CONSUMER PRIVACY NOTICE (also known as PRIVACY POLICY)

Last updated: February 2024

Protecting your personal information is extremely important to us. Our customers trust us to look after a huge amount of sensitive information on everything from their date of birth to their medical history

The way we collect, use, store and share your information is important. Our customers expect us to manage their information privately and securely. If we don't, they'll lose their trust in us.

This privacy notice tells you how we collect and process your personal information. Please take a few minutes to read it. Show it to anyone else connected to your product(s) or whose information you are sharing with us. For example, trustees and beneficiaries. This privacy notice may be subject to future change.

Unfortunately, sending information via e-mail is not completely secure; anything you send is at your own risk. Once received, we will secure your information in line with our security procedures and controls.

Who are we?

Investment Discounts On Line Limited is part of the Legal & General Group. We are a registered data controller of your personal data for the purposes of the Data Protection Act. Trading names of Investment Discounts On Line Limited are theidol.com, comparecover.com, protectmypeople.com, annuityready.com and clevermover.com.

What does this policy cover?

This privacy notice relates to:

• Retail customers
• Individual consumers of goods or services, including users of application-based technology.
• Individuals who get quotes, utilise our service, buy provider products.
• Customers who enter into agreements via our services, from one of the product providers hosted by us. This includes those covered under their employer group life schemes.
• Individuals that we may otherwise interact with in the course of our business.

We also have a separate privacy notice for professional business clients, which can be found on our website.

What is personal information?

When we talk about personal information, we mean information about an individual that can identify them. For example, their name, address, email address, IP address, telephone number and financial details. It may relate to customers (including prospective customers), employees, shareholders, business contacts and suppliers. Any reference to 'information' or 'data' in this privacy notice is a reference to personal information about a living individual.

What information do we hold?

We may collect and process the following personal information about you:

Type of data	Description	Examples of how we use it
Contact	Who you are Where you live (including previous addresses) How to contact you Third party contacts. For example, family members or friends	Servicing your products Marketing Analysis and profiling Enhancing our product and service offering Assessing eligibility based on product provider's requirements
Personal Details	Age Gender Family details Visual images and personal appearance Financial Details Lifestyle, health, medical information and social circumstances Employment details	Marketing Analysis and profiling Quotations provided Product underwriting Assessing eligibility based on product provider's requirements Services selected Financial crime prevention
Vulnerability details	Capability / capacity Financial circumstances Life events Health details	Ensuring accessibility Servicing your products Making sure the products and services meet customer needs
Transactional	Bank and/or card details How you use your products Changes you make to your products	Servicing your selected product Making sure our hosted products and services are fit for purpose Transmit your payment card details to your selected provider's Payment Service Provider
Consent and preferences	Ways you want us to market to you Ways you want selected product providers or partners to market to you Information from third parties acting on your behalf Lifestyle, health, medical information and social circumstances	Marketing Prevention of direct marketing to those who have opted out Obtain quotes including prices from product providers
Technical	Details on the devices and technology you use	Making sure our products and services are fit for purpose
Open data and public records	Information about you that is openly available on the internet. This includes social media platforms	Product and service administration
Documentary data and public records	Details about you that are stored in documents like you: Passport Driver's licence Birth certificate National insurance number	Identification and verification Prevention of financial crime
Location data	Your device's current location Use of location services such as the location services of your operating system, or browser, sensor data from your device. For example, Bluetooth data, beacon data, Wi-Fi access points, GPS data and cell tower data.	Some products and/or services will require location data for the purpose of access control functionality. However you can change location setting on your device at any time. We will never share your location with others, except to support your provider claims process, with your express consent or as permitted under the Privacy Notice.
	If you have turned on persistent background location services on your device, we may obtain your device's location even while you are not using the services or products on your device. The persistent background location services use various technologies to determine your precise location, such as the location services of your operating system or browser, sensor data from your device (e.g. magnetometer, barometer, gyroscopes, accelerometers, compasses, Bluetooth data, beacon data, Wi-Fi access points, GPS data, and cell tower data). If you have opted-in to sharing your background location with us as part of using our services or products, you can opt-out at any time by going into your device settings and switching off background sharing / location services.

Where do we get our information from?

