id
Standard Life (in Ireland) privacy notice
At Standard Life, we’re committed to maintaining the trust and confidence of our customers.
This privacy notice explains when and why we collect your personal information. It makes it clear how we use it, when we may share it with others, and how we keep it secure. It also explains how you can get the information we hold about you, and the choices you have about how we use your information.
If you have any questions about this privacy notice, please contact our Customer Services team or our Data Protection Officer using the contact details set out in How to contact us.
1. About us
Who are you?
We are Standard Life (in Ireland), part of the Phoenix Group – one of the UK's largest providers of insurance services. The Phoenix Group has grown a great deal since it first started in 1782 and is now the UK’s largest long-term savings and retirement business. You can visit the Phoenix Group website at thephoenixgroup.com. You can also visit our privacy hub, which provides more information about privacy, at thephoenixgroup.com/site-services/privacy-hub.
The companies this privacy notice applies to are listed below.
Standard Life International dac
Standard Life Assurance Limited (Irish branch)
Standard Life Assets and Employees Services Limited (Irish branch)
Phoenix Group Management Services Limited (Irish branch)
Standard Life Investment Funds Limited (Irish branch)
Standard Life Pension Funds Limited (Irish branch)
2. Collecting and processing information
What information do you collect?
We collect your personal information when you fill in application forms, speak to us on the phone or use our apps and websites. We may get the information direct from you or from your employer if you have a workplace pension or occupational pension scheme. We may also ask you for information as part of our day-to-day business activities, so we can provide you with the services we offer.
| What personal information do you collect? | When do you collect it? | Why do you need it? |
|---|---|---|
|
Basic personal details, such as your:
|
When your employer provides it in connection with a workplace pension. When you ask about or buy a product or service. |
To run your policy with us. To answer your questions and give you important information about your products or services. To give you details of additional products or services that we think might be suitable for you. To understand how customers are using our products and services. |
|
Proof of identity documents, such as:
|
When we need proof of identity. | To keep your policy and financial information secure. |
|
Details of your family and associated people, such as:
|
When you fill in an application for one of our products or services. | To operate your policy (for example, to pay beneficiaries or to carry out actions under a lasting or enduring power of attorney). |
Health information, such as details of:
|
As part of running your policy. | To provide the product or service you have requested - if we need the information for this purpose - or to meet our legal duties. |
|
Information from your devices, such as:
Please see our cookies policy at standardlife.ie/cookie-policy or standardlife.co.uk/cookies for more information. |
When you use our websites or the Standard Life app. When you ask about or buy a product or service. |
To understand how you interact with our website and online services. This allows us to improve the ways we interact with customers and provide you with relevant marketing communications. |
| Your preferences for communications and receiving marketing information. |
When you ask about or buy a product or service. When you use our online services. |
To communicate with you and send you marketing communications in ways that suit your needs and how you like to be communicated with. |
| Footage and images from CCTV systems at our offices. | When you visit our offices. |
To:
|
We may collect other information during your relationship with us, to help us continue running your policy, such as information from public registers, including Land Registry documents.
What about information that’s provided about other people?
If you are a beneficiary or other third party with an interest in the policy, we collect personal information from the person who took out the policy (for example, your partner).
In some circumstances we collect information about children. For example, we may need to collect their information to find out if they are beneficiaries of a policy.
If you are a beneficiary or a third party, you have a number of rights over your personal information. We explain how you can exercise these rights in the Your rights.
What are the lawful bases for processing my personal information?
We will only collect, use and share your information if we have a valid legal reason, known as a legal basis, as set out in data protection law. The main legal bases for using your information are as follows:
It is in your legitimate interests for us to process your personal information to develop new products and services.
Examples of processing your personal information to meet the interests of a third party are:
When we process personal information for our legitimate interests or the legitimate interests of a third party, we will carry out a ‘legitimate interest assessment’. This makes sure that we only use personal information that we need to look after your policy. We put protection measures in place to make sure your privacy is protected and that our legitimate interests do not override your interests or your data protection rights.
It is in your legitimate interests for us to process your personal information to develop new products and services. Examples of processing your personal information to meet the interest of a third party are:
- Contract – the processing is necessary for a contract we have with you to provide a product or service to you, or because you have asked us to take specific steps before entering into a contract with us.
- Legal obligation – the processing is necessary for us to keep to the law, such as needing proof of identity to meet our fraud and anti-money laundering duties.
