Vitality Logo

Privacy Notice

Vitality Privacy Notice

Vitality is committed to protecting your personal information. This Privacy Notice sets out what information is collected about you by Vitality, how we use it and the choices and controls you have.

Vitality values its customers and staffs trust and recognises that the safety and lawful use of everyone’s personal data is key to retaining that trust and confidence. Vitality needs to collect, store, share and use personal data about past, current and prospective customers, and staff to enable it to meet its requirements in the provision of innovative products and services and for employment purposes.

This Privacy Notice has been prepared to be as comprehensive as possible but is not and exhaustive list of every aspect of our collection and use of personal information. We would be happy to provide any further information or explanation about our practices. 

If you have any general queries about this policy, please contact our Data Protection Officer at or you can write to the Group Head of Data Protection, Vitality, 5th Floor East, Eighty Strand London WC2R 0DT.

Our contact details

If you have a question about our Privacy Notice or the information we hold about you then please contact:

Name: The Group Head of Data Protection

Address: Vitality, 5th Floor East, Eighty Strand, London WC2R 0DT


Changes to this Privacy Notice

This Privacy Notice covers all the businesses within the Vitality Group and from time-to-time Vitality will change this Privacy Notice therefore you may therefore wish to check this page each time you submit personal information to Vitality. The latest privacy notice will always appear on this page.

This Privacy Notice was last updated on January 2024.

Who we are

Vitality is part of the Discovery Group of companies and is owned by Discovery Limited, a financial services firm based in South Africa. Vitality is based in the United Kingdom and to find out more about who the Vitality Group is, and to see the most up to date information go to

Please make anyone whose personal information you have provided to us aware of this Privacy Notice. You must make sure any information you supply about anyone else is accurate and that they’ve agreed to their information being supplied.

Under this notice, ‘we’, and ‘Vitality’ refers to all businesses within the Vitality Group and the term ‘plan’ refers to all insurance and non-insurance products such as investment and the healthy workplace programme.

Data protection

Vitality will only use your personal information in accordance with this Notice, its Data Protection Policy setting out the principles, rules, and guidelines its staff need to follow when processing your personal data, and relevant data protection laws including the UK General Data Protection Regulation, Data Protection Act 2018, and any reiteration of relevant legislations (“DP Laws”). 

Our Data Protection registration number are:

  • Vitality Corporate Services (including VitalityCar) Z105153X
  • Vitality Health Limited Z8752490
  • Vitality Life Limited ZA110112
  • Vitality Healthy Workplace Limited ZA455278

Our Data Protection Officer is the Group Head of Data Protection and can be contacted at

Your rights

We want to ensure you remain in control of your personal data and that you understand your legal rights. You have the right to:

  • Know whether we hold your personal data and if we do how that information is handled.
  • Have a copy (not documents) of the personal data that we hold about you (known as a ‘Data Subject Access Request’/DSAR).
  • Have inaccurate or incomplete personal data updated or amended.
  • Have your personal data erased (conditional right)
  • Restrict processing e.g., we can hold but not use whilst we investigate the accuracy (conditional right).
  • Obtain and re-used your personal data across different services (conditional right)
  • Object to your personal data being used for marketing (absolute right) but conditional for other matters or
  • Cease automated decision-making including profiling where it has legal or similar effect.

Please note your rights over your personal data depend on which legal basis is being relied upon by Vitality. Not all the rights above are absolute and may only apply in certain circumstances and, although we will always try to respond to any instructions you give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.

More detailed information on each right is given in ‘Making and Information Request’ which includes access to children’s data and a deceased person's data.

The simplest way to submit a DSAR is to contact us by email at Alternatively, you can email or write to the Data Protection Officer, Vitality, 5th Floor East, Eighty Strand, London WC2R 0DT.

To exercise your rights, you can submit a request about your personal information that's processed by Vitality. We will respond as soon as possible. Please complete this form.

We work with Discovery Group and One trust in the process. The notifications you'll receive will come from

Please note you may be asked to provide proof of identification or additional information to allow us to identify you.

Questions and complaints

Should you have a question about how we use your data or this Privacy Notice you can contact our Data Protection Officer via email at

If you have a complaint about how we have used your personal data, then in the first instance you should contact our Complaints team who can be contacted here.

If your complaint relates to delays in service, claims decisions or technical issues e.g., access problems, but is not related to your personal data, then these matters will not be reviewed by the Data Protection Officer. However if you are unhappy about the response to your complaint regarding the use of your personal data this can be escalated to the Data Protection Officer via email at or by writing to the Data Protection Officer, Vitality, 5th Floor East, Eighty Strand, London WC2R 0DT.

