Our Privacy Policy

What's on this page:

1. Introduction
2. Personal Information We Collect and How it is Used
3. Who Personal Information is Shared With
4. Fraud and Other Financial Crime
5. Credit Reference Agencies
6. Automated Decision Making
7. Profiling, Data Analysis and Artificial Intelligence
8. Retention
9. International Data Transfers
10. Marketing
11. Data Rights
12. Contacting Us
13. Updates

1. Introduction

Your privacy matters to us. This Privacy Policy, which we are required to give you by law, explains what Personal Information we collect about you and how we use it, how you can contact us if you wish to exercise your rights and the procedures that we have in place to safeguard your privacy. Personal Information means any information relating to you or another living individual who is identifiable by us.

This Privacy Policy explains how we use Personal Information which we collect about individuals in relation to our products and services (including through this website, our online platform, My Account and our mobile applications).

If you have a telematics policy, you can find further details regarding how we use your Personal Information in our Telematics Terms and Conditions.

We take the security of your Personal Information very seriously. We use a combination of technical, organisational and physical security measures to protect your Personal Information in line with our obligations under data protection law. Our employees receive training to help us comply with data protection law and safeguard your privacy.

This Privacy Policy is issued on behalf of General Accident, which is a trading name of Aviva UK Digital Limited (a company within the Aviva group that operates within the United Kingdom).

Each Aviva group company that processes your Personal Information is responsible for looking after it in accordance with this Privacy Policy. Usually, where you are an individual policyholder, the Aviva group company that underwrites your insurance policy, Aviva Insurance Limited, will be the main company responsible for your Personal Information, known as the controller, and Aviva UK Digital Limited, who is responsible for the sale and distribution of the product, will be an additional controller. In other cases, your relationship with us will determine which of our group companies are the controller(s) responsible for your Personal Information.

Please check the documentation that we provide to you for details of the specific Aviva companies acting as controller(s) of your Personal Information. We may also share your Personal Information in accordance with this Privacy Policy with other companies in the Aviva group (including Wealthify Limited). For information concerning Aviva please visit the Aviva website (aviva.co.uk).

When we mention "General Accident", "Aviva", "we", "us" or "our", what we mean is the relevant company in the Aviva group that processes your Personal Information. If you have any questions about this, please contact us.

We have separate privacy notices for our different types of products, so if you have a number of Aviva products you may need to review more than one privacy notice. We may also supplement this Privacy Policy with additional privacy notices tailored to our specific relationships with you where this is useful to provide you with a full picture of how we collect and use your Personal Information. This Privacy Policy supplements – but doesn’t override – them.

Most of the Personal Information we collect relates to the individual who is taking out a policy (or other individuals, where it’s taken out jointly or otherwise for the benefit of others). We may also ask for Personal Information about other individuals if we need it. For example, if you ask us to provide insurance for someone other than you, such as other household or family members.

This Privacy Policy also explains how we use Personal Information which we collect about individuals who are not customers, prospective customers, beneficiaries, or prospective beneficiaries of our products and services, but whose Personal Information we process in connection with those products and services, including third party claimants; witnesses to an incident; individuals who have caused a policyholder a loss and whom Aviva have a right to pursue in order to recover those losses; third parties driving a vehicle with a telematics device; legal representatives; general practitioners and other medical or similar professionals; expert witnesses or other expert service providers; and participants in market research.

If you provide us with Personal Information about someone else, we’ll assume that you have their permission, where required. We’ll process their Personal Information according to this Privacy Policy so please encourage them to read it if they want to find out more.

2. Personal Information We Collect and How it is Used

a. Sources of Personal Information

We obtain Personal Information directly from you, including from applications and claims forms that you complete, communications between us, your participation in promotions and market research, your use of our apps and websites, as well as details from the devices you use to interact with our apps and websites or a telematics device, if relevant. Where you are a joint policyholder, named driver or otherwise a beneficiary under a policy, we will also obtain Personal Information from the policyholder.

We may also receive your information from our policyholders e.g. when:

• you are witness to an incident;
• you are claiming against one of our policyholders;
• one of our policyholders is claiming against you;
• you are providing your professional services to any of these parties, e.g. as a medical expert.

We may also obtain Personal Information from third parties, including the following:

