We are committed to protecting personal information that we receive when we provide our services to clients and policyholders. We are committed to maintaining transparent practices and explaining how we collect, process, and share that information. Protecting your privacy is very important to us.
This privacy notice explains how and whythe Omnilife Insurance Company Limited (“Omnilife”, “we”, “us”, “our”) collect personal information and how we use it when we provide our services as an insurance business.
This Privacy Notice sets out:
– Who is Omnilife;
– Who this privacy notice applies to;
– What personal information we may collect and hold;
– The purposes for which your personal information may be collected, held, used and disclosed;
– How we collect and hold your personal information;
– How we protect your personal information;
– With whom we may share your personal information (including overseas recipients);
– How you may exercise your rights over your personal information; and
– How you can contact us.
Omnilife Insurance Company Limited is a company registered in England and Wales with company registration number 02294080. Our registered address is at Level 45, 22 Bishopsgate, London, EC2N 4BQ. Omnilife is a UK based life insurance company that is authorised by the Prudential Regulation Authority (PRA) and regulated by the Financial Conduct Authority (FCA) and the PRA. It is part of the Reinsurance Group of America, Incorporated, (RGA) one of the largest global life and health reinsurance companies.
For the purpose of the personal data protection, Omnilife is the data controller responsible for the personal information we collect and process.
Omnilife’s Data Protection Officer (“DPO”) is Dean Scotson. Should you have any questions or concerns for our DPO regarding the way in which your personal information has been collected or used, please contact him via email at firstname.lastname@example.org.
If you have any queries in relation to this privacy notice, you may contact us at email@example.com.
Application of Local Laws
This privacy notice is designed to provide compliance with all relevant applicable laws in the United Kingdom and the European Economic Area (EEA) and in particular the European Union’s General Data Protection Regulation, the United Kingdom’s Data Protection Act of 2018 and the United Kingdom’s General Data Protection Regulation.
Omnilife will handle personal information in accordance with local law at the place where the personal information is collected. If the applicable law provides for a lower level of protection of personal information than that established by this privacy notice, then this privacy notice shall prevail.
What do we mean by “personal information”?
Personal information means information, or a combination of pieces of information, that could reasonably allow an individual to be identified.
Who this privacy notice applies to?
As an insurance business, we need to obtain information from and about individuals (“data subject”, “you”) to engage with them and properly assess the risk in order to provide insurance, including life insurance, pensions, group risk and investment policies. This means we may process information about:
– individuals named in an insurance policy, or
– individuals that are beneficiaries of an insurance policy, or
– individuals that have made claims under an insurance policy, or
– individuals who are involved in an incident giving rise to an insurance claim, or
– individuals who work for our business partners.
How do we collect personal information?
We collect your personal information from a variety of sources:
– From the company you work for when your employer or a broker facilitates your enrollment to an insurance policy that we offer or administer.
– From people who are involved in a claim or assist us in investigating or processing claims, including witnesses and external claims data collectors and verifiers.
– From public sources, such as public databases, for example, the Electoral Roll, where we may need to verify the accuracy of information and only when it is permitted by law.
– From third party evidence providers where we use them to verify certain information.
– From healthcare service providers where we may need to obtain information to process your claim. In such instances, before turning to the healthcare service providers, we will seek your consent.
– From financial institutions such as your previous insurance provider or pension processing platforms.
Directly from you, in particular, when you submit a claim, send an inquiry or otherwise communicate with us.
What types of personal information do we collect and process?
The type of information we collect, and process will depend upon our engagement with you and the type of insurance policy we are underwriting. It may include any of the below:
– Personal details: Your name, age, gender, date of birth, marital status, nationality, height and weight, date of death, smoker status, leisure activities and interests.
– Identification information: A government-issued identity document such as a passport, driving license, national insurance number.
– Contact information: Your address, telephone numbers and email address.
– Information about your family and home: Your family health or morbidity history, number of children and name, age and gender of children.
– Employment and experience information: Your employer name, employment history, job role, salary, employment benefit options, dates of employment and termination.
– Financial information: Details pertaining to your bank account, such as your bank account number and sort code, bank statements, annual income, pension contributions.
– Information relating to insurance policies and claims: Information relating to underwriting insurance products and managing and processing insurance claims, such as your policy details, premium amount, previous insurance records and claims histories.
–Information relating to business dealings: Your name, name of the company you work for, company address, corporate email address, corporate phone number.
– From the information we collect about you, we may also derive or generate further information such as risk ratings. Some of this information is generated through automated decision making (see the section below on “Do we use personal information for profiling and automated decision making?“).
Do we process any sensitive personal information?
Some of the categories of information we collect are special categories of personal information (sometimes referred to as “sensitive personal information”). These include:
– Your health records: such as your medical history, physician statements, genetic test results and information, prescription history, death certificate and reports on medical diagnoses, tests and treatment.
– Your family medical history: such as diagnosis of hereditary diseases.
– Criminal data: such as your criminal record and sanctions but only where it is lawful to collect this data.
For what purposes do we use your personal information?
