The ABI is the trade association of the UK insurance and long-term savings industry.
In this Privacy Notice, "We, us or our" means the ABI.
We are committed to handling and protecting your personal information appropriately. This Privacy Notice describes how the ABI collects and uses personal information about you, in accordance with the UK General Data Protection Regulation (UK GDPR) and UK data protection laws. Please take the time to read it carefully as it includes important information about your data protection rights.
This notice relates to the ABI's members, associates, other stakeholders and business contacts (including suppliers) and members of the public (who may attend our events, buy our statistical services, ask us questions or simply visit our website). Separate notices apply to employees, workers, contractors and consultants, and to job applicants.
The ABI is the data controller of your personal information. We are registered with the Information Commissioner's Office with reference Z1284620.
We will review this Privacy Notice from time to time and may update it at any time.
What is personal information?
For the purposes of this Privacy Notice, personal information means any information that relates to you and/or information from which you can be identified, whether directly or indirectly. It does not include data where your identity has been removed (anonymous data). There are "special categories" of more sensitive personal information which require a higher level of protection. Further details regarding the personal information we may collect about you can be found below.
ABI Members and Associates
The personal information we hold about you may include: your name, contact information (usually including your professional email address and telephone number), who you work for, your job title. It may also include other relevant information, including information about your attendance at ABI meetings or attendance at our offices. We may also collect CCTV footage if you attend our offices.
This personal information would usually be collected directly from you or the organisation you work for, and may include correspondence by email, post and telephone.
ABI Event Attendees
The personal information we hold about you may include: your name, contact information (usually including your professional email address and telephone number), who you work for, your job title, your registration and attendance at our events, including any accessibility or dietary requirements. We may also collect CCTV footage if you attend our offices.
This personal information would usually be collected directly from you or the organisation you work for, and may include correspondence by email, post and telephone.
Third Party Service Providers
The personal information we hold about you may include: your name, contact information (usually including your professional email address and/or telephone number), who you work for, your job title, and details of the nature of service that you are providing to the ABI.
This personal information would usually be collected directly from you or the organisation you work for, and may include correspondence by email, post and telephone.
Members of the public
Occasionally, we may receive personal information from or regarding you as a member of the public, either because you have contacted us directly or because your details have been provided to us by a third party, such as your MP. From time to time, although we do not typically request it, members of the public may provide us with details about their health or criminal record or other forms of special category data. We will only use personal information about a member of the public to the extent necessary to address the issue that has been raised and where the issue is within the remit of the ABI.
Personal information about members of the public may include name, contact details, details of the issue raised.
Website users
We may collect personal information about you when you use our website. This may include your name, your title, your contact information (usually including your company email address and telephone number), your employer and their address, your job title, any dietary requirements. This information is collected from Registration / My Account forms, Event bookings, Industry data purchase and onsite forms.
This personal information will be collected from you:
- directly, when you enter information into the website such as when you register for an account, make an event booking, purchase a data package or complete one of our onsite forms; and
- indirectly, such as your browsing activity when you navigate around our website. We will collect personal information through first and third-party cookies, and we set out further detail about that in the 'Cookies' section below.
Generally, you have no obligation to provide us with your personal information, but if you do not provide information, we ask for we may not be able to assist you.
How we use your personal information
We process your personal information for the purposes of:
- operating our business day to day, including responding to queries;
- managing our internal business operations, including accounts, financial analysis, legal and compliance and internal audit; sending you information about what we do, and what is happening in the insurance sector, including marketing; organising and delivering events in connection with our business and/or the insurance sector;
- handling feedback, managing complaints and improving our services;
- managing relationships with third party service providers and other stakeholders, including partners;
- complying with any legal or regulatory requirements, where applicable;
- establishing, enforcing and defending our legal rights, including pursuing remedies or limiting our damages, obtaining legal or other professional advice;
- protecting our business with security and entry systems;
- managing a proposed restriction or our business being merged or acquired
- managing proposed restricting or merging of the ABI
- ensuring compliance with our IT policies and network and information security, and any other relevant policies.
Cookies
We may collect information about you as a result of our use of website cookies and tracking beacons/tracked clickable links or similar server technologies which help us to track responses to and subscriber activity in relation to marketing communication emails, electronic event invitations and other direct mailings we may send to you.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
Some of the cookies we use are strictly necessary in order to enable basic functionality, including page navigation and access to secure areas of our website. Details of the types of necessary cookies can be found in the cookies widget (Cookiebot) on our website.
When you visit our website, you will be given options to customise the capturing of those cookies that are not strictly necessary (i.e. preference, statistics and/or marketing cookies). You may choose to deny the use of these cookies or set your browser not to accept cookies. However, in some cases our website features may not function (or function as effectively) as a result.
