Last updated: July 2020
We are providing you this notice due to European General Data Protection Regulation (GDPR) laws which have applied since 25 May 2018 and other similar data privacy laws in other countries. Due to these laws, companies that handle personal information are giving customers more details on how they gather, use and share this information as well as providing information on the rights you have on how this information is processed. You don’t need to do anything, but you may want to take time to read this.
For the purposes of the GDPR, we are the data controller for the personal information that the trustee (or a third party acting on behalf of the trustee) or an insurance provider has given us. This means we have a responsibility to make sure your information is kept safe and not misused.
The trustee/insurer, or their adviser or other related third party, may give us any or all of the following personal information about you:
- Personal details such as your name, gender, age or date of birth, post code and in very limited cases your contact details such as email address, full postal address and phone number.
- Family circumstances such as details about your current marriage or partnerships your marital history and details of your family and dependants.
- Employment details such as pensionable pay, length of service, employment and career history and job title.
We may process special category (sensitive) data, such as medical & health information, for reasons of substantial public interest in accordance with applicable law. We will only process data that is needed for specific purposes.
When we receive your personal information, we will use, analyse, store and keep it for a number of purposes, including the following.
- To provide reinsurance quotations for an insurer for them to remove some of their risk relating to the scheme/policy by taking out reinsurance.
- To administer and support a reinsurance contract that an insurer may buy or has bought from us to remove some of their risk relating to the payment of scheme/policy benefits.
- To make sure that we accurately pay the correct benefits and claims to the insurer in connection with the reinsurance benefits. We will process your information along with information about the other members of the scheme/policy to help us manage the reinsurance contract, for example setting mortality assumptions (rates of death) for specific schemes, and to report on longevity risks (risks relating to how much longer people live) and related demographic risks (risks relating to the social and economic characteristics of a population, for example age, gender, income level, marital status, occupation and so on).
- To carry out any obligations we have to insurers.
- To comply with any laws or regulations that apply.
- To carry out market research, statistical analysis, customer profiling and product development to help us develop and improve our processes, products and services, which can include creating a database of the social and economic characteristics of scheme/policy members.
We may also share your personal information with any or all of the following in connection with insuring longevity and mortality risks including related demographic risks:
- Our group companies and group functions, including those involved in setting scheme-specific/policy mortality assumptions (rates of death), dealing with legal matters and financial reporting.
- Our retrocessionaires (organisations which provide reinsurance for reinsurance companies) of longevity risks, mortality risks and related demographic risks. (You can find a list of the retrocessionaires that we normally use, and links to each of their privacy policies, at legalandgeneralre.com/privacy-policy/3rdparty
- Third parties who check for people who are at higher risk of bribery and corruption because of their position (known as politically exposed persons or PEPs), carry out sanctions screening (the process of reviewing sanctions lists to check if any person is involved in financing crime or terrorism, so that appropriate action can be taken, as needed, to keep within the law) and trace members and check they are still alive, or third parties instructed by the trustee/insurer, such as scheme auditors.
We, retrocessionaires or third-party service providers (those able to provide better value for money or who provide a specialist service) will use, analyse, store and maintain your personal information for a number of purposes, including the following:
- Assessing it to prevent fraud.
- Making decisions relating to the transaction being underwritten (analysis of the risk).
- Other purposes we may decide on from time to time.
We and each of the organisations and people listed above will rely on a condition under the GDPR known as ‘legitimate interests’ to use your personal information for any other purpose described in this privacy notice. This means it must be in our legitimate interests to collect your personal information as it gives us the information we need to allow us to deal with the risks we face and to provide our services more effectively.
Your information will never be given to a third party for the purposes of them sending you marketing information.
Note regarding European international data transfer issues: We collect and process your personal data in Bermuda, which is not regarded by the GDPR and other European data protection laws as ensuring equivalent protection for personal data. We will however abide by GDPR principles, as well as Bermudan law, in collecting and processing your personal data. We will not transfer your personal data to recipients outside the European Economic Area (including in Bermuda) unless those principles allow us to do so. This will include, in particular:
- transfers to countries regarded by the GDPR and other European data protection laws as ensuring equivalent protection for personal data (for example Canada);
- transfers made on contractual terms which have been approved as providing appropriate safeguards to protect the data for the purposes of the GDPR and other European data protection laws (for example, to service providers in the US); and
- other exceptional transfers, for example where disclosure of personal data is necessary on public interest grounds or in the context of legal proceedings or a regulatory investigation.
