You have several rights under data protection laws – you’ll find details of each of these below.
If you chose to exercise any of your rights with regards to your personal information, to make sure that we’re dealing with you, we may ask for evidence of identity. Where you have authorised a third party to act on your behalf, we’ll conduct the necessary checks to make sure the appropriate authorisations have been received. This is to make sure that we only disclose information to the correct and, where applicable, authorised individual or organisation.
In line with our data protection obligations, we aim to respond to all valid requests relating to your personal information within one month. There may be some occasions where it will take us longer, for example, if the request is exceptionally complex. However, in these situations, we’ll let you know as soon as possible and provide details of when we’ll be in a position to respond.
There may be occasions where we don’t have to (fully) comply with a request. In these situations, we’ll explain why we’re unable to do this.
Right of access
The right to request a copy of the personal information we hold about you, along with certain information relating to the processing of your personal information.When you request this information, this is known as making a Subject Access Request (SAR). In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee.
Right of data portability
The right, in certain circumstances, to have personal information that you have provided directly to us about you, transferred securely to another service provider in electronic form. This right is only applicable where:
- the processing of your personal information is based either on your consent or in line with the performance of a contract with you, and
- the processing of your personal information is carried out by automated (for example, electronic) means.
Right of rectification
The right to have any inaccurate personal information we hold about you corrected.
Right of erasure (‘Right to be forgotten’)
The right to have any out-of-date personal information deleted once there’s no legal requirement or business need for us to retain it. This isn’t an absolute right as we may need to consider other legal and regulatory requirements which could result in us having to retain your personal information for a specific period of time.
Right to restrict processing
The right to restrict some processing, in limited circumstances, and where we don’t have legitimate grounds for processing your personal information.
Right to object
The right to object to your personal information being used to send you marketing material. We’ll only ever send you marketing communications where you’ve given us your consent to do so. You can remove or add your consent at any time.
You can also object where you have grounds relating to your particular circumstances and we rely on ‘legitimate interests’ as our lawful basis for processing your personal information. However, where we believe we have compelling legitimate grounds, we’ll continue to process it.
Automated decision making
The right to not be subject to a decision made solely using automated means, including profiling, where the outcome adversely or significantly impacts you. This right doesn’t apply where it’s:
- necessary for the purposes of a contract between Aegon and you;
- authorised by law, or
- based on your explicit consent.
Exercising your rights
To exercise any of these rights, please contact our Data Protection Officer.