- Legitimate interests – the processing is necessary for our legitimate interests, your legitimate interests or those of a third party. Our legitimate interests may include, but are not limited to:
- making you aware of the options that will help you get the best outcome from your product or investment, and
- carrying out research so we can better understand your needs and send you relevant communications about the products and services you have with us. You can opt out of these types of communications by emailing optout@standardlife.ie (for customers in Ireland) or servicegp@standardlife.com (for customers in the UK). Or you can use the contact details in the How to contact us section of this privacy notice.
It is in your legitimate interests for us to process your personal information to develop new products and services. Examples of processing your personal information to meet the interest of a third party are:
- sharing information with your employer’s adviser in connection with your workplace pension scheme, and
- sharing information with data-aggregation suppliers (companies who combine data from several sources and summarise it for a given purpose, such as financial analytics) used by your financial adviser.
- Consent – you have given us permission to process your personal information for a specific purpose, such as to send you information about products and services we believe may be of interest to and benefit you.
For example, we will need to get your permission to process your medical information or pass your details to a third party who provides a service that we do not. You have the right to withdraw your permission at any time.
In limited cases, we may need to process your personal information without getting your permission, if this is in the public interest (for example, for criminal justice proceedings) and is allowed under data protection law. If this is the case, we will take necessary steps to make sure your rights and freedoms are protected.
If we ask for your permission to process your personal information, and you agree, you can withdraw your permission at any time by emailing optout@standardlife.ie (for customers in Ireland) or servicegp@standardlife.com (for customers in the UK).
You can also use the contact details set out in the How to contact us section of this privacy notice.
3. Communication, profiling and automated decision making
How do you keep in touch and provide marketing communications?
We want to help you get the most out of your savings. A big part of the service we provide is sharing our expertise with you. We do this by providing updates and information to help you along the way. Our communications play an important part in this, helping you to save and manage your money.
Certain communications we send you, such as your annual statement, are important for you to understand your plan. We must send these to you to meet a legal obligation or regulatory requirement. You cannot opt out of these communications. Some communications are important as they give you essential information at the best time to help you save and manage your money. You can opt out of these communications.
Other communications are designed to gather your feedback to help us improve the products and services we offer. This could involve taking part in surveys or questionnaires, perhaps online, on the phone or in person. You can opt out of these communications.
We also provide marketing communications about offers, services and additional products that can help you achieve your financial goals. You can opt out of these communications.
Other marketing communications give you access to products, services and offers from our trusted partners and other companies in the Phoenix Group. We will never share your details with external companies for them to market their own products and services direct to you. You can opt out of these communications.
We may provide marketing communications by post, and by phone, text message and email if we have your permission.
You’re in control of how we contact you and the communications you receive. You can manage your communication preferences through your online account or by calling our Customer Services team using the contact details in the How to contact us section.
What do you do with customer profiling?
The way we process your personal information may involve profiling. This means that we may process your personal information using software that can evaluate your personal circumstances and other factors to predict risks or outcomes. We may also use profiling, or other automated methods, to make decisions about you.
We use profiling to help us develop offers, products and services to provide you with the best customer experience. We may also use profiling to see how you use and interact with our website and online tools. This helps us to improve our services to you.
We may use your information, sometimes combined with information from third parties, to place you in groups with similar customers. This combined information is then used to:
• monitor and improve the products and services we offer
• help prevent crime
• decide if our customers might be displaying characteristics that show they may need additional support from us, and
• make sure information is accurate and of a high quality.
An example of customers who are grouped together are those nearing retirement, where we use profiling of that group to provide information about their retirement options.
Before we use any information from profiling, we carry out checks to make sure there are no legal restrictions on using that information. We also consider whether using the information might cause outcomes that are unfair.
Where possible we remove details you could be identified from, such as your name, and replace these with anonymous details. We do this to protect your information.
If you do not want us to use your personal information for profiling, please contact our Customer Services team using the details in the How to contact us section of this privacy notice. If you do not want us to use your personal information for profiling, this may mean that we will not be able to provide you with our products or services.
What do you do with marketing profiles?
We use automated processes to assess certain things about you to make predictions such as customer traits and behaviours. These predictions are called marketing profiles and they help us provide more personalised advertising for our products and services. To create marketing profiles, we use information such as:
• details of your policy
• information about your behaviours, such as how you use our website
• your age, and
• your contact details.
We would use your marketing profile to decide the most relevant products, services, offers or benefits to offer you and the best time and way to offer them. For example, we may use marketing profiles to see if customers prefer to use our website to find out about products and services. If they do, we contact customers to let them know about any online services we are offering. We may also share your marketing profile with service providers who can show advertisements to you about our products and services on social media platforms.
We may use your email address and phone number to build a profile of the type of customers we want to reach. We may share this information with social media and digital companies.
