include checking identity, reviewing a proposal/application, assessing risk relevant to the product, arriving at a price (premium or product fees) and/or issuing a policy or contract.
Assistance Providers: a special category of service providers, which we use to help provide emergency or other assistance to customers, in connection with certain policies (e.g. certain travel policies).
Automated Decision Making: decisions made with no human intervention.
Automated means: activities which involve the use of machines or computers e.g. where we have recorded information on our computers.
Brokers: provide insurance advice to persons seeking coverage, negotiate insurance and deal directly with insurers, such as Aviva, on behalf of the persons seeking coverage.
Business information: details about a company such as company name, trading name, contact person, number of employees, details of employees and their roles in the company, company address and other contact details and names of directors or LLP members.
Business Partners: we work with other organisations such as independent financial advisers, insurance brokers, banks and building societies who help sell our products.
Claim: a request to an insurance company to provide payment or some other service following a loss covered in an insurance policy.
Claims Experts: experts in a particular field which is relevant to a claim, for example medicine, forensic accountancy, mediation or rehabilitation, who help us properly assess the merit and value of a claim, provide advice on its settlement, and advise on the proper treatment of claimants.
Contact information: details that can be used to contact a person, including title, first name, surname, personal telephone number, email address, fax, home address, country, postcode or city of residence and [social media contact information]. This may also include work contact information such as work telephone number, work email, fax and work address.
Data Controller: a natural or legal person (such as a company) which determines the means and purposes of processing of personal information. For example, an Aviva entity which provides an Aviva product will be a Data Controller as it determines how it will collect personal information, the scope of data which will be collected, and the purposes for which it will be used.
Direct Marketing: any means of marketing our products and services directed at a particular individual. This could be by a form of advertising or informing such individual about our products or services by other means.
DWP: the Department of Works and Pensions, which is a government body responsible for welfare and pensions management.
Employment Status: information about work, if an individual is employed, self-employed unemployed, a student or on job seeker allowance.
FCA: the Financial Conduct Authority, a financial regulatory body. The FCA focuses on the regulation of conduct by financial services firms like Aviva.
Financial Crime: any kind of criminal conduct relating to money or to financial services or markets, including any offence involving fraud or dishonesty.
Financial Ombudsman: a body set up by Parliament to resolve individual complaints between financial businesses including insurers and customers.
Handle claims: for our insurance products, we use information to help investigate and settle claims following the results of the investigation.
Health information: information relating to medical history, including symptoms, diagnoses, procedures and outcomes. This could include previous and current or persistent medical conditions and family medical history.
ICO or the Information Commissioner's Office: regulates the processing of personal information by all organisations within the UK.
Identity information: any information that can be used to distinguish a person or verify their identity, such as name, date of birth, place of birth, gender, marital status, national identity card/number, passport, drivers licence, NI Number, vehicle registration details, other information about a vehicle, [face, photograph, fingerprints, signature, handwriting, credit card numbers, digital identity] and employee number.
Information about other people: where a person applying for or who holds an Aviva product gives us information which relates to somebody else such as a joint policyholder or other family member.
Insured Person: an individual policyholder and anyone else who benefits from insurance cover under one of our policies (for example, where an employee benefits from cover taken out by their employer).
Legitimate interest: an interest or benefit that Aviva as a business has e.g. meeting the needs of our customers, improving and providing relevant services and products to our customers. We will ensure that these interests do not override fundamental rights and freedoms.
Lifestyle information: includes both work and leisure behaviour patterns. Most relevant to our products will be smoker status, alcohol consumption, health and exercise [and eating] habits. Some of these may be special categories of personal information.
Loss Adjuster: an independent claims specialist who investigates complex claims on our behalf.
Manage: we use information to keep a record of the products we hold, our relationships with customers, to provide customer support, manage renewals and deal with any queries, complaints or changes.
Other people: sometimes we collect information about people who are not our customers in order to provide them with the benefit of our product, where our customer requires us to do so. We also collect information about people who are not our customers (e.g. customer family members) where we need this information to assess the risk associated with the provision of our products to our customers or where we need this for a claim (e.g. persons involved in an accident).
Past offences: will include information about unspent offences or criminal convictions.
Payment information: information that can be used to make payments or receive payment from a customer, such as bank account number, sort code, bank branch address, debit card information, credit card information, other methods of payment.
PRA or the Prudential Regulation Authority: is a financial regulatory body. The PRA focuses on the prudential regulation of financial services firms. When discharging its general functions, the PRA is responsible for contributing to the securing of an appropriate degree of protection for policyholders.
Prevent fraud: we will check claims history to detect fraudulent patterns and to ensure that a current claim is not fraudulent. If we are given false or inaccurate information and we suspect fraud, we will record this to prevent further fraud and money laundering.
Process: anything done with personal information, such as collecting, using, handling, transferring, recording, merging with other information, organising, storing, altering, retrieving, sharing, erasing or making it available.
Profiling: using automated processes without human intervention (such as computer programmes) to analyse personal information in order to evaluate behaviour or to predict things about an individual which are relevant in an insurance context, such as the likely risk profile.
Service Providers: third parties who provide certain functions for our business. For example, we have service providers who help us with the administration of setting up a new policy record. Some of these providers use 'cloud based' IT applications or systems, which means that information will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of information.
Solicitors: we frequently use solicitors to advise on complex or contentious claims or to provide us with other legal advice not related to claims. In addition, if a policy-holder is making a claim, they may be represented by their own solicitor(s).
Sensitive personal information: personal information relating to health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership. At Aviva, we routinely only process sensitive personal information relating to health or criminal convictions.
Telematics data: on renewal, we are able to provide more personalised quotes with the aid of a device which monitors behaviour and provides data to us.
Third Party Administrators (or TPAs): companies outside the Aviva Group which administer the underwriting of policies, the handling of claims, or both, on our behalf. We require all TPAs to ensure that information is handled lawfully, and in accordance with this Policy and our instructions.
Third Party Claimant: a person pursuing a claim directly against the at-fault person (e.g. an Aviva policy holder) or the at-fault person's insurance company (e.g. Aviva).
Trustees: pension schemes are usually managed by an independent board of Trustees.
WA03349 12/2018 (3 of 3)