We use your personal information:
(a) to provide our insurance products and services and fulfil our contractual obligations to clients and policy holders including the following:
– to underwrite, evaluate and price the risks to be insured,
– to calculate insurance premium for your insurance policy,
– to carry out background checks, where permitted by law, to help us prevent and detect fraud, money laundering, terrorism and other crimes,
– to set you up as a policy holder and manage your file,
i) to review, process and manage claims,
ii) to pay you for your claims, refund or return premiums;
(b) to conduct data analysis, which helps us assess risks, price our products appropriately and improve our services;
(c) to help adapt existing services and products;
(d) to exercise, defend and protect our legal rights or the rights of our clients or third parties;
(e) to comply with legal obligations relating to, for example the retention of financial records, and to report to and otherwise cooperate with regulatory bodies to which we are subject, such as the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), Office of Financial Sanctions Implementation (OFSI), National Crime Agency (NCA), Office of Foreign Asset Control (OFAC) and other regulators;
(f) to audit our business; and
(g) to operate and expand our business activities.
Do we use personal information for profiling and automated decision making?
For the purposes of fraud prevention, detection and risk assessment we analyse personal information using software that is able to evaluate certain personal aspects about you and predict risks or outcomes.
The outcome of your personal information analysis, including your risk rating, which is verified, may result in a suspension of your insurance policy if manual verification cannot be established. Such suspension commonly occurs when we discover that a policyholder has passed away or has been involved in a criminal activity. We will always notify you or your beneficiaries about such suspension.
If we made a decision about you based solely by automated means (i.e. with no human intervention), and our decision produces a legal effect concerning you (such as the rejection of your claim or suspension of the payment of your premium), or significantly affects you, you may have the right to contest that decision, express your point of view and ask for a human review. If you wish to exercise any of these rights, please contacts us at the details provided in the ‘Contact Us’ section below.
What are the legal bases on which we use your personal information?
We are committed to processing your personal information fairly and lawfully and only to the extent necessary to achieve the purposes listed above.
We must have a legal basis to process your personal information. In most cases, our ability to obtain and process your personal information is based on one of the following legal bases:
(a) Processing your personal information is necessary to perform an insurance contract with you or to take necessary steps to enter into such contract, in particular, if you are a policy holder of our insurance product;
(b) Processing your personal information is necessary to comply with our legal obligations, such as due diligence and reporting obligations, and responding to requests from our regulators; and
(c) Processing your personal information is necessary to meet our legitimate interests and the legitimate interests of our clients, for example, to provide our services to clients, to improve our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records.
Our legitimate interests usually include – making sure that we provide the service our clients / policy holders expect and our products are performing as we intended; our business is operating effectively; and offering fair products and services is prompt and as expected.
If it is necessary that we process your sensitive personal information for one of the purposes listed above, we will only do so where one of the following applies:
(d) Your explicit consent has been obtained. Where consent is legally required to process your sensitive personal information, we will obtain consent from you or your beneficiaries. You may withdraw your consent at any time by contacting Omnilife (please see the ‘Contact Us’ section below). If we need your consent to provide you with a particular product and you wish to withdraw your consent, we may no longer be able to provide our product to you. If this is the case, we will inform you before taking any action.
(e) We need to process your sensitive personal information to establish, exercise or defend a legal claim; or
(f) We are otherwise authorised by local law to process your sensitive personal information. More specifically, in the UK we may process such information when it is necessary to provide and manage an insurance product or to comply with regulatory requirements relating to unlawful acts and dishonesty.
Please refer to the table at the end of this page for further details on the categories of information, the purpose of processing and the legal basis of processing.
With whom do we share personal information?
We may share your personal information with the following parties:
RGA group companies. We operate as a global business, so we may share your personal information with group entities. For example, we use RGA UK Services Limited for administration services, underwriting, claims assessments and we use RGA Enterprise Services Company as part of the ongoing maintenance and development of our IT systems.
Reinsurers, who provide reinsurance services including support on pricing, underwriting and claims,such as:
-General Reinsurance AG (GenRe): their privacy notice can be found on their website at www.genre.com
-Reinsurance Group of America: their privacy notice can be found on their website at https://www.rgare.com/privacy-policy
– Medical data service providers, who provide underwriting and claims services to us.
– Claims service partners,who provide claims services to us.
– Third party administrators, who provide administrative services to us.
– Our regulators and government agencies. We may be required to share your information with the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), Office of Financial Sanctions Implementation (OFSI), National Crime Agency (NCA), Office of Foreign Asset Control (OFAC) and other regulators to comply with legal obligations or otherwise protect our rights.
– Your own doctor or relevant medical professionals should we require additional information as a result of the answers you have supplied as part of our individual assessment process or in connection with a claim.
– Service providers. We may share your personal information with service providers that perform services and other business operations for us, for example, IT applications, external auditors, legal and consulting firms and brokers.
– Asset purchasers. We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.
What rights do individuals have in relation to the information we hold?