For further information visit www.aboutcookies.org or www.allaboutcookies.org
Our lawful bases for using your personal information
We are committed to handling your personal information lawfully and fairly. This means that we must set out the legal grounds, as a lawful basis, which permits us to handle your personal information. The legal basis that applies will depend upon the purpose, but will be one of the following:
- Legitimate interests: In most cases, we process your personal information for the purpose of pursuing our legitimate interests as a trade association. Those interests include the efficient operation of the ABI; providing news, updates and marketing regarding the ABI and the insurance and long-term savings industry; maintaining standards of service for our members; responding to queries from members of the public (directly or where queries have been raised by their MP or another individual / organisation on their behalf); and the protection of our business. Where we rely on legitimate interests, we have carried out a balancing test to ensure that the ABI's interests do not override your rights and freedoms as an individual.
- Consent: In some instances, we may rely on your express consent to use your personal information, but we will let you know (and give you the chance to withdraw consent) if we do.
- Contract: In some instances, we may use your personal information in order to enable us to perform a contract which we have in place with you.
|
Purpose |
Lawful Basis |
Additional ground for sensitive (special category) or criminal data – if applicable |
|
Operating our business day to day, including responding to queries |
Legitimate interests |
Rarely applies – if so, explicit consent |
|
Managing our internal business operations, including accounts, financial analysis, legal and compliance, and internal audit |
Legitimate interests |
|
|
Sending you information about what we do, and what is happening in the insurance sector, including marketing |
Legitimate interests |
|
|
Organising and delivering events in connection with our business and/or the insurance sector |
Legitimate interests |
Accessibility and dietary requirements – explicit consent |
|
Handling feedback, managing complaints and improving our services |
Legitimate interests |
Rarely applies – if so, explicit consent |
|
Managing relationships with third party service providers and other stakeholders, including partners
|
Legitimate interests Contract |
|
|
Complying with legal or regulatory requirements |
Legal obligation
|
Legal claims Regulatory requirement relating to unlawful acts or dishonesty |
|
Establishing, enforcing and defending our legal rights, including pursuing remedies or limiting our damages, obtaining legal or other professional advice
|
Legitimate interests |
Legal claims
|
|
Protecting our business with security and entry systems |
Legitimate interests
|
Prevention/detection of unlawful acts
|
|
Managing proposed restructuring or merging of the ABI |
Legitimate interests |
Legal claims |
|
Ensuring compliance with our IT policies and network and information security, and any other relevant policies |
Legitimate interests |
|
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Who we share your information withlawful bases for using your personal information
We share your information with third-party service providers, where they reasonably require it to perform their obligations or in order to enable us to achieve the objective of our processing. The service providers include:
- our event organisers;
- our event sponsors;
- our professional advisors;
- our service providers, including our IT and back-office systems.
We may also share your contact details in respect of limited attendance meetings and other events you are present at, for example in connection with minutes of such meetings and events, and generally provide attendee details to speakers at our events.
We may share your information with our members, if it is necessary to do so to respond to any matter you raise with us.
We may share your personal information with other third parties as required by law.
Transferring information outside the UK
Where needed in order to enable us to achieve the objective of our processing the data as described above, we may transfer your personal information to third parties outside the UK. Where we do so we will only transfer your personal information to third parties outside the UK if that third party (a) is situated in a country that has been confirmed by the UK government to provide adequate protection to personal information, or (b) has agreed (by way of written contract) to provide all protections to your personal information as required by data protection legislation. Any query concerning this should be addressed to our Legal team, whose details are set out in the final paragraph of this notice.
Sometimes, third parties acting on our behalf, such as our IT support service providers, may need to transfer personal information outside of the UK. We will take steps to ensure that third parties have put in place appropriate safeguards to protect your personal information if it is transferred outside of the UK. This might include checks to ensure that data is transferred to countries that are considered to provide adequate levels of protection, or that there are appropriate contractual terms and security measures in place.
How long we keep personal information
We will retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and for as long as we have a business reason for doing so. If you require further information on this, please contact us using the details under the 'Further Information' section.
Your data protection rights
Under UK data protection law, you have a number of rights regarding your personal information. The lawful basis we rely on may affect which data protection rights apply, but we have set out in brief your general data protection rights. You can find out more information about your rights and any exemptions that might apply on the ICO's website:
- Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
- Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
- Your right to erasure - You have the right to ask us to delete your personal information. You can read more about this right here.
- Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
- Your right to object to processing - You have the right to object to the processing of your personal data. You can read more about this right here.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
- Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.
Please contact the ABI’s Legal team ([email protected]) in writing for further information about these rights.
You will not generally have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Further information
If you have any questions about how we process your personal information, please contact the ABI’s Legal team ([email protected]). We hope that we will be able to address any questions or concerns you may have. However, you also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at www.ico.org.uk.
Version updated: July 2025