We may use a third party’s services and information to create marketing profiles.
If you do not want us to use your information to create marketing profiles, please contact our Customer Services team using the details in the How to contact us section.
When do you use automated decision-making?
We sometimes use automated decision-making, where decisions are made by a computer system without any person involved. This process uses information that you have given us and that is in records we hold about you, and information we get from third parties. An example of automated decision-making is where an automated process uses information on the value of your annuity to decide the terms and price of a policy.
If we make an automated decision, you have the right to:
• receive an explanation about the logic behind the decision
• challenge the decision, and
• ask for a person to be involved in making the decision.
For more information about this right and how to exercise it, please see the Your rights section. We make certain decisions based just on automated processing of your personal information. Examples of when we make decisions based just on automated processing are as follows.
• We carry out credit reference checks to decide if you are likely to be able to meet your commitments in any contract you have with us. If the checks find that you do not meet the standards required, we will not be able to enter into a contract with you.
• To meet our obligations to prevent fraud and money laundering, we analyse patterns of transactions and claims to decide if any transaction or claim may be fraudulent. We may block transactions or reject claims if they are considered suspicious, and we may be required to report the matter to the relevant authorities.
Please contact us if you would like more information about these activities.
4. Who we share your information with
Whenever we share your personal information, we do this in line with data protection laws that are in place to keep your information safe and secure. The table below shows who we may share your personal information with. We will not share your personal information with any of these third parties until we have carried out checks on those parties.
| Who we share your information with | Why we share it |
|---|---|
| Other companies in the Phoenix Group |
We may use more than one company in our group to deliver our products and services to you. We may share your information with other companies in the Phoenix Group as part of our commitment to offer you financial products and services that may be of interest to you. We may need to share your information to protect your assets held with us and protect our customers against fraud or activities which may have a negative effect on you. Go to thephoenixgroup.com for more information about the Phoenix Group. |
| Service providers | We use third-party companies to provide services such as policy administration, IT systems and software, so we can run your policy and deliver our services to you. |
| Reinsurers (other insurers who take on the risk of when and how much we must pay customers on their policy) | So reinsurers can help us manage our risk. |
| Anyone you ask us to share your information with | To share your information with others specified by you, such as a trustee or professional adviser. |
| Your financial adviser | To provide you with financial advice. |
| For our customers in Ireland: • Regulators such as the Central Bank of Ireland and the Data Protection Commission, and • Irish government bodies such as the Revenue Commissioners. |
To meet legal and regulatory requirements, and to follow best practice. |
| For our customers in the UK: • UK regulators, such as the Financial Conduct Authority and Information Commissioner’s Office, and • UK government bodies, such as HM Revenue & Customs and the Home Office. |
|
| Other UK and Irish bodies such as: • land registry authorities • fraud prevention organisations • credit reference agencies • enforcement agencies • relevant industry bodies, and • courts and those involved in the legal process. |
To meet legal and regulatory requirements, and to follow best practice. |
| Customer research partners |
To help us improve the products and services we provide. Note: if you are contacted for research purposes, we will be clear about the purposes of the research. We will tell you how any information you provide will be used, who will have access to it and how long it will be kept. |
| Professional advisers | To provide services such as legal advice, accountancy services, and consultancy services. |
| Other third parties who we may use for specific purposes or who have a personal interest in the customer’s policy |
For example, to trace customers we have lost contact with or when we have been told customers no longer live at the address we have for them. It could include insolvency services, bankruptcy trustees and banks that are beneficiaries of a customer policy. |
| Social media platforms and providers of online advertising |
So they can check information they have about you through your use of their services. We may share this information when you buy a product from our website or over the phone. Sharing this information helps us to: |
5. Cookies and similar technologies
Who we collect information from
We may need to collect personal information about you from third parties, but we will only ask for the minimum amount of information we need. Third parties we may ask for information include the following.
• Your employer or pension scheme trustee (or both), if you are a member of a pension scheme
• Credit reference agencies, to help us find you if we lose touch with you
• Companies who provide third-party administration services
• Law enforcement and fraud prevention agencies, to prevent and detect crime
• Medical professionals, if we have your permission, to help us assess a claim
• Regulators, such as the Central Bank of Ireland or the Financial Conduct Authority, who make sure we are acting in your best interests
• Government bodies, such as the Revenue Commissioners or HM Revenue & Customs, who are responsible for collecting taxes
• Third parties acting on your behalf
• Any other publicly available source of information
Website cookies
We automatically use cookies that are strictly necessary for us to provide our products and services to you. There are also additional cookies that we use, which you can opt out of.