• Comparison websites and other similar companies where you have used these companies to obtain quotes for motor insurance;
• Third parties who provide you with services relating to your product or claim, e.g. roadside assistance providers;
• Third parties who provide us, or a third party insurer relevant to your product or claim, with services, e.g. loss adjusters, claims handlers, legal advisers, banks, assistance providers, experts and in limited circumstances, private investigators;
• Third parties involved in your product or claim, e.g. other insurers, brokers, claimants, defendants and witnesses to an incident;
• Healthcare providers;
• Aviva group companies who may provide information in relation to other products you or people you live with hold, previous claims, policies or quotes, and Aviva Insurance Ireland Designated Activity Company (AIIDAC) where AIIDAC is providing cover for assets or properties in the European Union;
• Credit reference agencies;
• Financial crime, fraud or uninsured detection agencies, databases and sanctions lists, including the Motor Insurers' Bureau (MIB) who are the data controller for the Motor Insurance Database (MID), National Sira (a syndicated fraud prevention database operated by Synectics Solutions Limited), the Claims and Underwriting Exchange (CUE), Motor Insurance Anti-Fraud Theft Register, No Claims Discount Database, MyLicence, Whiplash Reforms Programme, Employers' Liability Tracing Office (ELTO) and Insurance Fraud Bureau (IFB);
• Government agencies and regulatory bodies including the police, the courts, the Driver and Vehicle Licensing Agency (DVLA), Driver and Vehicle Agency Northern Ireland (DVA), Driver and Vehicle Standards Agency (DVSA), the Department for Work and Pensions (DWP), Companies House and HM Revenue & Customs (HMRC);
• Regulators who regulate how we operate including the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), Information Commissioner’s Office (ICO) and the Financial Ombudsman Service (FOS);
• If you are a service provider, such as a medical expert or solicitor, regulators who regulate how you operate including the General Medical Council and the Solicitors Regulation Authority;
• Industry bodies, including the Association of British Insurers and the MIB;
• Debt advisors, including where breathing space is requested on outstanding debts;
• Third parties who provide us with details of individuals who have expressed an interest in hearing about insurance products;
• Third parties that provide services in relation to your policy or claim, including checking no claims discounts;
• Third parties that help us maintain the accuracy of our data, e.g. by identifying individuals who are deceased, updating contact details for individuals who have moved and payment card providers who provide us with updated payment card details;
• Other third party suppliers including actuaries, auditors, legal advisers and other professional service firms and sanctions checking service providers;
• Data suppliers, e.g. Experian and LexisNexis;
• Publicly available sources including HM Land Registry, the Office for National Statistics (e.g. census data) and other data made available under the Open Government Licence, internet searches, news articles, online marketplaces and social media sites, apps and networks (e.g. Twitter, Facebook and Instagram);
• Providers of marketing and advertising services; and
• Third parties in connection with any acquisition of a business by us.

b. Types of Personal Information collected

The Personal Information we hold and process will depend on our relationship with you. If you are a policyholder or claimant claiming against one of our policyholders, we may collect detailed information about you for the purposes of managing your product and/or your claim. However, if you are an individual at a company who is providing services to us, e.g. a medical expert, the Personal Information we hold about you will be a lot more limited. We have set out some examples of the Personal Information we may hold, depending on our relationship with you below.

Information provided by you or third parties, including:

• General data - includes your name, date of birth, marital status, country of residence/citizenship and your relationships to other people, e.g. family members on a joint insurance policy;
• Contact data – includes your address, telephone number and e-mail address;
• Identification data – includes government issued identification numbers, e.g. your national insurance number, passport number, driving licence number and other identifiers, e.g. usernames and social media identifiers;
• Appearance and behavioural data – includes your gender, age, general interests, descriptive data, e.g. your height, images, demographic data and behavioural data, e.g. your purchase history;
• Product data – includes information about quotes, policies, schemes, relationships you have with intermediaries and claims and any other information relevant to your product, including renewal dates, policy and claim histories;
• Claims data – if a claim is made under an insurance policy, this includes information about the claim collected from you and relevant third parties, e.g. witnesses;
• Fraud and sanctions related data – includes information obtained as a result of our investigations, e.g. carrying out checks of publicly available sources such as newspapers and social media sites and information obtained from checks of fraud databases and sanctions lists such as relationships/close associations with politically exposed persons;
• Education and employment-related data – includes your education, vocational and professional qualifications, employment status, job title and employment and educational history;
• Vehicle and driving-related data - includes driving licence entitlement and restrictions or endorsements, driving convictions, vehicle details including registration number, MOT details and carbon emissions, vehicle ID number, digital location ID, dash cam footage and telematics data where you are seeking a policy with telematics capability;
• Financial data – includes credit and payment card numbers (including updated card information provided by card issuers when changes are made), bank account details, payment information, whether you provide a continuous payment authority, tax information and details of income and assets;
• Credit assessment data – includes information received from credit agencies, e.g. credit rating and details of bankruptcy orders, voluntary arrangements and county court judgments. This helps us assess risk, verify your identity and prevent fraud. For further information see Credit Reference Agencies;
• Vulnerability data – information about health, life events, resilience and capability that helps us identify if you might have additional support requirements in order that that we can better meet your needs;
• Authentication data – includes account log-in information, passwords and memorable data for accessing your Aviva accounts;
• Telephone recordings and online chat transcripts – information obtained during recordings of telephone calls or online chats with our representatives and call centres;
• Marketing and communication preferences, promotion entries and customer feedback – includes marketing and communication preferences, information relating to promotions and prize draws, responses to surveys, complaints and details of your customer experience.

Information provided by third parties, including:

• Data about your vehicle, e.g. details about your MOT and your vehicle's mileage and information about the features of your vehicle, e.g. engine capacity;
• Accurate contact data, e.g. where you have moved address, changed your telephone number or started using a new email address and not yet advised Aviva. This data may be used to ensure that we have a complete understanding of your product holding and to provide you with communications about your products. It will not be used for direct marketing purposes unless it was collected by the third party expressly for that purpose and always in accordance with data protection law;
• Information about quote requests to identify certain potentially unexpected, unusual or inconsistent connections and declarations, either between quotes or between individuals named on quotes in order to separate normal shopping behaviour from potentially fraudulent or higher risk behaviour;
• Data about the area you live in, e.g.:
  • crime-related data;
  • census data;
  • government statistics on road traffic accidents in your local area;
  • your council tax band;
  • average garden size;
  • modelled data which predicts characteristics about people in your area such as socio-economic groups as well as likely habits; and
  • weather-related data.

If you are a witness, third party claimant, claiming against an Aviva policyholder, or have otherwise caused the policyholder a loss, we may also collect:

• Detailed information about your claim from you, the policyholder, any witnesses, experts and third party service providers; and
• Vehicle and driving-related data - includes driving licence entitlement and restrictions or endorsements, driving convictions, vehicle details including registration number and MOT details, vehicle ID number and digital location ID and dash cam footage if relevant to your claim.

