Standard Life Privacy Notice
Our customers are at the heart of everything we do. This Privacy Notice explains how we collect, use and share your personal information. If you have any questions, please contact our Customer Services team or our Data Protection Officer using the contact details shown at the end of this document.
At Standard Life we’re committed to maintaining the trust and confidence of our customers.
This Privacy Notice explains when and why we collect our customers’ personal information. It makes it clear how we use it, when we may share it with others and how we keep it secure. It also explains how you can get the information we hold about you, and the choices you have about how we use your information.
1. "Who are you?"
We are Standard Life operating under Phoenix Life Limited (PLL). PLL are part of The Phoenix Group – one of the UK's largest providers of insurance services. The Phoenix Group has grown a great deal since it first started in 1782 and is now the UK’s largest long-term savings and retirement business. You can visit https://www.thephoenixgroup.com/site-services/privacy-hub/ for more information about the Phoenix Group.
The companies this Privacy Notice applies to are listed below.
Standard Life, part of Phoenix Life Limited
Standard Life Trustee Company Limited
Standard Life Lifetime Mortgages Limited
abrdn (formerly Standard Life Aberdeen plc) are not part of the Phoenix Group. This Privacy Notice doesn’t apply to them, although we do have an ongoing partnership with Standard Life Aberdeen plc and will share your personal information with them if it is necessary so we can continue to provide products and services, and it is lawful for us to do so.
2. Information collection and processing
"What information do you collect?"
We collect your personal information when you fill in application forms, speak to us on the phone or use our apps and website. We may get the information direct from you or from your employer if you have a workplace pension. We may also ask you for information as part of our day-to-day business activities, so we can provide you with the services we offer.
|What personal information do you collect?||When do you collect it?||Why do you need it?|
Basic personal details
When your employer provides it in connection with a workplace pension.
When you ask about or buy a product or service.
To run your policy with us.
To answer your questions and give you important information about your products or services.
To give you details of additional products or services that we think might be suitable for you.
To understand how customers are using our products and services.
Proof of identity documents
|When we need proof of identity.||To keep your account and financial information secure.|
|When you fill in an application for one of our products or services.||To operate your account (for example, to pay beneficiaries, who are the ones who receive benefits from your policy if you die).|
||As part of running your policy.||To provide the product or service you've requested - if we need the information for this purpose - or to meet our legal duties.|
Information from your devices
- IP address - details that identify your device
When you use our website or the Standard Life app.
When you ask about or buy a product or service.
|To understand how you interact with our website and online services. This allows us to improve the ways we interact with customers and provide you with relevant marketing communications.|
|Your preferences - for communications and receiving marketing information.||
When you ask about or buy a product or service.
When you use our online services.
|To communicate with you and send you marketing communications in ways that suit your needs and how you like to be communicated with.|
We may collect other information during your relationship with us, to help us continue running your policy, such as information from public registers, including Land Registry documents.
"What about information that’s provided about other people?"
If you are a beneficiary or other third party with an interest in the policy, we get personal information from the person who took out the policy (for example, your partner).
In some circumstances we collect information about children. For example, we may need to collect their information to find out if they are beneficiaries of a policy.
If you are a beneficiary or a third party, you have a number of rights over your personal information. We explain how you can exercise these rights in the Your rights section.
"What are the lawful bases for processing my personal information?"
We will only collect, use and share your information if we have a valid legal reason, known as a legal basis, as set out in data protection law. The main legal bases for using your information are as follows.
1. Contract – the processing is necessary for a contract we have with you to provide a product or service to you, or because you have asked us to take specific steps before entering into a contract with us.
2. Legal obligation – the processing is necessary for us to keep to the law, such as needing proof of identity to meet our fraud and anti-money laundering duties.
3. Legitimate interests – the processing is necessary for our legitimate interests or those of a third party.
Our legitimate interests may include, but are not limited to:
• making you aware of the options that will help you get the best outcome from your product or investment, and
• carrying out research so we can better understand your needs and send you relevant communications about the products and services you have with us. (You can opt out of these types of communications by emailing firstname.lastname@example.org or using the details provided in the How to contact us section of this Privacy Notice.)
