For information concerning any other companies within the wider Aviva Group, please visit www.aviva.com.
Aviva Investors Holdings Limited
Registered in England, No. 2045601. Registered Office: St Helen’s, 1 Undershaft, London EC3P 3DQ.
Aviva Investors Global Services Limited
Registered in England, No. 1151805. Registered Office: St Helen’s, 1 Undershaft, London EC3P 3DQ. Authorised and regulated by the Financial Conduct Authority. Firm Reference Number 119178.
Aviva Investors Pensions Limited
Registered in England, No. 1059606. Registered Office: St Helen’s, 1 Undershaft, London EC3P 3DQ. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Firm Reference Number 110410. Member of the Association of British Insurers.
Aviva Investors UK Fund Services Limited
Registered in England No.1973412. Registered Office: St Helen’s, 1 Undershaft, London EC3P 3DQ. An Aviva company. Authorised and regulated by the Financial Conduct Authority. Firm Reference Number 119310.
Aviva Investors Jersey Unit Trusts Management Limited
Registered in Jersey, Channel Islands, No 87075. Registered Office: Gaspe House, 66 - 72 Esplanade, St Helier, Jersey, JE2 3QT.
Aviva Investors Luxembourg Services Sarl
No. B 189.858. Registered Office: 2 r. du Fort Bourbon 1st Floor, 1249 Luxembourg.
- what personal information we use in relation to our investment and financial products;
- how we collect, use and share personal information within Aviva Investors and with our business partners;
- your rights in relation to any personal information we hold about you; and
- how you can contact us with any questions you may have about information privacy.
What personal information do we collect and use in relation to our investment and financial products
Section A applies to all personal information we collect and use:
- Personal information we collect;
- Personal Information about other individuals;
- Intermediaries and third parties;
- How we keep your personal information secure;
- Marketing, cookies and analytics; and
- Other organisations we work with.
Section B applies to specific product groups and describes that we collect and use personal information:
- When you invest directly in an Aviva Investors' product as an individual;
- Where you invest in an Aviva Investors' product as an institutional or wholesale client;
- When you interact with Aviva Investors as a broker or financial adviser;
- Where Aviva Investors provides you with debt finance; and
- Where Aviva Investors owns real estate and infrastructure assets.
Personal information we collect
Your personal data (any information which identifies you, or which can be identified as relating to you personally) will be collected and used by us. We will only collect the personal data that we need.
We collect personal information when you contact us through any of our offline channels (e.g. application forms, telephone and email) or register with or use one of our websites or online services.
In addition to the specific product groups we also collect personal data in connection with other activities which are related to your query, for example if you:
- work with us as a supplier or service provider;
- are part of our Request for Proposal (RFP) process to bid for new business;
- visit an office or register to attend an Aviva Investors event;
- are introduced to us by third parties for legitimate marketing purposes; or
- enter an Aviva Investors' competition.
We will ask for the personal information from you or persons who are authorised to act on your behalf.
Personal Information about other individuals
Whilst most of the personal information we collect relates to the person taking out a product (or persons if taken out jointly), there may be occasions when we need to obtain information about other individuals. Common examples include:
- we may require personal information of persons who are authorised to act on a customer's behalf. This may include a customer’s attorney or (in the case of a corporate investor) such other individuals who work for or are otherwise authorised to represent it;
- where we invest in properties, we will collect information about the person(s) to whom any such property is leased or who reside in the property (or, where the tenant is an organisation, about key members of that organisation such as its directors or partners); and
- where we make financial products available to a borrower, we may need to collect personal information about the borrower, where the financial product is made available to an organisation, about key members of that organisation such as its directors, shareholders, partners and/or beneficial owners/ultimate controllers, and also information about guarantors where required.
If you provide information about another individual, we expect you to ensure that they know you are doing so and are content with their information being provided to Aviva Investors.
