Privacy & Cookie Policy

Summary

We take our data protection obligations very seriously and it is important to us that you understand how we use your personal data. This Privacy Policy sets out in detail the purposes for which we process your personal data, who we share it with, what rights you have in relation to that data and everything else that we think it is important for you to know.

The main purpose for which we process your personal data is to provide you with services that you request from us. We may need some information from you about health or criminal convictions to do this. We cannot provide you with quotes or policies without this data. We will also process personal data for other purposes, such as market research and fraud prevention. We will only ever keep your personal data for as long as is necessary for the purpose for which we need that personal data.

We will need to share some of your personal data with some third parties, for example insurers and suppliers, and we will make checks against various databases to verify the information you provide and to help us assess your quote. Some of the decisions that we make in relation to our relationship with you will be made by wholly automated means. These decisions can be reviewed if you ask us to, but this does not necessarily mean that they will be changed.

You have various rights in relation to your personal data which can be exercised by contacting us using the details set out in this Privacy Policy.

Please click on the headings below for full information about how your personal data is processed.

Who is processing your data?

Virgin Money Life Insurance is promoted by CYB Intermediaries Limited and arranged and administered by BGL Direct Life Limited. BGL Direct Life Limited is an Appointed Representative of BISL Limited and BGL Direct Life Limited, BISL Limited and CYB Intermediaries Limited are the data controllers in relation to the data you provide and any other information they collect and hold about you. This means that they are the companies responsible for deciding how your data is processed.

This Privacy Policy describes how BGL Direct Life Limited ('we', 'us' 'our'), BISL Limited and CYB Intermediaries Limited use your information.

BGL Direct Life Limited is not owned by and is not part of the BGL Group of Companies. BGL Direct Life Limited is a wholly owned subsidiary of Family Assurance Friendly Society Limited, which operates under the trading name of OneFamily.

BISL Limited is part of the Markerstudy Group and provides products and services under various brands. If you want to know more about the Markerstudy Group and the brands that BISL operates you can find out more at www.bglinsurance.co.uk .

CYB Intermediaries Limited is part of the Virgin Money Group of Companies operating under the Virgin Money brand. If you want to know more about the Virgin Money Group of Companies you can find out more at virginmoney.com/privacy

Data will be shared with Scottish Friendly who underwrite the policy to allow Scottish Friendly to consider your application and to deal with any claims made on your policy. Scottish Friendly will also be a data controller in relation to the data they receive from us and any additional data that they may collect about you and will be responsible for how that data is processed. They may also pass data to their re-insurer.

If you have instructed an insurance broker or intermediary to set up or manage your policy we may also exchange information with the insurance broker or intermediary in relation to the administration of your policy. The insurance broker or intermediary will be the data controller of the data they hold and their use of your data will be subject to their own privacy policy.

If you purchase a policy via a cashback website, some data may also be shared with the cashback website provider in relation to this for example to confirm your purchase. For more information you’ll need to read the privacy policy for the relevant cashback website.

If you use the free Will service the provider of the Will service will be a data controller of any data that you provide to them to use this service.

Where do we get the data from?

From you

Most of the data that we process will be data that we collect from you directly when you request a quote. We will ask you various questions to collect the data we need for the purpose of your policy. We will not be able to provide a quote unless you answer the mandatory questions.

If you have previously held any products or services with CYB Intermediaries Limited then we may carry out checks against data that CYB Intermediaries Limited already hold on you. This includes data that may be needed to apply any discounts or offers that you may be entitled to from time to time as an existing customer, for fraud prevention, research and analysis and to help us assess your application for insurance. We may do this when you request a quote or when changes are made to your policy.

From your use of our website and services

We also collect data about you based on your actions, for example we collect data about how and when you use our websites, or our services so that we can build up a picture of you as a customer. This can include information such as how many quotes you have obtained for insurance from us, mouse clicks/taps, mouse movements, page scrolling and text entered into forms. This helps us to provide you with a good service and to design improvements to our products and services (including changes to our website) but is also used to help us to prevent and detect fraud. We may use third parties to collect this data and some of this data is collected by using cookies. You can read our cookie policy here for more information.