It is also in your legitimate interests to process your personal data to develop new products and services.
An example of processing your personal information to meet the interests of a third party is sharing information with your employer's adviser in connection with your workplace pension scheme.
When we process personal information for legitimate business interests, we put safeguards in place. The safeguards make sure your privacy is protected and that our legitimate interests do not override your interests or your data protection rights.
4. Consent – you have given us permission to process your personal information for a specific purpose, such as to send you information about products and services we believe may be of interest to and benefit you.
For example, we’ll need to get your permission to process your medical information or pass your details to a third party who provides a service we don’t. you have the right to withdraw your permission at any time.
In some limited cases we may need to process your personal information without getting your permission, if this is in the public interest and allowed under data protection law. If this is the case, we will take necessary steps to make sure your rights and freedoms are protected.
If we ask for your permission to process your personal information, and you agree, you can withdraw your permission at any time by emailing email@example.com or using the details provided in the How to contact us section of this Privacy Notice. Please read section 18, Your rights, for more details.
3. Profiling and automated decision making
How we keep in touch with you and provide marketing communications
We want to help you get the most out of your savings. A big part of the service we provide is sharing our expertise with you. We do this by providing updates and information to help you along the way. Our communications play an important part in this, helping you to save and manage your money.
Certain communications we send you, such as your annual statement, are important for you to understand your plan. We must send these to you to meet a legal obligation or regulatory requirement. You can’t opt out of these communications.
Some communications are important as they give you essential information at the best time to help you save and manage your money. You can opt out of these communications.
Other communications are designed to gather your feedback to help us improve the products and services we offer. This could involve taking part in surveys or questionnaires, perhaps online, on the phone or in person. You can opt out of these communications.
We also provide marketing communications about offers, services and additional products that can help you achieve your financial goals. You can opt out of these communications.
Other marketing communications give you access to products, services and offers from our trusted partners and our parent company, the Phoenix Group. We will never share your details with external companies for them to market their own products and services direct to you. You can opt out of these communications.
We may provide marketing communications by post, and by phone, text message and email if we have your permission.
You’re in control of how we contact you and the communications you receive. You can manage your communication preferences through your online account or by calling our Customer Services team. Take a look at the How to contact us section for more details.
"What do you do with customer profiling?"
The way we process your personal information may involve profiling. This means that we may process your personal information using software that can evaluate your personal circumstances and other factors to predict risks or outcomes. We may also use profiling, or other automated methods, to make decisions about you.
We use profiling to help us develop offers, products and services in order to provide you with the best customer experience. We may also use profiling to see how you use and interact with our website and online tools. This helps us to improve our services to you.
From time to time we use your information, sometimes combined with information from third parties, to place you in groups with similar customers. This combined information is then used to:
- monitor and improve the products and services we offer
- help prevent crime
- decide if our customers might be displaying characteristics that show they may need additional support from us, and
- make sure information is accurate and of a high quality
An example of customers who are grouped together are those nearing retirement, where we use profiling of that group to provide information about their retirement options.
Before we use any information from profiling, we carry out checks to make sure there are no legal restrictions on using that information. We also consider whether using the information might cause outcomes that are unfair.
Where possible we remove details you could be identified from, such as your name, and replace these with anonymous details. We do this to protect your information.
If you don't want us to use your personal information for profiling, please contact our Customer Services team using the details in the How to contact us section of this Privacy Notice. If you do not want us to use your personal information for profiling, this may mean that we will not be able to provide you with our products or services.
"What do you do with marketing profiles?"
We use automated processes to assess certain things about you in order to make predictions such as customer traits and behaviours. These predictions are called marketing profiles and they help us provide more personalised advertising for our products and services. To create marketing profiles we use information such as:
- details of your policy
- information on your behaviours, such as how you use our website
- your age, and
- your contact details.