Intermediaries and third parties
Many customers invest in an Aviva Investors’ product through a financial adviser or one of our business partners and in doing so they may provide us with personal information in respect of that customer. We may also receive personal information from other third parties, including attorneys, trustees and family members. It is their responsibility to make sure they explain to the person whose information is being shared that they are doing so, and ask for permission if needed. Depending on the product, we may also share your personal information with the financial adviser who helped you invest in an Aviva Investors’ product or who are otherwise linked to your investment.
How we keep your Personal Information secure
We are committed to keeping your personal information secure. We maintain appropriate organisational and technical security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal information to those employees and other third parties who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.
We have put in place procedures to deal with any actual or suspected personal data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of a breach affecting your Personal Data.
Marketing, cookies and analytics
We collect information to help us improve our products and services and we will use your personalinformation to inform you about our products and services that we believe will be of interest. This may be through a range of channels, including email, online advertising or social media. We will always do this in accordance with marketing preferences provided. For further information about marketing, cookies and analytics please click here.
Other organisations we work with
We share personal information with a number of trusted third parties who work with us to help deliver our products and services or to fulfil our legal and regulatory obligations, including:
- business partners, for example transfer agents who help us arrange and administer our products;
- solicitors and professional service firms who assist in conducting due diligence checks as part of arranging our products and who provide us with legal support in relation to our products or any litigation;
- service providers external and within the Aviva Group, who help operate our IT systems, real estate management, marketing and other operational processes;
- credit reference and anti-fraud agencies to carry out identity checks and detect and prevent fraud and fight financial crime.
- regulators who regulate how we operate, these include the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), HM Revenue & Customs (HMRC), The Pensions Regulator and Information Commissioner's Office (ICO);
- investments exchanges, settlement systems and banks, clearing houses and agencies, securities depositories;
- banking services providers, providers of payment processing systems and services, industry messaging and matching utilities; and
- providers of data and information relating to unit, securities and investments prices, currency exchange rates, interest rates, corporate actions, income and tax data, and credit rating.
You can contact us to find out more about this sharing of your personal data.
When you invest directly in an Aviva Investors product as an individual
We will collect contact and identity information, together and payment information. We will also use this information to arrange and administer your investment and your account with Aviva Investors. We also need this information to verify your identity and prevent fraud.
We will collect this information where you apply to us by completing and submitting our application form which can be downloaded from our website, or posted out to you on request.
Depending on the type of investment you seek, we may require additional information, such as the source of the wealth/funds for an investment in order to comply with anti-money laundering regulation checks.
Administering your investment product, requires us to provide you with ongoing customer service in relation to your investment, additionally assisting you where you want to make additional investments, to draw down on an investment or where you have queries about your existing investment.
In order to provide you with an investment product, we will undertake identity checks on you, using the personal information you have provided. This will involve disclosing your personal information to credit reference agencies, which carry out searches relating to you on our behalf. We work with reputable anti-fraud and credit reference agencies to detect and prevent fraudulent practices and fight financial crime to meet our regulatory responsibilities. To find out more see section working with credit reference agencies and fraud prevention agencies.
Where you invest in Aviva Investors product as an institutional or wholesale client
We will collect the contact and identity personal information of the attorneys, directors, partners and other relevant contacts within your organisation that are authorised to represent you, in order to establish a relationship with you. We also collect information about your organisation such as the trading name, number of employees and the nature of your business. We collect this information in order to arrange and administer your investment product. We also use this information to carry out Know Your Customer (KYC) checks, Anti-Money Laundering (AML) checks and to prevent fraud.
In order to provide you with an investment product, we will undertake identity checks of the attorneys, directors, partners and other relevant contacts within your organisation or that are authorised to represent you. This will involve disclosing the personal information provided to credit reference agencies, which carry out searches on our behalf. We work with reputable anti-fraud and credit reference agencies to detect and prevent fraudulent practices and fight financial crime to meet our regulatory responsibilities. To find out more see section working with credit reference agencies and fraud prevention agencies.
When you interact with Aviva Investors as a broker or financial adviser
We will collect contact and identity personal information and business information from you and key members of your organisation. We collect this information in order to order for us to open or continue to operate an adviser / broker account with you and arrange and administer the investments of your clients. We also use this information to carry out Know Your Customer ("KYC") checks, Anti-Money Laundering ("AML") checks and to prevent fraud.
