What this privacy notice tells you
This notice gives you information about the way Aviva collects, receives and processes personal data in connection with your use of the Aviva DigiCare+ app, provided by Square Health Limited (the "App"). It tells you about your privacy rights and how the law protects you, just so you're fully aware of how and why we're using your data.
Square Health Limited ("Square Health") is the provider of the App. They'll also collect and process your personal data so they can provide services to you within the App. They're an independent data controller and have their own privacy policy which you can read here. It's important that you read this in conjunction with this Aviva privacy policy.
This privacy notice only contains information about the way Aviva processes your personal data.
1. Important information and who we are
Relevant parties
The App is brought to you by Aviva Life Services UK Limited acting on behalf of the Aviva Group (“Aviva”, “we”, “us” or “our”), in conjunction with our partner Square Health. Aviva is a data controller and we're responsible for the personal data we process.
The term ‘Aviva Group’ refers to one or more of the trading companies of Aviva that operate in the United Kingdom and that may or may not offer insurance and financial products or services which are relevant to you. For more information concerning Aviva and for a full list of the companies that comprise the Aviva Group, visit aviva.co.uk.
The App and services within the App are provided by Square Health. Aviva has appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
Changes to this privacy notice
We keep this privacy notice under regular review. This version was last updated in January 2023.
2. The personal data we collect or receive
The personal data we collect or receive depends on the type of user you are. Please see below for further information:
Customers
If you're the person whose life is assured, or you're a member of their family (each referred to as a “Customer” below) you can access the App using your MyAviva login credentials, as long as you've registered to use MyAviva. If you're not registered, you can do this by using the activation code provided to you by email or using your policy number. For information about how we process your personal data when you register for and use MyAviva, please see the privacy notice available on MyAviva (which is also made available to you during registration).
Each time you login to the App we will send your personal data to Square Health to enable them Square Health to verify your entitlement to access the App, to work out which services within the App you're eligible to use and to provide you with these services.. This data may include the following:
- identification data – a unique customer identifier (i.e. an alphanumeric code), your first name, surname and date of birth;
- contact data – your email address; and
- product related data – your entitlement status (i.e. whether you're are entitled to access the App) and details of what services within the App you're eligible to access. This eligibility will depend on the policy you have with Aviva.
In addition, Square Health will share the following data with Aviva:
- service usage data – data about the way you use the App, including the services you've used in the App (e.g. whether you have used your allowance for your Health Check Assessment and follow up consultation on the results), which does not reveal any data concerning health.
Aviva will combine personal data that's been submitted to the App - or generated by it - with the following:
- policy data – data already held by Aviva, including information about the policies you hold with Aviva, how long you've have been an Aviva customer, your purchasing channel and demographic data such as your gender, age and location. This data does not reveal any data concerning health.
If you provide explicit consent for the sharing of health data with Aviva within the App, then Square Health will also share the following data with Aviva:
- special category data – data about your health, whether it's submitted in the App or is generated by the way you use it.
To be clear, Aviva will only receive the above special category data if you have given your explicit consent to the sharing of this data with Aviva in the App.
Aggregated Data
Aggregated data is combined with that of others, so even though it's obtained using your own data it's not considered 'personal' in law. This is because it doesn't directly reveal your identity. For example. For example, Square Health may aggregate your data to calculate the percentage of users accessing a specific App service and provide this information to Aviva. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
3. How your personal data is used
Below you can read a description of all the ways Aviva will use your personal data, along with the legal basis behind this usage.
| Type of user | Purpose/activity | Type of data | Lawful basis for processing |
| Customers | To enable Square Health to verify your entitlement to access the App, to work out which services within the App you're eligible to receive and to provide you with these services. | (a) identification data (b) contact data (c) product related data | Necessary for the performance of a contract |
| All user types | To provide you with service communications relating to the App. | (a) identification data (b) contact data (c) product related data | Necessary for the performance of a contract |
| All user types | To send marketing communications to you if we have the necessary permissions to do so. | (a) identification data (b) contact data (c) product related data | We need this data to send you marketing information in line with the preferences you've told us about. This is called 'legitimate interest'. |
| Customers | To tailor communications to you by highlighting the services within the App we feel are most appropriate to the way you're using it now, and ways you may want to use it in future. | (a) identification data (b) contact data (c) product related data (d) service usage data (e) policy data (f) special category data | Necessary for our legitimate interests to operate and improve our products and services and keep you informed about them, and, for special category data, explicit consent |
| Customers | To analyse trends and better understand factors which affect the cost of insurance to Aviva, which we use to price our future products and services; To decide whether the data can be used to predict the outcome when a customer applies for one of our products or services, e.g. whether an application may be declined, whether an application may be deferred, or whether a customer may have to pay an increased insurance premium. This information may be used to make it easier for customers to apply for our products and services. For instance, it might reduce the number of questions we ask when a customer applies for our products. | (a) identification data (b) contact data (c) product related data (d) service usage data (e) policy data (f) special category data | Necessary for our legitimate interests to operate and improve our products and services and keep you informed about them, and, for special category data, explicit consent |
|
| To help us better understand our customers and improve our customer engagement, including profiling and customer analytics which allows us to measure the responses to our communications, assess the success of the services in retaining customers and identify customers who benefit most from the services provided; To help design future products or services and inform our future strategy, by better understanding customers’ needs, e.g. creating a new app to provide nutrition advice, support and services to customers. |
|
|
| All user types | To retain records. | (a) identification data (b) contact data (c) product related data (where applicable) (d) service usage data (where applicable) | Substantial public interest (preventing or detecting unlawful acts) |
| All user types | To investigate suspicious or fraudulent activity. | (a) identification data (b) contact data (c) product related data (where applicable) (d) service usage data (where applicable) | Substantial public interest (preventing or detecting unlawful acts) |
4. Change of purpose
Aviva will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason compatible with the original purpose. If you'd like an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (see details below).