We would use your marketing profile to decide the most relevant products, services, offers or benefits to offer you and the best time and way to offer them. For example, we may use marketing profiles to see if customers prefer to use our website to find out about products and services. If they do, we contact customers to let them know about any online services we are offering. We may also share your marketing profile with service providers who can show advertisements to you about our products and services on social media platforms.
We may use your email address and phone number to build a profile of the type of customers we want to reach. We may share this information with social media and digital companies.
We may use a third party’s services and information to create marketing profiles.
If you don’t want us to use your information to create marketing profiles, please contact our Customer Services team using the details in the How to contact us section.
When we use automated decision-making
We sometimes use automated decision-making, where decisions are made by a computer system without any person involved. This process uses information that you have given us and that is in records we hold about you, and information we get from third parties. An example of automated decision-making is where an automated process uses information on the value of your annuity to decide the terms and price of a policy.
If we make an automated decision, you have the right to:
- receive an explanation about the logic behind the decision
- challenge the decision, and
- ask for a person to be involved in making the decision.
For more information about this right and how to exercise it, please see the Your rights section.
We make certain decisions based just on automated processing of your personal information. Examples of when we make decisions based just on automated processing are as follows.
- We carry out credit reference checks to decide if you are likely to be able to meet your commitments in any contract you have with us. If you don’t meet the standards required by the check, we will not be able to enter into a contract with you.
- In order to meet our obligations to prevent fraud and money laundering, we analyse patterns of transactions and claims to decide if any transaction or claim may be fraudulent. We may block transactions or reject claims if they’re considered suspicious, and we may be required to report the matter to the relevant authorities.
Please contact us if you would like more information about these activities.
4. Who we share your information with
Whenever we share your personal information, we do this in line with data protection laws that are in place to keep your information safe and secure. The table below shows who we may share your personal information with. We will not share your personal information with any of these third parties until we have carried out checks on those parties.
|Who we share your information with||Why we share it|
|Other companies in the Phoenix group||We may use more than one company in our group to deliver our products and services to you.
We may share your information with other companies in the Phoenix Group as part of our commitment to offer you financial products and services that may be of interest to you.
We may need to share your information to protect your assets held with us and protect our customers against fraud or activities which may have a negative effect on you.
You can visit https://www.thephoenixgroup.com/site-services/privacy-hub/ for more information about the Phoenix Group.
|Service providers||We use third-party companies to provide services such as policy administration, IT systems and software, so we can run your policy and deliver our services to you.|
|Reinsurers (other insurers who take on the risk of when and how much we have to pay customers on their policy)||So reinsurers can help us manage our risk.|
|Anyone you ask us to share your information with||To share your information with others specified by you, such as a trustee or professional adviser.|
|UK regulators, such as the Financial Conduct Authority (FCA) and Information Commissioner’s Office (ICO), who make sure we’re acting in your best interests
UK government bodies such as HM Revenue & Customs (HMRC) and the Home Office
For our customers in Ireland, regulators such as the Central Bank of Ireland (CBI) and the Data Protection Commission (DPC)
Irish government bodies such as the Revenue Commission
|To meet legal and regulatory requirements, and to follow best practice.|
|Other UK and Ireland bodies such as:
||To meet legal and regulatory requirements, and to follow best practice.|
|Affinity partners (third parties who provide products or services which we do not provide or which are different from our own)||To offer you financial products and services that may be of interest to you.|
|Customer research partners||To help us improve the products and services we provide.
Note: if you are contacted for research purposes we will be clear about the purposes of the research. We’ll tell you how any information you provide will be used, who will have access to it and how long it will be kept.
|Professional advisers||To provide services such as legal advice, accountancy services and consultancy services.|
|Other third parties who we may use for specific purposes||For example, to trace customers we have lost contact with or when we’ve been told customers no longer live at the address we have for them.|
|Social media platforms and providers of online advertising||So they can check information they have about you through your use of their services. We may share this information when you buy a product from our website or over the phone.
Sharing this information helps us to:
1 In order to process your applications and ongoing requests we will supply some of your personal information (name, address, date of birth, and, if applicable, bank details) to TransUnion International UK Limited, which is a credit reference agency providing services such as fraud prevention, anti-money laundering, identity and bank verification.
