Our Data Protection Policy

Updated August 2022

Data Protection Policy

  • "Controller", “Processor", "Data Subject", "Personal Data" and "processing" all have the meanings given to those terms in DP Laws (as defined below) (and related terms such as "process" shall have corresponding meanings);

    “Complaint”: a complaint or request relating to the obligations of either you or us under DP Laws that is relevant to the Personal Data, including any compensation claim from a Data Subject or any notice, investigation or other action from a regulator or Supervisory Authority;

    "Data Subject ": you and your covered family members (if applicable) who are also Data Subjects under the Policy Schedule;

    "Data Subject Request": a request made by a Data Subject to exercise any rights of Data Subjects under DP Laws;

    “DP Laws”: (i) the Data Protection Act 2018; the Privacy and Electronic Communications (EC Directive) Regulations 2003; (ii) the General Data Protection Regulation (EU) (2016/679); the UK GDPR and/or any corresponding or equivalent national laws or regulations, once in force and applicable; and (iii) any mandatory guidance, guidelines or codes of practice relating to the processing of Personal Data, as applicable to you or us;

    “Personal Data Breach”: any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Personal Data;

    and

    “Supervisory Authority” means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering DP Laws.

    “Policy Schedule”: means the contract of the insurance between you and us.

  • We process your Personal Data for the lawful purposes of entering into a contract of dental insurance. We are a Data Controller, and you are a Data Subject. We are responsible for complying with DP Laws and our obligations in connection with the processing of your Personal Data. We shall only process Personal Data for lawful purposes in connection with: assessing the risk associated with the Policy Schedule and for determining a premium and risk fee for the cover provided pursuant to the Policy Schedule; quoting for, setting up and administering policies and our legitimate reserving and record keeping purposes; assessing your and our rights, obligations and liabilities under the Policy Schedule, or electing to exercise any such rights where applicable; marketing Unum products and services; and as required to comply with applicable law.

  • We rely on certain legal bases to process your Personal Data. Obtaining your consent is one way we do this, which we will do by asking you to tick a box, or by taking some other action to confirm you agree. You may withdraw consent, or object to us processing your Personal Data, at any time, but you should be aware that we may not be able to administer your insurance policy where you do.

    Another legal basis we have for processing your Personal Data is where we have a Legitimate Interest to do so, such as in ensuring that we administer policies effectively and securely, to collect aggregated management information to manage business risks, and to maintain and improve our website and products and services.  We also have a legal obligation to comply with regulatory requirements which includes the potential reporting of any fraud or financial crime acts and to defend ourselves against any legal claims. 

    You should ensure that your Personal Data is kept up to date at all times and is correct at the time it is provided to us and promptly notify us of any changes or updates to it. We will respond to Data Subject Requests, and to Complaints or other queries received from Data Subjects in a timely manner or as required by DP Law.

  • We will only send you marketing messages by email and other electronic means if we have your permission. You may receive marketing:

    • directly from us;
    • from a third party on our behalf about a product or service that we think may be of interest to you; or
    • from a third party about their products or services that we think may be of interest to you.


    If you do not want to receive marketing from us or if you have changed your mind about receiving marketing by email and other electronic means please let us know by contacting us using the details below.

    We group and organise our customer information to help us develop offers, products and services to provide you with the best customer experience; this is known as profiling. For example, our website makes use of cookies, which are small text files that are downloaded to your device for a limited period of time. We do not link information collected from the use of these cookies to personal information that we hold about you. When you visit our website, we automatically collect information about your browsing session, for example your IP address and the type of device used, e.g. a computer/laptop, a smart phone or a tablet and we also collect information about the way you browse our website.  We may use this information to profile customers to identify how they use our website, the areas of most interest and how we can look to continually improve it. We do not use this information to identify you personally.  We do not use profiling to make decisions about you which have legal or other significant effects. 

    If you do not want us to profile you in this way please contact us

  • Access to Personal Data is restricted to: our personnel who have a legitimate need for such access to perform their management and administrative roles; potential investors in case of a potential merger or purchase of our business; legal and regulatory authorities; our accountants, auditors, or similar professional advisers; other third parties when required by law; other third party service providers, IT support and hosting and maintenance services to us or the Unum Group.

    Management of our dental insurance policies is wholly undertaken within the UK. In exceptional circumstances, we may have to transfer any Personal Data to a country outside the UK or the European Economic Area ("EEA") in which case we will ensure that any such transfer complies with DP Laws and is effected by way of a legally enforceable mechanism for transfers of Personal Data as permitted under DP Laws.

  • We have legal and regulatory obligations to only retain Personal Data for as long as necessary; typically this is a maximum of 7 years after the end of the policy. When deciding how long to retain Personal Data, we take into account the following factors: our legal obligations; applicable limitation periods; management of claims; guidelines from data protection authorities. Personal Data is securely deleted once it is no longer needed.

  • You have the following rights under data protection law:

    • The Right to be Informed – you have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data.
    • The Right of Access– you have the right to obtain a copy of your Personal Data.
    • The Right of Rectification– you have the right to ask us to take reasonable measures to correct your information.
    • The Right of Erasure– this is also known as the “right to be forgotten”. This right allows you to request the deletion or removal of your Personal Data where there is no compelling reason for us to keep the Personal Data. Please note that this is not an absolute right and Unum will need to retain Personal Data where this relates to insurance policies and in particular claims processed under the policy.
    • The Right to Restrict Processing– you have rights to “block” or suppress further use of your Personal Data when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your Personal Data, but will not process it further.
    • The Right to Data Portability– you have rights to obtain and ‘port’ certain Personal Data for your own purposes across different organisations. This only applies to your Personal Data that you have provided to us that we are processing with your consent or to perform a contract to which you are a party that is being processed by automated means.
    • The Right to Object– you have the right to object to certain types of processing on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes legitimate interests pursued by Unum or by a third party. We will be allowed to continue to process the Personal Data if we can demonstrate “compelling legitimate grounds” for the processing which override your interests, rights and freedoms or we need this for the establishment, exercise or defence of legal claims. However, if you object to direct marketing (including direct marketing related profiling) we must stop this.
  • If you want to request further information or exercise any of the above rights, or if you are unhappy with how we have handled your Personal Data, contact our Data Protection Officer [by email: dataprotectionqueries@unum.co.uk, or by post: Data Protection Officer, Unum Milton Court, Dorking RH4 3LZ]

    If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office: https://ico.org.uk/global/contact-us/