Information collected from your devices, including:

• Mobile device number, device type, operating system, browser, serial number, MAC address, IP address, location and account activity obtained through our use of cookies. You can find more about our use of cookies in our Cookie Policy.
• Information collected from your telematics device can be found in our Telematics Terms and Conditions.

Information already held by Aviva, including:

• Data relating to other Aviva policies or previous Aviva interactions – e.g. quote, policy and claim histories relating to other existing Aviva policies or products or those you may have applied for or held in the past, and contact details where you may have advised Aviva about a change on one product, but not another;
• Modelled data that has been developed by Aviva using data that it already holds. For example, we use data that we collected from telematics devices to understand how people drive in different postcodes and at different times of day.

Information inferred from your Personal Information, including:

• Appearance and behavioural data – includes your general interests, descriptive data and behavioural data, e.g. to allow us to make certain predictions and assumptions about your interests, which allows us to personalise your experience with us;
• Vulnerability data – information about health, life events, resilience and capability that helps us identify if you might have additional support requirements in order that we can better meet your needs;
• Fraud and sanctions-related data – includes information obtained as a result of our investigations, e.g. carrying out checks of publicly available sources such as newspapers and social media sites and checks of fraud databases and sanctions lists.

Children’s data:

• We collect data about children in some circumstances, e.g. where a child is insured on an adult's policy, where a child takes out a policy with us, car insurance for under 18s, or where a child is a claimant.

Sensitive Personal Information

Sometimes we will request or receive Personal Information that is sensitive and we call this “Sensitive Personal Information”. This is information relating to your health, genetic or biometric data, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership. It also covers criminal offence data, including information about criminal activity, allegations (including those unproven), investigations, proceedings and penalties. For example, to investigate a bodily injury claim, we’ll need to ask you to provide details of the injury. We know how sensitive this data is, so protecting it is a top priority. The types of Sensitive Personal Information we hold and process where relevant include:

• Health data – includes details of existing and previous physical or mental health conditions, health status, test results, medical diagnoses and treatment, e.g. personal injuries sustained as a result of a motor accident;
• Criminal data – includes driving licence endorsements, fixed penalties or pending prosecutions for any motoring offences for any of the persons insured, or to be insured;
• Other sensitive data - in limited circumstances we may process other Sensitive Personal Information, e.g. information relating to your religious beliefs where relevant to your preferences regarding medical treatment.

c. Uses of Personal Information

The main purposes for which we use Personal Information are to:

• Communicate with you and other individuals;
• Make assessments and take decisions, including whether to pay your claim or pursue any losses against you or a third party, provide you with our products and services, on what terms and whether you are eligible for a payment plan. For further information, see Automated Decision Making;
• Process payments when you purchase a product or service and any refunds;
• Provide our products and services, including insurance administration, taking payment, making changes where requested or necessary, managing renewal, claims assessment, settlement and dispute resolution and the provision of our apps and other technologies, e.g. My Account;
• Manage relationships with third parties, e.g. service providers;
• Prevent, detect and investigate fraud and other crime, including by carrying out fraud, sanctions and anti-money laundering checks. For further information see Fraud and Other Financial Crime;
• Improve our products and services, provide staff training and maintain information security , including by recording and monitoring telephone and online calls and screen sharing sessions;
• Provide marketing information and run promotions in accordance with preferences you have expressed. For further information see the section on Marketing;
• Conduct customer analysis, market research and focus groups, including customer segmentation, campaign planning, creating promotional materials, gathering customer feedback and customer satisfaction surveys;
• Help us better understand our customers and improve our customer engagement, including noting your interest in our website, understanding your customer journey, and use of profiled data (which is not actual information about you but predictions about you, e.g. assumptions about your interests based on the preferred leisure pursuits of households in your area). This allows us to make correlations about our customers to improve and promote our products and to suggest other products, services and information which may be relevant or of interest to customers;
• Carry out data analysis including to ensure data accuracy and quality and for insurance risk modelling and product and pricing refinement. For further information see Profiling and Data Analysis;
• Manage complaints, including to allow us to respond to any current complaints, or challenges you or others might raise later, for internal training and monitoring purposes and to help us to improve our complaints handling processes. We may be obliged to forward details about your complaints, including your Personal Information, to the appropriate authorities, e.g. the relevant ombudsman;
• Manage feedback and queries and handle requests to exercise data subject rights. For further information see Data Rights;
• Manage our business operations, including by carrying out internal audits, quality assurance and training, financial analysis and accounting, producing management information and performing administrative activities in connection with the services we provide;
• Manage commercial risk, including by taking out and maintaining appropriate insurance and reinsurance;
• Comply with applicable legal, regulatory and professional obligations, including cooperating with regulatory bodies, e.g. the ICO, FCA and PRA, MIB and government authorities, to comply with law enforcement and to manage legal claims;
• Identify and support individuals requiring additional support, to help us better meet your needs and to comply with regulatory guidance about how we meet your needs. Sometimes you or a third party may tell us that you have additional support requirements, and in other cases we may infer this from your Personal Information and our interactions with you;
• Establish, enforce and defend our legal rights or those of third parties, including enforcing our terms and conditions, pursuing available remedies and limiting our damages;
• Carry out activities that are in the public interest, e.g. we may need to use Personal Information to carry out anti-money laundering checks;
• Buy, sell, transfer or dispose of any part of our business;
• Archiving, scientific or historical research or statistical purposes.

d. Lawful Bases for uses of Personal Information

We are committed to collecting and using Personal Information in accordance with applicable data protection laws. By law, we must have a legal justification, known as a lawful basis, in order to use your Personal Information for the purposes described in this Privacy Policy. Depending upon the purpose, our lawful basis will be one of the following:

• Performance of a contract - to arrange, underwrite or manage our products, or handle claims in accordance with their terms;
• Compliance with a legal obligation - to meet responsibilities we have to our regulators, tax officials, law enforcement, or other legal responsibilities;
• Legitimate interests - to operate and improve our products and services and keep people informed about our products and services or for any other purposes we identify as appropriate to our business needs, or those business needs of a third party;
• Consent - where we have obtained appropriate consents to collect or use your Personal Information for a particular purpose.

