Updated August 2022
"Controller", “Processor", "Data Subject", "Personal Data" and "processing" all have the meanings given to those terms in DP Laws (as defined below) (and related terms such as "process" shall have corresponding meanings);
“Complaint”: a complaint or request relating to the obligations of either you or us under DP Laws that is relevant to the Personal Data, including any compensation claim from a Data Subject or any notice, investigation or other action from a regulator or Supervisory Authority;
"Data Subject ": you and your covered family members (if applicable) who are also Data Subjects under the Policy Schedule;
"Data Subject Request": a request made by a Data Subject to exercise any rights of Data Subjects under DP Laws;
“DP Laws”: (i) the Data Protection Act 2018; the Privacy and Electronic Communications (EC Directive) Regulations 2003; (ii) the General Data Protection Regulation (EU) (2016/679); the UK GDPR and/or any corresponding or equivalent national laws or regulations, once in force and applicable; and (iii) any mandatory guidance, guidelines or codes of practice relating to the processing of Personal Data, as applicable to you or us;
“Personal Data Breach”: any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Personal Data;
“Supervisory Authority” means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering DP Laws.
“Policy Schedule”: means the contract of the insurance between you and us.
We process your Personal Data for the lawful purposes of entering into a contract of dental insurance. We are a Data Controller, and you are a Data Subject. We are responsible for complying with DP Laws and our obligations in connection with the processing of your Personal Data. We shall only process Personal Data for lawful purposes in connection with: assessing the risk associated with the Policy Schedule and for determining a premium and risk fee for the cover provided pursuant to the Policy Schedule; quoting for, setting up and administering policies and our legitimate reserving and record keeping purposes; assessing your and our rights, obligations and liabilities under the Policy Schedule, or electing to exercise any such rights where applicable; marketing Unum products and services; and as required to comply with applicable law.
We rely on certain legal bases to process your Personal Data. Obtaining your consent is one way we do this, which we will do by asking you to tick a box, or by taking some other action to confirm you agree. You may withdraw consent, or object to us processing your Personal Data, at any time, but you should be aware that we may not be able to administer your insurance policy where you do.
Another legal basis we have for processing your Personal Data is where we have a Legitimate Interest to do so, such as in ensuring that we administer policies effectively and securely, to collect aggregated management information to manage business risks, and to maintain and improve our website and products and services. We also have a legal obligation to comply with regulatory requirements which includes the potential reporting of any fraud or financial crime acts and to defend ourselves against any legal claims.
You should ensure that your Personal Data is kept up to date at all times and is correct at the time it is provided to us and promptly notify us of any changes or updates to it. We will respond to Data Subject Requests, and to Complaints or other queries received from Data Subjects in a timely manner or as required by DP Law.
We will only send you marketing messages by email and other electronic means if we have your permission. You may receive marketing:
If you do not want to receive marketing from us or if you have changed your mind about receiving marketing by email and other electronic means please let us know by contacting us using the details below.
If you do not want us to profile you in this way please contact us
Access to Personal Data is restricted to: our personnel who have a legitimate need for such access to perform their management and administrative roles; potential investors in case of a potential merger or purchase of our business; legal and regulatory authorities; our accountants, auditors, or similar professional advisers; other third parties when required by law; other third party service providers, IT support and hosting and maintenance services to us or the Unum Group.
Management of our dental insurance policies is wholly undertaken within the UK. In exceptional circumstances, we may have to transfer any Personal Data to a country outside the UK or the European Economic Area ("EEA") in which case we will ensure that any such transfer complies with DP Laws and is effected by way of a legally enforceable mechanism for transfers of Personal Data as permitted under DP Laws.
We have legal and regulatory obligations to only retain Personal Data for as long as necessary; typically this is a maximum of 7 years after the end of the policy. When deciding how long to retain Personal Data, we take into account the following factors: our legal obligations; applicable limitation periods; management of claims; guidelines from data protection authorities. Personal Data is securely deleted once it is no longer needed.
You have the following rights under data protection law:
If you want to request further information or exercise any of the above rights, or if you are unhappy with how we have handled your Personal Data, contact our Data Protection Officer [by email: firstname.lastname@example.org, or by post: Data Protection Officer, Unum Milton Court, Dorking RH4 3LZ]
If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office: https://ico.org.uk/global/contact-us/