Skip to Content

Privacy Policy for business contacts

This Privacy Policy covers information collected when you are acting on behalf of an organisation/business

To help you we have set out the meaning of certain words and terms used in this section as well as for our products and services.

Please make anyone whose personal information you have provided to us aware of this Privacy Policy. You must make sure any information you supply about anyone else is accurate and that they’ve agreed to their information being supplied.
In order to provide the best products and services, we work with other registered organisations/businesses including, brokers, suppliers (a service provider), and clients (an organisation/business that we provide a service to). As part of these relationships, we may collect your information when you are acting on behalf of an organisation/business.

If you contact us by telephone, we may record calls for training and monitoring purposes to help improve our service and to detect and prevent fraud.

Vitality is the data controller of your personal information will be the one that you or the organisation/business you are acting for has the contractual/business relationship with.
The information we collect is usually limited to your contact details and the contact details of other individuals at your organisation/business.
The information we collect may be used by us, our employees and third party insurers and/or service providers who are acting under our instruction, for the reasons detailed below. We must always have a lawful basis for processing your information.

For each reason for processing your information, we have set out our lawful basis: 
 Why do we use your information Our lawful bases for processing Our legitimate business interest, where applicable
To enter into and administer our business agreement
  • Administering our business agreements
Personal Information:
  • Entering into and the performance of a contract
Not applicable.
To market additional products, services and general market information to you
  • Recording your marketing preferences in connection with products and services
Personal Information:
  • Legitimate interest
  • To keep our business contacts up to date of our new products and services.
For management information purposes and internal analysis of products and services
  • Accounting and financial records, analysis and reporting
  • Audit requirements
  • Legal and professional advice
  • System security and effective operation
Personal Information:
  • Legitimate interest
  • To monitor or business performance and maintain appropriate company records.
  • To develop, manage and improve our products and services.
In order to sell, manage and provide our products and services, prevent fraud and comply with legal and regulatory requirements, we may need to share your information with third parties, including:
  • Our auditors (for management information purposes)
  • Suppliers carrying out a service on our, or your behalf:
    - We use computer software and technology suppliers that provide systems, software and technology so that we can offer our products and services.
Other UK Vitality Companies click here
We use your contact details to email you about our products, services and general market information.

If you would like to opt out from receiving emails, you can click unsubscribe on any of the emails we have sent you.
We have detailed third parties that we share your information with in the ‘How we share your information’ section. Some of these third parties may be in countries outside of the European Economic Area (EEA).

Under data protection law, when personal information is being transferred outside the EEA, we as data controller, are under an obligation to ensure that such transfers are performed in a manner that ensures that your personal information is adequately protected.

In the event that we transfer your personal information outside of the EEA, we will always put in place adequate safeguards to ensure that your personal information is protected. Adequate safeguards may include placing contractual obligations on the third party that we are transferring your information to or ensuring that the third party is certified to the EU-US Privacy Shield Framework, if we are making transfers to third parties located in the United States.
We only keep your information for as long as is necessary, in line with the purposes for which we collected your information. We have set out our general retention periods below however in certain circumstances it will be necessary for us to keep your information for longer, for example when we are required to due to legal obligations or to defend or manage legal claims.

We will hold your details for as long as necessary as part of our business relationship with you or the organisation/business that you are acting for. The maximum time we may hold your information for 3 years following the completion of the insurance policies run-off period (where applicable, as part of our business contractual relationship with you or the organisation/business that you are acting for) and the relationship being terminated.
Data protection laws give you certain rights. For details of your data protection rights rights please click here.
We have appointed a Data Protection Officer who is responsible for overseeing how we handle your information. If you have any questions about our Privacy Policy or the information we hold about you, please contact them here.

In the first instance we would ask that you notify us of any concerns you have about how we handle your data but if you are still unhappy then you can contact the Information Commissioners Office here.
We reserve the right to update this Privacy Policy from time to time. Such changes may be necessary, for example, due to changes or developments in data protection laws, privacy best practice or the introduction of new technologies. You should check our website periodically to view the most up-to-date Privacy Policy. This Privacy Policy was last updated on 29/07/2019.