Data Privacy Notice for Atwood Benefits UK Ltd

WHO WE ARE

Atwood Benefits UK Ltd is a company registered in England and Wales (company number 05414150) whose registered office is at Riverside House, 40-46 High Street, Maidstone, Kent ME14 1JH. We are authorised and regulated by the Financial Conduct Authority (“FCA”) (FCA number 440753). When we mention “we”, “us” or “our” we are referring to Atwood Benefits UK Ltd.

We collect and process personal information relating to you to in order to arrange, implement, administer your employee benefits program and to respond to any queries you raise with us relating to your benefits program. We are committed to being transparent about how we handle your personal information and to protecting the privacy and security of your personal information.

We will act as both the data processor and the data controller.

WHAT INFORMATION IS BEING COLLECTED, HELD AND PROCESSED BY US?

We collect, use and process a range of personal information about you. This includes (as applicable):

• Personal data such as full name, date of birth, gender, marital status, nationality, residential address, national insurance number, employment start date, payroll reference number, email address, and telephone number.

• Details about your employment, salary and pension contributions.

• We may also need details about your travel profile for business purposes and, in particular, which countries you visit and for how long.

• We may collect any personal information relating to you or your family which you provide to us voluntarily.

We may also collect, use and process the following special categories of your personal information (as applicable):

• racial or ethnic origin.

• genetic or biometric data.

• information about your health: it may be necessary to collect data on your personal medical history, such as previous or existing conditions, operations, medication, recreational drug use, smoking status and alcohol consumption.

• Information about your claims history, previous policies and premiums paid.

• sex life or sexual orientation.

Please note: if you are providing any information relating to your family, you confirm that you have authority to do so and that they understand that we will use their personal details in accordance with this privacy notice.

WHY IS IT BEING COLLECTED?

There are a number of instances where we have a lawful reason for the processing of your personal data. We have identified the key reasons for processing your data:

• Contract – your employer as the Data Controller has a contract with us and we need to process your personal data in order to fulfil the contractual obligation we have with them. This involves dealing with insurance companies and pension providers on your behalf.

• Consent – you have given us consent to process your data, predominantly, for your enrolment into your company’s Employee Benefit Program. We potentially may need to process your personal data (including sensitive data) when enrolling you into a private medical insurance, life assurance, critical illness or disability plan.

• Legal Obligation – we have to process some data in order to comply with the law. We are regulated by the FCA and there are a number of requirements we must comply with, such as record-keeping. We are accountable to the FCA, The Pensions Regulator and the Information Commissioners Office (“ICO”).

• Legitimate Interests – we have a legitimate interest in improving the services we offer to our customers. We can only use this justification if there is no good reason to protect your personal data which overrides our legitimate interest.

WHO IS COLLECTING IT?

Your employer will initially collect your personal data and share it with us. Subsequently, the people collecting your personal data with us will be our employees, workers or officers.

HOW IS IT COLLECTED?

There will be a number of ways in which your personal data will be collected. This can include obtaining information from new hire set-up forms, insurer application and health declaration forms, individual meetings or teleconferences, emails and from your employer.

We can also collect information from spreadsheets we exchange with your employer and online systems such as SharePoint, Box, DocuSign, Dropbox.

HOW WILL IT BE USED?

We use your data to provide the best possible service to you. This includes:

• Assessing you for and automatically enrolling you in the workplace pension and contractual benefits, where appropriate.

• Enrolling you for optional and voluntary benefits, as appropriate.

• Improving the accuracy of the information which we hold about you and which your employer holds about you.

• For internal research purposes, general administration and demographic analysis.

WHO WILL IT BE SHARED WITH?

Your data will need to be shared with:

• Your employer (although please note that we do not share the category of “sensitive data” with your employer without obtaining your explicit consent to do so);

• The pension provider (if this forms part of your benefit program);

• The insurers or providers of the employee benefit plans (if this forms part of your benefit program);

• Where there are legal obligations to do so, with the FCA or our auditors for FCA compliance (where the person is acting in a professional capacity and has suitable confidentiality and privacy measures in place);

• Your employer’s third-party payroll provider (although we do not share the category of “sensitive data” with these providers).

We will not share any of your personal information with any other third-parties without your permission, unless we suspect any form of illegal behaviour; or it is necessary by law, regulation or legal proceedings; or we feel that it is a necessary action to protect the property, rights or safety of us or any other party.

OUR SUPERVISORY AUTHORITY

If you are not happy with the way we are handling your information, you have a right to lodge a complaint with the ICO. It has enforcement powers and can investigate compliance with data protection regulation (www.ico.org.uk). We ask that you please attempt to resolve any issues with us before the ICO.

HOW TO CONTACT US

Please contact our Data Compliance Manager, Timothy Atkins, if you have any questions about this privacy notice or the information we hold about you.

Email: tim.atkins@benefitsuk.com or postal address: Atwood Benefits UK Ltd, Waterside, Park Farm, Ditton, Kent, ME20 6PE.

FURTHER INFORMATION

For further information on data protection, please view our GDPR Factsheet on our website. Alternatively, please contact our Data Compliance Manager for an electronic or hard copy