website, please read our Cookie
Find out more about our policy on privacy, data protection and cookies.
We keep our privacy notice under regular review. This privacy notice was last updated July 2021.
Use the index below to navigate through our privacy notice
How we obtain the personal information
The types of personal information that we collect
Sensitive personal information
How we use personal information
Our lawful bases for using personal information
Sharing your personal information
Financial crime prevention
Automated decision making
Sending data outside of the UK and European Economic Area (EEA)
Making a complaint
Updates to this notice
Here at Aegon, we’re committed to protecting and respecting your privacy. Looking after the personal information that we collect about individuals is our top priority. We want you to be confident that your information is in safe hands. So, we’ve developed this Privacy notice to explain how we use the personal information that we collect in relation to our retirement, investment and protection products and services.
Most personal information we collect relates to the individuals who take out a product with us. However, in certain circumstances we may obtain some personal information about other individuals. For example for:
We’ll process their personal information in accordance with this Privacy notice.
Our data security policies mean that we hold all personal information securely and limit access to those who need to see it in line with our obligations under data protection law. We apply extra security to more sensitive personal information, such as medical details, which are required to administer certain products, such as our Protection products.
Details of the companies that are part of the Aegon UK Group are shown below:
If you have any questions about this notice or data protection, please contact our Data Protection Officer.
Write to: Data Protection Officer, Aegon, Edinburgh Park, Lochside Crescent, Edinburgh, EH12 9SE.
If you're contacting us by email please remember not to send any personal, financial or banking information because email isn't a secure method of communication. If you decide to send information in this way, you're doing so at your own risk as there's no guarantee that any email sent by you to us will be received or remain private during transmission.
You or someone representing you, for example, your intermediary or financial adviser, will provide us with personal information about you. Where you are a member of a workplace pension scheme, we’ll receive information about you from your employer. Where you are a member of a Trust based pension scheme, we’ll receive information about you from the trustees of the pension scheme.
We may obtain information about you via application forms (including claim forms), both paper-based and online, or by phone, email, social media tools or otherwise.
You can find additional information on the more common ways we capture your personal information below:
Application and claim forms from you or your representative
We obtain personal information about you through our application/claim forms (both paper and completed online) where we ask for specific information to be provided so we can process your application/claim. This may include copies of any identification documentation (for example, driving licence or passport) you need to provide as part of the application/claim process. For our protection products, there may be occasions where we’ll use information that was previously provided to us, for example, information that was disclosed in an earlier application, in conjunction with details provided in any new application. This will include any application that didn’t result in a policy becoming active, but only where the information is held in line with our retention schedule. Using this information allows us to identify any potential mis-representation or discrepancy, along with helping to improve the customer experience.
Phone calls from you or your representative
When you (or your representative) call us, we’ll ask for some personal information to enable us to identify you or the authorised representative, and capture information relating to the query or otherwise during the call. Other personal information may then be disclosed to us during the call. In most circumstances, the call will be recorded and held for 16 years in line with our retention schedule.
Electronically from your employer or existing scheme trustees
Where you are part of your employer’s pension scheme, we’ll obtain personal information about you from either your employer or the nominated scheme trustees to administer the scheme appropriately. This information is usually sent to us electronically.
Publicly available information
On some occasions, we may collect and use personal information about you that has been made publicly available, for example, in public social media sites. This type of information would be used in limited circumstances and as part of our claims investigation and decision making process.
Competitions or surveys
If you enter any competitions or take part in a survey, we’ll need to capture some minimal personal information from you.
We may also obtain personal information from third party sources, such as:
The type of personal information we process about you will depend on the type of product, service or interaction we have with you, but could include the following. This list is non-exhaustive:
Home address, email address, telephone (home and mobile) number
Name, nationality, date of birth, marital/relationship status, policy/plan number
Bank account/card details, transactional/contribution information, tax details, fund values
Passport, ID card or Drivers Licence number (including copies of these for identification purposes), National Insurance number
Gender, health data (both physical & mental), racial or ethnic origin, sexual preference/life, religion or philosophical beliefs
We don’t necessarily request all these data types – some may become available to us indirectly via other means, for example, through information provided on an application form, or captured during a phone call.