Where we rely on legitimate interests as our lawful basis, we are required to carry out a balancing test to ensure that our interests, or those of a third party, do not override the rights and freedoms that you have as an individual. The outcome of this balancing test will determine whether we can use your Personal Information for the purposes described in this Privacy Policy. Where we rely on the lawful basis of legitimate interests, the interests being relied upon will usually be:

• To further our business and commercial activities and objectives, or those of a third party, e.g. to provide our products and services and produce management information on our performance and the performance of third parties;
• To help us better understand our customers and improve our customer engagement and marketing campaigns including by carrying out analysis and profiling, e.g. by making certain predictions and assumptions about your interests;
• To send you marketing information in accordance with your preferences, e.g. about other products and services we offer, and to administer promotions that you enter;
• To provide you with helpful information relating to your products and about useful tools for managing and engaging with your products. These are not marketing communications;
• To comply with our legal and regulatory obligations, guidelines, standards and codes of conduct, e.g. background checks or the prevention, detection and investigation of financial crime or fraud;
• To improve and develop our business, products and services, or those of a third party, e.g. to ensure the accuracy of customer data and to develop our pricing and risk methods and models;
• To retain your policy record for a period of time in order to ensure we have appropriate records in place in respect of any future claims that may be insured by us;
• To safeguard our business, shareholders, employees and customers, or a third party, e.g. maintaining the security of our IT network and information, enforcing claims, including debt collection;
• To facilitate the purchase, sale, transfer or disposal of any part of our business; and
• To analyse and assess competition in the market for our products and services, e.g. by carrying out market research.

Our lawful bases for the use of Personal Information:

We can only collect and use Sensitive Personal Information where we have an additional, specific lawful basis to process such information. We usually rely upon one of the following lawful bases where we process Sensitive Personal Information:

• Reasons of substantial public interest:
  • insurance purposes – including advising on, arranging, underwriting and administering contracts of insurance, administering claims under a contract of insurance and exercising rights, or complying with obligations that arise in connection with contracts of insurance;
  • complying, or helping someone else comply with, a regulatory requirement relating to unlawful acts and dishonesty - including regulatory requirements to carry out money laundering checks;
  • preventing or detecting unlawful acts – including disclosures to competent authorities;
  • preventing fraud – including investigating alleged fraud;
  • safeguarding the economic well-being of certain individuals – including where we identify additional support required by our customers;
  • equality of opportunity or treatment – including where we need to keep under review the equality of treatment of customers with additional support needs.
• Necessary to establish, exercise or defend a legal claim – including where we are faced with legal proceedings, we bring legal proceedings ourselves or where we are investigating legal proceedings that a third party has brought against you;
• Necessary to protect your vital interests or those of another individual;
• Information has been clearly or obviously made public by you.

Our lawful bases for the use of Sensitive Personal Information:

Purpose	Lawful Basis for Sensitive Personal Information Processing
Communicating with you and others including complaints handling	Necessary for insurance purposes Legal claims Necessary for safeguarding economic well-being of certain individuals
Identifying individuals requiring additional support	Necessary for safeguarding economic well-being of certain individuals Necessary for the equality of opportunity or treatment Explicit consent
Evaluating your application or renewal or to provide a quote	Necessary for insurance purposes
Providing and administrating a policy, including taking payment	Necessary for insurance purposes
Managing third party relationships	Necessary for insurance purposes
Claims assessment and management of claims	Necessary for insurance purposes Legal claims Vital interests
Identifying or investigating financial or other crime and fraud	Necessary for insurance purposes Legal claims Regulatory requirement relating to unlawful acts or dishonesty Clearly or obviously made public by you Prevent or detect crime Prevent fraud
Compliance with legal or regulatory obligations	Necessary for insurance purposes Legal claims Regulatory requirement relating to unlawful acts or dishonesty
Establishing, enforcing or defending legal rights	Legal claims
Improving quality, training and security	Legal claims
Managing our business operations, e.g. accounts, financial analysis, internal audit	Legal claims
Profiling and data analysis (including modelling)	Necessary for insurance purposes
Applying for or claiming on our insurance	Necessary for insurance purposes Legal claims
Buying, selling, transferring or disposing of our business	Necessary for insurance purposes Legal claims
Archiving, research or statistical analysis	Necessary for archiving, research or statistical analysis

Where we cannot rely on one of the above lawful bases to process your Sensitive Personal Information for a particular purpose, we will seek your explicit consent.

If you would like to know more about the lawful bases we rely upon, or how the lawful basis of legitimate interests applies to a particular purpose, you can contact us.