If you contact us electronically, we may collect your electronic identifier e.g. Internet Protocol (IP) address or telephone number supplied by your service provider. This information may be used by us and/or shared with and used by the insurer to aid in the detection of fraud.

If we speak to you on the telephone we may record the telephone call and if you use our webchat service we will keep a record of the conversation. We do this so that we have an accurate record of your conversation with us. We also use this data for monitoring and quality control purposes and may use it for training purposes.

From price comparison sites

If you have been directed to us from a price comparison site then the price comparison site will have provided us with data that you entered in order to allow us to provide you with a quote.

When you purchase one of our policies through a price comparison site we will need to share some information with the price comparison site, for example, information relating to whether the policy has been purchased or the status of the policy. We will also exchange information that is necessary to help resolve any queries or complaints.

Our service providers

We or our insurers will sometimes use third parties to process personal information on our behalf. Where third parties process your personal information on our behalf, we will have a contract in place with them placing obligations on them to keep your data secure and only use it for the purposes that we authorise.

The third parties that we use may include, for example, IT service providers or market research agencies.

From other companies

As part of considering your quote, administering (including amending) your policy or dealing with any claims on your policy, we or our insurer (or the re-insurer) will exchange information about you with other companies and/or carry out checks with various databases, which is standard practice in the insurance industry. This includes:-

• Undertaking checks against publicly available information such as the electoral register, County Court Judgments, bankruptcy or repossession information.
• Carrying out searches against data held by Credit Reference Agencies.
• Using information relating to you which is provided to us or the insurer or re-insurer by other parties for example other insurance companies or fraud prevention agencies.

The credit reference agencies will keep a record of the search and you may see this recorded on your credit file. If you want to check the information that the credit reference agencies hold about you then you can contact them directly.

Existing Data

We will check our existing records to see if you have ever held a policy or obtained a quote with us or any of the brands Family Assurance Friendly Society Limited administer. We will also share personal data with our other brands, other companies in the Family Assurance Friendly Society Limited Group of Companies and insurers for these purposes.

Checking and comparing this data helps us to assess your quote. This data will also be used for fraud prevention, research and analysis in accordance with the section headed "What do we use your data for?" below.

Publicly available sources

We or our insurers use some open sources of data which are not personal data (such as information about particular geographic areas) and combine this with the personal data that we hold about you (such as your own address) in order to assess insurance risk and provide you with an accurate quote.

Providing data about other people

We will sometimes need you to provide us with data about other people, for example where another person is being added to the policy as a joint policyholder. Where you give us data about someone else, you must make sure that you have made that person aware of this Privacy Policy. Where this privacy policy refers to “your data” this also includes data about anyone else named on the policy or whose data you provide us with.

The data that we hold is used for the following purposes:-

Part 1 - Providing you with a quote and administering your policy

The personal data that we use for the purposes set out in this Part includes information you provided during your quote, information about previous or existing policies held by us or our insurers, identification information, information from credit reference agencies, your policy and payment history and behavioural information that we gather from your use of our website and how you manage your policy.

Providing you with a service

As you would expect, this data is used to provide you with the service you have requested, for example a quote or an insurance policy.

We also use this data (including data held in relation to our other brands) to help us build up a picture of you as a customer. This allows us to carry out more accurate assessments of you as a customer when you apply for products with us, including creditworthiness assessments. It helps us to provide you with more relevant information such as making sure we show you the right content at the right time. We also use this information to help calculate your future quotes. This information will also be shared with our insurers for these purposes.

Data protection law says that we have to tell you the legal basis on which we process your personal data.

In relation to personal data used for the purposes described in this Part 1, we process this data because it is necessary to perform the contract that we have in place with you to provide you with the quote or the policy that you have requested.

Part 2 - Fraud Prevention

In order to prevent and detect fraud we and/or the insurer or the re-insurer may use the personal data set out above at any time to:

• Undertake credit searches;
• Check and/or share your details with fraud prevention and detection agencies; and
• Share information about you with other organisations including the police, where necessary and proportionate.

If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We, the insurer or other organisations may also access and use this information to prevent fraud and money laundering, for example when: recovering debt and tracing beneficiaries; checking details on applications for new products and dealing with claims for all types of insurance.

