Privacy statement August 2024

FIL Life Insurance Limited is part of the Fidelity International Group (Fidelity Group) and operates in the United Kingdom. You can find out more about Fidelity at retirement.fidelity.co.uk/about-us.

FIL Life Insurance Limited can be contacted at the following address:

Fidelity International, Beech Gate, Millfield Lane, Surrey, KT20 6RP

Email: pensions.service@fil.com

Telephone: 0800 3 68 68 68

We collect and use your personal data to enable us to conduct our business with you and to comply with the law. This includes using your personal data to provide online services to you through PlanViewer and our mobile app. The law requires us to tell you why we collect and use your personal data – this is known as the lawful basis for processing. The basis we rely upon will depend on the purposes for which we are processing your personal data and are detailed below.

1. Performing our Contract with You

When we do business with you, we do so under a contract. For us to meet our obligations to you under that contract we must process your personal data. We will only process your personal data in line with the terms of that contract. Once you become a member of a pension administered by Fidelity the relevant privacy policy conditions will be sent to you.

When you provide personal data to us, we will use that personal data so we can provide our services to you or send you information about our products and services where appropriate.

We will only process that data for the purposes for which it was collected or to meet our legal obligations.

2. Our Legitimate Interests

We process your information for the following reasons, which we define as our legitimate interests:

• To conduct our security operations such as using your IP address to help us to identify you when you log in to our systems
• To help us to run our business; this includes financial management, risk management, planning, corporate governance, audit and research
• To market to you if you are a business
• To increase member engagement, for example to encourage members to be more aware of their holistic financial needs
• To enable a consistent and integrated service to customers who hold multiple accounts with Fidelity

3. Our Legal Obligations

In some circumstances, we have a legal obligation to process and share your personal data. As a financial services business, we must provide a wide range of data to regulators. Sometimes this involves personal data. We will never transfer more personal data than is necessary to discharge our legal obligations.

4. Your Consent

We will ask you for your preferences in terms of how you would like us to communicate with you and what information you would like to receive from us. You can always adjust your communications preferences, and can opt not to receive information from us unless we are obliged to provide it.

The personal data you provide to us will include combinations of any of the following: Your name, email address, telephone number, address, identification numbers such as social security number, banking account details, date of birth, voice biometrics & voice recordings, location information, employment information, gender, IP address, language, marital status, dependants and beneficiaries.

We hold your personal information relating to your account on paper and on computer systems, and use artificial intelligence (AI) to automate some of our business processes to provide our services to you. This is with appropriate human oversight, and any AI-assisted decision-making will be appropriately disclosed to you.

As part of running the Scheme, from time to time we, and Fidelity on our behalf may also need to hold and process sensitive information  about you and/or your dependants and beneficiaries (known as “special category data”).  Under legislation, details relating to health, racial or ethnic origin, religious or other similar beliefs, sexual orientation  political affiliations and biometric data are regarded as “special category data”.

Except where the legislation allows it, this information cannot be processed or passed to a third party without your explicit consent.

If we need your consent to process or pass your special category data to a third party, we will ask you to provide it at the relevant time.

Where you tell us about any additional needs you have (for example relating to an illness or challenges you're facing in life), we will record this information to provide you with appropriate additional support. Where this includes your special category data, we will ask for your consent to do so.

We will hold this information for as long as you need extra support from us, or until you ask us to remove it (whichever is shorter). This may depend on the circumstances and the stage of your membership.

It is necessary to transfer your personal data across national borders.  These transfers may involve at least one of Fidelity's Group entities operating in the UK and/or EEA and as such will apply the English law and/or European (as applicable) standard of protections to the personal data we process.  In practice, this means that all the entities in the Fidelity Group agree to process your personal data in line with high global standards.  Where your personal data is transferred within the Fidelity Group but outside of the UK and/or EEA, that data subsequently receives the same degree of protection as it would in the UK and/or EEA and in this regard Fidelity has put in place appropriate and suitable safeguards, by adopting UK and/or European Commission approved safeguards for international transfers of personal data outside of the UK and/or EEA. The Trustees keep this under regular review.  For more information please contact Fidelity.

Where your personal data is transferred within the Fidelity Group but outside of the UK and EEA, that data subsequently receives the same degree of protection as it would in the UK and EEA. Where it is necessary to transfer personal data to a third party, stringent reviews of those with whom we share the data are carried out and that data will only be transferred in line with the purpose for which it was collected. The third parties to whom we transfer your data are located in the following countries: UK, Ireland, USA and India.

Ensuring the confidentiality, integrity and availability of your personal data defines our approach to information security. We manage the security risks to your personal data in a way that makes sure we meet our legal and regulatory obligations. In order to protect the continuity of the business we do with you, we produce, maintain and regularly test our business continuity plans. We utilise the internationally recognised information security best practices, ISO27001 and PCI-DSS. Our Information Security Policy & Standards are regularly reviewed, adhered to and tested for compliance. Information Security training is mandatory for all staff and breaches of information security, actual or suspected, are reported and investigated.

We will keep your personal data safe as a client of Fidelity and will hold it for as long as necessary. To meet the requirements of tax and pensions law, we must keep your personal information for a minimum of 7 years. However, given the nature of pension schemes, for us to meet our legal obligations we need to keep some of your personal information for the rest of your life even if you have closed your account with Fidelity.

If you are unhappy with how we have used your personal data you can complain to us by contacting us at: Fidelity International, Beech Gate, Millfield Lane, Surrey, KT20 6RP Finally, you also have the right to complain to your national data protection authority: Information Commissioner’s Office whose helpline number is: 0303 123 1113.