Aviva Sustainability and Social Action Privacy Policy

Sources of personal Information

We may collect Personal Information directly from you, including from your participation in or donation to the Fund, and other Aviva sustainability and social action initiatives, from communications between us, and from your use of our apps and websites. If you are an employee, we may use data that you have previously provided to us during your employment with us to pre-populate basic contact details.

We may also obtain Personal Information from third parties, including the following:

• an organisation that you represent or are associated with (e.g. as a volunteer);
• your employer where they work with Aviva in relation to an Aviva sustainability and social action initiative;
• Aviva group companies;
• service providers, including media and creative agencies and events organisers;
• publicly available sources, including news articles, websites and social media platforms, apps and networks (e.g. Twitter, Facebook and Instagram);
•  Government agencies and regulatory bodies, including the Charity Commission, Companies House and HM Revenue & Customs (HMRC);
•  third party providers when we conduct due diligence and carry out checks to detect financial crime; and
• regulators who regulate how we operate, including the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), Information Commissioner’s Office (ICO) and the Financial Ombudsman Service (FOS).

Crowdfunder

If you participate in or volunteer with the Fund or donate to a project participating in the Fund, Aviva may also receive Personal Information about you from Crowdfunder. Crowdfunder assists us to run and administer the Fund and is also a controller of your Personal Information. Please see Crowdfunder’s privacy policy for more information about how Crowdfunder uses your Personal Information.

Types of Personal Information collected

The Personal Information we hold and process will depend on our relationship with you.

Personal Information provided by you or third parties, including:

• General data – includes your name, date of birth;
• Contact data – includes address, telephone number and e-mail address;
• Appearance and behavioural data – includes your gender, age, general interests, dietary preferences, descriptive data (e.g. your height), photos, video or audio recordings of you, demographic data and behavioural data;
• Education and employment-related data – includes your education, vocational and professional qualifications, employment status and job title, and other skills;
• Financial data – includes credit and payment card numbers and bank account details;
• Authentication data – includes account log-in information, passwords and memorable data for accessing your Aviva accounts;
• Marketing and communication preferences, promotion entries and feedback – includes marketing and communication preferences, information relating to promotions and prize draws and responses to surveys;
• Volunteering information – includes data gathered and provided relating to your volunteering activities and preferences, for example date and time of volunteering, location of volunteering, hours volunteered and name of cause supported; and
• Any other information you share with us.

Information collected from your devices, including:

• Mobile device number, device type, operating system, browser, serial number, MAC address, IP address, location and account activity obtained through our use of cookies.

You can find more about our use of cookies in our Cookie Policy.

Children’s data and Sensitive Personal Information

We do not knowingly collect Personal Information about children or other Personal Information that is sensitive in nature, including special category data (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) or information about criminal convictions or offences. We therefore remind you not to share any information about yourself or others including minors or vulnerable persons that would constitute such data.

Uses of Personal Information

• The main purposes for which we will use Personal Information are to:
• Communicate with you and / or an organisation you represent;
• Administer and improve Aviva sustainability and social action initiatives, including the Fund;
• Provide marketing information and offer competitions, promotions and prize draws in accordance with your preferences;
• Manage relationships with third parties and our charitable partners, e.g. Crowdfunder and the World Wide Fund for Nature (WWF);
• Prevent, detect and investigate fraud and other financial crime, including by carrying out fraud, sanctions and anti-money laundering checks;
• Help us better understand participants in Aviva sustainability and social action initiatives, including noting your interest in our website, understanding your user journey, and use of profiled data (which is not actual information about you but predictions about you, e.g. assumptions about your interests based on the initiatives your participate in). This allows us to make correlations about individuals to improve and promote our initiatives and to suggest other initiatives which may be relevant or of interest;
• Conduct insight analysis, market research and focus groups, e.g. gathering your feedback on the Fund or on your volunteering experience;
• Manage complaints, including to allow us to respond to any current complaints, or challenges you or others might raise later, for internal training and monitoring purposes and to help us improve our complaints handling processes. We may be obliged to forward details about your complaints, including your Personal Information, to the appropriate authorities, e.g. the Charity Commission;
• Manage feedback and queries, and handle requests to exercise data subject rights. For further information see the section on Data Rights below.
• Manage our business operations, including by carrying out internal audits, quality assurance and training, financial analysis and accounting, producing management information, maintaining information security and performing administrative activities in connection with the services we provide;
• Comply with applicable legal, regulatory and professional obligations, including to comply with law enforcement and to manage legal claims; and
• Establish, enforce and defend our legal rights or those of third parties.

