Reviti Limited consumer privacy notice
Reviti Limited ("Reviti" or "we") take privacy seriously. This notice tells you who we are, what information we collect about you, and what we do with it. We will use information about you only in accordance with applicable data protection laws. You can also click on the links in this notice for further information.
Please take a few minutes to read this notice and show it to anyone else connected to your policy.
Who are we?
We trade under the name Reviti and are an appointed representative of Resolution Compliance Limited which is authorised and regulated by the Financial Conduct Authority (FRN: 574048). We are a member of Philip Morris International.
Our details (name, address, etc.) will have been given to you separately at the time of (or to confirm) the collection of information about you, for example, in a notice on an app or a website, or in an e-mail, containing a link to this notice.
Reviti is the data controller of any data you provide to Reviti or is otherwise collected through this website. This means that we determine the purposes and means of processing the data you provide us.
If you have any questions about how we process your personal data, please contact us using the details found at the bottom of this notice.
How do we collect information about you?
In this notice, we refer to all the methods by which you are in contact with us as “Reviti touchpoints”. Reviti touchpoints include both physical (for example, retail outlets and events, consumer contact centres), and digital (for example, apps and websites).
We may collect information about you in various ways.
- Information you provide us. You may provide us with information directly (for example, filling in a form, emailing or calling us). This will be how most of the data about you that we process is collected. You will be asked to fill in forms or provide information to our contact centre during the quote and application process. We will not be able to provide you with a quote or inform you of an offer from Scottish Friendly unless you answer the mandatory questions.
- We collect personal information when you:
- Obtain a quote.
- Apply for a policy.
- Ask us a question.
- Change your cover.
- Update how we contact you with marketing.
- Make a complaint.
- Take part in targeted promotions.
- Change ownership of a policy (for example, putting it in trust).
- Take part in market research and surveys (for example, satisfaction surveys).
- We may collect information automatically.
- Typically this will happen when you:
- use a Reviti app or website or, where you have opted in to this, where you have agreed to our using technologies to observe when you open e-mails or SMS messages.
- If you exchange emails, telephone conversations or other electronic communications with us then our information technology systems and those of our outsourced partners will record details of those conversations, sometimes including their content.
- If you respond to surveys that we may send to customers from time to time about the Reviti products you have.
- communicate with us (for example, through a touchpoint, or social media platforms);
- use Reviti touchpoints (for example, through tracking mechanisms (such as cookies and web beacons/pixels), where we use them, that you receive when you use the Reviti touchpoint or get an e-mail or SMS message from us);
- use third party websites (for example, using technology similar to that described in the bullet above, that you receive when you visit a Reviti touchpoint or get an e-mail from us); or
- make public posts on social media platforms that we follow (for example, so that we can understand public opinion, or respond to requests concerning Reviti products).
- Our premises may have closed circuit TV systems for security and safety purposes. These may record you if you visit our premises.
Where permitted by law, we may infer information about you from aggregated information we acquire from third parties. This may include, for example, statistical information about people in certain geographical areas.
We may also collect information in other contexts made apparent to you at the time.
- We may acquire information from third parties. This includes:
- Your doctor or other relevant medical attendants.
- Fraud prevention, enforcement or government agencies used to prevent or detect fraud or provide details to us about criminal convictions or offences.
- HM Treasury and other authorities in relation to regulatory issues.
- Publicly available sources. For example, information on social media platforms such as Facebook and Twitter or statistical information about the population in certain geographical areas.
- Any price comparison websites (where we use such services) that you have used to find out about our policies.
What about information we collect from you about other people?
For what purposes do we use information about you, and on what legal basis?
In this section, we describe the purposes for which we use personal information.
- Providing you with the service you have requested. We process your data to provide you with the service you have requested or otherwise engaged us in respect of for example: to provide a quote, allow you to save a quote; to allow you to return to a partially completed application; submit an application you have completed; trigger a premium adjustment; or put you in contact with Scottish Friendly regarding a claim or a complaint.
- Automated decision making. We need your personal information when you apply so Scottish Friendly can decide whether to offer you a policy and, if so, on what terms. An automated underwriting engine is used as part of this process. The engine takes account of the information you have provided (including your age, whether you smoke, your answers to our other questions) along with the amount of cover you wish to obtain. We’ll make clear to you in the application for each policy whether automated underwriting is used. Please see below ("what rights and options do I have?") to find out more about your rights when automated decision-making processes are used.