We and the other organisations and persons mentioned above will each keep your personal information in line with our and their retention policies. We and they decide on the length of time the information is kept for based on the minimum retention periods required by law or regulation. We and they will only keep your personal information after this period if there’s a legitimate and provable business reason to do so. Our own policy is to anonymise (so that it can no longer be identified as being about you) all personal information provided for the purpose of providing a quote no longer than six months after the date on which we are told that the quote was not taken up or acted on.
Under the legitimate interests condition of the GDPR, we may keep your personal information indefinitely to help us deal with any enquires we receive in the future from you, your family or financial adviser, other insurers / retrocessionaires, or our regulators. For certain research and statistical activities, we may also keep limited personal information about you indefinitely, including medical information, to define our actuarial, underwriting and pricing risk strategies only. We will not use this information to make a decision about, or take measures against, you.
We will check your details with fraud prevention agencies. If you provide false or inaccurate information or we identify it, we will pass details to fraud prevention agencies. Law enforcement agencies may access and use this information. We may also share information about you with other organisations and public bodies, including the police, and we may check or file your details with fraud prevention agencies and databases.
We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
- checking details on applications for credit and credit-related or other facilities;
- managing credit and credit-related accounts or facilities;
- recovering debt;
- checking details on proposals and claims for all types of insurance; or
- checking details of job applicants and employees.
We and other organisations may access and use the information recorded by fraud prevention agencies in other countries. Please contact our Group Financial Crime department if you want to receive the relevant details of the fraud prevention agencies:
Group Financial Crime, 7th Floor, Brunel House, 2 Fitzalan Road, Cardiff, CF24 0EB.
We may also check the details of other parties related to your contract, including checking their identity. This includes beneficiaries, trustee/insurers, settlors, third-party premium payers, executors or administrators of your estate, parties with power of attorney and anyone else who may benefit from the contract.
You have rights under data protection law that relate to the way we process your personal information. You can find more information on these rights on the ICO’s website. If you want to enforce any of these rights, please get in touch with our Data Protection Manager. Or, you can also use the Contact Us section of our website.
- The right to access the personal information that we hold about you, along with certain related information.
- The right to make us correct any inaccurate personal information we hold about you.
- The right to make us erase any personal information we hold about you. This right will only apply if, for example:
- we no longer need to use the personal information to achieve the purpose we collected it for;
- you withdraw your permission (consent) if we’re using your personal information based on that permission (consent); and
- you object to the way we use your information, and there is no overriding legitimate interest.
- you dispute the accuracy of the personal information we hold;
- you would like us to erase your information, but we need to hold it in order to stop processing it;
- you have the right to tell us to erase the personal information, but would instead prefer that we restrict how we process it; or
- we no longer need to use the personal information to achieve the purpose we collected it for, but you need the information for legal claims.
- an explanation of the decision, and to challenge it; or
- the decision to be reviewed by a person (not a computer).
If you have any questions about this privacy notice or want to enforce any of your rights, please contact the Data Protection Manager at Legal & General Reinsurance:
E-mail: firstname.lastname@example.org Phone: +1 441 249 2270
Address: 19 Par-La-Ville Road, Ground Floor, Hamilton HM11, Bermuda.
Legal & General Reinsurance Company Limited is incorporated in Bermuda, outside the EU, so we have appointed a Data Protection Officer as our representative for the purposes of the GDPR compliance, and to deal with any supervisory authorities or data subjects in this respect.
They provide independent expert advice and make sure we are keeping to data protection laws:
Name: Liz Gaspar E-mail: Data.Protection@landg.com
Address: 1 Coleman Street, London, EC2R 5AA, United Kingdom.
If you have any concerns about the way we process your personal information, or are not happy with the way we have handled a request in relation to your rights, you also have the right to make a complaint to the Information Commissioner’s Office. The UK address is:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Legal & General Reinsurance Company Limited is incorporated in Bermuda and registered at 19 Par-La-Ville Road, Hamilton HM11.
Legal & General Reinsurance Company Limited, registered No. 48340, is authorised and regulated by the Bermuda Monetary Authority