Lawful bases for uses of Personal Information

We are committed to collecting and using Personal Information in accordance with applicable data protection laws. By law, we must have a legal justification, known as a lawful basis, in order to use your Personal Information for the purposes described in this Privacy Policy. Depending upon the purpose, our lawful basis will be one of the following:

• Legitimate interests – to administer Aviva sustainability and social action initiatives or for any other purposes we identify as appropriate to our legitimate interests or the legitimate interests of a third party;
• Consent – where we have obtained appropriate consents to collect or use your Personal Information for a particular purpose, e.g. to update you on other sustainability and social action initiatives to you. You may withdraw this consent at any time; or
• Compliance with a legal obligation – to meet responsibilities we have to our regulators, tax officials, law enforcement, or other legal responsibilities.

Where we rely on legitimate interests as our lawful basis, we are required to carry out a balancing test to ensure that our interests, or those of a third party, do not override the rights and freedoms that you have as an individual. The outcome of this balancing test will determine whether we can use your Personal Information for the purposes described in this Privacy Policy. Where we rely on the lawful basis of legitimate interests, the interests being relied upon will usually be:

• To administer Aviva sustainability and social action initiatives and to develop and improve such initiatives;
• To further our Aviva sustainability and social action objectives, or those of a third party, e.g. to produce management information on initiatives;
• To provide you with helpful information relating to your participation in Aviva sustainability and social action initiatives (such as the Fund), and to send you marketing information in accordance with your preferences;
• To help us better understand participants in Aviva sustainability and social action initiatives, including by carrying out research, analytics and profiling, e.g. by making certain predictions and assumptions about your interests;
• To comply with our legal and regulatory obligations, guidelines, standards and codes of conduct;
• To retain records for a period of time in order to ensure we have appropriate records in place in respect of any future claims that may be made against us; and
• To manage our business operations and safeguard information about individuals, e.g. fraud and financial crime checks, maintaining the security of our IT network and information.

In connection with the purposes set out above, we may share your Personal Information within the Aviva Group and with third parties, including:

• Crowdfunder, who assist us to run and administer the Fund, including powering the Fund webpage;
• Our community and charitable partners, when we work together on Aviva sustainability and social action initiatives, such as the WWF;
• Providers of marketing and advertising services, who support us in promoting Aviva sustainability and social action initiatives, delivering and administering marketing to interested audiences, and analysing marketing campaigns. These may include media and creative agencies, social media and other online platforms and advertising technology companies;
• Event organisers, administrators and fulfilment partners who assist us to run and administer Aviva sustainability and social action initiatives;
• Government agencies and regulatory bodies, including the Charity Commission;
• Service providers, including those who help operate our IT, back office systems and our information security controls; and
• Research agencies, who assist us in understanding and gathering feedback provided by participants in Aviva sustainability and social action initiatives.

Some of the organisations we share information with may be located outside of the UK. For further information, please see the section on International Data Transfers.

We may share Personal Information about our employees with Crowdfunder for the following purposes:

• To administer and maintain ‘wallets’ or vouchers employees can use to donate to Aviva sustainability and social action initiatives; and
• To facilitate volunteering by employees through the Fund webpage, for example to record your interest in projects, or to record your employee volunteering hours.  

If you are an employee, you may also refer to the Aviva People Privacy Notice.

We keep Personal Information for as long as is reasonably necessary to fulfill the purposes we collected it for.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. 

If you would like more information about how and why we retain your data, please contact us.

