At Standard Life we’re committed to maintaining the trust and confidence of our customers

This Privacy Notice explains when and why we collect personal data about you as an Independent Financial Advisor. It makes it clear how we use that personal data, when we may share it with others and how we keep it secure. It also explains how you can obtain a copy of that data, and the choices you have about how we use it.

1. Who are we?

We are Standard Life Assurance Limited (Standard Life), part of The Phoenix Group – one of the UK's largest providers of insurance services. The Phoenix Group has grown a great deal since it first started in 1782 and is now the UK’s largest long-term savings and retirement business. You can visit www.thephoenixgroup.com for more information about the Phoenix Group.

2. What information do we collect?

We collect your personal data to allow us to successfully conduct a business relationship with you and your organisation. We may get the information direct from you or from third parties – all collected with the intent of providing support and services to you.

We may collect the following personal data;

What personal information do we collect? When do we collect it? Why do we need it and how do we use it? Lawful Basis under GDPR

Basic personal details including:

Personal information - for example name and date of birth.

Contact information - for example email address and phone number(s).

We may also have your home address, if you've provided this on the adviser account/agency application forms or this is your correspondence address.

 At the initial application stage and thereafter throughout the course of the business relationship

We need your personal data to set up and manage the adviser account for your business.

Managing any changes of business details, for example a change of agency, contact details or address.

We may use work / business email address for marketing purposes.

 6(1)b – Processing is necessary for the performance of a contract.

Information obtained from carrying out identification checks and checking sanction lists and politically exposed persons (PEP) screening, including bankruptcy orders or where you have been flagged as a PEP.

Information which we have gathered from publicly available sources such as the electoral roll, internet search engines and social media sites where you have been flagged as a PEP and we need to carry out enhanced due diligence.

 At the initial application stage and thereafter throughout the course of the business relationship

We need some data in order to comply with the rules of the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA).

You must notify us immediately of any fundamental changes to your business (refer to Intermediary Terms of Business for full list).

 6(1) c – Processing is necessary for compliance with a legal obligation.
Financial information - for example bank account details and credit checks. At the initial application stage and thereafter throughout the course of the business relationship. Assessing and paying your remuneration. 6(1) b – Processing is necessary for the performance of a contract.
Directors', partners' and principles' additional information - for example position at your firm, any other agencies you are or have been linked with and details of your professional standing such as any history of debt, fraud or other criminal offences. Dictated by business need and circumstances. If we offer the ability to accept directors' guarantees in the future, we may need to obtain copies of your identification documents or identification numbers in order to comply with the rules of the PRA and FCA. 6(1) b – Processing is necessary for the performance of a contract.
Audio and Image recordings - for example voice recording when you contact us. When you contact us via telephone or via an online meeting platform. Calls may be recorded for training and monitoring purposes to help us continually improve our customer service and also to protect you and your client's information. 6(1) e – Processing is necessary for the purposes of the legitimate interests pursued by the controller.
Views and opinions on our products and services. On an ad hoc basis and as part of the IFA relationship management process. We use the views and opinions you share with us to help improve our products and services.  We need to develop those products and services, and make sure they suit your and your clients' needs and that they are performing as expected. 6(1) e – Processing is necessary for the purposes of the legitimate interests pursued by the controller.

Information from your devices

  • IP address – details that identify your device
  • Cookies – small text files placed on your device when you visit a webpage (see our cookies policy at www.standardlife.co.uk/adviser/cookie-policy for more information)
 When you use our website or the Standard Life app. When you ask about or buy a product or service. To understand how you interact with our website and online services. This allows us to improve the ways we interact with customers and provide you with relevant marketing communications. 6 (1) a - Consent.
When you ask about or buy a product or service. When you use our online services.

When you use our website or the Standard Life app.

When you ask about or buy a product or service.

 To communicate with you and send you marketing communications in ways that suit your needs and how you like to be communicated with. 6 (1) a - Consent.

 

3. What about information collected from third party sources?

Most of the personal data we hold will have been provided by you when you complete our Agency Agreement, when you write to, telephone or email us or when you register on our website.  We do, however, collect and process information from third party agencies, including the following:

  • Financial Conduct Authority – we'll get information from the Financial Services Register to check the authorisation and permissions of your firm, as well as details of the approved persons(s) under your firm.
  • Companies House or other companies who provide access to financial accounts - if we need to verify information on directors, owners or your business, we may obtain information from Companies House or similar companies;
  • Credit reference agencies - we may use credit reference agencies to verify your identity and conduct a credit check when setting up new agencies and for ongoing due diligence checks. This is to meet our anti-money laundering obligations and to protect against other  conduct risks.
  • Collated from service providers who carry out identification checks and checking sanction lists and politically exposed persons (PEP) screening, including bankruptcy orders or where you have been flagged as a PEP.
  • Association of British Insurers (ABI) – we may receive information about you as part of research and analysis for initiatives undertaken in conjunction with other insurers, via the ABI.
  • Publicly available sources of data, including online resources - if we lose touch with you, we may search for information such as  contact details online, so we can get back in touch.