TransUnion will use your personal information to provide services to us and its other clients. We use their services in order to check your identity and prevent criminal activity such as fraud and money laundering. More information about TransUnion and the ways in which it uses and shares personal information can be found in its privacy notice at https://www.transunion.co.uk/legal/privacy-centre.
5. Cookies and pixels
Who we collect information from
We may need to collect personal information about you from third parties, but we will only ask for the minimum amount of information we need. Third parties we may ask for information including the following.
- Your employer or pension scheme trustee, if you’re a member of a pension scheme
- Credit reference agencies, to help us find you if we lose touch with you
- Companies who provide third-party administration services
- Law enforcement and fraud prevention agencies, to prevent and detect crime
- Medical professionals, if we have your permission, to help us assess a claim
- Regulators, such as the FCA, who make sure we’re acting in your best interests
- Government bodies, such as HMRC or The Revenue Commission, who are responsible for collecting taxes
- Third parties acting on your behalf
- Any other publicly available source of information
The Standard Life website uses a Facebook Pixel, which is a cookie that collects information about your activity on our website, if you accepted ‘targeting cookies’ when visiting our website.
Information collected by the Facebook Pixel may be used to connect your activity on our website, such as pages viewed and transactions made, to our Facebook advertising account. It then makes a match to people who use Facebook.
Sharing this information helps us to better understand the effect of our advertising campaigns. It helps us make our advertising relevant to customers and others who might be interested in products and services we advertise and provide.
Facebook joint data controller
Facebook expects us to tell visitors to our website that Facebook Ireland is a ‘joint data controller’ with us when processing information collected by the Facebook Pixel or sent to Facebook by us. Once Facebook receives this information it acts as an independent data controller. How Facebook Ireland processes personal information collected by the Facebook Pixel, including the legal basis and how to exercise your rights, is explained in Facebook Ireland’s data policy at www.facebook.com/about/privacy.
We and Facebook Ireland have entered into an arrangement to decide our and their responsibilities for meeting the obligations under data protection law, including the General Data Protection Regulation (GDPR). The arrangement is in connection with the joint processing of personal information through the Facebook Pixel. We are responsible for providing information on how personal information is processed through the pixel. Facebook Ireland is responsible for meeting individuals’ requests to exercise their rights relating to the personal information processed by Facebook Ireland.
When we send you an email to tell you about the products and services we offer, we use an email pixel. This collects information about how you respond to the email. It tells us when you opened the email, how many times you opened the email and whether you clicked on any of the links in it. This information helps us to better understand the effect of our emails and how useful you find the content about our products and services.
Depending on the device you use to check emails from us, you may be able to disable the email pixel. You will need to check this with your device manufacturer.
6. Where your information is processed
We operate mainly in the UK and Ireland. Sometimes the information we collect from you may be accessed from, transferred to or stored outside the UK and Ireland (for example, in India or the United States, where some of our servicing partners are based).
If your information is being processed outside the UK or Ireland, we take extra steps to make sure your information is protected to at least an equivalent level of protection as would be applied in the UK or Ireland. For example, we put in place legal agreements with our suppliers and do regular checks to make sure they are keeping to the requirements of those agreements.
Information transferred to third parties outside the UK and EEA
When we transfer information to a third party outside the UK and EEA, we either put in place data transfer agreements that are based on approved standard clauses or rely on other appropriate safeguards and methods to protect the information. However, this is not necessary if the third party is in a country where the European Commission and the ICO consider data protection laws to be adequate.
7. How long we keep your information
We will keep your information for as long as we have a relationship with you. Once our relationship with you has ended, we will keep your personal information for an appropriate period of time that allows us to:
- maintain business records for analysis and audit purposes
- keep to legal requirements relating to keeping records
- defend or make any legal claim, now or in the future, and
- deal with any complaints about our products or services.
We will delete your personal information when we no longer need it for these purposes.
