What this privacy notice tells you
Welcome to Aviva’s privacy notice for Aviva DigiCare+, provided by Square Health Limited (the “App”). This privacy notice will give you information about how Aviva collects, receives and processes personal data in connection with your use of the App. It will tell you about your privacy rights and how the law protects you. So that you are fully aware of how and why we are using your data.
The App and services available within the App are provided to you by Square Health Limited (“Square Health”). Square Health will separately be collecting and processing your personal data in order to provide services to you within the App. Square Health is an independent data controller and information regarding its processing of personal data is set out in its privacy policy available here. It is important that you read the Square Health privacy policy in conjunction with this Aviva privacy notice.
This privacy notice only contains information regarding Aviva’s processing of your personal data.
1. Important information and who we are
Relevant parties
The App is brought to you by Aviva Life Services UK Limited acting on behalf of the Aviva Group (“Aviva”, “we”, “us” or “our”), in conjunction with our partner Square Health. Aviva is a data controller and is responsible for the personal data it processes.
The term ‘Aviva Group’ refers to one or more of the trading companies of Aviva that operate in the United Kingdom and that may or may not offer insurance and financial products or services which are relevant to you. For more information concerning Aviva and for a full list of the companies that comprise the Aviva Group, visit aviva.co.uk.
The App and services within the App are provided by Square Health. Aviva has appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
Changes to this privacy notice
We keep this privacy notice under regular review. This version was last reviewed in March 2026.
2. The personal data we collect or receive
The personal data we collect or receive depends on the type of user you are. Please see below for further information:
Customers
If you are a life assured or family member of a life assured (each referred to as a “Customer” below) you can access the App using your MyAviva login credentials if you are an existing MyAviva user. Alternatively, if you are not an existing MyAviva user, you can access the App by first registering for MyAviva using the activation code provided to you by email or using your policy number. For information about how we process your personal data when you register for and use MyAviva, please see the privacy notice available on MyAviva (which is also made available to you during registration).
Each time you login to the App we will send your personal data to Square Health to enable Square Health to verify your entitlement to access the App, to determine which services within the App you are eligible to receive and to provide you with such services. This data may include the following:
- identification data – a unique customer identifier (i.e. an alphanumeric code), your first name, surname and date of birth;
- contact data – your email address; and
- product related data – your entitlement status (i.e. whether you're are entitled to access the App) and details of what services within the App you're eligible to access. This entitlement and eligibility is determined by the policy you have in place with Aviva.
In addition, Square Health will share the following data with Aviva:
- service usage data – data concerning your usage of the app, including services you have used in the App (e.g. whether you have used your allowance for your Health Check Assessment and follow up consultation on the results), which does not reveal any data concerning health.
Aviva will combine personal data that's been submitted to the App or otherwise generated the App with the following:
- policy data – data already held by Aviva, including information about the policies you hold with Aviva, how long you have been an Aviva customer, your purchasing channel and demographic data such as your gender, age and location. This data does not reveal any data concerning health.
If you provide explicit consent for the sharing of health data with Aviva within the App, then Square Health will also share the following data with Aviva:
- special category data – data concerning health including health data you submit in the App or that is otherwise generated through your use of the App.
To be clear, Aviva will only receive the above special category data if you have given your explicit consent to the sharing of this data with Aviva in the App.
Aggregated Data
For all user types, Square Health may also share aggregated data with Aviva such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, Square Health may aggregate your data to calculate the percentage of users accessing a specific App service and provide this information to Aviva. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
3. How your personal data is used
We have set out below a description of all the ways that Aviva will use your personal data, and the legal bases relied on to do so.