4. How we keep in touch with you and provide marketing communications

We want to support Advisors and empower you to provide the best possible outcomes for your clients. A big part of the service we provide is sharing our expertise with you. We do this by providing updates and information to help you along the way. Our communications play an important part in this, helping you to help clients save and manage their money.

Certain communications we send you, such as your client’s annual statements, are important for you to understand their plans. We must send these to you to meet a legal obligation or regulatory requirement. You can’t opt out of these communications. We reserve the right to send documents and communications directly to your clients (i.e our customers and potential customers) where we deem necessary. For example, for legal reasons or to enhance operational efficiency.

Some communications are important as they give you essential information at the best time to help your clients save and manage their money. You can ask us not to send these to you.

Other communications are designed to gather your feedback to help us improve the products and services we offer. This could involve taking part in surveys or questionnaires, perhaps online, on the phone or in person. You can ask us not to send these to you.

We also provide marketing communications about offers, services and additional products which might be designed to help you support your clients to achieve their financial goals, or be tailored to you individually. You can opt out of these communications.

We may provide marketing communications by post, and by phone, text message and email if we have your permission.

You’re in control of how we contact you and the communications you receive. Take a look at the How to contact us section for more details.

5. Who we share your information with

Whenever we share your personal information, we do this in line with data protection laws that are in place to keep your information safe and secure. The table below shows who we may share your personal information with. We will not share your personal information with any of these third parties until we have carried out checks on those parties.

Who we share your information with Why we share it
Other companies in the Phoenix group

We may use more than one company in our group to deliver our products and services to you.

We may share your information with other companies in the Phoenix Group as part of our commitment to offer you financial products and services that may be of interest to you.

We may need to share your information to protect your assets held with us and protect our customers against fraud or activities which may have a negative effect on you.
Service providers We use third-party companies to provide services such as policy administration, IT systems and software, so we can run your policy and deliver our services to you.
Reinsurers (other insurers who take on the risk of when and how much we have to pay customers on their policy) We may share data with our auditors and legal advisors, so reinsurers can help us manage our risk.
Anyone you ask us to share your information with including directly with your clients To share your information with others specified by you, including details of fund portfolio’s under your management directly with your clients

UK regulators, such as the Financial Conduct Authority (FCA) and Information Commissioner’s Office (ICO), who make sure we’re acting in your best interests.

UK government bodies such as HM Revenue & Customs (HMRC) and the Home Office

For our customers in Ireland, regulators such as the Central Bank of Ireland (CBI) and the Data Protection Commission (DPC)

Irish government bodies such as the Revenue Commission

 To meet legal and regulatory requirements, and to follow best practice

Other UK and Ireland bodies such as:

  • fraud-prevention organisations
  • credit-reference agencies
  • enforcement agencies, and
  • courts and those involved in the legal process
 To meet legal and regulatory requirements, and to follow best practice
Professional advisers To provide services such as legal advice, auditing and accountancy services and consultancy services, including ID authentication and fraud prevention agencies
Other third parties who we may use for specific purposes For example, to trace Advisors we have lost contact with.

 

6. Cookies

We automatically use cookies that are necessary for functionality, security and accessibility. There are also optional cookies that we use.

Email pixels

When we send you an email to tell you about the products and services we offer, we use an email pixel. This collects information about how you respond to the email. It tells us when you opened the email, how many times you opened the email and whether you clicked on any of the links in it. This information helps us to better understand the effect of our emails and how useful you find the content about our products and services.

Depending on the device you use to check emails from us, you may be able to disable the email pixel. You will need to check this with your device manufacturer.

You can read more about how we use cookies, and how to change your preferences relating to cookies, in our cookies policy at www.standardlife.co.uk/adviser/cookie-policy.

7. Where your information is processed

We operate mainly in the UK and Ireland. Sometimes the information we collect from you may be accessed from, transferred to or stored outside the UK and Ireland (for example, in India or the United States, where some of our servicing partners are based).

If your information is being processed outside the UK or Ireland, we take extra steps to make sure your information is protected to at least an equivalent level of protection as would be applied in the UK or Ireland. For example, we put in place legal agreements with our suppliers and do regular checks to make sure they are keeping to the requirements of those agreements.

8. Information transferred to third parties outside the UK and EEA

When we transfer information to a third party outside the UK and EEA, we either put in place data transfer agreements that are based on approved standard clauses or rely on other appropriate safeguards and methods to protect the information. However, this is not necessary if the third party is in a country where the European Commission and the ICO consider data protection laws to be adequate. Please contact DataProtection@thephoenixgroup.com if you require further information on this.

9. How long we keep your information

We will keep your information for as long as we have a relationship with you, or where we have a clear legal or regulatory reason to retain it. Once our relationship with you has ended, we will keep your personal information for an appropriate period of time that allows us to:

  • maintain business records for analysis and audit purposes
  • keep to legal requirements relating to keeping records
  • defend or make any legal claim, now or in the future, and
  • deal with any complaints about our products or services.