If you need more information on how long we keep information, please contact our Data Protection Officer. The contact details are shown in the How to contact us section.
8. How we protect your information
We take the security of your information very seriously and have safeguards in place to protect your personal information in line with data protection laws. Also, specialist third-party consultants conduct regular, independent audits across our business to assess our security controls.
Your information is protected by controls designed to minimise loss or damage caused by accident or resulting from negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically, and take part in annual training on this.
Our security controls are in line with industry standards and good practice. These controls mean that you can be reassured that we keep your information, as well as your money, safe.
9. Your rights
You have legal rights relating to your personal information. We may ask you for proof of identity when you make a request to exercise a right. We do this to make sure we provide information only to the right person.
The legal rights you have are explained below.
The right to object to the use of your personal information
If you don't want us to use your information, or want us to stop using it for a specific purpose, you can ask us to stop. We will stop using the information as long as there are no reasons why we need to continue using it. If we have to continue using it, we will contact you to explain why.
You can ask us not to send you marketing messages. You can also ask us not to use your personal information for customer profiling.
If you have given us permission to use your personal information, you can withdraw that permission at any time. Whenever we get your permission we will explain the process for withdrawing it, and any consequences of doing so. You can withdraw your permission at any time by emailing firstname.lastname@example.org.
The right to get copies of your personal information (the ‘right of access’)
You have the right to ask for a copy of the information we hold about you, and we will usually provide this free of charge. For your security, we will take reasonable steps to confirm your identity before providing any information we may have about you.
The right to have your personal information transferred to another organisation (the ‘right to data portability’)
You can ask us to transfer any of your personal information to a specific company or person. We will try to transfer the information in the format you request. If this is not possible, we will contact you to agree an alternative format.
The right to get your personal information corrected (the ‘right to rectification’)
We do our best to make sure that your personal information is kept up to date. If you think that your information is not up to date or is incomplete, please contact us.
The right to limit how organisations use your personal information (the ‘right to restriction’)
You can ask us to stop using your personal information for specific purposes or for a limited time, such as while we are checking the accuracy of your personal information. We will always try to meet your request, but there may be times where we cannot. If this is the case, we will explain why.
The right to get your personal information deleted (the ‘right to be forgotten’)
In certain circumstances you can ask us to stop keeping or using your personal information or ask us to restrict how we use it.
If we can delete your information we will, but sometimes we must keep it for legal reasons. If we cannot meet your request, we will contact you to explain why.
Rights relating to automated decision-making and profiling
You have the right not to accept a decision based just on automated processing, unless the decision is:
- necessary for the purposes of a contract between us and you
- allowed by law (for example, to prevent fraud), or
- based on your clear consent.
In these situations, you do have the right to get an explanation of the decision, ask for a person to be involved in reviewing it, express your views and challenge the decision. We will tell you if we cannot meet your request or how your request might affect you.
If you want to exercise any of your rights, please contact our Customer Services team.
10. How to contact us
Standard Life UK
If you have any questions about our Privacy Notice or any data protection matters, please contact:
Data Protection Officer
Standard Life House
30 Lothian Road
If you would like to speak to someone about the information we hold about you, please contact our Customer Services team.
Phone: 0800 634 7476 (Freephone)
0345 60 60 01 (local rate)
+44 131 246 1846 (from overseas)
If you are registered for online services, you can send us a message through your secure online account or the Standard Life app.
11. How to make a complaint
We always aim to collect, use and protect your personal information in line with data protection laws. If you think that we have not kept to this Privacy Notice, please let us know immediately. We will do our best to put things right.
We hope that we can settle any complaints for you. If you are not satisfied with a response you receive from us, you have the right to complain to the Data Protection Regulator, whether or not you have finished our complaints procedure.
Customers in the UK can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
12. Changes to this Privacy Notice
We may update this Privacy Notice from time to time to keep it up to date or when necessary to meet legal requirements. If there are any significant changes to how we use your personal information, we’ll tell you by putting a notice on our website and sending you details by email or post.
This Privacy Notice was last updated on 28 October 2023.