Privacy Policy

CONSUMER PRIVACY NOTICE 2025

We take the protection of your personal information seriously. As a customer, you trust us with sensitive data from your date of birth to your medical history and we are committed to handling it responsibly, securely, and in accordance with data protection laws.

This privacy notice explains how we collect, use, store, and share your personal information. We encourage you to read it carefully and share it with anyone whose information you provide to us, such as trustees or beneficiaries.

Please be aware that while we take appropriate steps to safeguard your data, sending information via email is not completely secure and is done at your own risk. Once we receive your information, we apply robust security procedures and controls to protect it.

This notice may be updated periodically to reflect changes in our practices or legal requirements.

Who are we?

Investment Discounts On Line Limited (“we”, “us” or “our”) is part of the Legal & General Group. We trade under the names:

We are a data controller of your personal data. Where we pass information to product providers (for example, insurance companies from whom we request quotes), those providers become independent controllers of your information and apply their own privacy notices.
If you wish to exercise your data protection rights once your data has been shared with a provider, you should contact them directly.

What does this privacy notice cover?

This privacy notice applies to:

Retail customers and individual consumers of goods and/or services, including users of application-based technology.
Individuals who request quotes, use our services, or purchase provider products through us. This includes customers who enter into agreements with product providers hosted on our platform, and individuals covered under employer-sponsored group life schemes.
Other individuals we may interact with in the course of our business operations.

Please note: A separate privacy notice applies to business and professional clients, which is available on our website.

What we mean by personal information

When we refer to “personal information” in this privacy notice, we mean any information about an individual that can identify them, either directly or indirectly. This includes, for example, your name, address, email address, IP address, telephone number, and financial details.

Personal information may relate to customers (including prospective customers), employees, shareholders, business contacts, and suppliers. Any reference to “information” or “data” in this notice refers specifically to personal information about a living individual.

What information do we hold?

We may collect and process the following personal information about you:

Type of data	Description	Examples of how we use it
Contact	Who you are Where you live (including previous addresses) How to contact you Third party contacts. For example, family members or friends	Servicing your products Marketing Analysis and profiling Enhancing our product and service offering Assessing eligibility based on product provider's requirements
Personal details	Age Gender Family details Visual images and personal appearance Financial Details Lifestyle and social circumstances Health and medical details Employment details	Marketing Analysis and profiling Quotations provided Product underwriting Assessing eligibility based on product provider's requirements Services selected Financial crime prevention
Vulnerability details	Capability capacity Financial circumstances Life events Health details	Ensuring accessibility Servicing your products Making sure the products and services meet our customers' needs
Transactional	Bank and/or card details How you use your products Changes you make to your products	Servicing your selected product Making sure our hosted products and services are fit for purpose Transmit your payment card details to your selected provider's Payment Service Provider
Consent and preferences	Ways you want us to market to you Ways you want selected product providers or partners to market to you Information from third parties acting on your behalf Lifestyle, health, medical information and social circumstances	Marketing Prevention of direct marketing to those who have opted out Obtain quotes including prices from product providers
Technical	Details on the devices and technology you use	Making sure our products and services are fit for purpose
Open data and public records	Information about you that is openly available on the internet. This includes social media platforms	Product and service administration
Documentary data and national identifiers	Details about you that are stored in documents like your: Passport Driver's licence Birth certificate National insurance number	Identification and verification Prevention of financial crime
Location data	Your device's current location Use of location services such as the location services of your operating system or browser, sensor data from your device. For example, Bluetooth data, beacon data, Wi-Fi access points, GPS data and cell tower data.	Some products and/or services will require location data for the purpose of access control functionality. However, you can change location setting on your device at any time. We will never share your location with others, except to support your provider claims process, with your express consent or as permitted under this Privacy Notice.
Location data	If you have turned on persistent background location services on your device, we may obtain your device's location even while you are not using the services or products on your device. The persistent background location services use various technologies to determine your precise location, such as the location services of your operating system or browser, sensor data from your device (e.g. magnetometer, barometer, gyroscopes, accelerometers, compasses, Bluetooth data, beacon data, Wi-Fi access points, GPS data, and cell tower data). If you have opted-in to sharing your background location with us as part of using our services or products, you can opt-out at any time by going into your device settings and switching off background sharing / location services.

Where we get your information

We collect personal information from a variety of sources to help provide you with the best possible service:

Directly from you:
Information you provide when you request a quote, apply for a product, contact us by phone or email, or use our website or online portals.

