Skip to Main Content

You should read this privacy notice if you apply to, or attend, an event hosted by Rothesay.

Understanding the terms of this privacy notice

The meaning of words which appear in bold underlined text are explained in the glossary. You can click on each term to see the definition. Alternatively, you can open the full glossary in another tab by clicking the link below. 

Glossary

Throughout this notice any reference to “we” or “us” refers to Rothesay Life Plc.

To read this privacy notice, please click on each section below.

About us and our relationship with you

‘Rothesay’ is the trading name for Rothesay Life Plc, an insurance company established in the UK with company registration number 06127279 and ICO registration Z1003678. We are authorised in the UK by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our registered office address is The Post Building, 100 Museum Street, London WC1A 1PB.

This privacy notice applies to all situations where we process personal data about any individual in connection with a Rothesay event.

We are a controller under data protection laws. This privacy notice explains how we use and look after your personal data. This privacy notice also tells you about your privacy rights and how the law protects you. 

About this privacy notice

This privacy notice contains information about:

Please note that we may change this privacy notice from time to time.

To request a printed copy of this privacy notice please contact us using the contact details contained in the part of this privacy notice headed Contact details.

The personal data we process

If you have expressed an interest in attending an event, we may need to collect the following information:

  • Name
  • Email address
  • Dietary requirements
  • Accessibility information
  • Place of work (in order to arrange entry for the event)
Where the personal data has been obtained

When we arrange an event , we will need to collect certain personal data from the attendees. When we collect this data, we will be the controller of the data.

The reasons why and lawful bases relied on to process your personal data

The table below provides details of the purpose and the lawful bases upon which we process personal data.

Type of personal data

Why we need it

Lawful bases for processing

  • Event attendee information

To run the event

 

We process personal data so we can:

  • Allocate a ticket to you (where required)
  • Provide you with information on the event
  • Deal with any ticketing issues that you may have prior to the event
  • Arrange accessibility support
  • Provide catering (where offered)

Legitimate interests pursued by us or by a third party

 

We have a legitimate interest to collect and retain personal data as it is necessary for us to process this data to provide the services described above to you, and this does not adversely impact your own rights and freedoms.

 

Consent

 

Our lawful basis for processing sensitive personal data is consent. If you provide accessibility information this may include information regarding your health.
How we keep your personal data secure

Our commitment to corporate security is demonstrated through the implementation of policies, controls and procedures, which are externally certified and audited to the international information security standard, ISO 27001:2013.

Our security policies, controls and procedures are regularly reviewed and updated so that we maintain good practices across our business to keep your information safe.

We have contractual arrangements in place with all of our service providers who process personal data which are compliant with data protection laws. We regularly check that our service providers are complying with their contractual commitments. This includes assessing and reporting on our service providers’ information security controls to check their compliance using questionnaires and/or on-site audits.

How long we store your personal data for

We will only keep your personal data for so long as we reasonably require it and, in any event, only for as long as our internal rules and polices allow us to fulfil our business or legal and regulatory obligations.

Who has access to your personal data

We may partner with third parties who provide services relating to events on behalf of Rothesay.

Prior to sharing of data with third party processors and controllers we will have a contract in place with them (and our other service providers) which imposes obligations on them to implement appropriate technical and organisational measures ensuring that the processing of your personal data is protected to the standards required by applicable data protection laws. Ultimately, we are still responsible for the data when it is processed by third parties.

International transfers

Where personal data is transferred to and processed in a country outside of the UK or the EEA (as applicable), we take steps to provide appropriate safeguards to protect your personal data, including by entering into approved standard contractual clauses obliging recipients to protect your personal data and only transferring personal data to the extent that an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data is ensured in compliance with data protection laws.

If you want further information on the specific mechanisms used by us when transferring your personal data outside of the UK or EEA, please contact us using the details contained in the part of this privacy notice headed Contact details.

Your rights

Under certain circumstances, you have the following rights under data protection law:

How to exercise your rights

If you wish to exercise any of your rights, please contact us using the details contained in the part of this privacy notice headed Contact details.

Contact details

How to contact us regarding this privacy notice

You may want to contact us to:

  • Ask any questions you have in relation to the information contained in this privacy notice
  • Exercise any of your rights under the data protection laws
  • Request a printed copy of this privacy notice printed in large print or braille
  • Request an audio version of this privacy notice
  • Make a complaint (see below)

To contact us you can email our Data Protection Officer (DPO) at dpo@rothesay.com or write to:

Data Protection Team, Rothesay Life Plc, The Post Building, 100 Museum Street, London WC1A 1PB

If you live within the European Union, you can also contact our European representative. Their details are as follows:

Address: Bird & Bird GDPR Representative Services SRL, Avenue Louise 235, 1050 Bruxelles, Belgium.

Or email: EUrepresentative.Rothesay@twobirds.com

 

How to make a complaint

If you have a problem or concern relating to the ways we process your personal data or the contents of this privacy notice, please contact us in the first instance.

We hope that we will be able to address the problem or concern to your satisfaction. However, you also have the right to make a complaint to the Information Commissioner’s Office. The process for making a complaint to the Information Commissioner’s Office is available here: 

www.ico.org.uk/make-a-complaint

Their contact details are as follows:

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Or phone: 0303 123 1113

ico.org.uk