There will be occasions where we’ll ask for (or receive) sensitive personal information, also known as special categories of personal data. This consists of information relating to:
An example of the type of situation where we’ll capture sensitive personal information about you is if you take out a Protection product with us, for example, life or critical illness cover. As part of that process, we are required to capture some health information so we can assess and identify applications that may have an increased risk and where appropriate, determine the rate of premium or whether special terms are required.
The most common types of sensitive personal information we process are:
We may also process other types of sensitive personal information simply because it can be derived from other information provided to us. An example could be where information relating to an individual’s sexual orientation can be deduced when the gender of their spouse is collected.
We apply extra security around this type of information as we appreciate that due to its very nature, it would likely cause significant harm or distress if mistreated.
We have listed below the ways in which we will use the personal information that we collect:
General & ongoing administration
Marketing, profiling and data analysis
Please see additional information below on some of the uses.
We may use some of your data to conduct profiling and data analysis to build, train and audit models and algorithms that help us to:
We use various data types to conduct profiling and analysis and with all activities involving your information, we’ll only do this where the law allows us to.
Our analysis isn’t used to make any decisions about you directly but combined with data relating to other customers etc to enable us to make improvements to our processes and services.
If you’ve given us your consent, we may use the information we’ve collected about you to send you marketing offers and news about our products and services using various channels such as mail, phone, email and SMS. We won’t send you any direct marketing unless you’ve expressly opted in to receiving these types of messages from us.
We’ll ask for your consent when you apply for a product with us through the application process or when you register online. You can remove your consent or update your preferences at any time by logging into your secure online accounts and updating your profile, or you can write to or send an email to our Data Protection Officer.
We won’t sell your personal information to other organisations for a marketing purpose.
We aim to limit the marketing materials that we send to you and will only send you offers or promotions that we believe you may be interested in.
Even where you opt out of marketing, we’ll still send you servicing communications and documentation relating to your product of which we have a legal duty to provide to you. You may also see generic advertising displayed on our website.
We may share some generic personal information (such as your employer name) with social media platforms to help us reach our customers outside of our website. We may also combine the information we send to our social media platforms with data they hold to create more specific target audiences to deliver more relevant information for them. These are audiences that we think would be interested in our online advertisements. We can exclude target groups should there be any negative impact.
Data privacy laws state that we can only process personal information if it is legal to do so. For the processing to be legal, we must have a suitable lawful basis.
This section details our lawful bases for the various uses of both personal information and sensitive personal information.
Depending on the specific purpose, we rely on one or more of the following lawful basis:
Where we have a business reason for using personal information in a certain way, this is known as being in our ‘legitimate interests’. If we seek to rely on legitimate interests, we are required by law to conduct a balancing test to make sure that our interests don’t override your rights and freedoms.
The outcome of this test determines whether we can rely on legitimate interests as our lawful basis and use the personal information for certain purposes as set out in this privacy notice. If the balance isn’t met, we can’t process your data in the way we had proposed.
Where we do rely on legitimate interests, it’s because we believe our interests will be to the wider benefit of our customers and will normally relate to at least one of the following purposes:
Facilitate a contract
Administer your product from inception through to settlement/transfer/claim
Communicate with you and other parties
As mentioned previously, there will be occasions where we’ll hold and process information which is defined as ‘sensitive’ or ‘special’. Data privacy laws only allow us to use this type of information if we can rely on a further lawful basis, in addition to the one’s shown above.
Depending on the specific purpose, we rely on one of the following lawful bases:
We’ll share personal information with selected service providers that carry out certain functions on our behalf. These include companies that provide services such as:
For those organisations that are carrying out services on our behalf, we’ll only share information where we have a lawful basis for doing so, as described above. We’ll only share with them the appropriate level of personal information necessary to enable them to carry out the service. We contractually require all our service providers:
It’s often necessary for us to share personal information with other third parties where we have a lawful basis to do so, such as:
Except for the above, we won’t disclose your personal information to any third parties, except:
We may disclose your information to credit, fraud and financial crime prevention agencies to enable us to verify your identity (including bank details) and make decisions regarding the ongoing administration of your plan. This will be undertaken during the application or enrolment process and on an ongoing basis. Our enquiries or searches may be recorded and these agencies may supply us with financial and/or other personal information.
