. If there’s something you’re particularly interested in, we’ve made it easy to skip through to specific sections.
Here, you can find out more about:
1. What personal information we use when you buy one of our products
2. How we collect, use and share personal information
3. Your rights
4. Contact us
What “we” means
We have separate privacy notices for our products
If you’re one of our customers, we will give you separate privacy notices when we ask for your personal information, for example, when you get a quote or apply for our products. Read them carefully, as they’ll tell you which Aviva company is responsible for managing your personal information and provide more details about how we’ll use it in relation to that product.
You’ll find more privacy notices when you use our apps and platforms such as My account. This Policy supplements – but doesn’t override – them.
We’ll keep this Policy up to date with the latest legal requirements, so please check back here for the current version.
Sometimes we’ll ask about your health, details of offences and convictions or other sensitive information about the person(s) who is/are being insured and their family members. We know how sensitive that data is, so protecting it is a top priority.
If you buy a product directly from our website or other Aviva sales channel, we’ll ask for payment information. We need this to complete your purchase.
Marketing and customer insights
We carry out customer insight analysis from our interactions with you to help improve our products and services, and keep you informed about offerings that may be of interest to you. Find out more about marketing under the Marketing and Marketing Preferences section below.
Information about other individuals
Most of the information we collect relates to the person taking out a product (or persons where it’s taken out jointly). We may also ask for information about other individuals if we need it. Examples include:
Brokers, intermediaries, employers and third parties
Many customers buy our products through an insurance broker, financial adviser or one of our business partners. We also receive personal information from other third parties, including attorneys, trustees and family members. It is their responsibility to make sure they explain to the person whose information is being shared that they are doing so, and ask for permission if needed.
Who we share personal information with
Depending on the product or service, we’ll share personal information with a number of our trusted third parties, including:
Occasionally and only where necessary to fulfil our legal obligations, conduct investigations and/or deliver our services, we may share your information with private investigators, police, courts, external auditors, accountants, DWP or other IT service providers – eg tracing services, medical underwriting, and pension transfers. We also work with anti-fraud and credit reference agencies to help us detect and prevent fraud and manage credit risk.
1. What personal information we use when you buy one of our products
Explore how we collect and use personal information for each of our products.
1.1 Motor and home insurance
When you take out a motor or home policy, we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.
The personal information we use for these types of policies includes any relevant offences and convictions for each person to be insured under the policy as well as any relevant health information, for example if a claim is made involving a personal injury.
If you take out a motor policy we’ll also collect and use information about you and your vehicle. We’ll get this information from you, public registers, our trusted third parties such as the MIB and from information already held by us, eg from previous policies or quotes. If you’re seeking a policy with telematics capability, we’ll also use telematics data.
Your driving history
We may ask you to provide the driving licence number so we can quickly get useful data from the DVLA such as the licence status of each driver, their licence entitlement, relevant restriction information, endorsement and conviction details. If you do not wish to provide us with your licence information, you can choose to answer the questions about your licence information yourself.
We’ll also add details of the policy to the Motor Insurance Database maintained by the MIB. The MIB may make this information available to authorised bodies such as the DVLA, DVLNI and IFB.
About your home
When you take out a home policy, we may obtain information about you and your home from publicly available registers and databases. These may include land registers, as well as information already held by us, such as information about previous policies or claims, or from our trusted third parties, such as commercially available property databases where this will help us underwrite the policy.
In some cases when you apply for motor or home insurance, we may share your information with credit reference agencies so they can carry out searches relating to you. Find out more about how we work with credit reference agencies under Working with Credit Reference Agencies (CRA) section below.
AAutomated decision making
We need your personal information when you apply for a policy to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided including address, post code, and age, (and, for motor policies, we use marital status, employment details and details of health and relevant offences and convictions for you and any other drivers). The automated engine may also validate information you provide against other records we hold about you in our systems and third party databases, including public databases. We may supplement the information you provide with information from third parties who can provide more information about your vehicle or property (including DVLA databases, land registries and commercially available property databases). More details on your rights in relation to automated decision making are contained under the ‘automated decision making’ section below
Throughout the term of these types of policies we’ll hold your personal information to enable us to properly administer the policy, such as offering renewal or dealing with claims. We may use the information to perform analytics and ensure we’re appropriately pricing our products.
