Fair Processing Notice for employees at Aegon UK

(We review this notice regularly - It was last updated December 2025)

Introduction

Here at Aegon, we’re committed to protecting and respecting your privacy. Looking after the personal information that we collect for our employees and their dependents/beneficiaries is one of our top priorities and we want you to be confident that your information is in safe hands. We’re responsible for deciding how we hold and use personal data about you and are required by law to make this information available to you. We’ve therefore developed this notice to let you know:

• How and why we collect personal information;
• What we do with it;
• When and why we share it with other organisations, including the types of organisations involved;
• How long we’ll keep it for; and
• The rights and choices you have with regards to your personal information.

This notice applies to current, prospective and former employees, workers and contractors. It doesn’t form part of any contract of employment or other contract to provide services.

It is important that you read this notice so you are aware of how and why we are using your information and what your rights are under data protection legislation.

Contact us

If you have any questions about this notice or data protection, please contact our Data Protection Officer

Write to: Data Protection Officer, Aegon, Edinburgh Park, Lochside Crescent, Edinburgh, EH12 9SE

Email: dataprotection@aegon.co.uk

If you’re contacting us by external email, please remember not to send any personal, financial or banking information because email isn’t a secure method of communication.

If you decide to send information in this way, you’re doing so at your own risk as there’s no guarantee that any email sent by you to us will be received or remain private during transmission.

How we obtain your personal information

Personal information means any information about an individual from which that person can be identified directly or indirectly. It does not include data where the person’s identity has been removed (anonymous data).

There are some types of more sensitive personal data which require a higher level of protection, such as information about a person’s health, sexual orientation or criminal convictions. More information on this is provided later in the notice.

We collect personal data relating to employees, agency or contract workers, interns and job applicants, directors or office holders.

We may gather information about you during the application and recruitment process or during your employment with us. We may also obtain information about you from an employment agency, credit reference agency or background check providers.

You will give us information by completing forms (paper versions or through our website) or by contacting us by phone, email or otherwise. This includes information you provide when you:

• Submit an application for a job electronically or otherwise (e.g. through a recruitment agency);
• Contact us (via phone/email);
• Update Workday (our HR Information System).

On some occasions, we may collect and use personal information about you that has been made publicly available, for example, from a social media site, where the information is made public.  This would be used in limited circumstances, for example, as part of a conduct investigation.

We will also collect additional information in the course of job-related activities throughout the period of your employment with us.

The information we collect about you and why

Depending on the circumstances, the personal information we gather about you may include the following. This list is not exhaustive:

Category	Data Type
Contact Information	Home address, personal email address, telephone numbers, next of kin and emergency contact information
General	Name, date of birth, title, marital or civil partnership status, details of any dependants, immigration status & nationality
Care Giving	Details of any caring responsibilities you have
Financial	Remuneration and compensation history, bank details, payroll records, HRMC and other PAYE or tax records, details of any Aegon products you hold
Government Identifiers	National Insurance number, driving license details
Physical characteristics	Gender, photographs
Crime, fraud & sanctions	Credit & criminal record information
Employment	Start date and, if different, the date of your continuous employment, leaving date, reason for leaving, disciplinary & grievance information, training and performance information, qualifications, details of professional memberships; any further personal information that we require to process during the course of your employment or required as part of an application or which you share through the website.
Socia-Economic*	Type of school attended, whether you qualified for free school meals, qualifications achieved by your parents or guardians, type of employment held by your parents or guardians.
Security	CCTV images, security system information, IT logon information, information about your use of our information and communications systems and/or swipe card records.

*Only where you choose to share this information

Sensitive Personal Information

We may also collect, store and use the following more sensitive types of personal information:

• Information about your race or ethnicity, religious beliefs, sexual orientation, gender identity, gender reassignment, and political opinions.
• Trade union membership.
• Information about your health, including any medical condition and sickness records, including:
• Information about your health or disability status which we need to allow us to consider whether we need to provide appropriate adjustments during the recruitment process, which could include adjustments that are needed to be made during the interview process or adjustments that are needed to support your employment.
• Where you leave employment and under any share plan operated by a group company the reason for leaving is determined to be ill health, injury or disability, the records relating to that decision;
• Details of any absences (other than holidays) from work including time on statutory parental leave and sick leave; and
• Any health information in relation to a claim made under the permanent health insurance scheme; and
• Where you leave employment and the reason for leaving is related to your health, information about that condition needed for pensions and permanent health insurance purposes.