In relation to personal data used for the purposes described in this Part 2, we process this data because we have a legitimate business interest in carrying out these activities to protect against fraud and because there is a substantial public interest in preventing and detecting crime including fraud.

Part 3 – Other Uses of Data

Marketing

CYB Intermediaries Limited will use your information to identify other products and services that you may find useful. (But they’ll only contact you if you’re happy to hear from them)

Where you say you are happy to receive this material, CYB Intermediaries Limited will use your postal address, email address and telephone number to send you marketing materials by post, email, telephone call or SMS. We and CYB Intermediaries Limited do not pass your data to third parties for marketing purposes.

Where CYB Intermediaries Limited have asked you about your marketing preferences, you can change your mind at any time by writing to Virgin Money, Jubilee House, Gosforth, Newcastle upon Tyne, NE3 4PL. Where CYB Intermediaries Limited do send you any marketing emails you can also unsubscribe from emails by clicking on the unsubscribe link or by contacting them.

If you tell CYB Intermediaries Limited you don’t want to receive marketing or if they don’t ask you about your marketing preferences it means that your data will not be used for marketing.

This will not impact any communications that we need to send you for the purpose of your policy, for example, updates about your policy or information about any quotes we’ve provided to you.

CYB Intermediaries Limited use the data we and they hold to help them understand their customer demographic, to help them improve the services that they provide to you and to help target advertising and marketing so that they show customers adverts or marketing which may be more relevant. CYB Intermediaries Limited may sometimes work with carefully selected third parties to do this for example using advertising services provided by organisations such as Google and Facebook and may share data with them to carry out this research and analysis, however CYB Intermediaries Limited will not sell your data to third parties for them to market to you.

Your marketing preferences with CYB Intermediaries Limited will not impact any communications that BGL Direct Life Limited or BISL Limited need to send you for the purpose of your policy, for example, updates about your policy or information about any quotes we’ve provided to you.

Market Research

From time to time we and CYB Intermediaries Limited may want to use your postal address, email address and/or telephone number to contact you to assist us with our research by asking you a few questions about the service you have received or by asking if you would like to complete a review of our services. We and CYB Intermediaries Limited may sometimes ask market research companies to contact you on our behalf.

If you would prefer us not to contact you for market research purposes then you can let us know by contacting us.

Competitions and Special Offers

From time to time we and CYB Intermediaries Limited may run promotions such as competitions or special offers. If you decide to participate in a promotion, the personal data collected as part of that promotion (such as your name, contact details and other information provided for the promotion, for example, responses to any questions asked as part of the promotion) will be used to administer the promotion and your participation in it. We and CYB Intermediaries Limited may need to share your data with third parties for this purpose. For example, we may need to send your contact details to our suppliers so they can send you your prize.

We may, from time to time, offer a functionality on the website to allow you to ask us to send details regarding the website to a friend. Before you provide us with your friend’s details for us to send than an email you will need to make sure you’ve checked your friend is happy for you to do this. When we email the friend we will also include your name so that they know who asked for the email to be sent.

Website comments and feedback

We may, from time to time, offer a functionality to allow you to post comments and feedback (your “Comments”). When submitting Comments you will be asked to provide us with your name and contact details. The data you provide when submitting Comments will only be used for the administration of the comments and feedback sections of the website. We may disclose your name and contact details to any third party who claims that any Comments posted by you constitute a violation of their intellectual property rights, or of their right to privacy, although we will try to notify you before doing this by using the contact details you have provided.

Research and Analysis Activities

We and CYB Intermediaries Limited use data relating to your quotes or your policy, including your claims history, to carry out various research and analysis activities to help us to regularly review and improve the products and services we and CYB Intermediaries Limited provide and carry out research relating to underwriting, claims and pricing. We also share this data with our insurers to enable them to use this data for these purposes. Where possible, data will be shared on an anonymised basis. The data will not be used to make any decisions that will affect you or any other individual.

We also use the data that we collect about you through your website usage to carry out research and analysis into usage and activities on our website to enable us to continue to improve our website and our products and services.

In relation to personal data used for the purposes described in this Part 3, we process this data because we have a legitimate business interest in carrying out these activities to promote and improve our business. We have ensured appropriate safeguards to protect your rights when processing this data for these purposes.