If a claim is made, we use your personal information to verify the claim and ensure that we pay out to the right person. In addition we’ll need to collect and use the following personal information:
Automated decision making
We need the personal information when you apply to us to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including health information or offences and convictions data, where appropriate). The automated engine may also validate information you provide against other records we hold in our systems and third party databases, including public databases. We may supplement the information you provide with information from third parties who can provide more information about the vehicles or property to be insured. For more details on automated decision making, please view the ‘Your rights’ section below.
Throughout the life of these types of policies we’ll hold the personal information to enable us to properly administer the policy, for example to offer renewal, make mid-term changes you request and deal with claims. We may use the personal information to perform analytics and ensure that our products are appropriately priced.
If a claim is made, we use the personal information to verify the identity of the policyholder and (if different) provide details of the insured, so that we can identify them. We’ll also need you to provide details of the claim so that we can assess the claim. Where necessary, this will include providing details of any accidents or personal injuries that have been suffered as part of the claim, either by an insured person or third party. In certain circumstances (for example where personal liability is covered) it may be necessary to collect details of alleged offences in relation to an insured person.
We’ll also use your personal information to detect and prevent fraudulent practices, fight financial crime and meet our regulatory responsibilities. To find out more about how we use your personal information in this regard, please view the fraud prevention section below.
If you’re making a claim, we may use profiling and other forms of automated processing to assess if your claim may be fraudulent. This assessment may involve the use of your sensitive personal information. For example, we may use your past motoring convictions for motoring insurance. To learn more about how we use your personal information for automated decision making and profiling, please visit the ‘Your Rights’ section below.
2. How we collect, use and share personal information
2.1 Respecting privacy rights
We’re committed to collecting and using personal information in accordance with applicable data protection laws.
Wherever we collect or use this information, we’ll make sure we do this for a valid legal reason. This will be for at least one of the following purposes:
2.2 Marketing and marketing preferences
We may use personal information to send direct marketing communications about our products and services that we feel you’ll be interested in. This may be in the form of email, post, SMS, telephone or display advertising you may see on websites, social media, television or search results.
To protect your privacy rights and give customers choice and control over the use of their personal information, you can:
We rely on third-party advertising technology (such as the deployment of cookies or small text files on our website) to collect information about you, which is used to optimise what you may see on our websites and deliver content when you are browsing elsewhere. We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services.
If we use or share information with online sources, such as websites, social media and information sharing platforms, we will respect any permissions you have set about how you would like your personal information to be used.
2.3 Using personal information to improve our products and services
We use digital tools when you visit our websites or use our mobile apps to gain insights into our products, services and the functionality and performance of our websites, apps and platforms. For example, we use some of these tools to save your language preferences on our website, so we’re able to offer you our services in the language you prefer.
2.4 Working with Credit Reference Agencies (CRA)
For certain products, to ensure we have the necessary facts to assess your insurance risk, verify your identity, help prevent fraud and provide you with our best premium and payment options, we may obtain information relating to you at quotation, renewal and, in certain circumstances, where policy amendments are requested. This may include a quotation search that will appear on your credit report and be visible to other credit providers.
Where you agree to pay monthly under an Aviva credit agreement, the status of your quotation search from our CRA will be updated to reflect your credit application and this will be visible to other credit providers. CRAs may keep a record of this search.
To assess your application we’ll supply your personal information to our CRAs and they’ll give us information about you, such as your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We’ll also continue to exchange the information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.
Our CRA and the ways in which it uses and shares personal information are explained in more detail here.
2.5 Working with regulators and fraud prevention and detection agencies
We may use your personal information to help us to detect and prevent fraudulent applications and claims, fight financial crime and meet our regulatory responsibilities. This may involve checking public registers (eg the electoral roll or registers of county court judgments, bankruptcy orders or repossessions), conducting online searches from websites, social media and other information sharing platforms and using databases managed by credit reference agencies please see the Credit Reference section for more details and other reputable organisations. This will help us verify your identity, make decisions about providing you with our products and related services, and trace debtors or beneficiaries. We may also share your information and undertake searches with third party organisations such as police, public bodies, credit reference agencies, fraud prevention agencies and our regulators (which include the FCA, PRA and ICO).
If you give us false or inaccurate information and we suspect fraud, we’ll record this to prevent further fraud and money laundering.
We can supply on request further details of the agencies and databases we access or contribute to and how this information may be used. If you require further details contact us at Policy Investigation Unit, Aviva, Cruan Business Centre, Westerhill Business Park, 123 Westerhill Road, Bishopbriggs, Glasgow G64 2QR. Telephone 0345 300 0597. Email: PIUUKDI@AVIVA.COM or using the details below.