• Information from you – information you give when you request a quote for one of our provider products or details regarding our products and services or contact us by phone, e-mail etc. This could include information you provide to us electronically. For example, through our website or an online portal. We may record phone calls for our mutual protection and to meet our regulatory and contractual obligations. This also helps us to improve our customer service standards.
• Information we collect about you or receive from other sources.
  • This could be:
    • Information we get from your online browsing activity.
    • Information from a third party.
    • Details from publicly available sources such as social media platforms or the electoral register.
  • We may also receive information if you have been:
    • Introduced to us by another company. For example, price comparison websites, aggregators, or one of our business partners.
    • Introduced to us by your employer (or their financial adviser).
    • Where we provide technical support as a supplier for companies.
• Cookies.
  • We use cookies and similar technologies to support the functioning of our websites and applications. This includes:
    • Allowing you to browse between pages effectively.
    • Recording and storing your preferences.
    • Improving your online experience.
    • Helping to ensure that adverts you see online are more relevant to you.
  You can find more information about setting your cookie preferences. Use the 'Cookie Policy' link at the bottom of our website or refer to The Idol's cookie policy here.

How do we use your information?

We use personal information that we hold about you:

• To share with the companies who provide the quotations for products and services that you request. Also, to provide you with the information, products and services that you've asked from us. This includes resolving and responding to complaints.
• To share with your selected insurance product provider. This is to enable a requested policy, product or service to be set up.
• To provide you with marketing information about other services or products we offer from our brands. These will be similar to those that you've enquired about. It will also include services or products you've consented to receiving. If you have opted in to receive marketing from us, based on your marketing preferences, we may deliver this information by:
  • Email
  • Post
  • Telephone
  • Personalised online marketing via our own systems
  • Social media platforms
  • Other third-party websites. For example, YouTube
  Please note that if you choose not to receive online marketing, you will not see personalised messages using your personal data. However, you may still see generic online advertising about our products and services. We will not sell your data to third parties for them to market to you. We may also send marketing to you using our 'legitimate interests'. Please see below for further information.
• Where you consent to marketing from your selected insurance product provider and/or partner on our website, we will share your request with them.
• To tell you about changes to our services and products.
• To comply with any applicable legal or regulatory requirements. This includes 'know your customer' checks. Also, to comply with any applicable regulatory reporting or disclosure requirements.
• For carrying out market research, statistical analysis and customer profiling. This helps us to improve our processes, products and services and generate new business. For example, to understand digital behaviours, identify financial attitudes, find new audiences with similar attributes and develop more engaging communications.
• To validate sales information.
• To run our business in an efficient and proper way. This includes testing our systems, managing our financial position, business capability, planning, communications, corporate governance, quality assurance and audit.
• To identify if there are gaps in the product offerings from our provider panel. This will allow us to work with providers to see if they can support customers currently limited, or no, quotes.
• For any other purpose that we've agreed with you from time to time.

When you request a quotation for a product or to receive a service from us, the online form (or in some instances the application form) you fill out or the resulting contract may have extra conditions relating to the way we use and process your personal information. These will apply in addition to the uses described in this document.

Whilst Investment Discounts On Line Limited remain the data controller in relation to the information you provide to us, the product and service providers (such as those insurance companies we request quotes from) will also act as data controllers in relation to the information we pass to them. Requesting a quotation will be taken as acceptance for your data to be passed to our panel of insurance and annuity providers.

Each product and service provider has their own privacy policy and terms and conditions available on their website which will apply to their treatment of the data.

In some cases, we may use software or systems to make automated decisions (including profiling). This is based on the personal information we hold or collect from others. These may include:

• The prevention and detection of fraud and financial crime
  To perform transaction monitoring, identity verification, money laundering and sanctions checks. And to identify politically exposed individuals. We are required by law to perform these activities which may be achieved using solely automated means to make decisions about you or any individual related to your product or application. We, or the insurance provider, may use these activities to decline the services you have requested or to stop providing existing services to you.
• Providing quotes, calculating premiums, and underwriting ratings
  We may process a number of factors including information about you and your health, lifestyle information. For example, your postcode, occupation and hazardous pursuits that you perform. These factors may be assessed against our hosted panel of providers pricing and underwriting criteria. It may include statistics regarding life expectancy, illness, injury and demographic risks. The product providers may use these activities to determine the price of your products and whether they should undertake the risk of insuring you. This includes how much insurance should be granted to you how much you should pay for it, and whether to insure you in the first place. These decisions may be achieved using solely automated means.
• Artificial Intelligence (AI) and Speech Analytics
  We may use speech analytics on recorded phone calls. This is to meet our regulatory obligations. For example, to identify vulnerable customers, complaints, staff training needs, process and product service development, quality control and audit. These profiling activities are not solely based on automated processing. The results are manually reviewed to decide if we need to take further action.
  We are also exploring whether AI technologies can help in other scenarios, for example to summarise long, technical or complex documents. This may include using your data to help train AI. However, this will not result in any decisions being applied against you.
• Servicing activities such as
  (i) Personalising the content and design of communications and online services and
  (ii) Determining when to provide tailored communications about your products and the appropriate channel(s) to use.
  These may be achieved using profiling to predict certain characteristics about you. For example, your economic situation, interests, personal preferences or transactional behaviour. The activities will not have a detrimental effect on you.

Using your information in accordance with data protection laws

Data protection laws need us to meet certain conditions before we're allowed to use your personal information in the way we describe in this privacy notice. We take these responsibilities extremely seriously. To use your personal information, we'll rely on the following conditions, depending on the activities we're carrying out:

• Providing our services to you:
  We'll process your personal information to carry out our responsibilities resulting from any agreements you've entered with us. Also to provide you with the information, products and services you've asked from us. This may include online services.
• Complying with applicable laws:
  We may process your personal information to comply with any legal obligation we're subject to.
• Consent:
  Where you have consented, we will contact third parties to obtain or share information on your behalf.
  We may also provide you with the opportunity to consent to certain optional processes. Such as responding to surveys or participating in focus groups.
  We may provide you with marketing information about our services or products where you've provided your consent for us to do so.
  You may opt out of marketing at any time by visiting our Unsubscribe service, emailing customerservices@theidol.com or by telephoning our customer service team on 0800 915 7885.
  We may obtain contain consent on behalf of the insurance provider you have chosen to buy from. This is so you can receive marketing information about their services or products. You can opt out of marketing at any time by visiting their Unsubscribe service or emailing their customers services.
• Legitimate interests:
  To use your personal data for any other purpose described in this privacy notice, we will rely on a condition known as "legitimate interests". It is in our legitimate interests to collect your personal data. This is because it provides us with the information that we need to provide our services to you more effectively. We may use your information to:
  
  
  • Carry out market research and product development. This can include creating customer demographics and/or profiling.
  • Develop and test the effectiveness of marketing activities.
  • Develop, test and manage our brands, products and services.
  • Send marketing information, via post only, to customers who have a relevant and appropriate relationship with us. And to other individuals we believe may be interested in our products. This will not apply if they have opted out (which can be done at any time).
  • On occasion we may wish to send a card or small gift to a customer, in recognition of their circumstances.
  • Analyse and manage how our customers use products and services from us and our business partners. This includes through customer surveys.
  • To use legitimate interest, we must carry out an assessment of our interests in using your personal data against the interests you have as a citizen and the rights you have under data protection laws.

  The outcome of this assessment will determine whether we can rely on legitimate interest in order to process your personal data. We'll always act reasonably and give full and proper consideration to your interests in carrying out this assessment.

• Special category data:
  We may process medical and health, racial and ethnic origin, genetic and biometric or sex life and sexual orientation information you have provided with the insurance providers, and any other sensitive information obtained from a third party. This is solely for the purposes of allowing us to administer your products. Our lawful basis for processing will be either vital interests, public interests in accordance with applicable law, or by obtaining your explicit consent. We will only process data that is needed for specific processes.
• Criminal Conviction Data:
  To meet legal obligations, we may process this type of information for the purposes of allowing providers to underwrite and administer your products and deal with claims. Also for the prevention of financial crime (see below for further details).

Please be aware that the personal information you provide to us, and which we collect about you, is needed for us to be able to provide our services to you. Without it, we may not be able to do so.

How long do we keep your information for?

We'll keep your personal information in accordance with our internal retention policies. The length of time we keep it for is based on the minimum retention periods required by law or regulation. We'll only keep your personal information after this period if there's a legitimate and provable business reason to do so.

For annuity products, we may retain your personal information indefinitely using the legitimate interests condition. This is to support future enquires from you, your family or our regulators.