Sometimes we, or third parties acting on our behalf, may need to transfer Personal Information outside of the UK. We’ll always take steps to ensure that any transfer of Personal Information outside the UK is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place. This might include transfers to countries that the UK considers will provide adequate levels of data protection for your Personal Information (such as countries in the European Economic Area) or putting contractual obligations in place with the party we are sending information to. Transfers within the Aviva group will be covered by an agreement entered into by members of the Aviva group (an intra-group agreement) which contractually obliges each group company to ensure that your Personal Information receives an adequate and consistent level of protection wherever it is transferred within the group.

For more information about data transfers and the safeguards we have put in place, please contact us.

 We may use Personal Information to send you direct marketing communications relating to Aviva sustainability and social action initiatives if you have subscribed to receive them. We may also use Personal Information to help us identify and tailor information that may be of interest to you. This may include communications about how you can support the Fund, our recent case studies, and competitions, promotions and prize draws.

Marketing communications may be sent by email and post. You may also see display advertising on websites, mobile applications, social media, television or in online search results.

You have control over our use of your Personal Information in relation to marketing communications. You can:

• Opt out of receiving email marketing by clicking on ‘unsubscribe’ in the footer of our emails;
• Subscribe or opt-out of receiving Aviva news regarding community and sustainability initiatives when you log in to the Fund webpage; or
• Change your marketing preferences at any time by e-mailing us at communityfund@aviva.com, calling us by phone 01603 622200 or +44 1603 604999 (from abroad) or writing to us at Aviva, Freepost, Mailing Exclusion Team, Unit 5, Wanlip Road Ind Est, Syston, Leicester, LE7 1PD.  

Please note that you will need to Contact Crowdfunder directly if you wish to opt-out of their Marketing, details of how to do so can be located in their Privacy Policy.

Please remember that if you opt out of receiving Aviva marketing, we may still send you communications relating to your participation in Aviva sustainability and social action initiatives, including surveys and research. If you choose to opt out of direct marketing, you may still see generic advertising displayed online.

Cookies

We may rely on third-party advertising technology (such as the deployment of cookies or small text files on our website or pixels within emails) to collect information about you. This technology is used to optimise what you may see on Aviva websites and deliver content when you are browsing elsewhere. We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services.

For further information about cookies and other technologies we use on Aviva websites and how to manage cookies, please see our Cookie Policy.

For information about the cookies and other technologies used on the Fund website, please see the Crowdfunder Cookie Policy.

Social media and online platforms

We may share Personal Information with media agencies and social media and other online platforms to help us target our online marketing. Social media and other online platforms may also use Personal Information they hold and combine it with Personal Information received from us to create target audiences. These are audiences that we think would be interested in our online advertising. This may involve social media and other online platforms building a ‘lookalike’ profile of the type of person we are trying to target and providing specific adverts to those people when they browse the internet or use social media.

If we use or share Personal Information with third parties in order to send you direct marketing, we will respect the marketing preferences you have set. We recommend you routinely review the privacy notices and preference settings for any online platforms and smart devices you use as they will dictate how adverts and other messages are displayed and shared across those platforms.

Marketing profiles

We may use automated processes to help us provide more relevant and personalised marketing. To do this, our automated process creates a marketing profile for you using information such as:

• Identification data;
• Behavioural data (e.g. data relating to your use of our website);
• Your gender and age;
• Contact data;
• Details of our interactions with you; and
• Device data.

We may also create profiles using your Personal Information together with information relating to other individuals. We use these profiles to decide what marketing may be of interest to individuals with similar characteristics to you.

Competitions, promotions and prize draws

We occasionally run competitions, promotions and prize draws. Our communications to you about competitions, promotions and prize draws before you enter them are marketing. If you opt out of receiving direct marketing, you will not receive communications about competitions, promotions and prize draws.

We may use your Personal Information to select you as a winner, inform you of outcomes and send prizes to your nominated address. We may use third party fulfilment partners to assist us in administering competitions, promotions and prize draws, including contacting you on our behalf. In accordance with the rules of the Advertising Standards Authority, we may publish or make publicly available information that indicates that a valid award has taken place. If we do this, only your surname, country and, if applicable, your winning entry, will be published. You have the right to object to this use of your Personal Information.