| Type of user | Purpose/activity | Type of data | Lawful basis for processing |
| Customers | To enable Square Health to verify your entitlement to access the App, to determine which services within the App you are eligible to receive and to provide you with such services. | (a) identification data (b) contact data (c) product related data | Necessary for the performance of a contract |
| All user types | To provide you with service communications relating to the App. | (a) identification data (b) contact data (c) product related data | Necessary for the performance of a contract |
| All user types | To send marketing communications to you if we have the necessary permissions to do so. | (a) identification data (b) contact data (c) product related data | Necessary for our legitimate interests to send you marketing information in accordance with your preferences |
| Customers | To tailor communications to you by highlighting the services within the App we feel are most appropriate to your service usage and potential future needs. | (a) identification data (b) contact data (c) product related data (d) service usage data (e) policy data (f) special category data | Necessary for our legitimate interests to operate and improve our products and services and keep you informed about our products and services, and, for special category data, explicit consent |
| Customers | To analyse trends and better understand factors which affect the cost of insurance to Aviva, which we use to price our future products and services; To determine whether the data can be used to predict the outcome when a customer applies for one of our products or services, e.g. whether an application may be declined, whether an application may be deferred, or whether a customer may have to pay an increased insurance premium. This information may be used to make it easier for customers to apply for our products and services, e.g. by reducing the number of questions we ask when applying for our products; | (a) identification data (b) contact data (c) product related data (d) service usage data (e) policy data (f) special category data | Necessary for our legitimate interests to operate and improve our products and services and keep you informed about our products and services, and, for special category data, explicit consent |
|
| To help us better understand our customers and improve our customer engagement, including profiling and customer analytics which allows us to measure the responses to our communications, assess the success of the services in retaining customers and identify customers who benefit most from the services provided; To help design future products or services and inform our future strategy, by better understanding customers’ needs, e.g. creating a new app to provide nutrition advice, support and services to customers. |
|
|
| All user types | To retain records. | (a) identification data (b) contact data (c) product related data (where applicable) (d) service usage data (where applicable) | Substantial public interest (preventing or detecting unlawful acts) |
| All user types | To investigate suspicious or fraudulent activity. | (a) identification data (b) contact data (c) product related data (where applicable) (d) service usage data (where applicable) | Substantial public interest (preventing or detecting unlawful acts) |
4. Change of purpose
Aviva will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (see details below).
If Aviva needs to use your personal data for an unrelated purpose, Aviva will notify you and explain the legal basis for doing so.
Please note that Aviva may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. Marketing
We provide you with choices regarding certain personal data uses, particularly around marketing and advertising. If we wish to market Aviva products and services to you, we will ensure we have the necessary marketing permissions in place. If you are sent a marketing email or SMS, it will include details on how to unsubscribe from these in the future. You also can update your marketing preferences at any time, by updating them in MyAviva or by contacting us using the details set out below. Note that it may take up to 28 days for your marketing preferences to be updated so you may continue to receive marketing during this period. Also note that we will continue to send you relevant service messages about the App even if you have unsubscribed from receiving marketing messages.
To find out more about the ways we may use your personal data for marketing, please see our full privacy policy (aviva.co.uk/privacypolicy) and the section titled ‘Marketing’.
6. Cookies
We may use cookies or other similar technologies to capture certain data when you when you open or interact with any marketing emails we may send to you. Further details are available in our Aviva Cookies Policy.
7. Disclosures of your personal data
Aviva may share or disclose data as required or permitted by applicable legal or regulatory requirements, including to respond to lawful request, court orders and legal process.
Aviva may also share your personal data with the parties set out in Section 3 above:
- with the Aviva Group Companies, our agents and third parties who provide services to us;
- with the National Crime Agency and other law enforcement agencies to investigate suspicious or fraudulent activity.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions.
8. International transfers
Aviva may transfer, store and process your personal data outside of the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection as provided by the UK is afforded to your personal data by ensuring adequate safeguards are in place. This might include transfers to countries that the UK considers will provide adequate levels of data protection for your personal data (such as countries in the European Economic Area) or putting contractual obligations in place with the party we are sending information to. Transfers within the Aviva group will be covered by an agreement entered into by members of the Aviva group (an intra-group agreement) which contractually obliges each group company to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within the group. Please contact us (see details below) if you want further information on the specific mechanism used by Aviva when transferring your personal data out of the UK.
9. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to access your data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. You should also be aware that communications over the internet, such as emails, are not secure unless they have been encrypted.
10. Data retention
We generally only keep personal data for as long as is reasonably required to fulfil the purposes explained in this privacy notice. Please see our full privacy policy (aviva.co.uk/privacypolicy) and the section titled ‘Retention’ for more detail.
11. Your legal rights
Where we rely on your explicit consent to process personal data as set out above, you have the right to withdraw your consent to this processing at any time. You can do so within the App or by emailing Square Health at data.protection@squarehealth.com.
You may have further rights under data protection laws in relation to your personal data including a right to access personal data, a right to correct inaccurate personal data, a right to transfer your personal data to another organisation, a right to object to our use of your personal data and a right to erase or suspend our use of your personal data.
Please see our full privacy policy (aviva.co.uk/privacypolicy) and the section titled ‘Data Rights’ for more detail.
If you’re not happy with the way we’re handling your information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioners Office (“ICO”). We ask that you please attempt to resolve any issues with us before contacting the ICO.
12. Contact details
If you'd like more information on how we process your personal data, please access our full privacy policy at (aviva.co.uk/privacypolicy)
If you have any questions about this privacy notice or how to exercise your rights please contact our Data Protection Officer.
Write to: The Data Protection Team, Aviva, PO Box 7684, Pitheavlis, Perth, PH2 1JR.
Email us: DATAPRT@aviva.com