2.6 Working with Reinsurers
We may share (either directly or through brokers) your personal information, including sensitive personal information, with reinsurers who provide reinsurance services to Aviva and for each other in respect of risks underwritten by Aviva and with insurers who cover Aviva and under its group insurances policies. They will use your data to decide whether to provide reinsurance and insurance cover, assess and deal with reinsurance and insurance claims and to meet legal obligations. They will keep your data for the period necessary for these purposes and may need to disclose it to other companies within their group, their agents and third party service providers, law enforcement and regulatory bodies.
We can supply on request further details of the reinsurers and insurers we provide your data to and how this information may be used. If you require further details contact us.
2.7 Using personal information to create profiles and create better products
Where we underwrite products, we use an automated underwriting engine to process the personal information you provide as part of your application process, together with information provided by third party sources (this could include sensitive information such as health information and offences and convictions) along with the amount of cover you wish to obtain. Other data may be used to calculate these decisions such as telematics data which may have been collected from your vehicle (for motor insurance) or your device. We do this to calculate how much that cover will cost you. Without this information we’re unable to provide a price that is relevant to your individual circumstances and needs.
We regularly check the way our underwriting engine works and before using data obtained from third parties we rigorously test it to identify whether the data provides any actionable insight. This is done using the bare minimum amount of hashed or obscured data we hold about our customers. We do this in order to continually improve the quality of our services, the efficacy of our algorithms and to help us to continue to be fair to our customers.
If you are making a claim, we may use profiling or other forms of automated processing to assess the probability that your claim may be fraudulent or suspect in some way.
Where sensitive personal information is relevant to the profiling, such as medical history for life insurance or offences and convictions for motor insurance, your sensitive personal information may also be used in the profiling models.
You have certain rights in respect of this type of automated decision making. To learn more about your rights please visit the ‘your rights’ section.
2.8 Retaining personal information in our systems
To support us in managing how long we hold your data and our record management, we maintain a data retention policy which includes clear guidelines on data deletion.
We may also retain personal information where we have identified a legal basis for doing so in an aggregated form which allows us to continue to develop/improve our products and services.
2.9 Protecting information outside the UK
Some of the organisations we share information with may be located outside of the European Economic Area ("EEA"). We’ll always take steps to ensure that any transfer of information outside the EEA is carefully managed to protect your privacy rights:
You have a right to ask us for more information about the safeguards we have put in place as mentioned above. To learn more, please read your rights section.
3. Your rights
You have legal rights under data protection laws in relation to your personal information. Click on the links below to learn more about each right you may have.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information where we know we’re dealing with the right individual.
We’ll not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we’ll inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked, for example if it would impact the duty of confidentiality we owe to others, or if we’re otherwise legally entitled to deal with the request in a different way.
3.1 Accessing personal information
You can ask us to:
3.2 Withdrawing consent
Where we’ve asked for your consent to use your personal information, you’ll always have the right to withdraw such consent. Please contact us if you want to do this. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.
3.3 Correcting / erasing personal information
You can ask us to:
We may not always be able to comply with your request, for example, if we need to keep using your personal information in order to comply with our legal obligation or where we need to use it to establish, exercise or defend legal claims.
3.4 Restricting our use of personal information
You can ask us to restrict our use of your personal information in certain circumstances, for example, where:
We can continue to use your personal information following a request for restriction if we have your consent to use it; or you need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another individual or a company.
3.5 Objecting to use of personal information
You can object to any use of your personal information which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use the personal information if we can demonstrate that we have compelling legitimate interests to use the information.
3.6 Requesting a transfer of personal information
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (eg another company).
You may only exercise this right where we use your personal information in order to perform a contract with you, or where we asked for your consent to use your personal information. This right does not apply to any personal information which we hold or process based on our legitimate interest or which is not held in digital form.
3.7 Contesting decisions based on automated decision making
If we made a decision about you based solely by automated means (ie with no human intervention), and our decision produces a legal effect concerning you (such as the rejection of your claim), or significantly affects you, you may have the right to contest that decision, express your point of view and ask for a human review. These rights do not apply where we’re authorised by law to make such decisions and have adopted suitable safeguards in our decision-making processes to protect your rights and freedoms.
3.8 Obtaining a copy of our safety measures
You can ask for a copy of, or reference to, the safeguards we have put in place when your personal information is transferred outside of the European Economic Area. We’re not required to share details of these safeguards if sharing such details would affect our commercial position, or create a security risk.