You have certain rights regarding your personal information. These include the right to:
– access your personal information and details relating to the processing of your personal information;
– rectify the information we hold about you;
– erase your personal information;
– restrict our use of your personal information;
– object to our use of your personal information;
– receive your personal information in a usable electronic format and transmit it to a third party (right to data portability); and
– lodge a complaint with your local data protection authority.
To exercise any of these rights, please complete a Data Subject Rights Request form on our parent company’s (RGA) website https://www.rgare.com/dsr-intake/insured, or using the contact details provided in section ‘Contact Us’ below.
We will respond to your request within one month of receipt. This may be extended by two further months taking into account complexity and number of requests-provided the extension is informed within the initial month. Please note that Omnilife may require additional information from you in order to honour your requests.
We are committed to working with you to obtain a fair resolution of any request, complaint or concern about privacy. If you remain unhappy with our response, you can complain directly to the Information Commissioners Office (ICO). To raise such complaint, please visit https://ico.org.uk/concerns/.
How do we protect personal information?
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
How long do we retain personal information for?
We will normally keep your personal information for as long as you have an interest in, or claim against, a policy we are underwriting and policy we have insured. Beyond that, we retain personal information for a period of time that reasonably allows us to investigate, commence or defend legal claims brought by or against us or our clients, comply with our regulatory obligations and conduct analysis.
If you would like to know more about the retention of your personal information, please contact us at the details contained in the “Contact us” section below.
We securely destroy personal information when its retention period has expired.
Where do we process your personal information?
Because we operate as a global business, your personal information may be transferred to, stored, and processed in other countries, such as the United States of America and Canada. Some of these countries may not be regarded as ensuring an adequate level of protection for personal information under United Kingdom and European Union law. Therefore, Omnilife has committed to adhere to RGA’s Binding Corporate Rules (“BCRs”) which enable us to make international transfers of your personal information within our group of companies in compliance with data protection laws. Summaries of our BCRs are available at https://www.rgare.com/about-rga/binding-corporate-rules/
If we need to transfer your personal information to service providers or other parties located outside the United Kingdom and the European Union or other relevant countries, we will make sure that adequate safeguards are in place with those parties. We typically put in place contractual commitments, such as standard contractual clauses, in accordance with applicable legal requirements to ensure that your personal information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details contained in the “Contact us” section below.
If you have any queries in relation to this privacy notice or the way in which your personal information has been collected, you may contact us at firstname.lastname@example.org or call or write to us.
Our UK postal address is:
Omnilife Insurance Company Limited
Level 45, 22 Bishopsgate
London, EC2N 4BQ
Our telephone number is:
+44 020 7374 0123
Our EU postal address is:
3rd Floor, Block C
Leopardstown, Dublin 18, D18 X5T1
Our EU telephone number is:
+353 1.290.2900 (Ireland)
If you would like to exercise a data subject right, you may use our online contact form.
Omnilife’s Data Protection Officer is Dean Scotson.
Should you have any questions or concerns for our DPO regarding the way in which your personal information has been used, please contact him via email at email@example.com.
How do we make changes to this privacy notice?
You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time. If we make a significant change to this privacy notice, we will post a notice about this on our website and inform you directly.
Further details on the categories of information, the purpose of processing and the legal basis of processing
|Categories of Information||Purpose of Processing||Legal Basis of Processing|
|Personal details Contact information Identification information Information about your family and home Employment and experience information Information relating to insurance policies and claims||Underwriting, evaluating and pricing the risks to be insured and calculating and validating the reinsurance premium for your insurance policy. Setting you up as a policy holder and managing your file.||Performance of a contract with you Our legitimate interests Compliance with a legal obligation|
|Personal details Contact information Information relating to insurance policies and claims||Reviewing, processing and managing claims.||Performance of a contract with you|
|Personal details Contact information Financial information||Paying for your claims, refund or return premiums. Investigating potential fraud.||Performance of a contract with you Compliance with a legal obligation.|
|Information relating to insurance policies and claims||Conducting data analysis to assess risks, price products and improve our services. Adapting of existing services and products.||Our legitimate interests|
|Information relating to insurance policies and claims||Defending of legal claims.||Processing is necessary for the defence of legal claims.|
|Financial information Information relating to insurance policies and claims||Reporting to or otherwise cooperating with regulatory bodies. Auditing our business.||Compliance with a legal obligation.|
|Information relating to business dealings||Operating and expanding our business activities.||Our legitimate interests|
|Special / Sensitive Information|
|Criminal data||Carrying out background checks, helping to prevent and detect fraud, money laundering, terrorism and other crimes.||Specifically permitted by local law (in relation to compliance with regulatory requirements relating to unlawful acts and dishonesty) Processing is necessary for the defence of legal claims|
|Your family medical history||Underwriting, evaluating and pricing the risks to be insured and calculating and validating the reinsurance premium for your insurance policy.||Specifically permitted by local law (in relation to provision and management of an insurance product)|
|Your health records||Reviewing, processing and managing claims.||Specifically permitted by local law (in relation to provision and management of an insurance product) Your consent (where we need to obtain information from your healthcare service provider)|
Last updated: 16 August 2021