Phone calls:
We may record calls for your protection, to meet our regulatory obligations, and to help us improve our customer service.
From your online activity:
Information collected through your browsing on our website or use of our apps.
From third parties:
This includes information from:
- Price comparison websites, aggregators, or business partners who introduce you to us
- Your employer or their financial adviser (if you’re introduced through work)
- Publicly available sources, such as social media or the electoral register
Cookies and similar technologies:
We use cookies to:
- Help our websites and apps work smoothly
- Remember your preferences
- Improve your online experience
- Show you more relevant adverts

You can find more information about setting your cookie preferences. Use the ‘Cookie Policy’ link at the bottom of our website or refer to The Idol’s cookie policy here.

How we use your information

We use your personal information to deliver the services you’ve requested and to improve your experience with us. This includes:

Providing Services

Sharing your details with product providers to generate quotes and set up policies or services.
Responding to enquiries and complaints.
Keeping you informed about changes to our services.

Marketing

Sending you information about products and services from our brands that are similar to those you’ve enquired about or consented to receive.
Delivering marketing via:
- Email
- Post
- Telephone
- Personalised online ads (e.g. social media, YouTube)

You can opt out of marketing at any time via our Unsubscribe service, by emailing customerservices@theidol.com, or calling 0800 915 7885.
If you’ve consented to marketing from your chosen provider, we’ll share your request with them. You can opt out directly with them at any time.

Customer Reviews (Trustpilot)

Customer Reviews
We use Trustpilot, an independent online review platform, to help us collect and display genuine feedback from customers about their experience with our services.

After you complete a transaction or receive a service from us, we may share your name and email address with Trustpilot for the purpose of sending you an invitation to leave a review. This helps us monitor customer satisfaction, improve our products and services, and maintain transparency about our performance.

Trustpilot will only use your details to send a review invitation and to verify that you are a genuine customer. Once you submit a review, Trustpilot becomes the data controller for the information you provide in that review. You can read Trustpilot’s Privacy Policy here.

Legal basis for processing:
We rely on our legitimate interests (Article 6(1)(f) UK GDPR) to request customer feedback and ensure the authenticity of our public reviews. We have carried out a Legitimate Interests Assessment (LIA) to confirm that this activity does not override your rights and freedoms.

Data shared:

Name and email address.

Data recipient:

Trustpilot A/S (company number 30544650), Pilestræde 58, 1112 Copenhagen, Denmark.

International transfers:

Trustpilot hosts data within the EEA. Any transfers outside the EEA are protected by appropriate safeguards, such as the UK Addendum to the EU Standard Contractual Clauses.

You can choose not to receive a review invitation by contacting datacontroller@theidol.com or by following the unsubscribe link in the invitation email.

Legal and Regulatory Compliance

Performing identity checks and complying with “know your customer” and other regulatory requirements.
Sharing data with regulators and fraud prevention agencies.

Improving Our Services

Conducting market research, customer profiling, and statistical analysis to better understand your needs.
Validating sales information and identifying gaps in product offerings.
Testing systems, managing business operations, and ensuring quality and compliance.

Automated Decision-Making and Profiling
We may use automated systems to:

Detect and prevent fraud and financial crime (e.g. identity verification, sanctions checks).
Provide quotes, calculate premiums, and assess underwriting criteria based on factors like health, lifestyle, and location.
Personalise communications and services based on your preferences or circumstances.

These decisions may be made solely by automated means, but where required, we’ll ensure human review is available.

Use of AI and Speech Analytics

We may use speech analytics on recorded calls to identify vulnerable customers, improve service quality, and support staff training.
We’re exploring AI to help summarise complex documents or improve service delivery. Any use of your data for AI training will not result in decisions being made about you.

Other Uses

Servicing your products, including tailoring communications based on changes in your circumstances.
Any other purpose we’ve agreed with you.
Please note: When you request a quote or apply for a product, additional terms may apply. These will be clearly set out in the relevant form or contract.
While Investment Discounts On Line Limited remains the data controller for the information you provide to us, product providers (such as insurers) also act as data controllers for the information we pass to them. Each provider has their own privacy policy, which you can find on their website.