3.9 Contacting us for more information
4. Contact us
Write to: The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH
Email us: DATAPRT@aviva.com
If you'd like to submit a subject access request, please fill out this form
or write to us at the above address.
Your right to complain
If you’re not happy with the way we’re handling your information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioners Office (ICO)
We ask that you please attempt to resolve any issues with us before contacting the ICO.
We use four categories of cookies on the Websites, based upon the International Chamber of Commerce UK Cookie Guide:
1) Strictly Necessary
Some of these are "session cookies" which stay in place only for the duration of your visit to the Website and are deleted at the end of your browsing session. Others are "persistent cookies" which remain on your device for a period of time after you have left the Website. Cookies may also be placed by our approved business partners, which are known as "third party cookies".
(1) Strictly Necessary Cookies
Strictly necessary cookies are required for the operation of the Website.
These cookies are essential in order to enable you to move around the Website and use its features, such as accessing secure areas of the Website.
Without Strictly Necessary Cookies the Website and back-end services would not work. If you remove or disable these Cookies, we cannot guarantee that you will be able to use the Website.
Our use of Strictly Necessary Cookies includes:
- identifying you as logged in to the secure parts of the Website for the duration of your visit;
- remembering information you have previously entered to complete a form (e.g. retrieval of a quote) as you proceed through a journey on the Website. Your information is stored on our secure servers and the cookie contains only a unique reference number which links you to your stored information when you log into the Website.
We do not use Strictly Necessary Cookies to:
- collect information about you for marketing purposes; or
- track your internet activity on other websites.
Some examples of Strictly Necessary Cookies used on the Websites are:
|Name of cookie
||Network infrastructure support
(2) Performance Cookies
Performance Cookies collect information about how visitors use the Website. They allow us to recognise and count the number of visitors and to see how visitors move around the Website. Performance Cookies help us to improve the way the Website works (e.g. by ensuring that users are finding what they are looking for easily) and to recognise when error messages are being received. Performance Cookies don't collect any information that could identify you. The information collected by these Cookies is either anonymous or pseudonymised.
Our use of Performance Cookies uses includes:
- analysing how visitors use the Website;
- recording any errors that occur;
- testing different designs of the Website; and
- measuring the effectiveness of our advertising.
We do not use Performance Cookies to collect personal information.
Some Performance Cookies are managed for us by third parties, for the purposes listed above. For more information see.
You can stop Performance Cookies by setting your web browser to reject/block some or all Cookies. You can block specific Performance Cookies provided by third parties by using the tools or preferences on that third party’s website (see Further Information).
Some examples of Performance Cookies used on our websites are:
|Name of cookie
||Customer Interaction Analytics
(3) Functionality cookies
Functionality Cookies are used to provide services (such as videos) or to remember choices you make so we can personalise our content for you (for example, by remembering your user name, choice of language or region).
Our use of Functionality Cookies includes:
- remembering preferences you have chosen to customise your experience of the Website; or
- providing live chat functionality to you across the Website.
- We do not use Functionality Cookies to target you with adverts on other websites.
You can block these cookies using your browser settings, but this may mean that we cannot offer you certain services and may prevent us from remembering that you have chosen not to receive a certain service.
Some examples of Functionality Cookies used on the Website are:
|Name of cookie
||Remembers whether cookie banner message should be displayed
||Remembers current login status and allows the customer to be logged in for a period of time
||Remembers the language settings
(4) Targeting Cookies
Targeting Cookies record your visit to the Website, including the web pages you have visited and the links you have followed. We use this information to make the website and our advertising relevant to your interests and provide this information to third parties.
This information may be used to trigger direct communications with you, for example, to send you automated emails tailored to your interests, unless you have opted out of receiving marketing materials from us.
We may also use information from Targeting Cookies to trigger service support communications.
Targeting Cookies may also be placed by our approved business partners. Targeting Cookies are generally linked to services provided by those third parties e.g. "like" buttons.
You can control whether or not Targeting Cookies are used, however, if you block them, we may not be able to offer you certain functionality.
Our use of Targeting Cookies includes:
- providing advertising agencies with information about your visit so that they can show you relevant adverts online;
- providing social networks such as Twitter or Facebook with information about your visit to the Website; and
- delivering content and marketing communications tailored to your interests based on information from your visit to the Website.
Some examples of Targeting Cookies used on the Website are:
|Name of cookie