Part 4 - Special Personal Data and Criminal Convictions

In order to provide your quote and administer your policy we may ask you to provide data which data protection law classifies as "special personal data". This includes information about your health (such as any medical conditions) or information relating to criminal convictions or alleged or actual criminal offences.

Where we collect special personal data and criminal conviction or offence data to provide you with your quote and your policy, we process this data because it is in the substantial public interest to do so for the purposes of advising on, arranging, underwriting or administering an insurance contract.

It may also be necessary for us to retain a copy of any special personal data and criminal conviction or offence data for the purpose of making or defending claims or preventing or detecting crime, including fraud.

How long do we keep data?

We'll only keep your personal data as long as we need it and ensure it is securely destroyed when it is no longer required. We do however need to keep certain data after your policy has ended for certain periods as detailed below.

Generally, if you take out a policy with us, you can expect us to keep your data for a period of 10 years following the end of your policy unless there is a requirement for us to keep the data for longer, for example if there are any ongoing queries or claims relating to the policy.

When you obtain a quote, if the policy is not purchased, we will not keep the data you provide for any longer than 5 years from the date of your quote.

We keep data for these periods as it plays an important part in allowing us to undertake fraud detection and prevention activities, allows us to deal with any queries or complaints that may arise regarding the quote and allow us to carry out research and analysis to help us improve our products and services (as described in the section headed "What do we use your data for?" above).

Overseas Transfer of Data

We may use third party suppliers to process personal data about you. Some of these suppliers may be located in countries outside the UK which may not have equivalent laws in place to protect your personal data. For example, we use third party software suppliers to process data such as your IP address and email address. Our insurers may also process personal data in countries outside the UK which may not have equivalent laws in place to protect your personal data. Our insurers are data controller in respect of any such processing.

Whenever we do use third party suppliers to process personal data about you outside the UK we will ensure that your personal data is kept securely, is only used for the purposes set out in this Privacy Policy and is afforded equivalent protection as it would be if it were processed in the UK. We do this through various mechanisms, for example making sure that approved contractual clauses are in place with the supplier. If you would like any further information you please contact us using the details in the “Contacting Us” section.

Your Rights

Data protection law gives you various rights in relation to your personal data. All the rights set out below can be exercised by contacting us using the contact details set out under the "Contacting us" section below. Those rights include:-

• You have the right to ask us to provide a copy of the personal data that we hold about you. This is called a Data Subject Access Request or "DSAR".

  You can access information about your policy and your policy documents by logging into your account. If you want to receive other personal data that we hold then please contact us using the contact details below. When contacting us please describe the information you require and include the following: your full name, your date of birth, your full address and your quote/policy number. For security purposes we may need to ask you for further information to verify your identity. If you require information sending to different contact details to those held on your policy please include a copy of your passport or driving licence and proof of address such as a recent utility bill to assist us in verifying your identity. We might also need to ask you for additional information to help us locate the data that you are looking for.

  Once we have all the information that we need to process your DSAR, we will respond within one month unless your DSAR is very large or complex, in which case we may need to extend this period. If we need to do this we will let you know.

  If you want to make a DSAR in relation to personal data that is held by Scottish Friendly then you will need to contact them directly. You can find their details in your policy documents or you can contact them at https://www.scottishfriendly.co.uk/contact-us/email-enquiry

• You have the right to ask us to correct inaccurate personal data that we hold about you. If you think any of your personal data is inaccurate, please contact us and, provided we can verify your identity and are satisfied as to the accuracy of the correction requested, we will correct the relevant personal data as soon as we can.
• You have the right to request that we provide a copy of your personal data in a machine readable format or to ask us to send your personal data to another company. This applies to personal data that you have provided to us, which we have processed electronically, such as data you entered on our website when you obtained a quote.
• You also have the right to ask us to delete personal data that we hold about you. We are obliged to delete personal data in some circumstances, such as where it is no longer needed. However, data protection laws allow us to keep the personal data if we need to, for example if the data is needed to allow us to administer your policy or if the data is needed for fraud prevention. In any case, we will retain your personal data in line with the retention periods detailed under "How long do we keep data?" above.
• You have the right to ask us not to do anything with your personal data except store it in limited circumstances, such as if you and we do not agree on the accuracy of personal data and steps are required to validate it.
• You have the right to object to us processing certain personal data about you. For example, you can ask CYB Intermediaries Limited to stop processing data for marketing or market research purposes. However, where we need to continue to process the personal data, for example to administer your policy or for fraud prevention purposes, we are not obliged to stop processing it.
• You have the right to ask to review significant decisions that we have made about you wholly by automated means. The nature of the quotes that we provide to you means that we have to use this kind of automated decision making in relation to your personal data (including special categories of personal data) to assess your quotes. This means that our computers will consider lots of different pieces of information about you and about the policy you have requested in order to calculate whether or not we are able to offer you a quote and at what price this should be. Automated decision making will be used when you request a quote, and if any changes are made to your policy. If you ask us to review the decision, we will make sure that it is examined by a human and we will confirm the outcome to you. This does not necessarily mean that the decision will be changed.

