The COVID-19 pandemic
We know you're concerned about what coronavirus means for you – find out how it could impact you Read more

Privacy policy

Our Privacy Policy

This Privacy Policy applies to this website, our online platform, My account, and our mobile applications (collectively the “Websites”).

We’ve made our Privacy Policy as clear and transparent as possible. Your privacy matters and it’s important you read the information in this Policy, which we have to explain to you by law.

Throughout this document certain words are displayed in bold type. These are defined terms and have specific meanings when used in this guide. The meanings are set out in the Privacy Policy definitions. If there’s something you’re particularly interested in, we’ve made it easy to skip through to specific sections. Here, you can find out more about:

Please see the how to contact us section below with any questions you may have about privacy

1. What personal information we use when you buy one of our products

2. How we collect, use and share personal information

3. Your rights

4. Contact us


What “we” means

This Privacy Policy is issued on behalf of Quotemehappy.com, which is a trading name of Aviva UK Digital Limited and Aviva Life & Pensions UK Limited. The use of the “Quotemehappy.com” name (also “we”, “us” and our”) in this Privacy Policy and on the Website encompasses one or more of the trading companies of the Aviva Group that operate in the United Kingdom. When we mention “Quotemehappy.com”, “Aviva”, “we”, “us” or “our”, what we mean is the relevant company in the Aviva Group that processes your personal information. These companies may market and provide information about insurance and financial products and services on the Websites.

We have separate privacy notices for our products

If you’re one of our customers, we will give you separate privacy notices when we ask for your personal information, for example, when you get a quote or apply for our products. Read them carefully, as they’ll tell you which Aviva company is responsible for managing your personal information and provide more details about how we’ll use it in relation to that product.

You’ll find more privacy notices when you use our apps and platforms such as My account. This Policy supplements – but doesn’t override – them.

We’ll keep this Policy up to date with the latest legal requirements, so please check back here for the current version.

Sensitive information

Sometimes we’ll ask about your health, details of offences and convictions or other sensitive information about the person(s) who is/are being insured and their family members. We know how sensitive that data is, so protecting it is a top priority.

Payment information

If you buy a product directly from our website or other Aviva sales channel, we’ll ask for payment information. We need this to complete your purchase.

Marketing and customer insights

We carry out customer insight analysis from our interactions with you to help improve our products and services, and keep you informed about offerings that may be of interest to you. Find out more about marketing here.

Information about other individuals

Most of the information we collect relates to the person taking out a product (or persons where it’s taken out jointly). We may also ask for information about other individuals if we need it. Examples include:

If you provide us with information about someone else, we’ll assume that you have their permission. We’ll process their personal information according to this Privacy Policy so please encourage them to read it if they want to find out more.

Who we share personal information with

Depending on the product or service, we’ll share personal information with a number of our trusted third parties, including:

Extraordinary circumstances

Occasionally and only where necessary to fulfil our legal obligations, conduct investigations and/or deliver our services, we may share your information with private investigators, police, courts, external auditors, accountants, DWP or other IT service providers – eg tracing services, medical underwriting, and pension transfers. We also work with anti-fraud and credit reference agencies to help us detect and prevent fraud and manage credit risk.

1. What personal information we use when you buy one of our products

Motor and home insurance

When you take out a motor or home policy, we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.

The personal information we use for these types of policies includes any relevant offences and convictions for each person to be insured under the policy as well as any relevant health information, for example if a claim is made involving a personal injury.

If you take out a motor policy we’ll also collect and use information about you and your vehicle. We’ll get this information from you, public registers, our trusted third parties such as the MIB and from information already held by us, eg from previous policies or quotes. If you’re seeking a policy with telematics capability, we’ll also use telematics data.

Your driving history

We may ask you to provide the driving licence number so we can quickly get useful data from the DVLA such as the licence status of each driver, their licence entitlement, relevant restriction information, endorsement and conviction details. If you do not wish to provide us with your licence information, you can choose to answer the questions about your licence information yourself.

We’ll also add details of the policy to the Motor Insurance Database maintained by the MIB. The MIB may make this information available to authorised bodies such as the DVLA, DVLNI and IFB.

About your home

When you take out a home policy, we may obtain information about you and your home from publicly available registers and databases. These may include land registers, as well as information already held by us, such as information about previous policies or claims, or from our trusted third parties, such as commercially available property databases where this will help us underwrite the policy.

In some cases when you apply for motor or home insurance, we may share your information with credit reference agencies so they can carry out searches relating to you. Find out more about how we work with credit reference agencies here.

