Skip to Content

Privacy Notice for VitalityInvest members

This privacy policy covers our investment plans provided by Vitality Life Limited, t/a VitalityInvest.

To help you we have set out the meaning of certain words and terms used in this section as well as for our products and services.

Please make anyone whose personal information you have provided to us aware of this Privacy Policy. You must make sure any information you supply about anyone else is accurate and that they’ve agreed to their information being supplied.
If you have a plan with us or you are considering getting a plan with us, we collect information about you and any joint plan holders when you get an
investment plan from us, when you buy or amend an investment plan from us, when you withdraw funds or cancel your plan.

If you are a beneficiary under the plan, we collect information about you when you make a claim under the investment plan.

We only collect information that is relevant and necessary for us to provide the plan and to handle claims made under the investment plan. 

If you contact us by telephone, we may record calls for training and monitoring purposes to help improve our service and to detect and prevent fraud.
 

Personal information provided by you and anyone named on the plan, directly or via the company who sold you the plan:

  • Contact details
  • Date of birth
  • Occupation
  • Gender

Financial information provided by you, directly or via the company who sold you the plan:

  • Payment details
  • Transactions and payments made for your plan
Sensitive information provided by you, directly or via the company who sold you the plan:
  • Health information including medical conditions and your doctor/hospital details
 Why do we use your information Our lawful bases for processing Our legitimate business interest, where applicable  Retention guide
To provide you with a quote
  • Assessing your application and, if we can, the price and other terms we can offer.
Personal Information:
  • Entering into and the performance of a contract
  • Legitimate interest.
Sensitive Information:
  • Substantial public interest - insurance.
  • To price our products based on your insurance risk and to set plan acceptance parameters to determine when we want to insure certain risks.
  • 13 months if no other Vitality membership exists.
To administer and manage your insurance plan
  • Administering the purchase of your plan
  • Managing your plan
  • Processing your insurance premiums
  • Arranging the renewal, cancellation or lapse of your plan.
Personal Information:
  • Entering into and the performance of a contract
  • Legitimate interest.
Sensitive Information:
  • Establish, exercise or defend our legal rights
  • Substantial public interest - insurance.
  • To price our products based on your insurance risk and to set plan acceptance parameters to determine when we want to insure certain risks.

Seven years from the end of the last active plan across Vitality, as per standards.

To handle claims made against your plan
  • Registering your claim
  • Assessing your claim
  • Processing payments for your claim.
Personal Information:
  • Entering into and the performance of a contract
  • Legitimate interest.
Sensitive Information:
  • Establish, exercise or defend our legal rights.
  • To undertake checks to validate and settle your claim.

Seven years from the end of the last active plan across Vitality, as per standards.

To resolve any complaints you may have
  • Register complaints
  • Manage and resolve complaints.
Personal Information:
  • Entering into and the performance of a contract
  • Legitimate interest.
Sensitive Information:
  • Establish, exercise or defend our legal rights
  • Substantial public interest - insurance.
  • To investigate and resolve any complaints made.

Three years from date of closure. 

To recover any debt that you owe to us
  • Recovery of unpaid debts or reimbursement of damages under a contract.
Personal Information:
  • Entering into and the performance of a contract 
  • Legitimate interest.
  • To recover any debt that is owed to us even if we do not hold a contractual relationship with you.

Seven years after debt is recovered or the end of the plan - whichever is longer.  

To prevent, detect and investigate fraud or money laundering
  • Investigating suspicions of fraud and money laundering
  • Prosecuting fraud.
Personal Information:
  • Legitimate interest
Sensitive Information:
  • Substantial public interest - preventing or detecting unlawful acts.
  • To prevent fraud and money laundering.

Civil cases & criminal cases: six years

On sentence, three years after length of sentence.

For management information purposes and internal analysis of products and services
  • Accounting and financial records, analysis and reporting
  • Audit requirements
  • Legal and professional advice
  • Research into market trends and customer demographics
  • Pricing and underwriting analysis
  • System security and effective operation.
Personal Information:
  • Legitimate interest.
Sensitive Information:
  • Substantial public interest - insurance.
  • To monitor our business performance and maintain appropriate company records
  • To develop, manage and improve our products and services.

Seven years - after this, personal data is removed.

For training purposes to improve your customer experience
  • Assessing customer experiences
  • Developing and improving our customer experience.
Personal Information:
  • Legitimate interest.
Sensitive Information:
  • Substantial public interest - insurance.
  • To improve the service we provide to customers.

Call recordings is three years (where recorded).

For periodic reporting to our regulator and HM Revenue & Customs.  Personal Information
  • Legal obligations
  • Legitimate Interest.
  • Your plan retains the tax advantages and benefits.
Seven years - after this, personal data is removed.
  • Maintaining tax privileged status of the plan 
  • Complying with regulatory obligations.
     

These insurance plans will remain active until you:

  • Withdraw funds from an ISA investment and close the plan
  • Transfer your ISA or pension, or take all the benefits from your plan. 

Applying for a quote, holding an investment plan with us and making a claim: In certain circumstances, where we suspect fraudulent behaviour, we will carry out checks with fraud prevention agencies and databases. We also conduct searches with publicly available sources of information including internet searches and social media searches.

If we suspect fraudulent behaviour, we may not offer you a plan, we may void your plan or we may not be able to accept your claim. We investigate potentially fraudulent claims and where appropriate, we will use surveillance to assist our investigation. We appoint fraud investigation and surveillance suppliers to conduct these investigations on our behalf.