In the course of our dealings, you may provide us with the personal information of customers which you introduce to us. You are responsible for (i) collecting this information in a lawful manner and (ii) ensuring that your disclosure to us of such personal information is fair and lawful.
In order for us to open or continue to operate an adviser and or broker account with you, we will undertake identity checks on you as a broker or financial adviser, on key members of your organization, such as the directors and/or partners. We will use the personal and business information you have provided as well as information we have obtained from other sources such as credit reference agencies. This will involve disclosing the personal information provided to credit reference agencies, which carry out searches on our behalf. We work with reputable anti-fraud and credit reference agencies to detect and prevent fraudulent practices relating to financial crime to meet our regulatory responsibilities. To find out more see section working with credit reference agencies and fraud prevention agencies.
Where Aviva Investors provides you with debt finance
We will collect contact and personal information, together with payment information from you. This could be during the course of the investment activity where Aviva Investors makes a finance facility available to you (as the borrower). Where the borrower owns a property, we may also obtain personal information of the tenants through the borrower. We may also require information about guarantors and key members of your organisation (such as directors, shareholders, and/or partners and/or beneficial owners/ultimate controllers). We will also collect information about your business, such as its trading name, business contact information, the type and nature of the business and its sectors. We use this information to arrange and administer your finance facility. We also use this information to carry out Know Your Customer ("KYC") checks, to verify the identity and address of all parties involved in the transaction, to carry out Anti-Money Laundering ("AML") checks and to prevent fraud.
In order to provide you with the best terms for your finance facility, we will collect information about your security asset or portfolio for example the address of your property, if any part of the property is occupied as a residence, information about any tenants in the property, any registered charges, information about any lenders who have taken the asset as a security. We use this information to put together a financial product package, which is shared with various teams which carry out the necessary due diligence checks. Our Investment Committee and where required the Investor client will then make a decision on whether or not to provide you with the financial product.
In certain circumstances, we will collect personal information of persons connected with a financial product, such as tenants residing in a leased property.
In order to provide you with a financial product, we may undertake credit checks and analysis on the parties involved in the transaction, using the personal and business information you have provided as well as information we have obtained from other sources such as credit reference agencies. This will involve disclosing the personal information provided to credit reference agencies, which carry out searches on our behalf. We work with reputable anti-fraud and credit reference agencies to detect and prevent fraudulent practices and fight financial crime to meet our regulatory responsibilities. To find out more see section working with credit reference agencies and fraud prevention agencies.
Where Aviva Investors owns real estate and infrastructure assets
We will collect contact and personal information, together with payment information from you during the acquisition of a property or an infrastructure asset or where Aviva Investors owns a property which you occupy (as a tenant or a leaseholder).
We may also collect personal information about guarantors and key members of your organisation (such as directors, shareholders, partners and/or beneficial owners/ultimate controllers). We will also collect information about your business, such as its trading name, business contact information, the type and nature of the business and its sectors. We use this information to carry out due diligence on sellers, purchasers and suppliers at the acquisition stage and the ongoing management of the property and at the point of sale. We also use this information to carry out Know Your Customer ("KYC") checks, to verify the identity and address of all parties involved in the transaction and to carry out anti-money laundering checks and to prevent fraud.
We will undertake credit checks on the parties involved in the transaction and also on tenants or leaseholders. We will use personal and business information you have provided as well as information we have obtained from other sources such as credit reference agencies. This will involve disclosing the personal information provided to credit reference agencies, which carry out searches on our behalf. We work with reputable anti-fraud and credit reference agencies to detect and prevent fraudulent practices and fight financial crime to meet our regulatory responsibilities. To find out more see section working with credit reference agencies and fraud prevention agencies.
How we collect, use and share personal information
We are committed to respecting and protecting the use of your personal information. We will do this for a valid legal reason in accordance with applicable data protection laws, for example:
- to on board a customer or business relationship of Aviva Investors;
- to arrange or administer our products, in accordance with the agreed terms;
- to meet responsibilities, we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities;
- to operate and improve our portfolio of products and services and keep people informed about our products and services; and
- where we have obtained the necessary consent to use your personal information.