Automated decision making

We need your personal information when you apply for a policy to decide if we can offer a policy and, if so, on what terms and whether we can provide you with a monthly credit payment option. We use an automated underwriting engine as part of that process, which takes account of the information you have provided including address, post code, age and your financial information (and, for motor policies, we use marital status, employment details and details of health and relevant offences and convictions for you and any other drivers). The automated engine may also validate information you provide against other records we hold about you in our systems and third party databases, including public databases. We may supplement the information you provide with information from third parties who can provide more information about you, your vehicle or property (including DVLA databases, land registries and commercially available property databases). More details on your rights in relation to automated decision making are here.

Throughout the term of these types of policies we’ll hold your personal information to enable us to properly administer the policy, such as offering renewal or dealing with claims. We may use the information to perform analytics and ensure we’re appropriately pricing our products. This includes the individual data items which make up your estimated disposable income which we collect as part of your affordability assessment to monitor its predictability and whether our decision making is fair and reasonable.

Verifying claims

If a claim is made, we use your personal information to verify the claim and ensure that we pay out to the right person. In addition we’ll need to collect and use the following personal information:

Preventing fraud

We’ll also use your personal information to detect and prevent fraudulent practices, fight financial crime and meet our regulatory responsibilities. To find out more about how we use your personal information in this regard, please view the fraud prevention section below.

If you’re making a claim, we may use profiling and other forms of automated processing to assess if your claim may be fraudulent. This assessment may involve the use of your sensitive personal information. For example, we may use your past motoring convictions for motoring insurance. To learn more about how we use your personal information for automated decision making and profiling, please visit the ‘Your Rights’ section below.

Life insurance

Where you take out life insurance with us (for example, life, critical illness or income protection policy), we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.

Except for certain types of life insurance which are not underwritten for example, over 50s life insurance and free parent life cover, the personal information we use includes health information, lifestyle information, relevant offences and convictions and employment status (including, for income protection only, level of earnings) of each insured person. We’ll also collect the family or personal history of the insured person, or details of appointed trustees where policies are placed under trust.

Automated decision making

We need your personal information when you apply to us to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including your age, whether you smoke, your answers to our health and lifestyle questions, including your family medical history and relevant offences and convictions) along with the amount of cover you wish to obtain. We’ll make clear to you in the application for each policy whether automated underwriting is used.

Where we collect and use health information, we may ask each insured person to authorise a healthcare provider to supply relevant supporting information, including, where relevant, health information about their family or personal history.

Throughout the life of these types of policies, we’ll hold your personal information to enable us to properly administer the policy, such as allowing you to exercise any options you may have under the policy. We may also use the information (including health information and relevant offences and convictions) to perform analytics and ensure that our products are appropriately priced.

Verifying claims

If a claim is made, we use your personal information to verify the claim and ensure that we pay out to the right person. This will differ, depending on the type of policy:

2. How we collect, use and share personal information

These links can be applied to expand on specific privacy practices in relation to core Aviva products.

2.1 Respecting privacy rights

2.2 Marketing and marketing preferences

2.3 Using personal information to improve our products and services

2.4 Working with credit reference agencies

2.5 Working with regulators and fraud prevention and detection agencies

2.6 Working with reinsurers

2.7 Using personal information to create profiles and create better products

2.8 Retaining personal information in our systems

2.9 Protecting information outside the uk

2.1 Respecting privacy rights

We’re committed to collecting and using personal information in accordance with applicable data protection laws.

Wherever we collect or use this information, we’ll make sure we do this for a valid legal reason. This will be for at least one of the following purposes:

We can only collect and use sensitive personal information in limited circumstances, where we’ve obtained your explicit consent, where we need this information to arrange, underwrite or manage our products or to handle claims, or where we have another legal basis for doing so as explained in this privacy policy.

You can find more information about when and why we use personal information in other parts of this privacy policy, as well as the notices we provide when we collect information from you. Please contact us if you would like to know more about the legal reasons or legitimate interests that apply to a particular way in which we use personal information.

2.2 Marketing and marketing preferences

We may use personal information to send direct marketing communications about our products and services that we feel you’ll be interested in. This may be in the form of email, post, SMS, telephone or display advertising you may see on websites, social media, television or search results.

To protect your privacy rights and give customers choice and control over the use of their personal information, you can:

We rely on third-party advertising technology (such as the deployment of cookies or small text files on our website) to collect information about you, which is used to optimise what you may see on our websites and deliver content when you are browsing elsewhere. We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services.