To protect providers like ourselves and, ultimately, customers and customers’ payments against fraudulent claims and crimes such as money laundering, tax evasion and terrorist financing, we and other providers may use information exchange registers to share information. When we’re dealing with application’s we may search these registers.
If a claim is made under your plan, information about you (including details provided on the application and claim form) will be put on the registers so that other insurers can see them if necessary.
If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud, money laundering, tax evasion and terrorist financing, for example, when:
Please contact the Data Protection Officer if you’d like to receive details of the agencies used by Aegon UK.
We and other organisations may access and use the information recorded by credit, fraud, and financial crime agencies from other countries.
Where you apply for one of our Protection products, for example, critical illness cover, we’ll use an automated decision-making tool during the underwriting process. We’ve built rules into our underwriting tool which will either generate an automated decision or refer to one of our underwriters.
In line with Your Rights, we can manually review decisions if requested. For more information regarding this right, please see Automated Decision Making.
We keep personal information for as long as is reasonably required for the purposes in which it was collected. In most circumstances, we’ll keep your personal information for the lifetime of your product and up to 16 years after your relationship with us ends, for example, you settle your benefits. Under certain circumstances, we may have to retain your personal information for longer. This is to make sure that we meet our legal, regulatory and accounting needs as set out by regulatory bodies such as the FCA and others.
In some limited circumstances, we’re required to keep some specific information for longer, for example, pension transfer information. We’ll also retain files if we have reason to believe there’s the possibility of litigation.
We have in place and maintain a retention schedule and regularly review our obligations to make sure we don’t keep personal information longer than we’re legally obliged to.
You have several rights under data protection laws – you’ll find details of each of these below.
If you chose to exercise any of your rights with regards to your personal information, to make sure that we’re dealing with you, we may ask for evidence of identity. Where you have authorised a third party to act on your behalf, we’ll conduct the necessary checks to make sure the appropriate authorisations have been received. This is to make sure that we only disclose information to the correct and, where applicable, authorised individual or organisation.
In line with our data protection obligations, we aim to respond to all valid requests relating to your personal information within one month. There may be some occasions where it will take us longer, for example, if the request is exceptionally complex. However, in these situations, we’ll let you know as soon as possible and provide details of when we’ll be in a position to respond.
There may be occasions where we don’t have to (fully) comply with a request. In these situations, we’ll explain why we’re unable to do this.
The right to request a copy of the personal information we hold about you, along with certain information relating to the processing of your personal information. When you request this information, this is known as making a Subject Access Request (SAR). In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee.
The right, in certain circumstances, to have personal information that you have provided directly to us about you, transferred securely to another service provider in electronic form. This right is only applicable where:
The right to have any inaccurate personal information we hold about you corrected.
The right to have any out-of-date personal information deleted once there’s no legal requirement or business need for us to retain it. This isn’t an absolute right as we may need to consider other legal and regulatory requirements which could result in us having to retain your personal information for a specific period of time.
The right to restrict some processing, in limited circumstances, and where we don’t have legitimate grounds for processing your personal information.
The right to object to your personal information being used to send you marketing material. We’ll only ever send you marketing communications where you’ve given us your consent to do so. You can remove or add your consent at any time.
You can also object where you have grounds relating to your particular circumstances and we rely on ‘legitimate interests’ as our lawful basis for processing your personal information. However, where we believe we have compelling legitimate grounds, we’ll continue to process it.
The right to not be subject to a decision made solely using automated means, including profiling, where the outcome adversely or significantly impacts you. This right doesn’t apply where it’s:
To exercise any of these rights, please contact our Data Protection Officer.
The personal information that we or those acting on our behalf process, may be transferred outside of the UK or EEA, in connection with the above uses.
Where any such transfer occurs, we take the necessary steps to make sure that your personal information is protected to the same standard as if it were in the UK. This will include measures such as the adoption of contractual agreements with the other party to make sure that adequate safeguards are put in place.