Using your information with data protection laws

We take our responsibilities under data protection laws seriously. Before we use your personal information, we make sure we have a lawful basis for doing so. Depending on the activity, we rely on one or more of the following:
1. To provide our services
  We use your personal information to deliver the products and services you’ve requested, and to fulfil any agreements we’ve made with you. This includes online services and customer support.
2. To meet legal obligations
  We may process your data to comply with laws and regulations—for example, to prevent financial crime or respond to regulatory requests.
3. With your consent
  Where you’ve given us permission, we may:
  - Share or request information from third parties on your behalf.
  - Send you marketing communications about our products and services.
  - Invite you to take part in optional activities like surveys or focus groups.
  - You can withdraw your consent at any time by:
    - Visiting our Unsubscribe service
    - Emailing: customerservices@theidol.com
    - Calling: 0800 915 7885
  We may also obtain consent on behalf of your chosen insurance provider so they can send you marketing. You can opt out directly with them at any time.
4. Legitimate interests
  We may use your data where it's necessary for our business and doesn't override your rights. This includes:
  - Market research, product development, and customer profiling
  - Testing and improving our services and marketing
  - Sending relevant marketing by post (unless you’ve opted out)
  - Recognising customer circumstances (e.g. sending a card or small gift)
  - Analysing how customers use our services
  Before relying on legitimate interests, we carry out a careful assessment to ensure your rights and freedoms are respected.
5. Special category data
  We may process sensitive information (e.g. health, ethnicity, biometric data) to help administer your products. We’ll only do this:
  - With your explicit consent
  - Where it’s in your vital interests
  - Where it’s required by law
6. Criminal conviction data
  We may process this type of data to help providers underwrite and manage your products, handle claims, and prevent financial crime.
  - Please note: We need certain personal information to provide our services. Without it, we may not be able to proceed with your application or deliver your chosen product.

How long we keep your information

We only keep your personal data for as long as we need it, based on our internal retention policy and legal requirements. Here’s how long we typically hold different types of information:

Quotes and service enquiries: Up to 2 years
Contract and transaction records: 6 to 7 years (as required by law)
Annuity and pension products: Indefinitely, where needed to respond to future enquiries or meet regulatory duties

Our internal retention policy sets out how long we keep different types of data, ensuring we don’t hold your information longer than necessary. If there’s a legitimate business reason, we may keep your data for longer but only if we can clearly justify it.

In rare cases where it’s not technically possible to delete your data, we’ll put it “beyond use,” meaning it’s inaccessible and won’t be processed.

Who do we share your personal information with?

We only share your personal information when it’s necessary and always in line with this privacy notice. We may share your data with:
Product providers, insurance service providers, and third-party suppliers who help us deliver and service your products.
The company that referred you to us (such as an aggregator, price comparison website, or your employer), including their suppliers, to help administer your products and services.
Payment service providers who process your premium payments on behalf of your chosen product provider. (We don’t store your payment card details please contact your insurer directly with any payment queries.)
Selected third parties but only if you’ve given your consent for them to contact you about their products or services.
Regulators, law enforcement, data verification and fraud prevention agencies, and business partners where required by law or to protect you and your provider from financial crime.

Additionally, we may disclose your personal information to third parties:

In the event that we sell or buy any business or assets. In which case we'll disclose your personal data to the prospective seller or buyer of such business or assets.
For employer sponsored schemes, we may share some details of your plan with your employer and any professional advisor(s) they appoint on their or your behalf to service.
In order to apply the terms of any service with you.
To protect you and your selected provider from financial crime, we may be required to verify the identity of new and sometimes existing customers. This may be achieved by using credit reference agencies to search sources of information relating to you. This is known as an identity search. If this fails, we may need to approach you to obtain documentary evidence of identity.
The checks will not affect your credit rating, but your credit record may show that a search has been made. This is sometimes referred to as a soft footprint.
If you make a claim, we'll share your information (where necessary) if requested by your selected insurance or annuity company to prevent fraudulent claims.

Additionally, your information, including special category and criminal conviction data, may be disclosed to any other insurance company to whom you apply for products or services.

As well as sharing your information with insurance or annuity providers, if you've been introduced to us by another company we may share your information with them. For example, your aggregator, price comparison website, employer or their financial adviser. This is to enable them to:

Underwrite your product (insurance and annuity providers only)
Administer and service your products.
Validate the information provided.
Carry out market research, statistical analysis and customer profiling.
Where you have consented, send you marketing information by post, telephone, email and online about their products and those of carefully selected third parties.
Assist you with your quote and or application process.

How we use your information to prevent fraud

We take your security seriously. To help protect you and others from fraud and financial crime, we may share your personal information with trusted fraud prevention agencies. These agencies use your data to prevent fraud, money laundering, and to verify your identity.

If we discover false or inaccurate information and suspect fraud, we’ll pass those details to fraud prevention agencies. Law enforcement and other public bodies (such as the police) may also access and use this information. We may check and/or file your details with fraud prevention databases and share information with other organisations for these purposes.

