Windsor Life Assurance
    Link to HOME Page - Graphic of Windsor Life Assurance Company Logo
legal  |   glossary  |   site map  |   data protection  
  Our data protection policy.

Data protection policy

1) Introduction
Windsor Life needs to collect and use certain information, for example personal data about its past, present and prospective customers, in order to carry on its business and meet customers’ requirements effectively.

To comply with the law, information must be used fairly, stored safely and not disclosed to any other person unlawfully. Windsor Life recognises that the lawful and correct treatment of personal data is very important to successful operations and to maintaining our customers’ confidence.

2) The Data Protection Act Principles
Any personal data that we collect, record or use in any way, whether it is held on paper, on fiche, on computer or other media will have appropriate safeguards applied to it to ensure that we comply with the Data Protection Act 1998 (the Act). To do this, Windsor Life must adhere to the eight Data Protection principles that are set out in the Act. In summary, these principles state that personal data shall be:

  1. obtained and processed fairly and lawfully and not processed unless certain conditions are met
  2. processed for specific and lawful purpose and not in any manner incompatible with that purpose
  3. adequate, relevant and not excessive for that purpose
  4. accurate and kept up to date
  5. not kept for longer than is necessary for that purpose
  6. processed in accordance with the data subject’s rights
  7. kept secure and safe from unauthorised access, accidental loss or destruction
  8. not transferred to a country outside of the European Economic Area (EEA), unless that country has equivalent levels of protection for personal data.

Our purpose for holding personal data and a general description of the categories of people and organisations to whom we may disclose it are listed on the Data Protection Register. These details are publicly available from the Information Commissioner’s office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (Tel 01625 545745, Fax 01625 524510) or via their website (www.ico.gov.uk link opens in new window).

3) Our commitment under the Act
In order to meet the requirements of the principles, we will:

  • observe the conditions regarding the fair collection and use of personal data
  • meet our obligations to specify the purpose for which personal data is used
  • collect and process appropriate personal data only to the extent that is needed to fulfil operational needs or to comply with any legal requirements
  • ensure the quality of personal data used
  • apply checks to determine the length of time personal data is held and securely destroy data and information which is no longer needed
  • ensure that the rights of individuals about whom personal data is held, can be fully exercised under the Act
  • strive to respond to all requests from individuals to access their personal data within the statutory timescales
  • take appropriate security measures to safeguard personal data
  • provide guidelines and training for employees and ensure, where appropriate, breaches of this policy are recorded in a Breach Register, dealt with under the Company’s disciplinary rules and changes to procedures are implemented accordingly
  • ensure that personal data is not transferred to any third party or to any destination outside the UK/EU without suitable safeguards.

When we collect any personal data from you, we will inform you why we are collecting your data and what we intend to use it for. The nature of our business means we reserve the right to retain/maintain personal data about you, in order to meet the terms and conditions detailed within your policy documentation, over the long term. We will endeavour to ensure that the quality and accuracy of significant personal data is maintained over the duration it is held.

When we collect any sensitive data, we will take appropriate steps to ensure that we have explicit consent to hold, use and retain the information. Sensitive data is personal data about an individual’s racial or ethnic origin, gender, family details, political opinions, religious beliefs, trade union membership, physical or mental health, sex life and details of the commission or alleged commission of any offence leading to court proceedings.

Because this information is considered sensitive, and it is recognised that the processing of it may cause concern or distress to individuals, customers will be asked to give express consent for Windsor Life to process this information. Offers of new business may be withdrawn if an individual refuses to consent to this, without good reason.

4) Compliance with the Act
Windsor Life is the Data Controller under the Act, and the board is therefore ultimately responsible for compliance with the statutory legislative requirements. A Senior Manager is the appointed Data Protection Officer, responsible for overseeing implementation of our obligations under the Act. However, all staff are Data Controllers and will be held legally responsible for the safe day to day processing and handling of personal data.

5) Subject Access Requests
Under the Data Protection Act 1998 any individual can write to the Data Protection Officer to request a copy of the information we hold about them, known as the right of subject access. If we receive a Subject Access Request, we must send a copy of the information we hold on an individual, a description of why this information is processed, anyone it may be passed to, the logic involved in any automated decisions, and an explanation of any codes provided within 40 days from the date of receipt. Under the Act, however, individuals are not entitled to a copy of documentation containing personal data relating to them.

We reserve the right to charge the maximum fee payable as outlined in the Act for providing this information.

Our head office address to write to is Windsor Life Assurance Company Ltd, Windsor House, Telford Centre, Shropshire, TF3 4NB. If any information is inaccurate or incorrect we will correct it.

We must follow special procedures if you request any medical reports that we have received from third parties, for example health professionals. The Data Protection (Subject Access Modification)(Health) Order 2000 requires that we obtain your GP’s consent before health records we have from third parties are released to you. It is our practice to send all health records to your GP so that he/she may decide whether to release them to you. Furthermore, we do not discuss any medical information with policyholders or third parties over the telephone. Under the terms of the Act, we charge a fee of £10 for access to manual health records.

6) Marketing
We have a responsible marketing policy. Customers may be contacted by mail or telephone with details of other products or services. If an individual does not wish to be marketed in this way they can write to the Data Protection Officer, at our head office, quoting their full name, date of birth and policy number (if known).

Windsor Life may record and monitor telephone calls for quality assurance; legal; regulatory; and training purposes, to help improve customer service. Calls will be automatically recorded, therefore, if you do not wish for your call to be recorded please communicate with us in writing.

7) Sharing data with Third Parties
From time to time, we may need to provide some of your personal information to third parties which help us maintain and develop Company Applications or assist in the delivery of specific services to you. Information is only given to those third parties for that limited purpose. Where we disclose information to third parties we require them to have appropriate measures to protect this information and fully comply with the Data Protection Act 1998.

Back to top