For any transfers to another part of the Aegon group, these will be covered by an agreement which also obliges the other group member to make sure that adequate safeguards are put in place.
If you believe we haven’t processed your personal information in accordance with our data protection obligations, and that you’ve been affected by this, you can make a complaint by contacting our Data Protection Officer. You also have the right to ask us to escalate your complaint to our Group Data Protection Officer if you don’t think it’s been handled appropriately.
If you’re not satisfied with our response, you can also raise a complaint with the Information Commissioner’s Office, the UK’s independent authority set up to enforce the Data Protection Regulations.
You can contact them at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
We’re committed to making sure your information is protected and held securely in accordance with our obligations under data protection law. However, the internet isn’t a secure medium and we can’t accept responsibility for the security of an email during transmission or for non-delivery of an email.
There are a few simple steps you can take to protect your computer and internet connection – view our tips here.
We’ve put security policies, rules and technical measures in place to protect the personal information that we have under our control from:
All our employees and service providers who have access to personal information, are obliged to protect it and keep it confidential.
This website may contain links to other websites. If you use the links to leave this website and visit a website operated by a third party, then we don’t have any control over that website. We can’t be held responsible for the protection and privacy of any information that you provide while visiting such websites.
We update our Privacy notice regularly to make sure it continues to reflect our business activities and use of personal information. You can find the date this was last updated at the beginning of this notice.
By using our site, you agree to these cookies being set, but you're free to change your browser settings if you want to delete or block these. However, we recommend you allow cookies so you can:
Update your browser settings
The help facility on your browser will explain how to do this or you may want to visit the independent site www.aboutcookies.org for more helpful information. Note that deleting or blocking cookies may prevent parts of Aegon websites working correctly.
Manage your settings on third party sites
Sites like AddThis, Google and YouTube have their own cookie policies. Access their cookie pages to find out how to delete or opt-out across all websites where their services are used.
Cookies can be categorised by the role they fulfil on our websites.
Strictly necessary cookies are essential in order to enable you to move around our websites and use features such as secure services. Without these cookies, such services can't be provided.
Performance cookies collect information about how visitors use our websites, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve our websites.
Functionality cookies allow the website to remember choices you make (such as your user type) and provide enhanced, more personal features. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
Targeting and advertising cookies are used to track the effectiveness of our advertising campaigns and to limit the number of times you see an Aegon advert. They may also be used to deliver adverts more relevant to you and your interests based on the sites you visit. We don't use retargeting and advertising cookies but we may introduce these from time to time.
This identifies your unique session on the website. These types of cookie are typically used to maintain the integrity of your session while transacting information with our websites (eg accessing secure areas, forms submissions etc).
Aegon secure online services (including SmartEnrol) - registration, login and accessing secure pages
Online job applications via aegon.co.uk
Used to remember your preferences such as accessibility mode, currency and time zone which are used in the presentation of the website as you progress through the job application process.
This cookie is used to control the survey invitation we conduct to help improve the use of our website. It checks if the user has been previously invited to complete the survey for a period of 180 days. This cookie does not collect personally identifiable information.
Customer login pages to online services.
Cookie control is the tool we use to let you control whether you opt-in to certain cookies on Aegon UK websites. These cookies remember that the information pop-up has been displayed. For more information about Cookie Control, go to www.civicuk.com/cookie-law/index
This tracks what URL to take a user back to when they click the ‘Cancel’ button in certain sections (for example FAQs).
All Aegon websites
Everyone should see the warning message for cookies once. Once you have, we won’t show it to you again.
This tracks the latest T&Cs version you’ve been told about, so we can show another alert if the T&Cs are updated.
If you’re on an unsupported browser and cookies aren’t present, you’ll be shown a warning.
This is used to log you out when you refresh the page during certain journeys, for example, money in or out pages. It’s used to stop us keeping sensitive data
This stores a session identifier which is used to store data while you’re navigating the site. This session data is a combination of details entered on forms in the website and data that we already hold about the customer. We only hold the session data for the length of a single session.
This stores session data in a compressed and encoded format for use by the front-end application, so you can navigate through the site.
