Privacy policy

The privacy policy states how Aviva will respect the privacy of our website users. It is a useful means of explaining what information will be gathered, the degree of security a person can expect if we collect or handle their personal data and what use we will make of the data. The Privacy Policy on existing websites should be reviewed from time to time to ensure they remain up–to–date with the content and processes used. The existing Privacy Policy can also be used as a guide for what will be required for a new website (within the same territory).

Residence and which websites are covered

Many web visitors will navigate across multiple Aviva websites, so it should be explicit who the website is for and what constitutes the “website”.


The website’s jurisdiction must be explicit as there are different data protection laws in place in different parts of the world.

Collection and use of personal information

The aim of this section is to make clear that Aviva collects only the data needed and does not collect information covertly. Where additional, optional information is sought, notify visitors at the point of collection.

Purpose of collecting personal information

A “Use of information” notice should be included, to describe all the purposes for which the data collected will be used.

Sensitive data

Any site proposing to collect sensitive personal data (for example, about ethnic origin etc.) will need explicit consent of the individual and will require a more detailed and specific “Use of Information” notice.

Other people’s information

State that, if the visitor provides information about another person, the visitor confirms they have been appointed by the other person to act on their behalf and the visitor has obtained their consent to the processing of their personal data and the visitor has informed them of our identity and the purposes (as set out in the privacy notice) for which their personal data will be processed.

Sharing and transfer of information

State if the information collected is shared or passed on either within Aviva, or with other organisations. Also inform users whether agents or contractors are used to deliver a service on the behalf of Aviva.

State any foreseeable circumstances that Aviva may have to disclose personal data. For example, in connection with:

  • Requests from government or law enforcement agencies
  • Response to a complaint or security threat as part of a data or security audit
  • [Sale or transfer of part or parts of the Aviva business]

Data protection legislation

Our privacy policy should contain details of Aviva’s compliance with any relevant legislation, such as data protection legislation.

Additionally, the policy should state whether personal data is being passed to a service provider or agent in another country (including outside the European Economic Area).

Recording of communications

The privacy policy should explain the purpose of any communication recording (eg. telephone call coaching purposes and quality control) {and the duration that the recording is retained}.

Access and correcting information

The privacy policy should inform users on how they can review and update personal information (including inaccuracies) that they have submitted. State whether a fee is required. Provide contact details.

IP addresses

An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognise and communicate with one another.

If you automatically collect data, such as log files with personal data about specific individuals, provide details of the data collected and the purpose(s) for which it is collected.

Data security and integrity

It is good practice to state what steps have been taken to secure and safeguard information collected online. Security cannot be absolutely guaranteed against all threats.

Email and feedback forms

It should be clear that Aviva may collect data through email correspondence or online interactive tools, and that this information is subject to our privacy policy. Communication over the internet, is not secure unless it is encrypted. Standard Email communication is not secure.

We are only responsible for the privacy statement and content of our website. It should be clear that the privacy policy doesn’t apply to any external websites that we may link to or may link to us, or third–party advertisers.

Changes to privacy policy

It is good practice to state that these policies may change substantially in the future. Users are usually advised to refer back and check the “last updated” date–stamp.


Provide our company details and address of our registered office.