Privacy Notice

Privacy Notice

Reviti Limited consumer privacy notice

Reviti Limited consumer privacy notice

Reviti Limited ("Reviti" or "we") take privacy seriously. This notice tells you who we are, what information we collect about you, and what we do with it. We will use information about you only in accordance with applicable data protection laws. You can also click on the links in this notice for further information.

Please take a few minutes to read this notice and show it to anyone else connected to your policy.

Please also read our website terms of use. They provide more information about the way we do business and any restrictions on eligibility that may apply.


Who are we?

We trade under the name Reviti and were until 31 January 2022 an appointed representative of Resolution Compliance Limited which is authorised and regulated by the Financial Conduct Authority (FRN: 574048). We are a member of Philip Morris International.

Prior to 30 November 2021 Reviti were distributing the Reviti Term Life Insurance issued by Scottish Friendly Assurance Society Limited. Reviti Limited which is a company registered in England & Wales, company number 11450807. Registered Office: One New Change, 4th Floor, London, EC4M 9AF

Reviti is the data controller of any data you provide to Reviti or is otherwise collected through this website. This means that we determine the purposes and means of processing the data you provide us.

If you have purchased a policy through this website or through our contact centre, then your data will be shared with Scottish Friendly Assurance Society Limited ("Scottish Friendly") for the purpose of underwriting your policy. They need your data to consider your application, administer your policy and to handle any claims made on your policy. Scottish Friendly will also be a data controller in respect of any data we provide to them for those purposes as well as any additional data they may need to collect about you. Please refer to Scottish Friendly's privacy policy for further information about how and why they process your data to underwrite and administer your policy.

If you have any questions about how we process your personal data, please contact us using the details found at the bottom of this notice.


How do we collect information about you?

In this notice, we refer to all the methods by which you are in contact with us as “Reviti touchpoints”. Reviti touchpoints include both physical (for example, retail outlets and events, consumer contact centres), and digital (for example, apps and websites).

We collected information about you in various ways.


  • Information you provided us. You may have provided us with information directly (for example, filling in a form, emailing or calling us). This will be how most of the data about you that we process was collected. You will have been asked to fill in forms or provide information to our contact centre during the quote and application process. We were not able to provide you with a quote or inform you of an offer from Scottish Friendly unless you answered the mandatory questions.


  • We collected personal information when you:
  • Obtained a quote.
  • Applied for a policy.
  • Asked us a question.
  • Changed your cover.
  • Updated how we contact you with marketing.
  • Made a complaint.
  • Took part in targeted promotions.


  • We collected information automatically.
  • Typically this happened when you:
  • used a Reviti app or website or, where you had opted into this, where you had agreed to our using technologies to observe when you open e-mails or SMS messages.
  • If you exchanged emails, telephone conversations or other electronic communications with us then our information technology systems and those of our outsourced partners recorded details of those conversations, sometimes including their content.
  • communicated with us (for example, through a touchpoint, or social media platforms);
  • used Reviti touchpoints (for example, through tracking mechanisms (such as cookies and web beacons/pixels), where we use them, that you receive when you used the Reviti touchpoint or got an e-mail or SMS message from us);
  • used third party websites (for example, using technology similar to that described in the bullet above, that you received when you visit a Reviti touchpoint or get an e-mail from us); or
  • made public posts on social media platforms that we follow (for example, so that we can understand public opinion, or respond to requests concerning Reviti products).
  • Where permitted by law, we may have inferred information about you from aggregated information we acquire from third parties. This may include, for example, statistical information about people in certain geographical areas.


    We may also have collected information in other contexts made apparent to you at the time.


    • We may have acquired information from third parties. This includes:
    • Publicly available sources. For example, information on social media platforms such as Facebook and Twitter or statistical information about the population in certain geographical areas.
    • Any price comparison websites (where we use such services) that you have used to find out about our policies.
    • Reputable marketing and advertising service providers.


    What about information we collect from you about other people?

    Occasionally we may have needed you to provide us with information about other people (for example, where we need to ask questions about the health of direct family members). Where you provided us with information relating to another person, you should have made that person is aware of this privacy policy and asked them to read it. For the purposes of this privacy policy, any references to your personal information should be interpreted as also including information you provided us about others.


    For what purposes do we use information about you, and on what legal basis?

    In this section, we describe the purposes for which we use personal information.


    • Providing you with the service you have requested. We processed your data to provide you with the service you have requested or otherwise engaged us in respect of for example: to provide a quote, allow you to save a quote; to allow you to return to a partially completed application; submit an application you have completed; trigger a premium adjustment; or put you in contact with Scottish Friendly regarding a claim or a complaint.