Used to maintain the integrity of your session while transacting information with our websites as you progress through the job application process.
This is used to remember your language preference. Without this, you may see pages in the wrong language as our site is used in a number of European countries.
Used to apply the correct theme (branding) to your experience - so UK users will see the branding that matches the UK styles and Dutch users will see the styling that matches Aegon Netherlands styling.
Used to remember the type of login being used (adviser or investor) - if you log in, but are inactive for a period of time, we'll automatically log you out for your security. The preference will direct you back to the correct login page (adviser or investor) for you to get back into the service.
__utmc, __utmc, __utmt
Google Analytics is used to give us information on how our websites are being used. These cookies enable Google to determine whether you are a return visitor to the site, and to track the pages that you visit during your session, but you are not identified personally. This information is essential for us so we can develop our websites to meet your needs.
Google Analytics stores IP address anonymously on its servers in the US, and neither Aegon or Google associate your IP address with any personally identifiable information. For more information about Google Analytics and how to opt out of cookies across Google services, go to www.google.com/intl/en/privacypolicy.html
Please bear in mind there are other instances of Google Analytics whenever there's a Vimeo video running on the page or you are viewing a NewsCred news article. These are used directly by Vimeo and NewsCred respectively.
All Aegon websites, Twitter and Vimeo.
Third party cookies
On some of our webpages, we embed or link to video content on Vimeo. When you visit a page with content embedded from Vimeo, you might be presented with cookies from these websites. We don’t control the setting of Vimeo cookies but you can find out more about them on their website, along with details on how to opt out: http://vimeo.com/privacy
C4, D1, eyeblaster, u2
Eyeblaster cookies store information about a PC user’s interaction with a specific website. This helps us understand how someone is interacting with our websites and if any improvements can be made
An instruction to remember a user action
On some of our webpages, we embed or link to video content on Youtube. When you visit a page with content embedded from YouTube, you might be presented with cookies from these websites. We don’t control the setting of Vi cookies but you can find out more about them on their website, along with details on how to opt out: http://vimeo.com/privacy
anj, icu, sess, uuid2
Appnexus uses unique cookies to help us target our online advertising more effectively, these cookies cookies store ad delivery and reporting data, such as, for example, which ad was shown, the number of times a particular ad has been shown, and how recently an ad has been shown to a particular web browser. For more information on this cookie provider please visit http://www.appnexus.com/platform-privacy-policy
An instruction to remember a users Login type on tabs.
NewsCred cookies store information about a user’s interaction with their news articles. This helps us understand how someone is interacting with our websites and if any improvements can be made.
_vis_opt_test_cookie, _vis_opt_s, _vis_opt_out,
_vis_opt_exp_EXPERIMENT_ID_split, EXPERIMENT_ID, _vwo_uuid
VWO uses both persistent visitor-level and local storage cookies to help us test content. It identifies all users, understands their behaviour, and tracks user journeys on the website to help us deliver the best user experience. The cookies track the variation a user views and help serve the same variation to the user consistently, track goals completed by the user, and determine whether the user is part of a campaign.
VWO uses different cookies, each storing a different set of data. The cookies do not interfere with the loading or functioning of the page at all.
Aegon UK websites use Adobe Flash Player to deliver some video content and tools. To improve user experience, ‘Local Shared Objects’ (Flash cookies) are used to provide features like auto-resume and saving your preferences. These are stored on your computer/device in a similar way to cookies, however it’s not possible to manage these using your browser settings in the same way. The Adobe website provides information on how to delete or disable Flash cookies either for a specific domain like aegon.co.uk or for all websites - see http://www.adobe.com/products/flashplayer/security for details. Shared flash objects are in use on our Aegon Retirement Choices and One Retirement transactional sites - these remember whether message have been shown and which options you've chosen, to maximise the user experience.
Although we’ve carried out a comprehensive audit of our sites, it’s possible that we may have missed a cookie from our lists above. If you happen to find one that is being set on our sites but isn’t listed above, please do let us know.
We use various social media networks, such as Twitter, LinkedIn, YouTube etc for more detail please see our social media guidelines (PDF)(Opens new window)