If you remain unhappy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office (ICO) which regulates and enforces data protection law in the UK. The ICO cannot issue compensation. Their contact details are:

Information Commissioners
Office Wycliffe House,
Water Lane,

Tel: 0303 123 1113 or 01625 545 745

Or visit:

Disclosure of information

To manage and provide our products and services, prevent fraud, and comply with legal and regulatory requirements we may need to share your information with a third party.

We will disclose your personal information to third parties if we are under a duty to disclose or share your personal data to comply with any legal obligation; or to enforce or apply our Terms and Conditions of Use and other agreements; or to protect the rights, property or safety of Vitality, our Members, or others.

We will never sell or rent your information to any third-party.

Regulatory Disclosure

Our auditors (for management information purposes). Appointed in accordance with our statutory obligations under Financial Conduct Authority obligations.

Our Regulators. To comply with our statutory obligations, we may share your personal data with our Regulators, where necessary. Our Regulators are:

  • Information Commissioner’s Office (ICO)
  • Financial Conduct Authority (FCA)
  • Prudential Regulation Authority (PRA)
  • Financial Ombudsman Service (FOS)

Government Departments: such as HM Revenue and Customs for tax and fraud purposes.

Law Enforcement: conduct further investigations with law enforcement to facilitate the prevention and detection of fraud or crime. It allows insurance companies to remain solvent after major claims events and is sometimes used for tax mitigation and other reasons.

Fraud prevention and detection: In certain circumstances, where we suspect fraudulent behaviour, we will carry out checks with fraud prevention agencies and databases. We also conduct searches with publicly available sources of information including internet searches and social media searches.

If we suspect fraudulent behaviour, we may not offer you insurance, we may void your policy or we may not be able to accept your claim. We investigate potentially fraudulent claims and where appropriate, we will use surveillance to assist our investigations. We appoint fraud investigation and surveillance suppliers to conduct these investigations on our behalf.

We will keep a record of individuals and any associated investigations to prevent and detect future fraud or money laundering.

Fraud prevention agencies and databases: When we check your details against fraud prevention agencies and databases, we will use a range of databases and agencies including other insurers' databases. If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies, fraud databases and other insurers. Law enforcement agencies may access and use this information. We access and use the information recorded by fraud prevention agencies or fraud databases to prevent fraud and money laundering. These checks are done to identify, predict, investigate, and evaluate potentially fraudulent behaviour.

We use the following fraud prevention agencies and databases:

  • CIFAS National Fraud Database CUE (Claims and Underwriting Exchange)
  • IFB (Insurance Fraud Bureau)
  • IFIG (Insurance Fraud Investigators Group)
  • IFED (Insurance Fraud Enforcement Agency)
  • IFR (Insurance Fraud Register)
  • NFIB (National Fraud Intelligence Bureau)
  • NCA (National Crime Agency)
  • OFSI (Office of Financial Sanctions Implementation)
  • LexisNexis

Other Disclosures

Re-Insurers: We may need to share your personal health or medical data provided by you with our re-insurers for them to do the following:

  • To analyse key demographic information.
  • To analyse patterns of claims by customers and their claims experiences.
  • To analyse the risk, they are reinsuring and to set a price for the re-insurance with Vitality.
  • To determine the validity of a claim; and
  • To set approval limits for claims and underwriting

Your authorised representative (Broker/Advisor): If you have appointed an insurance or financial adviser, we may send them copies of correspondence relating to the plan and any renewal documentation. We may disclose information to them if you have made a claim although no medical information will be provided without your consent.

Please be sure to tell us if you authorise a new representative so that we can update the system and only send your personal data to the right representative. Any changes may not be immediate.

Credit Reference Agencies: As part of the application process, we will share your data with credit reference agencies for security purposes. This check (known as a “soft search” or “quotation search”) will not affect your credit score or be visible to lenders. Credit checks are automated decision making but permitted as necessary for entering or performance with a contract between the individual and Data Controller.

External suppliers

To assist us in the provision of administration, services or benefits for your plan and any claims you make, we use other companies who work under contracts with us. We ensure that the level of security and the quality of service provided by those other companies is equivalent to the standard of services we provide to you and complies with DP Laws.

Please click here to see the list of other companies who assist us in the provision of administration services, benefits, and rewards.

Sharing your personal data with benefit providers: The Vitality group’s products are designed to enable you to accrue points related to your fitness and this in turn enables you to access several rewards and benefits. The exchange of your personal data, health and medical information will only occur with your consent, where relevant or because you directly engage that service and only with the benefit providers you choose to engage with. The full list of benefit and reward providers can be found here.