Information about criminal convictions and offences.

We apply extra security around this type of data as we appreciate that due to its very nature, it would likely cause significant harm or distress if mistreated.

Diversity and Inclusion

At Aegon we are committed to being an inclusive and diverse organisation where employees can be their authentic selves and belong.  This means ensuring that all job candidates and employees are treated equally, without discrimination because of gender, sexual orientation, marital or civil partner status, gender reassignment, gender identity, race, colour, nationality, ethnic or national origin, religion, belief, disability, age, socio-economic background or carer responsibilities, or due to combinations of these or other characteristics.

Collecting diversity data is intended to help us maintain equal opportunities best practice and identify barriers to workforce equality and diversity. You do not have to submit your diversity data to us but when you do, it will be treated in the strictest confidence. We protect this information more sensitively as we appreciate that due to its very nature, it would likely cause significant harm or distress if mistreated.  

Criminal Information and Fraud Prevention

We process information about criminal convictions and suspected fraudulent activity for the purposes of detecting and/or preventing financial crime, fraud and other unlawful or dishonest conduct. As part of an internal investigation or annual vetting process (which we are legally required to carry out), we may also process information about the Aegon products held by you as a customer of Aegon.

Workday

Holding your personal information on Workday (our HR Information System) allows you to manage your information, as well as having sight of what is held about you by Aegon. Your manager, Senior Management and People Services will also have access to certain information to enable them to manage you and inform and support management decisions in the workplace.

Use of your personal information

The situations in which we will use your personal information are listed below:

Category	Use Type
Recruitment & Appointment	Making a decision about your recruitment or appointment Assessing qualifications for a particular job or task, including decisions about promotions
Employment Terms & Administration	Determining the terms on which you work for us Administering the contract we have entered into with you Administering employment policies and procedures
Legal & Compliance	Checking you are legally entitled to work in the UK Complying with health and safety obligations To comply with regulatory duties set by the FCA, PRA, Bermuda Monetary Authority or other regulators.
Payroll & Benefits	Paying you and, if you are an employee or deemed employee for tax purposes, deducting tax and National Insurance Contributions Providing you with statutory, contractual or non-contractual employment benefits Enrolling you in our pension scheme and liaising with the pension provider
Performance & Development	Conducting performance reviews, managing performance and determining performance requirements Making decisions about salary reviews and compensation Education, training and development requirements
Employee Lifecycle Management	Making decisions about your continued employment or engagement Making arrangements for the termination of our working relationship
Grievance & Disciplinary	Gathering evidence for possible grievance or disciplinary hearings Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work
Health & Wellbeing	Ascertaining your fitness to work, including provision of any workplace adjustments Managing sickness absence
Security & Monitoring	To monitor your use of our information and communication systems to ensure compliance with our IT policies To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
Fraud & Risk Management	To detect, investigate and prevent fraudulent or other criminal activity or financial crime
Analytics & Reporting	Business management and planning, including accounting and auditing To conduct data analytics studies to review and better understand HR and employment data (e.g. absence, attrition data) To conduct analysis of pay gaps based on gender, ethnicity or other diversity characteristics We may use your information for statistical or research purposes or for testing our systems. If we do this your personal information will be anonymous so that you can’t be identified.
Diversity & Inclusion	To promote and monitor diversity, inclusion, equity and equal opportunities in all aspects of the employee lifecycle

We will only use your information for the purposes for which we collected it, or for reasons compatible with those purposes. If we need to use it for any other unrelated purpose then we will let you know.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How we use more sensitive personal information

In general, we will not process sensitive personal information about you unless it is necessary for performing or exercising obligations or rights in connection with employment. On rare occasions, there may be other reasons for processing. The situations in which we will process your sensitive personal information are listed below.  