If we use or share information with online sources, such as websites, social media and information sharing platforms, we will respect any permissions you have set about how you would like your personal information to be used.

2.3 Using personal information to improve our products and services

We use digital tools when you visit our websites or use our mobile apps to gain insights into our products, services and the functionality and performance of our websites, apps and platforms. For example, we use some of these tools to save your language preferences on our website, so we’re able to offer you our services in the language you prefer.

To learn more about these technologies and how you can change your browser settings to manage your privacy controls, see our Cookie Policy. If you have downloaded one of our mobile apps, we recommend that you also refer to the app’s privacy policy.

2.4 Working with Credit Reference Agencies (CRA)

For certain products, to ensure we have the necessary facts to assess your insurance risk, verify your identity, help prevent fraud and provide you with our best premium and payment options, we may obtain information relating to you at quotation, renewal and, in certain circumstances, where policy amendments are requested. This may include a quotation search from TransUnion so that we are able to offer you a monthly credit payment option.

As part of our regulatory obligations, before we can enter into a credit agreement, we must carry out an affordability assessment. This means that before we offer you your payment options, as well as the quotation search mentioned above, we will obtain an affordability report from a CRA which will include an estimated disposable income figure and the underlying data used to calculate this figure. The CRA calculates your estimated disposable income using information it holds about you about your existing credit commitments and modelled information relating to income and living expenses. We will use your estimated disposable income figure to help assess whether additional credit could cause you financial harm. We will do this when you request a quote and at renewal so that we know whether we can offer you a monthly credit payment option or not. The credit reference agency we use for this search is Experian.

The quotation and affordability searches will appear on your credit report and will be visible to other credit providers. It will be clear it is part of a quotation and not a credit application by you.

Where you agree to pay monthly under an Aviva credit agreement, the status of your quotation and affordability search from our CRAs will be updated to reflect your credit application and this will be visible to other credit providers. CRAs may keep a record of this search.

To assess your application we’ll supply your personal information to our CRAs and they’ll give us information about you, such as your financial history. We do this to assess creditworthiness, affordability and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We’ll also continue to exchange the information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.

Information about our CRAs and the ways in which they use and share personal information are explained in more detail at www.transunion.co.uk/crain and www.experian.co.uk/crain.

2.5 Working with regulators and fraud prevention and detection agencies

We may use your personal information to help us to detect and prevent fraudulent applications and claims, fight financial crime and meet our regulatory responsibilities. This may involve checking public registers (eg the electoral roll or registers of county court judgments, bankruptcy orders or repossessions), conducting online searches from websites, social media and other information sharing platforms and using databases managed by credit reference agencies please see the Credit Reference section for more details and other reputable organisations. This will help us verify your identity, make decisions about providing you with our products and related services, and trace debtors or beneficiaries. We may also share your information and undertake searches with third party organisations such as police, public bodies, credit reference agencies, fraud prevention agencies and our regulators (which include the FCA, PRA and ICO).

If you give us false or inaccurate information and we suspect fraud, we’ll record this to prevent further fraud and money laundering.

We can supply on request further details of the agencies and databases we access or contribute to and how this information may be used. If you require further details contact us at Policy Investigation Unit, Aviva, Cruan Business Centre, Westerhill Business Park, 123 Westerhill Road, Bishopbriggs, Glasgow G64 2QR. Telephone 0345 300 0597. Email: PIUUKDI@AVIVA.COM or using the details below.

2.6 Working with Reinsurers

We may share (either directly or through brokers) your personal information, including sensitive personal information, with reinsurers who provide reinsurance services to Aviva and for each other in respect of risks underwritten by Aviva and with insurers who cover Aviva and under its group insurances policies. They will use your data to decide whether to provide reinsurance and insurance cover, assess and deal with reinsurance and insurance claims and to meet legal obligations. They will keep your data for the period necessary for these purposes and may need to disclose it to other companies within their group, their agents and third party service providers, law enforcement and regulatory bodies.

We can supply on request further details of the reinsurers and insurers we provide your data to and how this information may be used. If you require further details contact us.

2.7 Using personal information to create profiles and create better products

Where we underwrite products, we use an automated underwriting engine to process the personal information you provide as part of your application process, together with information provided by third party sources (this could include sensitive information such as health information and offences and convictions) along with the amount of cover you wish to obtain. Other data may be used to calculate these decisions such as telematics data which may have been collected from your vehicle (for motor insurance) or your device. We do this to calculate how much that cover will cost you. Without this information we’re unable to provide a price that is relevant to your individual circumstances and needs.