Contacting us about data

If you have any queries or concerns about this Privacy Policy, or if you would like to contact our Data Protection Officer, you can email OneFamilyDPO@onefamily.com or write to the Data Protection Officer at OneFamily, 16-17 West Street, Brighton, BN1 2RL. Please make sure you include details of the product and brand that you are contacting the Data Protection Officer about. Please mention it relates to your Virgin Money Life Insurance policy.

You can contact Virgin Money any time to discuss how they hold and use your information and your rights. Further information is also available here.

You can also contact Virgin Money’s Data Protection Officer for further information and to exercise your rights in relation to the data they hold about you by writing to Virgin Money, Jubilee House, Gosforth, Newcastle upon Tyne, NE3 4PL.

Information Commissioner's Office

If you have a complaint regarding how your personal data has been processed by us then please contact us first using the complaints procedure set out here.

You also have the right to complain to the Information Commissioner’s Office, which regulates data protection compliance. You can find more information by visiting their website www.ico.org.uk.

Use of cookies

A cookie is a small text file which we transfer to your hard drive through your web browser when you visit our Website or open certain emails. It enables our own system to recognise you when you visit our Website again and improve our service to you. This information can be used to enhance the content of our Website and make your use of it easier. For information on how you can configure your browser to reject cookies or for information on how to control your online behavioural advertising preferences, please visit http://www.youronlinechoices.com/uk/. Three types of cookie may be used during your visit to Virgin Money Life Insurance.

• Virgin Money Life Insurance session cookies that are deleted after each visit
• Virgin Money Life Insurance persistent cookies are not deleted after each visit
• Third party cookies that are used by our partners, for example, to help us measure site visitors

Other Technologies
Web beacons and pixel tags

These are similar to cookies and allow us to collect information about how you use our website and help us to offer you the best service. We may use web beacons and pixel tags alongside cookies both on our website and in any emails we send to you.

Again, web beacons and tags are commonly used across many websites and do not harm your computer system.

Further information can be found at http://www.allaboutcookies.org/web-beacons/

Key 3rd Party Providers

Google Analytics

Our websites use Google Analytics, which is a web analytics service provided by Google.

For more information please see: https://support.google.com/analytics/answer/181881?hl=en

DoubleClick

Online advertising supplier, these are used to serve our internet advertisements on other sites. Some of our webpages may contain electronic images that help us see how users interact on these pages. They may also provide DoubleClick with information about the interaction.

For more information please see: https://support.google.com/admanager/answer/2839090

Visual Website Optimiser (Optimisation)

Our website optimisation supplier, these are used to store the page variants assigned to a user for performance testing, to ensure the user gets a consistent experience.

Adobe Analytics

Adobe Analytics is a web analytics service and allows us to measure use of the website.

Live Engage (Live Chat)

Our websites use LiveEngage, which is a live chat service provided by LivePerson.

We are continually looking to improve your user experience and so regularly adopt and implement new technologies to help us do this. Please regularly check our cookie policy for details of the cookies we are currently using.

Information security

The payment site employs enhanced encryption techniques which seek to ensure that all of Your confidential data (such as credit card number, name, address and other information) cannot be intercepted, unscrambled or copied when being transmitted between Our server and yourself.

Credit/Debit card information

Credit/debit card information will be processed by Our partners at Cardnet.

Law

This Privacy Policy is subject to English Law and to the exclusive jurisdiction of the English Courts.