We will use information about your physical or mental health, or disability status, to:

• Ensure your health and safety in the workplace;
• Assess your fitness to work;
• Provide appropriate workplace adjustments;
• Monitor and manage sickness absence; and
• Administer benefits including statutory maternity pay, statutory sick pay, pensions and permanent health insurance.
• We may need to process this information to exercise rights and perform obligations in connection with your employmen.
• If you leave employment and under any share plan operated by us the reason for leaving is determined to be ill health, injury or disability, we will use information about your physical or mental health, or disability status, in reaching a decision about your entitlements under the share plan.
•  If you apply for an ill-health pension under a pension arrangement operated by us, we will use information about your physical or mental health in reaching a decision about your entitlement.
• If we reasonably believe that you or another person are at risk of harm and the processing is necessary to protect you or them from physical, mental or emotional harm or to protect physical, mental or emotional well-being.
• Where you choose to provide this, we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or sexual orientation to ensure meaningful equal opportunity monitoring and reporting.
• We will use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.

Information about criminal convictions

We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process, our annual vetting process or we may be notified of such information directly by you in the course of you working for us. We will use information about criminal convictions and offences in the following ways:

• During the recruitment process criminal convictions are collected to assess suitability for the role
• During annual vetting criminal conviction records are collected to understand the risk of financial crime and consider any risks that may affect suitability of continuing employment
• If adverse results are flagged, this could result in criminal conviction being discussed during a disciplinary process.  We are allowed to use your personal information in this way to carry out our legal and regulatory obligations.

Our security policies mean that we hold all personal (including sensitive) information securely and limit access to those who need to see it.  We apply extra security to sensitive personal information.

Our lawful bases for using personal information

Data privacy laws state that we can only process personal information if it is lawful to do so. For the processing to be lawful, we must have a suitable lawful basis.

This section details our lawful bases for the various uses of both personal and sensitive personal information.  Most commonly, we will use your personal information in the following circumstances:

• To facilitate our fulfillment of the contract we have with you.
• Where we need to comply with a legal obligation.
• Where it’s in Aegon’s legitimate interests and those interests don’t override your fundamental rights.
• Where we have your consent.

In most cases, we need your information to allow us to fulfil our contract with you and to enable us to comply with legal obligations.

In other situations, where we have a business reason for using personal information in a certain way, this is known as being in our ‘legitimate interests’.  If we seek to rely on legitimate interests, we are required by law to conduct a balancing test to ensure that our interests don’t override your rights and freedoms.

The outcome of this test determines whether we can rely on legitimate interests as our lawful basis and use the personal information for certain purposes as set out in this privacy notice. If the balance isn’t met, we can’t process your data in that way.

The following table details our lawful bases for the various uses of both personal information and sensitive personal information:

Purpose	Facilitate a Contract	Legal Obligations	Legitimate Interests	Consent
Making a decision about your recruitment or appointment	●
Determining the terms on which you work for us	●	●
Checking you are legally entitled to work in the UK	●	●
Paying you and, if you are an employee or deemed employee for tax purposes, deducting tax and National Insurance contributions (NICs)	●	●
Providing benefits to you	●
Inviting you to participate in any share plans operated by us or any group company	●
Granting awards under any share plans operated by us or any group company	●
Administering your participation in any share plans operated by us or any group company, including communicating with you about your participation and collecting any tax and NICs due on any share awards	●	●
Enrolling you in a pension arrangement in accordance with our statutory automatic enrolment duties	●	●
Liaising with the trustees or managers of a pension arrangement operated by us or any group company, your pension provider and any other provider of employee benefits	●
Administering the contract we have entered into with you	●
Business management and planning, including accounting and auditing		●
Conducting performance reviews, managing performance and determining performance requirements	●
Making decisions about salary reviews and compensation	●
Assessing qualifications for a particular job or task, including decisions about promotions	●
Gathering evidence for possible grievance or disciplinary hearings	●	●
Making decisions about your continued employment or engagement	●	●
Making arrangements for the termination of our working relationship	●	●
Education, training and development requirements	●	●
Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work	●	●
Ascertaining your fitness to work	●	●
Managing sickness absence	●	●
Complying with health and safety obligations		●
To detect, investigate and prevent fraud and other criminal activity or financial crime		●
To monitor your use of our information and communication systems to ensure compliance with our IT policies			●
To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution			●
To conduct data analytics studies to review and better understand employee development, progression, retention and attrition rates			●
Equal opportunities monitoring			●
Analysis of pay gaps linked to diversity characteristics			●
Analysis of diversity in the composition of the workforce			●

Do we need your consent?