- In relation to your policy. Throughout the life of a policy, we will hold your personal information to enable us to administer the policy. We may also use the information to help us understand you as a customer and ensure that our products are appropriately priced.
- Business and operational reasons. We process your information to otherwise operate, manage, develop and promote our business. We also process your information to operate, administer and improve our products, website, premises and other aspects of the way in which we conduct our operations.
- Better understanding our customers. We process your data to better understand our customers and offer them products and services to accommodate their needs and requirements.
- Comply with our legal and regulatory obligations and to defend legal claims. We and our contact centre provider may need to process your personal information to comply with our legal and regulatory obligations and to defend ourselves against legal claims, for example, to carry out sanctions, fraud and money laundering checks.
- To keep you updated about your policy and features of your policy. We will use your personal data to keep you updated about the policy and comply with our regulatory obligation to inform you about existing benefits and related services and support you may be eligible for.
- Direct marketing. When you apply for a policy we will ask you whether you would like to receive marketing material from us. Where you let us know you would like to receive this material we will use your details in order to send you such information. If you tell us that you do not want to receive marketing information we will not use your information for marketing reasons. You will receive your Life Insurance application quotes via email and we will still need to contact you from time to time for the purposes of servicing your policy. You can update your marketing preferences at any time by visiting our website and updating your preferences using the link provided. If we send you marketing emails you can also unsubscribe by clicking on the unsubscribe link or by contacting us.
- Marketing and research. We may anonymise your personal information to process it for marketing and consumer research purposes.
- Other. For other purposes that we notify you of, or will be clear from the context, at the point information about you is first collected.
Given the above purposes for which we use personal information, the legal basis for our use of information about you is one of the following:
- compliance with a legal obligation to which we are subject;
- the performance of a contract to which you are a party; or
- a legitimate business interest that is not overridden by your own interests in relation to that data.
In any other circumstances we will always ask for your consent before we process the information. This will be clear from the context.
In some instances, we may use information about you in ways that are not described above. Where this is the case we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.
If you are uncertain as to our need for information that we request from you, or have concerns relating to the basis for processing we are relying on, then please contact us (see below) with your query.
Do you process my sensitive personal information?
Yes, you will need to provide "special category" personal information to enable us to provide you with your quote or process your application for insurance. Special category personal data is afforded additional protection by data protection law. This data includes information about your health, including whether you are a smoker, for example, as well as information relating to your lifestyle and your family health history.
Unless we inform you otherwise, you should assume that we process this data for the purposes of arranging, underwriting or administering an insurance contract. For this reason, we do not require your consent. We may also retain a copy of any such information in order to comply with legal or regulatory obligations.
Who do we share your information with, and for what purposes?
We may share information about you with:
- Other companies within our group.
- Resolution Compliance Limited and Scottish Friendly as well as Scottish Friendly's reinsurers for the purpose of arranging, underwriting and administering the policy.
- To service providers who host our websites or other information technology systems or otherwise hold or process your information on our behalf, under strict conditions of confidentiality, data privacy and security.
- To our contact centre
- Carefully selected partners including Cavendish online Limited (in areas connected with our and other insurance products) so that they can contact you with offers that they think may interest you, in accordance with your marketing preferences and only with your consent where required.
- To a person who takes over our business and assets, or relevant parts of them.
- To our professional advisers.
- In exceptional circumstances:
- Regulators (e.g. the Financial Conduct Authority), government (e.g. HMRC) and law enforcement or fraud prevention agencies, as well as our professional advisers.
- To competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in the applicable country or territory.
Where might information about you be sent?
When using information as described in this notice, information about you may be transferred either within or outside the United Kingdom where it was collected, including to a country or territory that may not have equivalent data protection standards. In all cases, the transfer will be:
- on the basis of a European Commission adequacy decision (or equivalent decision in the UK);
- subject to appropriate safeguards, for example the EU Standard Contractual Clauses ; or
- necessary to discharge obligations under a contract between you and us (or the implementation of pre-contractual measures taken at your request) or for the conclusion or performance of a contract concluded in your interest between us and a third party.
In all cases, appropriate security measures for the protection of personal information will be applied in those countries or territories, in accordance with applicable data protection laws.
How do we protect information about you?
We implement appropriate technical and organisational measures to protect personal information that we hold from unauthorised disclosure, misuse, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the information you provide. We also require our service providers to comply with strict data privacy and security requirements.