If fraud is detected, you could be refused certain services, finance, or employment. For more details on how your information may be used by your selected insurance provider and these agencies, please visit:

Investment Discounts On Line Limited and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:

Checking details on proposals and claims for all types of insurance.

We and other organisations may use this information when:

Checking details on insurance proposals and claims.
Verifying the identity of parties related to your contract, such as beneficiaries, trustees, settlors, third-party premium payers, executors, administrators, those with power of attorney, and other beneficial owners.

If you’d like more information about the fraud prevention agencies we work with, please contact us at customerservices@theidol.com.

Protecting your data outside the UK

Sometimes, we may need to transfer your personal information to trusted third parties such as suppliers, agents, or service providers based outside the UK. When we do this, we take all reasonable steps to ensure your data is protected to the same high standards we apply ourselves.
We’ll only transfer your data internationally where it’s legally permitted. This includes situations where:

The destination country has been deemed ‘adequate’ by the UK government.
The transfer is covered by standard data protection clauses approved by the UK Information Commissioner’s Office.
The recipient is part of an approved certification scheme, and appropriate safeguards are in place.

Wherever your data goes, we make sure it’s handled securely and in line with this privacy notice.

Your Rights

We believe your personal information belongs to you. That’s why, under the United Kingdom’s data protection laws, you have important rights over how your data is used. These include:

Being informed
You have the right to know how and why we use your personal information. This privacy notice is designed to keep you fully informed.
Accessing your data
You can ask us for a copy of the personal information we hold about you.
Correcting your data
If any of your information is inaccurate or incomplete, you can ask us to put it right.
Erasing your data
In certain circumstances, you can ask us to delete your personal information— for example, if it’s no longer needed or if you withdraw your consent.
Restricting how we use your data
You can ask us to limit how we use your information, such as while we check its accuracy or if you’d prefer restriction over deletion.
Objecting to processing
You can object to us using your information for certain purposes, including direct marketing.
Moving your data
You can ask us to send your personal information to you or another organisation in a format that’s easy to use.
Withdrawing your consent
Where we rely on your consent (for example, for marketing), you can change your mind at any time.
Challenging automated decisions
If a decision has been made about you solely by automated means, you can ask for an explanation and request a human review.

If you’d like to exercise any of these rights, just contact our Data Privacy Manager using the details in this notice. We’re here to help.

Your Right to Complain

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

Website: https://ico.org.uk
Address: First Contact Team, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Contacting Us About Your Personal Data

Legal & General Group has appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. theidol.com has appointed a Data Privacy Manager (DPM) to liaise with the Group DPO and manage day-to-day data protection matters.

If you have any questions about this privacy notice or how we handle your personal information, please contact:

Data Privacy Manager
Email: datacontroller@theidol.com
Address: theidol.com, The Edge, Eden Business Park, Penrith, Cumbria, CA11 9FB

If you need to contact Legal & General’s Group DPO directly:

Group Protection Officer
Email: Data.Protection@landg.com
Address: 1 Coleman Street, London, EC2R 5AA

Our Product & Service Providers
This list details the product & service providers to whom we disclose your information. For travel insurance, we will facilitate sharing of your personal data on behalf of your selected product provider to their third-party payment service provider. This is to enable verification of your identify to allow your payment to be processed securely.

Life
Legal & General, Zurich, VitalityLife, Beagle Street, LV=, AVPUK

ProtectMyPeople
Aviva, Canada Life, Legal & General, Unum, Zurich, AIG

AnnuityReady
Aviva, Canada Life, Just Retirement, Scottish Widows, Legal & General, Standard Life (Phoenix Group)

Servicing
Loqate, Reviews.co.uk, getAddress.io

Travel
CoverForYou, Admiral, Cedar Tree, RAC, Sainsburys Bank, Puffin, Outbacker, ERGO, Insurefor, Big Blue, Coverwise, Southdowns, Holiday Extras, esure, Tesco, Insurefor Med, Virgin Money HG, TravelInsurance4Medical, Select and Protect, Tesco Med, Explorer, TheAA, Insure and Escape, loveit coverit, TravelTime, Travel Insurance Saver, Viva, Switched On Insurance, Oasis, A to Z Insurance, AnnualTravelInsurance, multitrip.com, Post Office, Making Insurance Accessible, RIAS, Insure With Ease, Good To Go, Leisure Guard, Trusted, Direct Travel, AllSafe, Fit2Travel, Gigasure, GreatCover.com, Ok To Travel, Vibe, Avanti Go, Journy, Holiday Risk