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations, exercise specific rights in the field of employment law or for the purpose of ensuring equality of opportunity or treatment. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

We do not need your consent where the purpose of the processing is to protect you or another person from harm or to protect your well-being and if we reasonably believe that you need care and support, are at risk of harm and are unable to protect yourself.

Sharing your personal information

Service providers

We work with carefully selected service providers that carry out certain functions on our behalf. These include companies that provide services, such as:

• Technology services, including IT administration and support, software vendors, testing and support and platform providers.
• Background checking services, to carry out credit and other financial checks.
• Payroll services, e.g. HMRC.
• Medical services, e.g. Occupational Health Services.
• Outplacement services to help colleagues find new employment in the event of termination of employment e.g. upon redundancy or restructuring.
• Benefits such as Income Protection, Life Assurance, Critical Illness.
• Accounting, tax, legal or other advice.
• Relocation services, providing assistance to international colleagues such as property & school searches, language skills etc.

For those organisations that are carrying out services on our behalf, we only share information where we have a lawful basis for doing so, as described above. We’ll only share the appropriate level of personal information necessary to enable them to carry out the service.  We contractually require all our service providers to:

• Keep the information safe and protected at all times.
• Only act on our instructions and not use the information for their own purposes.

Cifas

Cifas is a fraud prevention service which seeks to detect, deter and prevent fraud. It is a not-for-profit membership association representing organisations across the public, private and voluntary sectors.

The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity.

Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by visiting www.cifas.org.uk/fpn.

Background screening for employees and potential employees

As a financial services company the trust of customers, business partners and other stakeholders around the world is of great importance to Aegon. This means conducting our business with integrity, openness and clarity.

To assess the integrity of all employees, Aegon performs a screening process for new candidates as well as screening when employees move to roles requiring greater levels of integrity risk. Vetting will apply across Aegon UK as part of the recruitment process for all new employees, workers, and all employees successful in applying for internal vacancies, as well as on a regular basis.

Our background checking process includes financial sanctions checks, Politically Exposed Persons (PEP) checks, credit records checks, criminal record checks (including charges for criminal offences of a financial nature) and three year employment reference checks.

Aegon assesses the integrity of the candidates and employees in alignment with its set norms and values as outlined in its Code of Conduct. The Money Laundering Regulations 2017 and the FCA Handbook each require firms to carry out screening of employees before their appointment and during the course of the appointment.

Sharing of special categories of personal information, for example medical information

If we request medical information from you or a medical practitioner who has cared for you or from other insurers, this will be protected.

We may ask for information from other insurers or medical practitioners to check, clarify or expand answers you’ve given us. Your manager, Senior Management and People Services will also have access to certain information to enable them to manage you and inform and support management decisions in the workplace.

For the avoidance of doubt, your manager will not have access to the following categories of special category data including, ethnic group, religion/belief, nationality, gender identity, sexual orientation, socio-economic background and caring responsibilities.

Additional data sharing obligations

Other than the circumstances detailed above, we won’t disclose your personal information to any third parties, except:

• To the extent that we’re required to do so by law, by a government body or by a law enforcement agency, or for crime prevention purposes (including financial crime protection and credit risk reduction).
• When protecting your interests or the interests of other individuals or for reasons of substantial public interest or vital interests.
• In connection with any legal proceedings (including prospective legal proceedings).
• In order to establish or defend our legal rights.
• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
• If we, or substantially all of our assets, are acquired by a third party, we may disclose your personal data to that third party in connection with the acquisition.
• In each case this will be done confidentially, to protect your personal information.

Personal information processed outside of the European Economic Area (EEA)

The personal information that we collect may be transferred to and stored at a destination outside the UK and European Economic Area (EEA), in connection with the above purposes.

This could be to other companies within the Aegon Group who are involved in our technology infrastructure or to third party service providers working on our behalf. Some of our service providers, such as Workday, store data in the US or use support services that store data in the US.