You can read more about how we use cookies, and how to change your preferences relating to cookies, in our cookies policy at standardlife.ie/cookie-policy or standardlife.co.uk/cookies.
How we use third-party cookies
The Standard Life Ireland website uses Facebook and LinkedIn pixels. These are cookies that collect information about your activity on our website if you accepted ‘targeting cookies’ when visiting our website.
Information collected by the Facebook and LinkedIn pixels may be used to connect your activity on our website. This could include the pages viewed on our Facebook and LinkedIn advertising accounts. It then makes a match to people who use Facebook and LinkedIn.
Sharing this information helps us to better understand the effect of our advertising campaigns. It helps us make our advertising relevant to customers and others who might be interested in products and services we advertise and provide.
The role of Facebook and LinkedIn as joint data controllers
Facebook (Meta Platforms Ireland Limited) expects us to tell visitors to our website that Facebook is a ‘joint data controller’ with us when we are processing information collected by the Facebook pixel or sent to Facebook by us. Once Facebook receives information from us, it acts as an independent data controller. How Facebook processes personal information collected by the Facebook pixel, including the legal basis and how to exercise your rights, is explained in Facebook's data policy at www.facebook.com/about/privacy.
We and Meta Platforms Ireland Limited have entered into an arrangement to decide our and their responsibilities for meeting the obligations under data protection law. The arrangement relates to the joint processing of personal information through the Facebook pixel. We are responsible for providing information on how personal information is processed through the pixel. Meta Platforms Ireland Limited is responsible for meeting individuals’ requests to exercise their rights relating to the personal information processed by Meta Platforms Ireland Limited.
LinkedIn expects us to tell visitors to our website that LinkedIn is a ‘joint data controller’ with us when processing information collected by the LinkedIn pixel or sent to LinkedIn by us. Further information can be found on the LinkedIn Page Insights Joint Controller Addendum at legal.linkedin.com/pages-joint-controller-addendum.
Once LinkedIn receives information from us, it acts as an independent data controller. How LinkedIn processes personal information collected by the LinkedIn pixel, including the legal basis and how to exercise your rights, is explained in LinkedIn’s privacy notice at linkedin.com/legal/privacy-policy.
We and LinkedIn have entered into an arrangement to decide our and their responsibilities for meeting the obligations under data protection law. The arrangement relates to the joint processing of personal information through the LinkedIn pixel. We are responsible for providing information on how personal information is processed through the pixel. LinkedIn is responsible for meeting individuals’ requests to exercise their rights relating to the personal information processed by LinkedIn.
Email pixels
When we send you an email to tell you about the products and services we offer, we use an email pixel. This collects information about how you respond to the email. It tells us when you opened the email, how many times you opened the email and whether you clicked on any of the links in it. This information helps us to better understand the effect of our emails and how useful you find the content about our products and services.
Depending on the device you use to check emails from us, you may be able to disable the email pixel. You will need to check this with your device manufacturer.
6. Where your information is processed
We operate mainly in Ireland. Sometimes the information we collect from you may be accessed from, transferred to or stored outside Ireland. Some of the third parties we work with are based in the UK or USA.
If your information is being processed outside Ireland, we take extra steps to make sure your information is protected to at least an equivalent level of protection as would be applied in Ireland. For example, we put in place legal agreements with our suppliers and carry out regular checks to make sure they are keeping to the requirements of those agreements.
Information transferred to third parties outside Ireland
When we transfer information to a third party outside Ireland, we either put in place data transfer agreements that are based on approved standard clauses or rely on other appropriate protection measures and methods to protect the information. However, this is not necessary if the third party is in a country where the European Commission and the Information Commissioner’s Office consider data protection laws to be adequate.
7. How long we keep your information
We will keep your information for as long as we have a relationship with you. Once our relationship with you has ended, we will keep your personal information for an appropriate period of time that allows us to:
• maintain business records for analysis and audit purposes
• keep to legal requirements relating to keeping records
• defend or make any legal claim, now or in the future, and
• deal with any complaints about our products or services.
We will delete your personal information when we no longer need it for these purposes.
If you need more details of how long we keep information, please contact our Data Protection Officer. The contact details are shown in the How to contact us section.
8. How we protect your information
We take the security of your information very seriously and have protection measures in place to protect your personal information in line with data protection laws. Also, specialist third-party consultants carry out regular, independent audits across our businesses to assess our security controls.
Your information is protected by controls designed to minimise loss or damage caused by accident or resulting from negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and take part in annual training on this.
Our security controls are in line with industry standards and good practice. These controls mean that you can be assured that we keep your information, as well as your money, safe.