3. Who Personal Information is Shared With

In connection with the purposes set out above, we will sometimes share Personal Information with Aviva group companies and third parties, including:

• Financial advisers, insurance brokers, and business partners who help us arrange, manage and underwrite our products and who provide insurance services;
• The relevant third party if they are making a claim against you;
• The relevant Aviva policyholder if you are making a claim against that policyholder or have otherwise causes that policyholder a loss;
• Comparison websites and other similar companies that offer ways to research and apply for financial services products;
• Other insurers;
• Our insurers or reinsurers (either directly or through insurance brokers), who provide reinsurance services to us and each other in respect of risks underwritten by Aviva, or insurers who cover Aviva under our group insurance policies. We can supply on request further details of the insurers and reinsurers we provide your Personal Information to and how this may be used. If you require further details contact us;
• Third parties who provide you with services relating to your product, e.g. roadside assistance providers;
• Third party administrators who help us manage our products and services, including loss adjusters and experts who help us handle claims and third party case managers and your care or treatment pathway;
• Third parties who provide us, or a third party insurer relevant to your product or claim, with services, e.g. loss adjusters, claims handlers, assistance providers, third-party case managers handling your care or treatment pathway, experts and, in limited circumstances, private investigators;
• AIIDAC where cover is provided for assets or properties in the European Union;
• Legal advisers, accountants, financial institutions, auditors and professional service firms who act on our or your behalf, or who represent a third-party claimant;
• Data analysts and providers of data services who support us with developing our products and prices and measuring the effectiveness of marketing;
• Third parties that help us maintain the accuracy of our data, e.g. by identifying individuals who are deceased, updating contact details for individuals who have moved and payment card providers who provide us with updated payment card details;
• Companies who help us to check your identity and evaluate your insurance risk by collecting data about you from public sources (such as the electoral register and insolvency service) and private databases (such those contributed to by other insurers), including LexisNexis;
• Financial crime detection agencies, financial services organisations sanctions checking providers and third parties who maintain fraud detection databases or provide assistance with investigation in cases of suspected fraud. You can find further information about this in the section on Databases we use for underwriting and fraud prevention and detection purposes;
• Regulators who regulate how we operate, including the FCA, PRA, FOS, HMRC, ICO and the Advertising Standards Authority;
• Regulators who regulate how you operate including the General Medical Council and the Solicitors Regulation Authority;
• Government agencies and regulatory bodies including the police, courts, DVLA, DVA, DVSA and the DWP;
• Debt advisors, including where breathing space is requested on outstanding debts;
• Insurance industry bodies, including the Association of British Insurers and the MIB;
• Credit reference agencies;
• Service providers, including those who help organise travel arrangements, operate our IT and back office systems, underwriting and claims processes and our information security controls;
• Third party payment service providers, including Adyen NV, who process card and other payments for us. For full details of how Adyen use your Personal Information when completing a transaction please refer to their privacy policy;
• Medical professionals, if we need to access health records or assessments for the purposes of arranging and underwriting certain products or facilitating and handling claims;
• Research agencies and providers of market research services, including customer feedback surveys;
• Providers of marketing and advertising services, including delivering and administering marketing, ensuring you receive marketing content that’s relevant to you and in accordance with your preferences and analysing marketing campaigns. These may include media agencies, fulfilment partners, social media and other online platforms and advertising technology companies. You can find further information about this in the section on Marketing; and
• Third parties in connection with any sale, transfer or disposal of our business.

Some of the organisations we share information with may be located outside of the UK. For further information, please see the section on International Data Transfers.

4. Fraud and Other Financial Crime

We use your Personal Information and Personal Information about other individuals associated with your policy, to detect and prevent fraud and other financial crime, including to meet our statutory and regulatory responsibilities in relation to fraud and financial crime.

If you’re making an application or a claim, we may use profiling and other forms of automated processing to assess the probability that your application or claim may be fraudulent. This assessment may involve the use of Sensitive Personal Information. For example, we may use your past motoring convictions for motoring insurance. See Automated Decision Making for further details.

We may also use your Personal Information including details of our interactions with you to help us detect fraud committed by brokers or financial advisers or to identify where you or a third party may be at risk of fraud or other financial crime.

To prevent, detect and investigate fraud and financial crime, we:

• check public registers (e.g. the electoral roll or registers of county court judgments, bankruptcy orders or repossessions);
• conduct online searches from websites, social media and other information-sharing platforms;
• use databases managed by credit reference agencies, insurance industry bodies, fraud detection agencies and other reputable organisations. This includes the National Sira administered by Synectics Solutions Limited (as joint data controller together with contributing companies, including Aviva), Experian whose Privacy Policy can be viewed here and the Insurance Fraud Bureau whose Privacy Policy can be viewed here: https://insurancefraudbureau.org/privacy-policy/; and
• share Personal Information and undertake searches with other third parties, including other insurers, fraud prevention agencies, law enforcement agencies, public bodies and our regulators (which include the FCA, PRA, ELTO, MIB and ICO).

This will help us verify your identity, make decisions about providing you with our products and related services such as paying claims and trace debtors or beneficiaries.

If you give us false or inaccurate information and we suspect fraud, we’ll record this to prevent further fraud and money laundering. This may be shared between insurers and with fraud prevention agencies and databases.

We can supply on request further details of the agencies and databases we access or contribute to and how this information may be used. If you require further details, please contact us.

For details relating to information held about you by the DVLA please visit http://dvla.gov.uk/

How your Personal Information is used and shared by insurers and databases in relation to motor insurance

The Personal Information you provide will be used by us and shared with other insurers as well as certain statutory and other authorised bodies for:

• Insurance underwriting purposes, i.e. to examine the potential risk in relation to your (and/or a third party’s) prospective policy so that we can:

  • consider whether to accept the relevant risk;
  • make decisions about the provision and administration of insurance and related services for you (and members of your household);
  • validate your (or any person or property likely to be involved in the policy or claim) claims history (at any time including upon application for insurance, in the event of an accident or a claim, or mid-term adjustment, or at a time of renewal).