    • Automated decision making. We needed your personal information when you applied for a policy so Scottish Friendly could decide whether to offer you a policy and, if so, on what terms. An automated underwriting engine was used as part of this process. The engine takes account of the information you have provided (including your age, whether you smoke, your answers to our other questions) along with the amount of cover you wish to obtain. We made it clear to you in the application for each policy whether automated underwriting was used. Please see below ("what rights and options do I have?") to find out more about your rights when automated decision-making processes are used.


    • Business and operational reasons. We processed your information to otherwise operate, manage, develop and promote our business. We also processed your information to operate, administer and improve our products, website, premises and other aspects of the way in which we conduct our operations.


    • Better understanding our customers. We processed your data to better understand our customers and offer them products and services to accommodate their needs and requirements.


    • Comply with our legal and regulatory obligations and to defend legal claims. We and our contact centre provider may have processed your personal information to comply with our legal and regulatory obligations and to defend ourselves against legal claims, for example, to carry out sanctions, fraud and money laundering checks.


    • To keep you updated about your policy and features of your policy. We used your personal data to keep you updated about the policy and comply with our regulatory obligation to inform you about existing benefits and related services and support you may be eligible for.


    • Direct marketing. When you applied for a policy we asked you whether you would like to receive marketing material from us. Where you let us know you would like to receive this material we used your details in order to send you such information. If you told us that you did not want to receive marketing information we did not use your information for marketing reasons. You will have received your Life Insurance application quotes via email and we may have contacted you from time to time for the purposes of servicing your policy. You will no longer receive marketing material from us

      From time to time, we have also used data sourced from reputable marketing and advertising service providers for the purposes of conducting direct mail campaigns for which we relied upon the lawful basis of our legitimate interests.

      The information we collected can be categorised as follows:
      • information that confirmed your identity;
      • information that confirmed your contact information;
      • information that detailed your health and lifestyle choices, including presence of children;
      • information about homeowner status.


    • Other. For other purposes that we notified you of, or will be clear from the context, at the point information about you was first collected.


    Given the above purposes for which we used personal information, the legal basis for our use of information about you was one or more of the following:


    • consent.
    • compliance with a legal obligation to which we are subject;
    • the performance of a contract to which you are a party; or
    • a legitimate business interest that is not overridden by your own interests in relation to that data.


    In any other circumstances we always asked for your consent before we processed the information.

    If you are uncertain as to our need for information that we request from you or have concerns relating to the basis for processing we are relying on, then please contact us at Reviti Limited One New Change, 4th Floor, London, EC4M 9AF. with your query.


    Do you process my sensitive personal information?

    Yes, you will have needed to provide "special category" personal information to enable us to provide you with your quote or process your application for insurance. Special category personal data is afforded additional protection by data protection law. This data includes information about your health, including whether you are a smoker, for example, as well as information relating to your lifestyle and your family health history.

    Unless we informed you otherwise, you should assume that we processed this data for the purposes of arranging, underwriting or administering an insurance contract. For this reason, we do not require your consent. We may also retain a copy of any such information in order to comply with legal or regulatory obligations.


    Who do we share your information with, and for what purposes?

    We may have shared information about you with:


    • Other companies within our group.
    • Resolution Compliance Limited and Scottish Friendly as well as Scottish Friendly's reinsurers for the purpose of arranging, underwriting and administering the policy.
    • To service providers who host our websites or other information technology systems or otherwise hold or process your information on our behalf, under strict conditions of confidentiality, data privacy and security.
    • To our contact centre
    • Carefully selected partners including Cavendish online Limited (in areas connected with our and other insurance products) so that they can contact you with offers that they think may interest you, in accordance with your marketing preferences and only with your consent where required.
    • To a person who takes over our business and assets, or relevant parts of them.
    • To our professional advisers.
    • In exceptional circumstances:
    • Regulators (e.g. the Financial Conduct Authority), government (e.g. HMRC) and law enforcement or fraud prevention agencies, as well as our professional advisers.
    • To competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in the applicable country or territory.


    Where might information about you be sent?

    When using information as described in this notice, information about you may have been transferred either within or outside the United Kingdom where it was collected, including to a country or territory that may not have equivalent data protection standards. In all cases, the transfer will be:


    • on the basis of a European Commission adequacy decision (or equivalent decision in the UK);
    • subject to appropriate safeguards, for example the EU Standard Contractual Clauses ; or
    • necessary to discharge obligations under a contract between you and us (or the implementation of pre-contractual measures taken at your request) or for the conclusion or performance of a contract concluded in your interest between us and a third party.


    In all cases, appropriate security measures for the protection of personal information were be applied in those countries or territories, in accordance with applicable data protection laws.


    How do we protect information about you?

    We implement appropriate technical and organisational measures to protect personal information that we hold from unauthorised disclosure, misuse, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the information you provide. We also require our service providers to comply with strict data privacy and security requirements.