Where any such processing takes place, appropriate controls and other safeguards, such as the adoption of agreements containing the appropriate standard data protection clauses, are in place to ensure that your information is protected to the same standard as if it were in the UK.

Retention of personal information

We’ll keep your personal information for as long as reasonably required to fulfil the purposes for which we collected it, including the purposes of satisfying any legal, accounting or reporting requirements. We have in place and maintain a retention schedule and regularly review our obligations to make sure we don’t keep personal information longer than we’re legally obliged to.

In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use that information without further notice to you as it will no longer be deemed personal information.

Once you are no longer a candidate, employee, worker or contractor of Aegon, we will retain and securely destroy your personal information in accordance with our Data Retention Schedule.

Your rights

You have several rights under data protection laws – you’ll find details of each of these below.

If you choose to exercise any of your rights with regards to your personal information, to make sure that we’re dealing with you, we may ask for evidence of identity. Where you have authorised a third party to act on your behalf, we’ll conduct the necessary checks to make sure the appropriate authorisations have been received. This is to make sure that we only disclose information to the correct and, where applicable, authorised individual or organisation.

In line with our data protection obligations, we aim to respond to all valid requests relating to your personal information within one month. There may be some occasions where it will take us longer, for example, if the request is exceptionally complex. However, in these situations, we’ll let you know as soon as possible and provide details of when we’ll be able to respond.

There may be occasions where we don’t have to (fully) comply with a request. In these situations, we’ll explain why we’re unable to do this.

Right of access

The right to request a copy of the personal information we hold about you, along with certain information relating to the processing of your personal information. When you request this information, this is known as making a Subject Access Request (SAR). In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee.

Right of data portability

The right, in certain circumstances, to have personal information that you have provided directly to us about you, transferred securely to another service provider in electronic form. This right is only applicable where:

• The processing of your personal information is based either on your consent or in line with the performance of a contract with you.
• The processing of your personal information is carried out by automated (for example, electronic) means.

Right of rectification

The right to have any inaccurate personal information we hold about you corrected.

Right of erasure (‘Right to be forgotten’)

The right to have any out-of-date personal information deleted once there’s no legal requirement or business need for us to retain it. This isn’t an absolute right as we may need to consider other legal and regulatory requirements which could result in us having to retain your personal information for a specific period of time.

Right to restrict processing

The right to restrict some processing, in limited circumstances, and where we don’t have legitimate grounds for processing your personal information.

Right to object

The right to object to your personal information being used to send you marketing material. We’ll only ever send you marketing communications where you’ve given us your consent to do so. You can remove or add your consent at any time.

You can also object where you have grounds relating to your particular circumstances and we rely on ‘legitimate interests’ as our lawful basis for processing your personal information. However, where we believe we have compelling legitimate grounds, we’ll continue to process it.

Automated decision making

The right to not be subject to a decision made solely using automated means, including profiling, where the outcome adversely or significantly impacts you. This right doesn’t apply where it’s:

• Necessary for the purposes of a contract between Aegon and you.
• Authorised by law.
• Based on your explicit consent.

Exercising your rights

To exercise any of these rights, please contact us via Workday Help.

Security

We’re committed to making sure your information is protected and held securely in accordance with our obligations under data protection law. However, the internet isn’t a secure medium therefore we can’t accept responsibility for the security of an external email during transmission or for non-delivery of an external email.

We’ve put security policies, rules and technical measures in place to protect the personal information that we have under our control from:

• unauthorised access;
• improper use or disclosure;
• unauthorised modification, and
• unlawful destruction or accidental loss.

All our employees and service providers who have access to personal information, are obliged to protect it and keep it confidential.

Making a complaint

If you believe we haven’t processed your personal information in accordance with our Data Protection obligations, and that you’ve been affected by this, you can make a complaint by contacting our Data Protection Officer. You also have the right to ask us to escalate your complaint to our Group Data Protection Officer if you don’t think it’s been handled appropriately.

If you’re not satisfied with our response, you can also raise a complaint with the Information Commissioner’s Office, the UK’s independent authority set up to enforce the Data Protection Regulations. You can contact them at:

• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF
• Website: https://ico.org.uk/global/contact-us
• Phone: 0303 123 1113