• Management Information purposes, to analyse insurance and other markets for the purposes of:

  • portfolio assessment;
  • risk assessment;
  • performance reporting;
  • management reporting.

• Anti-fraud purposes, to detect and prevent fraudulent claims and/or activities by:

  • sharing information about you with other organisations and public bodies including the police;
  • tracing debtors or beneficiaries, recovering debt, managing your accounts and/or insurance policies;
  • undertaking fraud searches. Insurers pass information to fraud prevention agencies and databases including National Sira, the CUE Register and where appropriate the Motor Insurance anti-Fraud and Theft Register by MIB. This helps insurers check information and prevent fraudulent claims. When we deal with your request for insurance we may search these registers. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

• Compliance with legal obligations and responsibilities, including:

  • Claims management – In the event of a claim we may need to disclose information with any other party involved in that claim, e.g. third parties involved in the incident, their insurer, solicitor or representative and medical teams, the police or other investigators. We also may have to investigate your claims and conviction history;
  • Complaints management – If you make a complaint about the service we have provided, we may be obliged to forward details about your complaints, including your Personal Information, to the relevant ombudsman;

  • Information about your insurance policy will be added to the Motor Insurance Database (MID) managed by the MIB. MID and the data stored on it may be used by certain statutory and/or authorised bodies including the police, the DVLA, the DVA, the Insurance Fraud Bureau and other bodies permitted by law. This information may be used for purposes permitted by law, which include:

    • Electronic Licensing;
    • Continuous insurance enforcement;
    • Law enforcement (prevention, detection, apprehension and/or prosecution of offenders);
    • The provision of government services and/or other services aimed at reducing the level and incidence of uninsured driving.

If you are involved in a road traffic accident (either in the UK, the European Economic Area or certain other territories), insurers and/or the MIB may search the MID to obtain relevant information.

Individuals who may be citizens of other countries or their appointed representatives making a claim in respect of a road traffic accident may also obtain relevant information which is held on the MID. It is vital that the MID holds your current registration number. If it is incorrectly shown on the MID you are at risk of having your vehicle seized by the police and/or a fixed penalty notice.

You can check that your current registration number details are shown on the MID at www.askmid.com.

How your Personal Information will be processed

• Information which is supplied to fraud prevention agencies and databases, e.g. National Sira, MIB and MID can include details like your name, address and date of birth.
• Your data may be supplied to databases in order to facilitate automatic no claim discount validation checks.
• Your data may be transferred to any country, including countries outside of the UK and European Economic Area, for any of the purposes mentioned above.
• Under your policy you must tell us about any incident (e.g. an accident or theft) which may or may not give rise to a claim. When you tell us about an incident, we will pass information relating to it to the fraud prevention agencies and databases, e.g. MIB.

You can ask for more information about this. If you require such information, please contact us.

How we use your Driving Licence Number

We collect your Driving License Number (DNL) for insurance underwriting purposes, i.e. to examine the potential risk in relation to your (and/or a third party’s) prospective policy so that we can:

• Provide your (or any person included on the proposal) DLN to the DVLA to confirm your (or the relevant person included on the proposal) licence status, entitlement and relevant restriction information and endorsement/conviction data. Searches may be carried out prior to the date of the insurance policy and at any point throughout the duration of your insurance policy including at the mid-term adjustment and renewal stage. A search of the DLN with the DVLA should not show a footprint against your (or another relevant person included on the proposal) driving licence;
• Searches may be carried out at point of quote and, if an insurance policy is incepted, if any changes are made mid-term, and at renewal stage.

Please note that if you give us false or inaccurate information it may invalidate your insurance policy/prospective insurance policy or it could affect the amount we pay to settle any claims you make under the policy.

5. Credit Reference Agencies

We or our agents may:

• undertake checks against publicly available information (e.g. electoral roll, county court judgments, bankruptcy orders or repossession(s)). Similar checks may be made when assessing claims; and
• carry out a quotation search from a credit reference agency. We do this so that we are able to offer monthly credit payment options.

We use data from a credit reference agency to verify your identity, prevent fraud and carry out risk profiling which allows us to calculate your premium and payment options. We may need to obtain information relating to you at quotation, renewal and in certain circumstances where policy amendments are requested.

As part of our regulatory obligations, before we offer you your payment options, we will carry out an affordability assessment. We do this using information from a credit reference agency including an over-indebtedness score and some of the underlying data used to calculate this score. The credit reference agency calculates your over-indebtedness score using information it holds about your existing credit commitments and modelled information relating to income and living expenses. We will use your over-indebtedness score to help assess whether additional credit could cause you financial harm. We will do this when you request a quote and at renewal so that we can decide whether to offer you a monthly credit payment option.

The quotation and affordability searches will appear on your credit report and will be visible to other credit providers. It will be clear it is part of a quote and not a credit application by you. Where you agree to pay monthly under an Aviva credit agreement, the status of your quote search will be updated to reflect your credit application and this will be visible to other credit providers.

In order to carry out these searches we will supply your Personal Information to credit reference agencies and they will give us information about you, such as about your financial history. We do this to assess creditworthiness (including affordability) and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with credit reference agencies on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. Credit reference agencies will share your information with other organisations. Your Personal Information will also be linked to the data of your spouse, any joint applicants or other financial associates.