How long will information about you be kept?
We will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, we will delete or anonymise it. The period will vary depending on the purposes for which the information was collected. Note that in some circumstances, you have the right to request us to delete or anonymise the information. Also, we are sometimes legally obliged to retain the information, for example, for tax and accounting purposes.
Where you have taken out a policy with us either through our website or our contact centre we and our contact centre (if relevant) will generally keep your information for a period of seven years following a claim or the end of your policy in line with the insurers policy, unless there is a requirement for us to retain the information (for example, a legal requirement, or where there are ongoing claims relating to your policy).
Where you have obtained a quote or started an application but not completed the purchase of a policy we will generally keep your information for a period of 6 months before deleting. However we will retain recordings of any calls between you and our contact centre for a period of 7 years.
What rights and options do you have?
You may have some or all of the following rights in respect of information about you that we hold:
- request us to give you access to it;
- request us to rectify it, update it, or erase it;
- request us to restrict our using it, in certain circumstances;
- challenge a decision that has been made using automated decision making or otherwise request human intervention in an automated process;
- object to our using it, in certain circumstances;
- withdraw your consent to our using it;
- data portability, in certain circumstances;
- opt out from our using it for direct marketing; and
- lodge a complaint with the supervisory authority.
We offer you easy ways to exercise these rights, such as “unsubscribe” links, or giving you a contact address, in messages you receive.
Right in respect of the information about you that we hold, with further detail
(note: certain legal limits to all these rights apply)
- To request us to give you access to it
- This is confirmation of:
- whether or not we process information about you;
- our name and contact details;
- the purpose of the processing;
- the categories of information concerned;
- the categories of persons with whom we share the information and, where any such person is located outside the United Kingdom and the EEA and does not benefit from a UK adequacy decision, the appropriate safeguards for protecting the information;
- (if we have it) the source of the information, if we did not collect it from you;
- the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; and
- the criteria for determining the period for which we will store the information.
On your request we will provide you with a copy of the information about you that we use (provided this does not affect the rights and freedoms of others).
- To request us to rectify or update it
- This applies if the information we hold is inaccurate or incomplete.
- To request us to erase it
- This applies if:
- the information we hold is no longer necessary in relation to the purposes for which we use it;
- we use the information on the basis of your consent and you withdraw your consent (in this case, we will remember not to contact you again, unless you tell us you want us to delete all information about you in which case we will respect your wishes);
- we use the information on the basis of legitimate interest and we find that, following your objection, we do not have an overriding interest in continuing to use it;
- the information was unlawfully obtained or used; or
- to comply with a legal obligation
- To request us to restrict our processing of it
- This right applies, temporarily while we look into your case, if you:
- contest the accuracy of the information we use; or
- have objected to our using the information on the basis of legitimate interest (if you make use of your right in these cases, we will tell you before we use the information again).
- This right applies also if:
- our use is unlawful and you oppose the erasure of the data; or
- we no longer need the data, but you require it to establish a legal case.
- To object to our processing it
- You have two rights here:
- (i) if we use information about you for direct marketing: you can “opt out” (without the need to justify it) and we will comply with your request; and
- (ii) if we use the information about you on the basis of legitimate interest for purposes other than direct marketing, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection.
- To withdraw your consent to our using it
- This applies if the legal basis on which we use the information about you is consent based. These cases will be clear from the context.
- To data portability
- (i) you have provided data to us; and
- (ii) we use that data, by automated means and on the basis either of your consent, or on the basis of discharging our contractual obligations to you,
then you have the right to receive the data back from us in a commonly used format, and the right to require us to transmit the data to someone else if it is technically feasible for us to do so. To lodge a complaint with the UK Information Commissioner
The Information Commissioner’s
Office Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. +44 1625 545 700
Who should you contact with questions?
If you have any questions, or wish to exercise any of your rights, you can find contact details for Reviti here. Contact details will also be given in any communications that Reviti sends you. The UK’s data protection authority is the Information Commissioners Office. You have a right to contact them with any questions or concerns (please see contact details above). If Reviti cannot resolve your questions or concerns, you also have the right to seek judicial remedy before a national court.
Changes to this notice
We may update this notice (and any supplemental privacy notice) from time to time. Where the law requires it we will notify you of the changes ; further, where the law requires it, we will also obtain your consent to the changes.
Last modified [02/08/2021].