We regularly check the way our underwriting engine works and before using data obtained from third parties we rigorously test it to identify whether the data provides any actionable insight. This is done using the bare minimum amount of hashed or obscured data we hold about our customers. We do this in order to continually improve the quality of our services, the efficacy of our algorithms and to help us to continue to be fair to our customers.

If you are making a claim, we may use profiling or other forms of automated processing to assess the probability that your claim may be fraudulent or suspect in some way.

Where sensitive personal information is relevant to the profiling, such as offences and convictions for motor insurance, your sensitive personal information may also be used in the profiling models.

You have certain rights in respect of this type of automated decision making. To learn more about your rights click here.

2.8 Retaining personal information in our systems

We generally only keep personal information for as long as is reasonably required for the reasons explained in this privacy policy. We do keep certain transactional records - which may include personal information - for more extended periods if we need to do this to meet legal, regulatory, tax or accounting needs. For instance, we’re required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you or others might raise later. We’ll also retain files if we reasonably believe there is a prospect of litigation.

To support us in managing how long we hold your data and our record management, we maintain a data retention policy which includes clear guidelines on data deletion.

We may also retain personal information where we have identified a legal basis for doing so in an aggregated form which allows us to continue to develop/improve our products and services.

2.9 Protecting information outside the UK

Some of the organisations we share information with may be located outside of the European Economic Area ("EEA"). We’ll always take steps to ensure that any transfer of information outside the EEA is carefully managed to protect your privacy rights:

You have a right to ask us for more information about the safeguards we have put in place as mentioned above. To learn more, please read your rights section.

3. Your rights

You have legal rights under data protection laws in relation to your personal information. Click on the links below to learn more about each right you may have.

3.1 Accessing personal information

3.2 Withdrawing consent

3.3 Correcting/erasing personal information

3.4 Restricting our use of personal information

3.5 Objecting to use of personal information

3.6 Requesting a transfer of personal information

3.7 Contesting decisions based on automated decision making

3.8 Obtaining a copy of our safety measures

3.9 Contacting us for more information

We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information where we know we’re dealing with the right individual.

We’ll not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we’ll inform you before proceeding with your request.

We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we’re otherwise legally entitled to deal with the request in a different way.

3.1 Accessing personal information

You can ask us to:

3.2 Withdrawing consent

Where we’ve asked for your consent to use your personal information, you’ll always have the right to withdraw such consent. Please contact us if you want to do this. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.

3.3 Correcting / erasing personal information

You can ask us to:

We may not always be able to comply with your request, for example, if we need to keep using your personal information in order to comply with our legal obligation or where we need to use it to establish, exercise or defend legal claims.

3.4 Restricting our use of personal information

You can ask us to restrict our use of your personal information in certain circumstances, for example, where:

We can continue to use your personal information following a request for restriction if we have your consent to use it; or you need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.

3.5 Objecting to use of personal information

You can object to any use of your personal information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use the personal information if we can demonstrate that we have compelling legitimate interests to use the information.

You can also object to use of your personal information for direct marketing purposes. We explain in the marketing section of this privacy policy more about our approach to direct marketing and how you can easily manage your marketing preferences.

3.6 Requesting a transfer of personal information

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (eg another company).

You may only exercise this right where we use your personal information in order to perform a contract with you, or where we asked for your consent to use your personal information. This right does not apply to any personal information which we hold or process based on our legitimate interest or which is not held in digital form.

3.7 Contesting decisions based on automated decision making

If we made a decision about you based solely by automated means (ie with no human intervention), and our decision produces a legal effect concerning you (such as the rejection of your claim), or significantly affects you, you may have the right to contest that decision, express your point of view and ask for a human review. These rights do not apply where we’re authorised by law to make such decisions and have adopted suitable safeguards in our decision-making processes to protect your rights and freedoms.

3.8 Obtaining a copy of our safety measures

You can ask for a copy of, or reference to, the safeguards we have put in place when your personal information is transferred outside of the European Economic Area. We’re not required to share details of these safeguards if sharing such details would affect our commercial position, or create a security risk.

3.9 Contacting us for more information

If you’re not happy with the level of information provided in this privacy policy, you can ask us about:

4. Contact us

If you have any questions about this privacy policy or how to exercise your rights please contact our Data Protection Officer.

Write to: The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH

Email us: DATAPRT@aviva.com

If you'd like to submit a subject access request, please fill out this form or write to us at the above address.

Your right to complain

If you’re not happy with the way we’re handling your information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioners Office (ICO).

We ask that you please attempt to resolve any issues with us before contacting the ICO.