The full list of benefit and reward providers can be found here.

International Transfers

We have detailed our Third-Party Suppliers that we may share your information within the links above. Some of the companies are in countries outside of the United Kingdom and the European Economic Area. Where this is the case, we transfer your personal data to them on terms that are permitted within the law.

This is to ensure the appropriate security for your information, both in the transfer stage and when it is processed, and that your rights and confidentiality are protected in the same way as they would be if your personal data was processed in the UK.

Technical and organisational Security Controls

Vitality cares about the integrity, availability, and confidentiality of your personal data. However, we cannot guarantee that unauthorised third parties will never be able to defeat our security measures or use your personal data for an improper purpose.

Vitality maintains commercially reasonable and appropriate technical and organisational measures designed to secure Customer Data against unauthorised and unlawful loss, access, or disclosure. Vitality maintains physical, electronic, and procedural safeguards in compliance with applicable privacy laws to protect Customer Data, including, but not limited to:

(a) The maintenance of appropriate safeguards to restrict access to Customer Data to the employees, agents, licensors, or service providers of Vitality who need that information to carry out Vitality’s obligations.

(b) Procedures and practices for the safe transmission or transportation of the Customer Data.

(c) The maintenance of appropriate safeguards to prevent the unauthorized access of the Customer Data; and

(d) Procedures and practices for the safe disposal of Customer Data. Vitality provides insurance and investment products and services to its customers uniformly, and all appropriate and then current technical and organisational measures apply to Vitality’s entire customer base for those same services.

Customers must understand that the technical and organisational measures are subject to technical progress, development, and improvements for the protection of Personal Information and Vitality reserves the right to update the technical and organisational security measures provided the technical and organisational security measures will not materially decrease.

Storage of your information

Vitality’s preference is that data we collect from you is stored in the UK/EU (European Union). Where your data is transferred and stored outside the UK/EU we will take all steps reasonably necessary to ensure that any data processor we use provides an adequate level of protection for your data.

The transmission of information via the Internet, unfortunately, is not completely secure, and any transmission from you to us is at your own risk. Once we have received your information, we will use strict procedures and security features to help prevent unauthorised access.

How long we keep your information for

We only keep your personal information for as long as is necessary in line with the purposes for which we collected your information. We have set out in our general retention schedule in the sections below however in certain circumstances it will be necessary for us to keep your information for longer, for example when we are required to due to legal obligations or to defend or manage legal claims.

If you get a quote from us for insurance but do not take up the plan, we will normally keep your information for up to 13 months from the expiry date of the quote.

In most cases, we will keep your information for 7 years from the expiry date of the plan or from the settlement/closure of the claim, whichever is the latter. This is applicable if you get a quote from us and you buy the plan, if you have a plan with us, if you make a claim under one of our plans (including if you are a third-party claimant) or if you are a witness to an event giving rise to a claim under one of our plans. This is so that we can administer the contract of insurance and handle claims made against the plan.

It is of utmost importance to ensure that data is always protected and available for operational purposes. In the event, there is data loss due to unforeseen circumstances backup is an effective mechanism to assist business with the recovery of the data required for day-to-day operations. Our retention period for system back-ups is 5 years.

Fraud or Misrepresentation

In any instances where we suspect, detect, or investigate fraud or money laundering we will retain the data for at least 5 years and this will supersede any lesser retention period.

What types of information do we collect?

Depending upon your relationship with Vitality we will collect:

  • Contact details
  • Date of Birth
  • Occupation
  • Gender Medical/health data
  • Claims data
  • Payment details
  • Payment transactions
  • Information about what you are insuring provided by you, directly or via the company who sold you the plan.
  • Your experience selling life and Health Insurance (Brokers/Advisors)
  • Course enrolment details (Brokers/Advisors)

We also collect the following information for VitalityCar:

  • County court judgements
  • Homeowner status
  • Marital Status
  • Driving licence details
  • Residency Status
  • Images and video from dash camera footage
  • Other information about the company who should you the plan Recent quote for insurance
  • Your insurance history
  • Claims details
  • History of fraud
  • Indicators of fraudulent behaviour
  • Investigations into fraud
  • Your credit history and score
  • Information from the electoral register
  • Additional information, from third parties, to assist us in assessing your insurance risk. Some information is publicly available such as census data
  • Information regarding your vehicle form HPI Ltd
  • Motoring criminal convictions and offences
  • Health information including medical conditions and associated restrictions on your driving licence

How we use your information

This depends on the type of relationship you have with us - and the ways that you may interact with Vitality.