You have legal rights under data protection laws in relation to your Personal Information. Read below to learn more about each right you may have.

We may ask you for proof of identity when you make a request to exercise any of these rights. We do this to ensure we only disclose information to the right individual.

We aim to respond to all valid requests within one month. It may take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked. This is because your rights will not always apply, e.g. if it would impact the duty of confidentiality we owe to others, or if the law allow us to deal with the request in a different way. We will always explain to you how we are dealing with your request. In some circumstances (such as the right to erasure or withdrawal of consent), exercising a right might mean that we can no longer provide a product or service to you.

For further information about or to exercise any of your rights, please contact us. If you wish to make a subject access request, please fill out this form.

If you are an employee, you may also refer to the Aviva People Privacy Notice.

Your rights are as follows:

• Access to your Personal Information 
  • You may ask us for a copy of your Personal Information together with specified details about how we use your information. This is commonly known as a ‘subject access request’.
  •  If you wish to make a subject access request, please fill out this form or write to us using the details in the Contacting Aviva section.
  • If your request is made electronically, we will, where possible, respond to you electronically. Otherwise, we will normally respond in writing unless you request otherwise.
• Rectification of your Personal Information  
  • We do our best to ensure that your Personal Information is accurate and kept up to date. If you believe your information is inaccurate or incomplete, then please contact us to request that we amend or update it.
• Erasing your Personal Information  
  • You may ask us to erase your Personal Information, but this right only applies in certain circumstances, e.g. where:
  • it is no longer necessary for us to use your Personal Information for the original purpose;
  • our lawful basis for using your Personal Information is consent and you withdraw your consent; or
  • our lawful basis is legitimate interests and there is no overriding legitimate interest to continue using your Personal Information if you object.
  • This isn’t an absolute right and we have to balance your request against other factors such as legal or regulatory requirements, which may mean we cannot erase your Personal Information.
• Restricting processing of your Personal Information
  • You may ask us to stop using your Personal Information in certain circumstances such as:
    • where you have contacted us about the accuracy of your Personal Information and we are checking the accuracy;
    • if you have objected to your Personal Information being used based on legitimate interests.
    • This isn’t an absolute right and we may not be able to comply with your request.
• Data portability
  • In some cases, you can ask us to transfer Personal Information that you have provided to us to another third party of your choice. This right only applies where:
    • we have justified our use of your Personal Information based on your consent or the performance of a contract with you; and
    • our use of your Personal Information is by electronic means.
• Right to object
  • You can object if you no longer wish to receive direct marketing from us.
  • You may also object where you have grounds relating to your particular situation and the lawful basis we rely on for using your Personal Information is our (or a third party's) legitimate interests. However, we may continue to use your Personal Information where there are compelling legitimate grounds to do so.
• Automated decision making and profiling
  • You have the right not to be subject to a decision using your Personal Information which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. This right does not apply if the decision is:
    • necessary for the purposes of a contract between us and you;
    • authorised by law (e.g. to prevent fraud); or
    • based on your explicit consent.
  • You do however have a right to request human intervention, express your view and challenge the decision.
• Withdrawing consent
  • In some circumstances we ask for your consent to use your Personal Information. You are free to withdraw your consent at any time.
  • If it is the case that we need your consent to provide you with a particular product or service and you wish to withdraw your consent, we may no longer be able to provide that product or service to you. Where that is the case, we will inform you before taking any action.

If you have any questions about this Privacy Policy or how to exercise your rights, please contact our Data Protection Officer.

Write to: The Data Protection Team, Aviva, PO Box 7684, Pitheavlis, Perth, PH2 1JR

Email us: DATAPRT@aviva.com

If you'd like to submit a subject access request, please fill out this form or write to us at the above address.

If you’re not happy with the way we’re handling your Personal Information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioner's Office (ICO). We ask that you please attempt to resolve any issues with us before contacting the ICO. 

This Privacy Policy is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it’s as transparent as possible, so please check back here for the current version. You can see when this Privacy Policy was last updated by checking at the top of this page.