If Aviva needs to use your personal data for an unrelated purpose, Aviva will notify you and explain the legal basis for doing so.
Please note that Aviva may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. Marketing
We provide you with choices regarding certain personal data uses, particularly around marketing and advertising. If we wish to market Aviva products and services to you. We'll make sure we have the necessary marketing permissions in place. If you are sent a marketing email or SMS, it will include details on how to unsubscribe from these in the future. You also can update your marketing preferences at any time, by visiting MyAviva or by contacting us using the details below. Note that it may take up to 28 days for your marketing preferences to be updated so you may continue to receive marketing during this period. Also note that we will continue to send you relevant service messages about the App even if you have unsubscribed from receiving marketing messages.
To find out more about the ways we may use your personal data for marketing, please see our full privacy policy (aviva.co.uk/privacypolicy) and the section titled ‘Marketing’.
6. Cookies
We may use cookies or other similar technologies to capture certain data when you open or interact with any marketing emails we may send to you. Further details are available in our Aviva Cookies Policy.
4. Disclosures of your personal data
Aviva may share or disclose data as required or permitted by applicable legal or regulatory requirements, including to respond to lawful request, court orders and legal process.
Aviva may also share your personal data with the parties set out below for the purposeswe explained in section 3 above:
- with the Aviva Group Companies, our agents and third parties below who provide services to us;
- with the National Crime Agency and other law enforcement agencies to investigate suspicious or fraudulent activity.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit
our third party service providers to process your personal data for specified purposes and in accordance with our instructions.
7. Disclosures of your personal data
Aviva may share or disclose data as required or permitted by applicable legal or regulatory requirements. This includes to respond to lawful request, court orders and legal process.
Aviva may also share your personal data with the parties below for the purposes explained in section 3 above:
- with the Aviva Group Companies, our agents and third parties who provide services to us;
- with the National Crime Agency and other law enforcement agencies to investigate suspicious or fraudulent activity.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions.
8. International transfers
Aviva may transfer, store and process your personal data outside of the UK. Whenever we transfer your personal data out of the UK, we make sure that a similar degree of protection as provided by the UK is afforded to your personal data by ensuring adequate safeguards are in place. This might include transfers to countries that the UK considers will provide adequate levels of data protection for your personal data (such as countries in the European Economic Area) or putting contractual obligations in place with the party we're sending information to. Transfers within the Aviva group will be covered by an agreement entered into by members of the Aviva group (an intra-group agreement) which contractually obliges each group company to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within the group. Please contact us (see details below) if you want further information on the specific mechanism used by Aviva when transferring your personal data out of the UK.
9. Data security
We've have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to access your data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. You should also be aware that communications over the internet, such as emails, are not secure unless they have been encrypted.
10. Data retention
We generally only keep personal data for as long as is reasonably required to fulfil the purposes explained in this privacy notice. Please see our full privacy policy (aviva.co.uk/privacypolicy) and the section titled ‘Retention’ for more detail.
11. Your legal rights
Where we rely on your explicit consent to process personal data as set out above, you have the right to withdraw your consent to this processing at any time. You can do so within the App or by emailing Square Health at data.protection@squarehealth.com.
You may have further rights under data protection laws in relation to your personal data including a right to access personal data, a right to correct inaccurate personal data, a right to transfer your personal data to another organisation, a right to object to our use of your personal data and a right to erase or suspend our use of your personal data.
Please see our full privacy policy (aviva.co.uk/privacypolicy) and the section titled ‘Data Rights’ for more detail.
If you’re not happy with the way we’re handling your information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioners Office (“ICO”). We ask that you please attempt to resolve any issues with us before contacting the ICO.
12. Contact details
If you'd like more information on how we process your personal data, please access our full privacy policy at (aviva.co.uk/privacypolicy)
If you have any questions about this privacy notice or how to exercise your rights please contact our Data Protection Officer.
Write to: The Data Protection Team, Aviva, PO Box 7684, Pitheavlis, Perth, PH2 1JR.
Email us: DATAPRT@aviva.com