We will keep a record of individuals and any associated investigations to prevent and detect future fraud or money laundering.

Fraud prevention agencies and databases: When we check your details against fraud prevention agencies and databases, we will use a range of databases and agencies including other insurers' databases. If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies, fraud databases and other insurers. Law enforcement agencies may access and use this information.

We access and use the information recorded by fraud prevention agencies or fraud databases to prevent fraud and money laundering. These checks are done to identify, predict, investigate and evaluate potentially fraudulent behaviour.

We use the following fraud prevention agencies and databases:

  • HICFG (Health Insurance Counter Fraud Group)
  • CIFAS (National Fraud Database)
  • CUE (Claims and Underwriting Exchange)
  • IFB (Insurance Fraud Bureau)
  • IFIG (Insurance Fraud Investigators Group)
  • IFED (Insurance Fraud Enforcement Agency)
  • IFR (Insurance Fraud Register)
  • NFIB (National Fraud Intelligence Bureau)
  • NCA (National Crime Agency)
  • OFSI (Office of Financial Sanctions Implementation)
  • LexisNexis

In order to sell, manage and provide our products and services, prevent fraud and comply with legal and regulatory requirements, we may need to share your information with third parties, including:

Our auditors (for management information purposes) 

Vitality will only share your personal data with other companies or organisations where there is a legitimate reason for doing so. For example we are obligated to provide information to specific Government departments such as HM Revenue and Customs and to regulatory bodies who govern our activity such as:

  • Information Commissioner’s Office (ICO)
  • Financial Conduct Authority (FCA)
  • Prudential Regulation Authority (PRA)
  • Financial Ombudsman Service (FOS)
We may also share your personal data where we conduct further investigations with law enforcement and fraud prevention agencies and databases, our regulators (such as the FCA, PRA and ICO) as well as other insurers, to facilitate the prevention and detection of fraud or crime.

Fraud prevention agencies

Crime prevention agencies, including the police

Sharing your personal data with your authorised representative

If you have appointed an insurance or financial adviser, we may send them copies of correspondence relating to the plan and any renewal documentation. We may disclose information to them if you have made a claim although no medical information will be provided without your consent.

Please be sure to tell us if you authorise a new representative so that we are able to only send your personal data to the right representative so that we send your personal data to the right person.

Our use of other companies to provide our products and services to you

To assist us in the provision of administration, services or benefits for your plan and any claims you make, we use other companies who work under contracts with us. We ensure that the level of security and the quality of service provided by those other companies is equivalent to the standard of services we provide to you.

We need to advise you that as part of the application process we will share your data with credit reference agencies for security purposes. This check (known as a “soft search” or “quotation search”) will not affect your credit score or be visible to lenders.

Some of the companies who work under contracts with us are located in countries outside of the European Economic Area. Where this is the case we transfer your personal data to them on terms that are approved by the Information Commissioner. This is to ensure the appropriate security for your information, both in the transfer stage and when it is processed, and that your rights and confidentiality are protected in the same way as they would be if your personal data was processed in the UK.

Please click here to see the list of other companies who assist us in the provision of administration services.

Sharing your personal data with benefit providers

The Vitality group’s products are designed to enable you to accrue points related to your fitness and this in turn enables you to access a number of rewards and benefits. The exchange of your personal data, health and medical information will only occur with your consent and only with the benefit providers you choose to engage with.

The full list of benefit and reward providers can be found here.

Vitality Group
 
We will carry out direct marketing for customers of this product and other products and services that are managed by the Vitality Group where you have consented. Members can manage their preferences through their Member Zone.

You’ll get communications or emails about your plan or any changes as we have a statutory obligation to do so.
We have detailed third parties that we share your information with in the ‘How we share your information’ section. Some of these third parties may be in countries outside of the European Economic Area (EEA).

Under data protection law, when personal information is being transferred outside the EEA, we as data controller, are under an obligation to ensure that such transfers are performed in a manner that ensures that your personal information is adequately protected.

In the event that we transfer your personal information outside of the EEA, we will always put in place adequate safeguards to ensure that your personal information is protected. Adequate safeguards may include placing contractual obligations on the third party that we are transferring your information to or ensuring that the third party is certified to the EU-US Privacy Shield Framework, if we are making transfers to third parties located in the United States.
 
We only keep your personal information for as long as is necessary in line with the purposes for which we collected your information. We have set out in our general retention schedule below however in certain circumstances it will be necessary for us to keep your information for longer, for example when we are required to due to legal obligations or to defend or manage legal claims.

If we suspect, detect or investigate fraud or money laundering, information will be held on a case by case basis for up to seven years.
 
Data protection laws give you certain rights. For details of your data protection rights rights please click here.
We have appointed a Data Protection Officer who is responsible for overseeing how we handle your information. If you have any questions about our Privacy Policy or the information we hold about you, please contact them here.

In the first instance we would ask that you notify us of any concerns you have about how we handle your data but if you are still unhappy then you can contact the Information Commissioners Office here.
 
We reserve the right to update this Privacy Notice from time to time. Such changes may be necessary, for example, due to changes or developments in data protection laws, privacy best practice or the introduction of new technologies. You should check our website periodically to view the most up-to-date Privacy Notice. This Privacy Notice was last updated on 01/03/2021.