Where you are a named driver a policy, in order to ensure we have the necessary facts to assess your insurance risk, verify your identity, help prevent fraud and provide our best premium and payment options, we may need to obtain information relating to you at quotation, renewal and in certain circumstances where policy amendments are requested. We or our agents may undertake checks against publicly available information (e.g. electoral roll, county court judgments, bankruptcy orders or repossession(s)).

The credit reference agency we use for this search is TransUnion. More information about the ways in which TransUnion uses and shares Personal Information can be found on the TransUnion website.

6. Automated Decision Making

We use automated processes to make decisions. These automated processes use data provided by you, other records we hold about you in our systems and data sourced from third parties to make predictions, including the likelihood that a claim will be made and its value, the likelihood a product will be purchased and the likelihood that a claim might be fraudulent. This helps us to determine eligibility for a policy, the terms of the policy, the price, and whether we can provide you with a monthly credit payment option.

In order to provide you with a price for your insurance policy, the following steps are taken:

• You provide us with data: The first step is that you tell us who you are and what you are looking to have insured, e.g. the vehicle you drive.
• We enrich the data you have provided: Once you have provided us with data, we carry out checks to validate this data (e.g. confirming your identity) and enrich it with data from third party sources. Information on the third party data sources we use is set out above in Types of Personal Information collected. For example, we use the vehicle registration number you provided to source additional information on the car you drive from the DVLA.
• We calculate your insurance risk: We use statistical modelling techniques to assess the data in order to predict the likelihood that a claim will be made and the likely severity of a claim. This assessment is based on various factors including telematics data which may have been collected from your vehicle or your device and information about the area you live in such as the likelihood of crime. For example, if you live in an area with high vehicle crime this may lead to a higher premium. All insurers will use different weightings to price insurance and this is confidential to each insurer.
• Provision of the final price: Once we have a view of your insurance risk we can provide you with a final price, which will include any commission payments and insurance premium tax.

Your personalised price may be presented to you in suitable marketing communications, including those sent from price comparison websites or third party partners with whom you have a relationship.

We also make automated decisions throughout the life of your policy, e.g. before offering you a renewal or when dealing with a claim.

Where we make an automated decision using Personal Information which has a legal or substantially similar effect, you have certain rights in relation to that decision. In particular, you have the right to receive meaningful information about the logic involved in relation to the decision, the right to human intervention and the right to obtain an explanation of the decision and challenge it. For more information about this right and how to exercise it please see Data Rights.

7. Profiling, Data Analysis and Artificial Intelligence

We process Personal Information to perform profiling and data analysis to build, train and audit insurance and third party models and algorithms (including those used in our Automated Decision Making).

We also use artificial intelligence and machine learning technologies. Artificial intelligence is a machine’s ability to perform tasks we associate with humans. For example, problem solving, learning and decision making. Machine learning is a type of artificial intelligence that teaches machines to learn and interpret from information and then provide a response. One type of artificial intelligence that we use is natural language processing. Natural language processing involves reading, understanding and analysing speech and text. We may use this to help us with the purposes listed below.

The models, algorithms, and tools we use do a number of things including:

• understanding our customers and potential customers better, e.g. how they feel about Aviva, what kind of content or products would be of most use and interest to them (for further information please see Marketing), whether they might be displaying characteristics meaning that they may require additional support from us;
• managing claims e.g. determining liability, valuing claims;
• monitoring and improving our processes and services e.g. by generating summaries of claims notes, looking how to prevent complaints;
• predicting the likelihood of events arising to assess insurance risk, the likelihood a product will be purchased or to predict if a claim might be fraudulent; and
• ensuring data quality and accuracy e.g. checking the way our models, algorithms and machine learning tools work.

To carry out these purposes we may combine your Personal Information with information relating to other customers, potential customers and/or data provided by third parties. We may also use the Personal Information you submitted to obtain a quote from us for this analysis whether or not you decided to purchase the product.

We use a number of data items as described in this Privacy Policy for these purposes. Before we use any such data, we carry out a number of checks including ensuring there are no legal restrictions on using the data under data protection laws, the Equality Act 2010 or under FCA rules and we consider whether use of the data might cause outcomes that are unfairly or unlawfully biased. We then use statistical modelling techniques to assess the data to ensure that the data tells us something meaningful. From time to time, we may share your Personal Information with third parties who provide us with new data which we will test to understand if such new data provides additional understanding.

Where possible, we pseudonymise the Personal Information in order to perform this analysis. This means that we remove information from which you can be directly identified, e.g. your name, and replace it with a pseudonym or unique identifier. We do this to maximise the security of your information.

8. Retention

We keep Personal Information for as long as is reasonably required for the purposes explained in this Privacy Policy. We also keep records - which may include Personal Information - to meet legal, regulatory, tax or accounting needs. For example, we are required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you or others might raise later. We’ll also retain files if we reasonably believe there is a prospect of litigation. The specific retention period for your Personal Information will depend on your relationship with us and the reasons we hold your Personal Information.

To support us in managing how long we hold your data and our record management, we maintain a data retention policy which includes clear guidelines on data retention and deletion.

If you would like more information about our data retention policy, please contact us.

9. International Data Transfers

Sometimes we, or third parties acting on our behalf, may need to transfer Personal Information outside of the UK. We’ll always take steps to ensure that any transfer of Personal Information outside the UK is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place. This might include transfers to countries that the UK considers will provide adequate levels of data protection for your Personal Information (such as countries in the European Economic Area) or putting contractual obligations in place with the party we are sending information to. Transfers within the Aviva group will be covered by an agreement entered into by members of the Aviva group (an intra-group agreement) which contractually obliges each group company to ensure that your Personal Information receives an adequate and consistent level of protection wherever it is transferred within the group.