We will delete your personal information when we no longer need it for these purposes. If you need more information on how long we keep information, please contact our Data Protection Officer. The contact details are shown in the How to contact us section.

10. How we protect your information

We take the security of your information very seriously and have safeguards in place to protect your personal information in line with data protection laws. Also, specialist third-party consultants conduct regular, independent audits across our business to assess our security controls.

Your information is protected by controls designed to minimise loss or damage caused by accident or resulting from negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically, and take part in annual training on this.

Our security controls are in line with industry standards and good practice. These controls mean that you can be reassured that we keep your and your clients information, as well as your money, safe.

11. Your rights

You have legal rights relating to your personal information. We may ask you for proof of identity when you make a request to exercise a right. We do this to make sure we provide information only to the right person.

The legal rights you have are explained below.

The right to object to the use of your personal information

If you don’t want us to use your information, or want us to stop using it for a specific purpose, you can ask us to stop. We will stop using the information as long as there are no reasons why we need to continue using it. If we have to continue using it, we will contact you to explain why.

You can ask us not to send you marketing messages. You can also ask us not to use your personal information for profiling.

If you have given us permission to use your personal information, you can withdraw that permission at any time. Whenever we get your permission we will explain the process for withdrawing it, and any consequences of doing so. You can withdraw your permission at any time by emailing service_gp@standardlife.com.

The right to get copies of your personal information (the ‘right of access’)

You have the right to ask for a copy of the information we hold about you, and we will usually provide this free of charge. For your security, we will take reasonable steps to confirm your identity before providing any information we may have about you.

The right to have your personal information transferred to another organisation (the ‘right to data portability’)

You can ask us to transfer any of your personal information to a specific company or person. We will try to transfer the information in the format you request. If this is not possible, we will contact you to agree an alternative format.

The right to get your personal information corrected (the ‘right to rectification’)

We do our best to make sure that your personal information is kept up to date. If you think that your information is not up to date or is incomplete, please contact us.

The right to limit how organisations use your personal information (the ‘right to restriction’)

You can ask us to stop using your personal information for specific purposes or for a limited time, such as while we are checking the accuracy of your personal information. We will always try to meet your request, but there may be times where we cannot. If this is the case, we will explain why.

The right to get your personal information deleted (the ‘right to be forgotten’)

In certain circumstances you can ask us to stop keeping or using your personal information or ask us to restrict how we use it.

If we can delete your information we will, but sometimes we must keep it for legal reasons. If we cannot meet your request, we will contact you to explain why.

Rights relating to automated decision-making and profiling

You have the right not to accept a decision based just on automated processing, unless the decision is:

  • necessary for the purposes of a contract between us and you
  • allowed by law (for example, to prevent fraud), or
  • based on your clear consent.

In these situations, you do have the right to get an explanation of the decision, ask for a person to be involved in reviewing it, express your views and challenge the decision. We will tell you if we cannot meet your request or how your request might affect you.

If you want to exercise any of your rights, please contact our Customer Services team.

12. How to contact us

Standard Life UK

If you have any questions about our Privacy Notice or any data protection matters, please contact:

Data Protection Officer
Standard Life
Standard Life House
30 Lothian Road
Edinburgh
EH1 2DH.
Email:
DataProtection@thephoenixgroup.com

If you would like to speak to someone about the information we hold about you, please contact our Customer Services team.

Phone:
0800 634 7476 (Freephone)
0345 60 60 01 (local rate)
+44 131 246 1846 (from overseas)

Email:
Service_gp@standardlife.com

Standard Life Ireland

If you have any questions about our Privacy Notice or the information we collect or use about you, please contact:

Data Protection Officer
Standard Life
90 St Stephens Green
Dublin 2.
Email:
dpoffice@standardlife.ie

If you would like to speak to someone about the information we hold about you, please contact our Customer Services team.

Phone:
1890 252 222
(01) 639 7000 if you’re calling from overseas

Email:
customerservice@standardlife.ei

13. How to make a complaint

We always aim to collect, use and protect your personal information in line with data protection laws. If you think that we have not kept to this Privacy Notice, please let us know immediately. We will do our best to put things right.

We hope that we can settle any complaints for you. If you are not satisfied with a response you receive from us, you have the right to complain to the Data Protection Regulator, whether or not you have finished our complaints procedure.

Intermediaries in the UK can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF.
Website:
ico.org.uk

Intermediaries in Ireland can contact the Data Protection Commission (DPC) at:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28.
Website:
www.dataprotection.ie

14. Changes to this Privacy Notice

We may update this Privacy Notice from time to time to keep it up to date or when necessary to meet legal requirements. If there are any significant changes to how we use your personal information, we’ll tell you by putting a notice on our website and sending you details by email or post.

This Privacy Notice was last updated on 07 July 2025.