We may use personal information to send direct marketing communications about our products and our related services where we feel this will be of interest and we have the appropriate permissions to do so. This may be in the form of email, post, SMS, telephone or targeted online advertisements.
To protect privacy rights and give customers choice and control over the use of their personal information:
- we will always give the opportunity to ‘opt out’ of direct marketing when applying for a product or related service online or by post or when you receive any email, text or other direct marketing communication. You can also ask us to stop direct marketing at any time. You can change your marketing preferences by using the unsubscribe links that you will find on any marketing communications we send you, or by contacting us;
- we take steps to limit direct marketing to a reasonable and proportionate level and to send you communications which we believe may be of legitimate interest or relevance to you, based on the information we have about you; and
- if we use or share information with online sources, such as websites, social media and information sharing platforms to help tailor and improve our services or communicate with you effectively, we will respect any permissions you have set about how you would like your personal information to be used.
We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms.
For all our products, to ensure we have the necessary facts to verify your identity, help detect and prevent fraud, fight financial crime, meet our regulatory responsibilities and provide you with our best terms and payment options, we may share your information with Credit Reference Agencies (CRA) and Fraud Prevention Agencies (FPA).
Some of our checks may involve checking public registers (e.g. the electoral roll or registers of county court judgments, bankruptcy orders or repossessions), conducting online searches from websites, social media and other information sharing platforms and using databases managed by credit reference agencies and other reputable organisations. We may also share your information and undertake searches with third party organisations such as police, public bodies and our regulators (which include the FCA, PRA, ICO and Financial Ombudsman).
If you give us false or inaccurate information and we suspect fraud, we will record this to prevent further fraud and money laundering.
We can supply on request further details of the agencies and databases we access or contribute to and how this information may be used. If you require further details, contact us.
We collect information through cookies and other similar technologies (e.g. pixel tags or links) when you visit our website. These tools are used by Aviva Investors and our third-party service providers to help improve our and their products and services, the functionality and performance of our website and support more effective advertising. For example, we use some of these tools to save you time by not having to re-enter your details each time you visit our website, so we are able to offer you our services in the language you prefer.
We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you as well as improve our own products and services, including the functionality and performance of our website.
We maintain a data retention policy which we apply to the records we hold.
Some of the organisations we share information with directly or indirectly may be located outside of the European Economic Area (EEA). We will always take steps to ensure that any transfer of information outside Europe is carefully managed to protect your privacy rights:
- transfers within the Aviva Group will be covered by an agreement entered into by members of the Aviva Group (an intra-group agreement) which contractually obliges each member to ensure that your personal information receives an adequate and consistent level of protection wherever it is transferred within the Group;
- where we transfer your data to non-Aviva Group members or other companies providing us with a service, we will obtain contractual commitments and assurances from them to protect your personal information. Some of these assurances are well recognized certification schemes like the EU - U.S. Privacy Shield for the protection of personal information transferred from within the EU to the United States of America;
- we will only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and
- any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed.
You have a right to ask us for more information about the safeguards we have put in place as mentioned above. To learn more, please click on Your Rights section.
In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a “legal basis” for that use. Most commonly, we will rely on one of the following legal bases:
- Where we need to perform a contract we are about to enter into or have entered into with you (“Contractual Necessity”).
- Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your Personal Data for is set out in the table below.
- Where we need to comply with a legal or regulatory obligation (“Compliance with Law”) to verify your identity, help detect and prevent fraud and fight financial crime.
- Where we need to comply with the Anti-Money Laundering (AML) Directive, it specifies that AML/Counter Terrorist Financing should be processed under the legal basis of Public Interest (“Public Interest”).
- Where we have your specific consent to carry out the processing for the Purpose in question (“Consent”). Generally, we do not rely on your Consent as a legal basis for using your Personal Data.