    How long will information about you be kept?

    We will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, we will delete or anonymise it. The period will vary depending on the purposes for which the information was collected. Note that in some circumstances, you have the right to request us to delete or anonymise the information. Also, we are sometimes legally obliged to retain the information, for example, for tax and accounting purposes.

    Where you have taken out a policy with us either through our website or our contact centre we will keep your information for a period of six month from 31 January 2022 after which time it will be deleted. Our contact centre (if relevant) will generally keep your information for a period of seven years from the date you purchased your policy after which time it will be deleted, unless there is a requirement for our contact centre to retain the information (for example, a legal requirement, or where there are ongoing claims relating to your policy).

    Where you have obtained a quote or started an application but not completed the purchase of a policy, we will generally keep your information for a period of 6 months before deleting. Your insurer Scottish Friendly will generally keep your information for a period of seven years following a claim or the end of your policy. Scottish Friendly will also retain recordings of any calls between you and our contact centre for the same period.


    What rights and options do you have?

    You may have some or all of the following rights in respect of information about you that we hold:


    • request us to give you access to it;
    • request us to rectify it, update it, or erase it;
    • request us to restrict our using it, in certain circumstances;
    • challenge a decision that has been made using automated decision making or otherwise request human intervention in an automated process;
    • object to our using it, in certain circumstances;
    • withdraw your consent to our using it;
    • data portability, in certain circumstances;
    • opt out from our using it for direct marketing; and
    • lodge a complaint with the supervisory authority.


    We offer you easy ways to exercise these rights, such as “unsubscribe” links, or giving you a contact address, in messages you receive.

    Right in respect of the information about you that we hold, with further detail

    (note: certain legal limits to all these rights apply)


    • To request us to give you access to it
    • This is confirmation of:
    • whether or not we process information about you;
    • our name and contact details;
    • the purpose of the processing;
    • the categories of information concerned;
    • the categories of persons with whom we share the information and, where any such person is located outside the United Kingdom and the EEA and does not benefit from a UK adequacy decision, the appropriate safeguards for protecting the information;
    • (if we have it) the source of the information, if we did not collect it from you;
    • the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; and
    • the criteria for determining the period for which we will store the information.


    On your request we will provide you with a copy of the information about you that we use (provided this does not affect the rights and freedoms of others).


    • To request us to rectify or update it
    • This applies if the information we hold is inaccurate or incomplete.


    • To request us to erase it
    • This applies if:
    • the information we hold is no longer necessary in relation to the purposes for which we use it;
    • we use the information on the basis of your consent and you withdraw your consent (in this case, we will remember not to contact you again, unless you tell us you want us to delete all information about you in which case we will respect your wishes);
    • we use the information on the basis of legitimate interest and we find that, following your objection, we do not have an overriding interest in continuing to use it;
    • the information was unlawfully obtained or used; or
    • to comply with a legal obligation


    • To request us to restrict our processing of it
    • This right applies, temporarily while we look into your case, if you:
    • contest the accuracy of the information we use; or
    • have objected to our using the information on the basis of legitimate interest (if you make use of your right in these cases, we will tell you before we use the information again).
    • This right applies also if:
    • our use is unlawful and you oppose the erasure of the data; or
    • we no longer need the data, but you require it to establish a legal case.


    • To object to our processing it
    • You have two rights here:
    • (i) if we use information about you for direct marketing: you can “opt out” (without the need to justify it) and we will comply with your request; and
    • (ii) if we use the information about you on the basis of legitimate interest for purposes other than direct marketing, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection.


    • To withdraw your consent to our using it
    • This applies if the legal basis on which we use the information about you is consent based. These cases will be clear from the context.


    • To data portability
    • If:
    • (i) you have provided data to us; and
    • (ii) we use that data, by automated means and on the basis either of your consent, or on the basis of discharging our contractual obligations to you,


    then you have the right to receive the data back from us in a commonly used format, and the right to require us to transmit the data to someone else if it is technically feasible for us to do so. To lodge a complaint with the UK Information Commissioner


    The Information Commissioner’s

    Office Water Lane, Wycliffe House

    Wilmslow - Cheshire SK9 5AF

    Tel. +44 1625 545 700




    Who should you contact with questions?

    If you have any questions, or wish to exercise any of your rights, you can contact us at Reviti Limited One New Change, 4th Floor, London, EC4M 9AF. The UK’s data protection authority is the Information Commissioners Office. You have a right to contact them with any questions or concerns (please see contact details above). If Reviti cannot resolve your questions or concerns, you also have the right to seek judicial remedy before a national court.Changes to this notice

    We may update this notice (and any supplemental privacy notice) from time to time. Where the law requires it we will notify you of the changes; further, where the law requires it, we will also obtain your consent to the changes.


    Last modified [15/03/2022].