For more information about data transfers and the safeguards we have put in place, please contact us.

10. Marketing

We may use Personal Information to send you direct marketing communications about our products and services that we feel you’ll be interested in. This may include marketing relating to products offered by other brands or companies within the Aviva group (such as Wealthify and Succession Wealth) as well as communications about promotions and prize draws.

Marketing communications may be sent by email, post, SMS, telephone and push notification. You may also see display advertising on websites, mobile applications, social media, television or in online search results.

You have control over our use of your Personal Information in relation to marketing communications. You can:

• 'Opt out' of receiving direct marketing. When you register with us, request an online quote, or purchase a product or service you will be given the opportunity to opt out. In addition, our email, post, SMS and telephone marketing communications include information to help you manage your marketing preferences;
• Change your marketing preferences at any time by e-mailing us at team@generalaccident.com. If you are registered for My Account you can change your marketing preferences at any time from within your account.

Please note that opting out of one type of marketing, e.g. by email or telephone, doesn’t mean you will be opted out of all marketing. Bear this in mind when you manage your preferences. You can always contact us directly if you would like us to stop all forms of direct marketing.

We try to limit marketing and only send you offers and promotions that you might be interested in, based on Personal Information we have about you and profiling that we have carried out (further details can be found under the sub-heading ‘Marketing profiles’ below). We may use information provided by third parties to send you direct marketing and we may use your Personal Information to send other people direct marketing, e.g. people you live with.

Please remember that if you opt out of receiving marketing, we will still send you communications relating to your products. If you choose to opt out of tailored offers and advertising, you may still see generic advertising displayed online and in My Account, it just might not be as relevant to you.

Cookies and similar technologies

We rely on third-party advertising technology (such as the deployment of cookies or small text files on our website or pixels within emails) to collect information about you. This technology is used to optimise what you may see on our websites and deliver content when you are browsing elsewhere. We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services.

For further information about cookies and other technologies we use on our website and how to manage cookies, please see our Cookie Policy.

Social media and online platforms

We share Personal Information with media agencies and social media and other online platforms to help us target our online marketing. Social media and other online platforms may also use Personal Information they hold and combine it with Personal Information received from us to create target audiences. These are audiences that we think would be interested in our online advertising. This may involve social media and other online platforms building a ‘lookalike’ profile of the type of person we are trying to target and providing specific adverts to those people when they browse the internet or use social media.

If we use or share Personal Information with third parties in order to send you direct marketing, we will respect the marketing preferences you have set. We recommend you routinely review the privacy notices and preference settings that are available to you in My Account and any online platforms and smart devices you use as they will dictate how adverts and other messages are displayed and shared across those platforms.

Marketing profiles

We use automated processes to help us provide more personalised marketing of our products. To do this, our automated process creates a marketing profile for you using information such as:

• identification data;
• behavioural data (e.g. data relating to your use of our website);
• your gender and age;
• contact data;
• status data (e.g. number of children in household);
• product related data (e.g. policy identifiers, renewal dates);
• details of our interactions with you;
• device and vehicle-related data.

Our process analyses this data to determine the most relevant products, services, offers or benefits to offer you and to decide the appropriate time and channel for offering them to you.

Information obtained in relation to one product may be used in relation to marketing other products from the Aviva group.

We may also create profiles using your Personal Information together with information relating to other individuals, we use these profiles to decide what marketing may be of interest to individuals with similar characteristics to you.

Promotions and prize draws

We occasionally run promotions and prize draws for our customers and third parties. Our communications to you about these promotions before you enter them are marketing. If you opt out of receiving direct marketing, you will not receive communications about promotions and prize draws.

We may use your Personal Information to select you as a winner, inform you of promotion outcomes and send prizes to your nominated address. We may use third party fulfilment partners to assist us in administering promotions, including contacting you on our behalf. In accordance with the rules of the Advertising Standards Authority, we may publish or make publicly available information that indicates that a valid award has taken place. If we do this, only your surname, country and, if applicable, your winning entry, will be published. You have the right to object to this use of your Personal Information.

11. Data Rights

You have legal rights under data protection laws in relation to your Personal Information. Read below to learn more about each right you may have.

We may ask you for proof of identity when you make a request to exercise any of these rights. We do this to ensure we only disclose information to the right individual.

We aim to respond to all valid requests within one month. It may take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked. This is because your rights will not always apply, e.g. if it would impact the duty of confidentiality we owe to others, or if the law allows us to deal with the request in a different way. We will always explain to you how we are dealing with your request. In some circumstances (such as the right to erasure or withdrawal of consent), exercising a right might mean that we can no longer provide our product to you.

For further information about or to exercise any of your rights, please contact us.

Your rights are as follows:

12. Contacting Us

If you have any questions about this Privacy Policy or how to exercise your rights, please contact our Data Protection Officer:

Write to: The Data Protection Team, Aviva, PO Box 7684, Pitheavlis, Perth PH2 1JR

Email us: DATAPRT@aviva.com

If you'd like to submit a subject access request, please fill out this form or write to us at the above address.

If you’re not happy with the way we’re handling your Personal Information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioner's Office (ICO). We ask that you please attempt to resolve any issues with us before contacting the ICO.

13. Updates

This Privacy Policy is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it’s as transparent as possible, so please check back here for the current version. You can see when this Privacy Policy was last updated by checking at the bottom of this page.

Updated: 27/09/2023