privacy notice for advisers who have a terms of business agreement with Ellipse

Who are we?

AIG Life Limited, trading as Ellipse, is the data controller of personal data in respect of arranging and administering group insurance contracts.

How will we use the information about you?

We will only process your personal data for the purposes of carrying out our responsibilities as set out in the terms of business agreement between your firm and Ellipse. Therefore, we will process your personal data in order to undertake any activity relating to our policies, products and services and, where relevant, to process applications, set up and administer policies, products and services and handle any claims.

We will not use your data for anything else without your permission, nor will we pass it to any third party. We may process Personal Information both nationally and internationally.

This may include transferring Personal Information outside the European Economic Area (EEA).

We take additional steps to ensure the security of Personal Information when we transfer it outside the EEA.

International Transfers

Due to the global nature of our business activities, for the purposes set out above (see section entitled ‘How do we use Personal Information?’), depending on the nature of our relationship with you, we will transfer Personal Information to parties located in other countries (including the USA, China, Mexico, Malaysia, Philippines, Bermuda and other countries that have data protection regimes which are different to those in the country where you are based, including countries which have not been found to provide adequate protection for Personal Information by the European Commission).

For example, we may transfer Personal Information in order to help detect, investigate and prevent financial crime.  We may transfer information internationally to our group companies, service providers, business partners, government or public authorities, and other third parties.

When making these transfers, we will take steps to ensure that your Personal Information is adequately protected and transferred in accordance with the requirements of data protection law.

This typically involves the use of data transfer agreements in the form approved by the European Commission and permitted under Article 46 of the EU General Data Protection Regulation (GDPR) (the relevant data protection law). If there is no data transfer agreement in place, we may use other mechanisms recognised by the GDPR as ensuring an adequate level of protection for Personal Information transferred outside the EEA (for example, the US Privacy Shield framework or any framework that replaces it).

Will we send you marketing communications?

With respect to marketing activities, we will only process your personal data with your explicit consent. We will invite you to choose the topic/subject/type of email communications that you wish to receive from us and how frequently we communicate with you. If you consent we will only send you email communications that are relevant to the topics/subject areas you have expressed an interest in. We will make a record of the consent you have given, along with your preferences.

You have the right to withdraw your consent at any time. To do so please click on the ‘change my preferences’ link in any email newsletter and change your communication preferences, or completely unsubscribe from all future email marketing communications.

If you do not consent, we will not send you any email marketing communications relating to our products and services. We will only send you emails about any specific quotes you have obtained from us, or any schemes or polices which are insured with us and you are the nominated adviser for. This is to allow the effective processing of the policy, in the normal course of our business relationship.

What personal data do we hold and where did we get it from?

The majority of personal data that we hold is obtained directly from you, but we also gather information which is observed from any interactions you have made with our marketing emails or website, including email opens/clicks, web visits, forms and surveys you have completed, and information that is inferred, that is we combine information together to determine how best to interact with you. We use cookies to retrace usage behaviour when you visit our website. You can decide whether you wish to accept or decline these cookies by modifying the settings in your browser, which is explained here. Anonymised usage data (date, time of day, pages viewed, navigation, software used, etc) is also collected on our behalf by Google Analytics, but this is only used for the purposes of analysing usage behaviour.

The personal data that we collect directly from you includes your name, title, company name, email address, phone number and mobile phone number. This is collected from you when you first register your online account. This information is superseded by any changes or amendments you make to that data in your online account. You can make changes to this data at any time.

If you have consented to receive email marketing communications, we will hold a record of your preferences as well as a record of the email communications we have sent to you.

Finally, we also hold information about the quotes, schemes and policies you have with us, as well as general information about the group risk business your firm is involved in. We combine this information with your personal information in order to provide a complete picture of our business relationship and to determine how we should best serve you now and in the future. For example, this helps to determine how frequently we engage with you and the help and support we provide to you.

Which other organisations may we share your data with?

Ellipse may share your personal information with:

  • other AIG companies and our reinsurers
  • our research and insight partners, ORC International and NMG Consulting, who may invite you to take part in a voluntary customer satisfaction survey
  • our regulators and government agencies: the Financial Conduct Authority and Her Majesty’s Revenue and Customs ‘HMRC’
  • your clients and their representatives

We will not share your personal data with anyone else, nor will we under any circumstances sell your personal data onto any third party companies.

How long do we hold your information for?

We will keep personal information only as long as we legitimately require it.  In most cases this will be for the period during which our terms of business agreement applies, or until you leave your company. It is your company’s responsibility to notify us in the event that you leave the business. This should be done by your firm’s Adviser Administrator who will remove access to your online account.

In the event that our terms of business agreement ceases, or your Adviser Administrator confirms you have left the company, after a period of three months, we will anonymise your online account and record in our customer relationship management system so your personal data is removed, but your colleagues can still access your client’s policy documents.

How can you access the data and correct it?

You have the right to access the personal information we hold about you. In particular, you have the right to have information corrected. You can do this by amending the personal details you provide to us in your online account. If you are unable to access your online account to view or correct the information we hold about you, or if you have any queries regarding the information that we hold about you, please contact us at DataProtection@ellipse.co.uk

What are your rights to be forgotten?

If you wish to opt out of marketing communications, you should update your preferences or unsubscribe. We will however continue to hold your personal data in order to carry out our responsibilities under our terms of business agreement.

If you want to be forgotten, you must close your online account, but this means you will no longer be able to offer Ellipse products, or service Ellipse products held by your client(s). If you wish to close your online account, please contact your firm’s Adviser Administrator who will remove your access. Your account and any personal records will be anonymised three months after the date you closed your online account.

Do we make any automated decisions when processing your data?

We do not apply any automated decision making to the personal data you provide to us.

How can you complain?

If you are unhappy with the way in which your personal data is handled, please contact our Data Protection Officer.

If you remain unhappy with our response to your complaint, you can complain directly to the Information Commissioners Office (ICO). They are the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Visit https://ico.org.uk/concerns/ to raise a complaint.