9. Your rights
You have legal rights relating to your personal information. We may ask you for proof of identity when you make a request to exercise a right. We do this to make sure we provide information only to the right person.
The legal rights you have are explained below.
The right to object to the use of your personal information
If you do not want us to use your information, or want us to stop using it for a specific purpose, you can ask us to stop. We will stop using the information as long as there are no reasons why we need to continue using it. If we have to continue using it, we will contact you to explain why.
You can ask us not to send you marketing messages. You can also ask us not to use your personal information for customer profiling.
If you have given us permission to use your personal information, you can withdraw that permission at any time. Whenever we get your permission, we will explain the process for withdrawing it, and any consequences of doing so. You can withdraw your permission at any time by emailing optout@standardlife.ie or servicegp@standardlife.com.
The right to get copies of your personal information (the ‘right of access’)
You have the right to ask for a copy of the information we hold about you, and we will usually provide this free of charge. If there is a charge, we will let you know before we provide the copy. For your security, we will take reasonable steps to confirm your identity before providing any information we may have about you.
The right to have your personal information transferred to another organisation (the ‘right to data portability’)
You can ask us to transfer any of your personal information to a specific company or person. We will try to transfer the information in the format you request. If this is not possible, we will contact you to agree an alternative format.
The right to get your personal information corrected (the ‘right to rectification’)
We do our best to make sure that your personal information is kept up to date. If you think that your information is not up to date or is incomplete, please contact us.
The right to limit how organisations use your personal information (the ‘right to restriction’)
You can ask us to stop using your personal information for specific purposes or for a limited time, such as while we are checking the accuracy of your personal information. We will always try to meet your request, but there may be times where we cannot. If this is the case, we will explain why.
The right to get your personal information deleted (the ‘right to be forgotten’)
In certain circumstances you can ask us to stop keeping or using your personal information or ask us to restrict how we use it.
If we can delete your information we will, but sometimes we must keep it for legal reasons. If we cannot meet your request, we will contact you to explain why.
Rights relating to automated decision-making and profiling
You have the right not to accept a decision based just on automated processing, unless the decision is:
• necessary for the purposes of a contract between us and you
• allowed by law (for example, to prevent fraud), or
• based on your clear consent.
In these situations, you do have the right to get an explanation of the decision, ask for a person to be involved in reviewing it, express your views and challenge the decision. We will tell you if we cannot meet your request or how your request might affect you.
If you want to exercise any of your rights, please contact our Customer Services team.
10. How to contact us
Standard Life (in Ireland)
If you have any questions about this privacy notice, or the information we collect or use about you, please contact:
Data Protection Officer
Standard Life
90 St Stephen’s Green
Dublin
D02 F653.
Email: dataprotection@thephoenixgroup.com
If you would like to speak to someone about the information we hold about you, please contact our Customer Service team.
If you are calling from Ireland, phone: 0818 333 233
If you are calling from outside Ireland, phone: +353 1 639 7000
Email: customerservice@standardlife.ie
If you are registered for online services, you can send us a message through your secure online account (My Standard Life)
Standard Life (in UK)
If you have any questions about this privacy notice, or the information we collect or use about you, please contact:
Data Protection Officer
Standard Life
Standard Life House
30 Lothian Road
Edinburgh
EH1 2DH.
Email: dataprotection@thephoenixgroup.com
If you would like to speak to someone about the information we hold about you, please contact our Customer Services team.
If calling from the UK, phone: 0800 634 7476 (Freephone) or 0345 60 60 01 (local rate call)
If calling from outside the UK, phone: +44 131 246 1846
Email: servicegp@standardlife.com
If you are registered for online services, you can send us a message through your secure online account or the Standard Life app.
11. How to make a complaint
We always aim to collect, use and protect your personal information in line with data protection laws. If you think that we have not kept to this privacy notice, please let us know immediately. We will do our best to put things right. You can contact us at:
Standard Life
90 St Stephen's Green
Dublin
D02 F653.
Email: complaints@standardlife.ie
We hope that we can settle any complaints for you. If you are not satisfied with a response you receive from us, you have the right to complain to the Data Protection regulator, whether or not you have finished our complaints procedure.
Customers in Ireland can contact the Data Protection Commission at:
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28.
Website: dataprotection.ie
Customers in the UK can contact the Information Commissioner’s Office at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF.
Website: ico.org.uk
12. Changes to this privacy notice
We may update this privacy notice from time to time to keep it up to date or when necessary to meet legal requirements. If there are any significant changes to how we use your personal information, we will tell you by putting a notice on our website and sending you details by email or post.
This privacy notice was last updated on 8 November 2023.