Occasionally, it may be impossible to delete data, due to technical limitations. In these cases, we will take steps to put the data beyond use. This means that your data will not be access or shared and your rights and freedoms will not be affected.

Who do we share your personal information with?

We'll only disclose your information to:

• Our hosted panel of product providers, insurance service providers, third-party suppliers, contractors and the company that has referred you to us (including their third-party suppliers) for the purposes listed under 'How do we use your information?' above.
• The relevant payment service provider who processes your premium payment on behalf of your selected product provider. No payment card details will be stored by theidol.com. Should you have any payment or payment card queries you should contact your insurer direct.
• Selected third parties. This is so they can contact you with details of the products and services that they provide, where you have expressly opted-in or consented to the disclosure of your personal data for these purposes.
• Our regulators, law enforcement agencies, data verification and fraud prevention agencies, as well as our business partners, etc.

Additionally, we may disclose your personal information to third parties:

• In the event that we sell or buy any business or assets. In which case we'll disclose your personal data to the prospective seller or buyer of such business or assets.
• For employer sponsored schemes, we may share some details of your plan with your employer and any professional advisor(s) they appoint on their or your behalf to service.
• In order to apply the terms of any service with you.
• To protect you and your selected provider from financial crime, we may be required to verify the identity of new and sometimes existing customers. This may be achieved by using credit reference agencies to search sources of information relating to you. This is known as an identity search. If this fails, we may need to approach you to obtain documentary evidence of identity.
  The checks will not affect your credit rating, but your credit record may show that a search has been made. This is sometimes referred to as a soft footprint.
• If you make a claim, we'll share your information (where necessary) if requested by your selected insurance or annuity company to prevent fraudulent claims.

Additionally, your information, including special category and criminal conviction data, may be disclosed to any other insurance company to whom you apply for products or services.

As well as sharing your information with insurance or annuity providers, if you've been introduced to us by another company we may share your information with them. For example, your aggregator, price comparison website, employer or their financial adviser. This is to enable them to:

• Underwrite your product (insurance and annuity providers only)
• Administer and service your products.
• Validate the information provided.
• Carry out market research, statistical analysis and customer profiling.
• Where you have consented, send you marketing information by post, telephone, email and online about their products and those of carefully selected third parties.
• Assist you with your quote and / or application process.

Fraud prevention

The personal information Investment Discounts On Line Limited collects from you may be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity.

If we identify that false or inaccurate information has been provided and fraud is identified, we will pass details to fraud prevention agencies. Law enforcement agencies may access and use this information. We may also share information about you with other organisations and public bodies, including the police and we may check and/or file your details with fraud prevention agencies and databases.

If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information may be used by us or your selected insurance provider and these fraud prevention agencies can be found by accessing these links:

• CIFAS: www.cifas.org.uk/fpn
• National Hunter: https://www.nhunter.co.uk/privacypolicy

Investment Discounts On Line Limited and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:

• Checking details on proposals and claims for all types of insurance.
• Investment Discounts On Line Limited and other organisations may access and use the information recorded by fraud prevention agencies. Please contact us if you wish to receive the relevant details of the fraud prevention agencies by emailing customerservices@theidol.com.

Investment Discounts On Line Limited or your selected provider may also check the details of other parties related to your contract, including verification of identity. This includes beneficiaries, trustees, settlors, third party premium payers, executors or administrators of your estate, parties with power of attorney and any other beneficial owner.

Protecting your data outside the UK

The data that we collect from you may be transferred to, and stored at, a destination outside the UK to third-party suppliers, delegates or agents. We'll take all reasonably necessary steps to make sure that your data is treated securely and in accordance with this privacy notice to ensure your personal information is handled with the same protections that we apply ourselves.

We'll only transfer your data to a recipient outside the UK where we're permitted to do so by law (for instance, (a) where the transfer is based on standard data protection clauses adopted or approved by the UK's Information Commission's Office, (b) where the transfer is to a territory that is deemed adequate by the UK, or (c) where the recipient is subject to an approved certification mechanism and the personal information is subject to appropriate safeguards, etc.).

Your Rights

You have rights under data protection law that relate to the way we process your personal data. More information on these rights can be found on the Information Commissioner's website. If you wish to exercise any these rights, please get in touch with our customer services team by emailing customerservices@theidol.com or by telephoning our customer service team on 0800 915 7885.

