AIA is the controller and is responsible for your personal data. We are committed to ensuring that your privacy is protected. By using our website, you may be providing us with some of your personal information and we want to make sure that we do not use your data in a way that you would not expect. AIA assure you that your personal information will only be used in accordance with this privacy statement and in compliance with the latest privacy regulations.
AIA may change this policy in future by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 10/07/2021.
Personal Information We Collect
Personal information is any information about an individual from which that person can be identified. It does not include data which has been anonymised.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Contact information: Name, address (including postal, email and IP addresses) telephone numbers and gender
• Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
• Financial Data: includes previous lenders/financial institutions used by you and the financial products taken.
• Usage Data includes information about how you use our website, products and services.
• Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
• Special Category Data: We will only process special category data where you have provided this to us and given your explicit consent to store it or we have a legal/regulatory obligation to. This includes race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data
This list may not include all the information we require when providing our service/s. The information we ask you for will relate to your specific enquiry and will only consist of the information we need to carry out our service. If you contact us other than via our website, we may keep a record of that correspondence and a copy of call recordings.
Method of collection
- Direct interactions: By you filling in forms on our website or social media or by corresponding with us by post, phone, email or otherwise.
- Third parties or public sources: We may receive information about you from various reputable third-party lead providers, from regulators or from publicly available data. We will always inform you where we have obtained your information from if requested by you.
The basis on which we process your information
- The legal grounds for processing your personal information depend upon the nature of our relationship with you and the context of processing and are as follows:
- Processing is necessary for the performance of a contract with you, or to take steps prior to entering into a contract with you.
- Processing is necessary for the purposes of your legitimate interests or our legitimate interests, where your fundamental rights and interests do not override those interests. In order to determine this we shall undertake a Legitimate Interests Assessment, which we keep a record of and review on an annual basis or, at any point where it is deemed necessary to review and/or update it.
- Processing is necessary for compliance with mandatory legal or regulatory obligations to which we are subject to.
- Processing is undertaken after you have given us your express consent.
What we use your personal information for
|We collect/store or use your information to…||Legal basis|
|provide the service you have requested||Contract|
|send to our third-party service provider partners||Consent, Legitimate Interest, Contract|
|send you information regarding our products and services||Legitimate Interests & Consent|
|provide annual statistics and information to our regulator||Legal Obligation|
|resolve complaints against us||Legitimate Interest & Legal obligation|
|gather feedback to enable us to improve our products and services||Legitimate Interest & Consent|
|verify your identity where we receive requests to access or change the information we hold about you||Legal Obligation|
|maintain our accounts and records||Legal Obligation|
|research and analyse trends to better understand how users are using the services in order to improve them||Legitimate interests|
You are provided with choices regarding marketing and we record your preferences in relation to this and how we communicate with you.
We may rely on consent when we use your personal information for direct marketing. This will be where you have specifically consented to us or a third party that you are happy to receive marketing contact from us.
We may also rely on legitimate interests for our direct marketing. Our legitimate interests are to inform individuals about products or services which may be of interest to them and our commercial interests in operating our business, which includes acquiring new customers, providing additional services to existing or previous customers and, expanding our operations.
You may also receive marketing communications from us if you have previously purchased similar goods or services from us and, in each case, you have not opted-out of receiving that marketing. This is known as a ‘soft opt-in’.
Such marketing communications may be in relation to legal services, tax rebates, packaged bank account claims, Plevin claims, PPI, Dental and Medical claims which could be done by post, email, SMS or telephone.
If you require any further information about the lawful basis we have relied on to send direct marketing to you, please also contact us using the details in the ‘General’ section.
How long do we keep your personal information
We retain your information for as long as is necessary for the purpose for which it was originally obtained. We also have some legal and regulatory obligations to hold certain pieces of information for specific timeframes.
Where we have provided a service to you, we will hold all information relevant to this for 6 years to enable us to address any claims/complaints made about our service. Information relating to any complaints will be held for a further 3 years.
We also need to keep some of your information for our accounting and reporting requirements.
Your contact details will be held for the purposes of direct marketing for 2 years, this is to enable us to let you know about new products or services that may be of interest to you as detailed above.
You provide us with details of what we ‘can do’ with your data and you have the right to opt-in and importantly to opt-out, which you can do by using the contact details below. You have the following rights:
- To know that your data is being processed
- To access your personal data free of charge
- To have your information corrected if inaccurate (Including ensuring any third party puts right any inaccuracy)
- To request that your data be erased
- To restrict processing
- To request transfer of your data
- To object to processing; and
- To rights relating to automated decision making
Where you send us a request to access your data, this will usually be free of change and sent to you within one month (unless your request is complex). However, we may charge a reasonable fee if
your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity before we are able to process your request.
AIA recognise the personal nature of the information we collect, process and store. As we are committed to ensuring that your information is secure we have put in place suitable physical, electronic and managerial procedures to prevent loss, unauthorised access, misuse or disclosure and to make sure that your information is safe and secure. If password access is required for certain parts of our website/application, you are responsible for keeping this password confidential.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which may be collected or you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Disclosure / transfer of data
AIA may share or disclose personal information in the following situations:
- External third party service providers: We may use external printers, admin companies, call centres, compliance consultants and legal services provider, who may process your data on our behalf. Any external processors are subject to a data processing agreement to ensure the safety and protection of your data. None of our processors are allowed to use your data for any other purposes than instructed by us.
- If we merge with or acquire a business, the business is restructured, or if our assets are acquired by a third party, any personal data held by AIA may be transferred, in which case you will be contacted by us to notify you of the transfer.
- If we are under a duty to disclose or share your personal data to comply with any legal or regulatory obligation.
- To enforce or apply our terms of business and other agreements.
- To protect the rights, property, or safety of our company, other customers and others. This includes exchanging information with organisations for the purposes of fraud protection and credit risk reduction.
Where possible in some circumstances as described above, we may be able to minimise your personal data so that you are not identifiable as the data subject.
If you are unhappy with any aspect of your personal privacy you may complain to us using the contact details above and if you remain dissatisfied after we have dealt with your complaint, you are entitled to contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues whose information is available at www.ico.org.uk.
AIA introduces matters to 3rd party law firms and CMCs (Claims Management Companies) and receives payment as part of any ongoing marketing agreement.
AIA Solicitors Ltd. is authorised and regulated by the Solicitors Regulation Authority. SRA Registration Number 563612.
ICO number Z2894723.