You should read this privacy notice if you are visiting our website.
Understanding the terms of this privacy notice
The meaning of words which appear in bold underlined text are explained in the glossary. You can click on each term to see the definition. Alternatively, you can open the full glossary in another tab by clicking the link below.
Throughout this notice any reference to “we” or “us” refers to Rothesay Life Plc.
To read this privacy notice, please click on each section below.
- About us and our relationship with you
‘Rothesay’ is the trading name for Rothesay Life Plc, an insurance company established in the UK with company registration number 06127279 and ICO registration Z1003678. We are authorised in the UK by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our registered office address is The Post Building, 100 Museum Street, London WC1A 1PB.
This privacy notice applies to all situations where we process personal data about any individual as a result of that individual visiting or contacting us through our website.
We are a controller under data protection laws. This privacy notice explains how we use and look after your personal data. This privacy notice also tells you about your privacy rights and how the law protects you.
- About this privacy notice
This privacy notice contains information about:
- The personal data that we process as a controller
- Where the personal data has been obtained
- The reasons why we process your personal data and the lawful basis we use to do so
- The security measures that we have in place to keep your personal data secure
- The length of time we store your personal data for
- The organisations, or categories of organisation, with whom we might share your personal data
- International transfers of your personal data
- The rights you have under data protection laws in relation to our processing of your personal data
Please note that we may change this privacy notice from time to time.
To request a printed copy of this privacy notice please contact us using the contact details contained in the part of this privacy notice headed Contact details.
- The personal data we process
The categories of personal data we process include the following:
1. Visitor information: Personal data processed when you visit our website and complete our web forms. Data may include the following:
- Name
- Email address
- Telephone number
- Additional information you provide
2. Website usage data: Personal data processed using cookies to improve your experience of our website and to ensure that it performs as you expect it to. This will usually be limited to your IP address. Please refer to our Cookie Policy published on our website for further details.
- Where the personal data has been obtained
Personal data will usually be collected directly from you when you interact with our website. This includes information relating to website usage which may be collected automatically when interacting with our website.
- The reasons why and lawful bases relied on to process your personal data
-
The table below provides details of the purpose and the lawful bases upon which we process personal data.
Type of personal data
Why we need it
Lawful bases for processing
To interact with you
Our website allows us to provide you with information and allows you to contact us. The personal data you share allows us to respond to any queries you may have.
Legitimate interests pursued by us or by a third party
We have a legitimate interest to collect and retain personal data so that we can record a query and effectively provide you with a response.
To allow our website to function
We use cookies on our website to ensure our website can operate effectively and securely. These cookies will process limited amounts of personal data.
Legitimate interests pursued by us or by a third party
We have a legitimate interest to process personal data using strictly necessary cookies to improve your user experience and secure the functionality of our website. Please note that the personal data that is processed will be limited in scope.
To improve your experience
We use cookies on our website to help us to improve your experience of our website and to ensure that it performs as you expect it to. This includes limited tracking of your behaviour on the website to enable us to understand who is using our site to ensure we are reaching our target demographic and to improve and tailor our services. These cookies will process limited amounts of personal data.
You have given us your consent
We use performance cookies and targeting cookies to improve your user experience, improve and tailor our services and secure the functionality of our website. We will only process your personal data using such cookies when you have given us your consent to do so.
- How we keep your personal data secure
Our commitment to corporate security is demonstrated through the implementation of policies, controls and procedures, which are externally certified and audited to the international information security standard, ISO 27001:2013.
Our security policies, controls and procedures are regularly reviewed and updated so that we maintain good practices across our business to keep your information safe.
We have contractual arrangements in place with all of our service providers who process personal data which are compliant with data protection laws. We regularly check that our service providers are complying with their contractual commitments. This includes assessing and reporting on our service providers’ information security controls to check their compliance using questionnaires and/or on-site audits.
- How long we store your personal data for
We will only keep your personal data for so long as we reasonably require it and, in any event, only for as long as our internal rules and polices allow us to fulfil our business or legal and regulatory obligations. This will usually be no longer than 2 years after the data has been captured.
- Who has access to your personal data
We share personal data with a variety of other companies to operate our business. However, we only share the personal data that those companies need to provide their services to us.
We have detailed the types of companies with whom we currently share personal data below.
Processors with whom we share personal data
For these companies, we determine the purposes for which the personal data we pass to them is processed and they should not process that personal data other than in accordance with our written instructions. Processors with whom we share personal data:
1. IT service providers
Our main IT infrastructure and core software for our website is provided by Microsoft. This means that the personal data we process is stored on Microsoft’s IT systems.
- International transfers
Where personal data is transferred to and processed in a country outside of the UK or the EEA (as applicable), we take steps to provide appropriate safeguards to protect your personal data, including by entering into approved standard contractual clauses obliging recipients to protect your personal data and only transferring personal data to the extent that an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data is ensured in compliance with data protection laws.
If you want further information on the specific mechanisms used by us when transferring your personal data outside of the UK or EEA, please contact us using the details contained in the part of this privacy notice headed Contact details.
- Your rights
Under certain circumstances, you have the following rights under data protection law:
- The right of access to personal data relating to you (known as Subject Access Requests)
- The right to correct any mistakes in your personal data
- The right to require us to delete your personal data
- The right to restrict our processing of your personal data
- The right to object to us processing your personal data, including for marketing purposes
- The right to have your personal data provided to another controller
How to exercise your rights
If you wish to exercise any of your rights, please contact us using the details contained in the part of this privacy notice headed Contact details.
- Contact details
How to contact us regarding this privacy notice
You may want to contact us to:
- Ask any questions you have in relation to the information contained in this privacy notice
- Exercise any of your rights under the data protection laws
- Request a printed copy of this privacy notice printed in large print or braille
- Request an audio version of this privacy notice
- Make a complaint (see below)
To contact us you can email our Data Protection Officer (DPO) at dpo@rothesay.com or write to:
Data Protection Team, Rothesay Life Plc, The Post Building, 100 Museum Street, London WC1A 1PB
If you live within the European Union, you can also contact our European representative. Their details are as follows:
Address: Bird & Bird GDPR Representative Services SRL, Avenue Louise 235, 1050 Bruxelles, Belgium.
Or email: EUrepresentative.Rothesay@twobirds.com
How to make a complaint
If you have a problem or concern relating to the ways we process your personal data or the contents of this privacy notice, please contact us in the first instance.
We hope that we will be able to address the problem or concern to your satisfaction. However, you also have the right to make a complaint to the Information Commissioner’s Office. The process for making a complaint to the Information Commissioner’s Office is available here:
www.ico.org.uk/make-a-complaint
Their contact details are as follows:
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Or phone: 0303 123 1113