Introduction to legal

All Aviva websites must provide appropriate legal and privacy information on its web pages. These outline the rights and responsibilities of Aviva, its web visitors and external websites associated with Aviva.

This document provides an outline framework for the legal and privacy information that needs to appear on every Aviva website. It is your responsibility, as a website owner, to tailor the following policy requirements according to your local jurisdiction. If in doubt, you should seek advice from the appropriate legal department in your territory.

Top checkpoints are:

  • Use the standard Aviva footer at least on every non–transactional web page.
  • Ensure that all forms requesting personal information provide ‘fair processing information’ and include a prominent link through to the privacy policy.
  • Ensure that all micro–sites, or third–party applications framed within a Aviva website, have sufficient legal and privacy coverage.

Standard footer

Use the standard Aviva footer on every non–transactional web page and ensure that the transactional pages can only be accessed via a non–transactional page that includes the relevant footer. This footer should include links to Accessibility, Legal, Privacy policy, and Cookie policy, together with a dated copyright statement.

Forms requesting personal information

Ensure that data subjects are provided with ‘fair processing information’ at the initial point of data collection and that a method of obtaining their consent to the intended processing is obtained.

What information needs to be provided?

The ‘fair processing information’ must adequately describe the processing and disclosures of the personal data. It should:

  • Confirm who is the data controller (ie the Aviva company involved)
  • State whether any disclosures to or sharing of the data with other parties, including any companies within the Aviva group, may occur
  • Specify what personal data is being collected and for what processing purposes
  • Outline any future marketing activities, including Aviva group use, and how to opt out of these
  • Inform on any transfers of data outside the EEA
  • Obtain clear consent for usage of any sensitive personal data (eg criminal convictions, health data)
  • Specify conditions for processing other parties data where provided by the website visitor
  • Describe any search activities such as anti fraud and credit checks

Where should this information appear on the website?

There is a degree of flexibility but the key requirement is to ensure this information is prominently displayed eg in specific statements next to the data entry field on the web pages or via a ‘fair processing notice’ prior to proceeding to the next step of the online process.

For UK staff, these messages have been included on Aviva UK websites which collect personal data for many years. Your Data Protection Team can advise on or draft appropriate notice(s) if necessary.