We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your Personal Data.
|Purpose||Category(ies) of Personal Data||Why do we do this|| |
Our legal basis for this use of data
|Fraud Prevention||Identity Data |
|To keep our website, our services and associated systems operational and secure.||Legitimate Interests. We have a legitimate interest in ensuring the ongoing security and proper operation of our services, website and associated IT services and networks.|
|Troubleshooting||Technical Data||To track issues that might be occurring on our systems.|| |
Legitimate Interests. It is in our legitimate interests that we can monitor and ensure the proper operation of our Sites and associated systems and services.
|Marketing||Identity Data |
Marketing and Communications Data
|To form a view on what we think you may want or need, or what may be of interest to you. |
This is how we decide which services and offers may be relevant for you.
|Legitimate Interests. We have a legitimate interest in providing you with updates on our Sites and related offers where you have purchased or shown interest in similar investments and services from us.|
You have legal rights under data protection law. You are entitled to view what personal information we have about you, what we use it for, who we disclose it to, whether we transfer it abroad, how we protect it, how long we keep it for, what rights you have, where we got your data from and whether we have carried out any automated decision making using your personal information.
Click on the links below to learn more about each right you may have.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information or change account details with the right individual.
A. To access your personal information
B. To rectify or erase your personal information
C. To restrict or object to how we use your personal information
D. To contest decisions made on automatic decision making
E. To request a transfer of personal information
F. To understand how we protect information transferred outside of Europe
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.
You can ask us to confirm whether or not we have and are using your personal information and request a copy through a Data Subject Access Request (DSAR). We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.
Please let us know if your information changes as it is important that the information we hold about you is accurate and up to date. You can ask that we rectify any information about you which is incorrect.
You can ask that we erase your personal information if you think we no longer need to use it for the purpose we collected it from you.
You can also ask that we erase your personal information if you have either withdrawn your original consent to us using your information, or objected to further legitimate use of your information. We may not always be able to comply with your request, for example where we need to keep using your personal information in order to comply with a legal obligation or where we need to use your personal information to establish, exercise or defend legal claims.
You can ask that we restrict our use of your personal information in certain circumstances, for example
- where you think the information is inaccurate and we need to verify it before rectifying;
- where the information is no longer required for the purposes for which it was collected but it is needed to establish, exercise or defend legal claims; and
- where you have objected to our use of your personal information but we still need to verify if we have overriding grounds to use it.
You can object to any use of your personal information if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, there are circumstances where we may continue to use the personal information if we can demonstrate that we have compelling legitimate interests to use the information.
In Aviva Investors we do not make any decisions purely based on automatic decision making, using your personal information. If in the future we need to make decisions based on automatic decision making, we will inform you about this.
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company). You may only exercise this right where we use your personal information in order to perform a contract with you, or where we asked for your consent to use your personal information.
You can ask for a copy of, or reference to, the safeguards we have put in place when your personal information is transferred outside of the European Economic Area (EEA). We are not required to share details of these safeguards where sharing such details would affect our commercial position, or create a security risk.
Use the glossary for an explanation of terms used throughout this policy.
How to contact us
The Data Privacy Office (Floor 10), Aviva Investors Global Services Limited, St Helens 1, Undershaft, London. EC3P 3DQ
If you are not happy with the way we are handling your personal information, our Data Protection Officer will endeavour to resolve any concerns directly with you.
You have a right to lodge a complaint with your local data protection supervisory authority at any time:
The Information Commissioner's Office. (www.ico.org.uk)
The Commission nationale de l'informatique et des libertés (www.cnil.fr)
The Federal Commissioner for Data Protection and Freedom of Information/
Bundesbeauftragter für den Datenschutz und die Informationsfreiheit www.bfdi.bund.de
Office of the Information Commissioner - OIC. https://oicjersey.org/
The National Commission for Data Protection /Commission Nationale pour la Protection des Données – CNPD https://cnpd.public.lu/en.html
The Inspector General for the Protection of Personal Data / Generalny Inspektor Ochrony Danych Osobowych firstname.lastname@example.org
The Swedish Data Protection Authority / Datainspektionen www.datainspektionen.se