Your Rights

1.   The right to be informed about how we process your personal information. This right is met by the provision of this document.

2.   The right to access the personal data that we hold about you.

3.   The right to make us correct any inaccurate personal data we hold about you.

4.   The right to ask us to erase any personal data we hold about you. This right will only apply where for example: We no longer need to use the personal data to achieve the purpose we collected it for. You withdraw your consent if we're using your personal data based on that consent. Where you object to the way we use your data, and there is no overriding legitimate interest.

5.   The right to restrict our processing of the personal data we hold about you. This right will only apply where for example: You dispute the accuracy of the personal data we hold. You would like your data erased, but we need to hold it in order to stop its processing. You have the right to require us to erase the personal data but you would prefer that our processing is restricted instead. Where we no longer need to use the personal data to achieve the purpose we collected it for, but you need the data for legal claims.

6.   The right to object to our processing of personal data we hold about you (including for the purposes of sending marketing materials to you or using your personal information for profiling purposes).

7.   The right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to make us transfer this personal data to another organisation.

8.   The right to withdraw your consent. This only applies where we're relying on your consent in order to use your personal data (for example, to provide you with marketing information about our services or products).

9.   For automated decisions (including profiling), you have the right to: Obtain an explanation of the decision and challenge it Request for the decision to be reviewed by a human being

Contacts and complaints

If you have any questions about this privacy policy or wish to exercise any of your rights, including changing your marketing preferences, please get in touch with our Customer Services team.

If you have any concerns about the way we process your personal data, or are not happy with the way we've handled a request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office. Their address is:

First Contact Team
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

Data Protection Officer

If you'd like to exercise your right to access any personal information that we hold about you, write to: theidol.com, The Edge, Eden Business Park, Penrith, Cumbria CA11 9FB

You can also contact our Data Protection Manager directly with any questions or issues relating to the way we process your personal information:

Name: Mary Davis
Email address: datacontroller@theidol.com
Address: The Edge, Eden Business Park, Penrith, Cumbria, CA11 9FB

If you are not satisfied with the way we deal with your enquiry you can escalate your request to:

Group Data Protection Officer
Email address: Data.Protection@landg.com
Address: 1 Coleman Street, London, EC2R 5AA

Our Product and Service Providers

This list details the product and service providers to whom we disclose your information.

For travel insurance, we will facilitate sharing of your personal data on behalf of your selected product provider to their third-party payment service provider. This is to enable verification of your identify to allow your payment to be processed securely.

Life
Legal & General, Zurich, VitalityLife, AIG, Beagle Street, LV=

Pet
Purely Pets, Pet Protect, Healthy Pets, Pet-Insurance, John Lewis, 4Paws Pet Insurance, The Insurance Emporium, Everypaw, Sainsburys Bank, Argos HIS, Lifetime Pet Cover, Waggel, Perfect Pet, Asda Money, Only Paws, Spot On, AnimalFriends, Napo, Scratch and Patch, Coop, PDSA CP, Many Pets, Now Pet, Post Office, LV, Petsure, RSPCA, Puffin

ProtectMyPeople
Aviva, Canada Life, Legal & General, Unum, Zurich, AIG

AnnuityReady
Aviva, Canada Life, Just Retirement, Scottish Widows, Legal & General, Standard Life (Phoenix Group)

Servicing
Loqate, Reviews.co.uk, getAddress.io

Travel
CoverForYou, Admiral, Cedar Tree, RAC, Sainsburys Bank, Puffin, Outbacker, ERGO, Insurefor, Big Blue, Coverwise, Southdowns, Holiday Extras, esure, Tesco, Insurefor Med, Virgin Money HG, TravelInsurance4Medical, Select and Protect, Tesco Med, Explorer, TheAA, Insure and Escape, loveit coverit, TravelTime, Travel Insurance Saver, Holiday Risk, StartTravel, Viva, Switched On Insurance, Oasis, Essential Travel, A to Z Insurance, AnnualTravelInsurance, multitrip.com, Post Office, Making Insurance Accessible, RIAS, Insure With Ease, Your Travel Cover, Good To Go, Leisure Guard, Trusted, Direct Travel, AllSafe, Fit2Travel, Able2Travel