We use your personal information to provide you with an insurance policy and other services that you or other family members obtain from us and to provide you with the right services based on your situation. So, for example, if you have a problem, we make sure the right network of providers and specialists are assigned to you, and we can also update you quickly on the progress and cost of your claim and keep you safe from fraud. However, there are several other reasons why we use your personal information; please see below for a more detailed list.
We may process your personal information for several different purposes, and these are set out in more detail below covering a full range of products and services. Under data protection laws we can only process your information where we have one or more valid legal basis or condition for doing so, as set out in the law. We have set out below the main reasons/purposes we process your personal information for, the types of personal data involved and the applicable legal basis when we do so.
When the personal information we process about you is classed as sensitive personal information (‘Special Category Personal Data’ such as health, disability or religious beliefs data), we must have an additional legal basis or condition for such processing, as set out in the law, like enabling us to protect your vital interest, support a public interest (including for provision of insurance) or ask for your consent.
- Processing of personal and sensitive personal information is necessary in order for us to provide your insurance policy, benefits or other services, such as assessing your application and setting you up as a policyholder, administering and managing your insurance policy or benefits, providing all related online and offline services including various types of assistance, providing a quote, receiving, handling and paying claims and communicating with you. In these circumstances, if you do not provide such information, we may not be able to offer you a policy, service or process a claim.
- We may use cloud (technology) storage solutions within the United Kingdom and Europe which are chosen to ensure efficiency and improved performance through up-to-date technology. In some instances, we may consider using similar technology located outside these areas or technical support may be provided from other areas. In all cases where personal data is transferred to a country which is deemed not to have the same standards of protection for personal data as the UK and EU, AXA will ensure appropriate safeguards such as UK regulator approved Standard Contractual Clauses and further contractual, organisational and technical measures (as may be required following an assessment of the risk) have been implemented to ensure that your personal information is protected.
- Where we have a legal or regulatory obligation to use personal information, for example, when our regulators, including the Financial Conduct Authority (FCA), the Prudential Regulatory Authority (PRA), and our data protection regulators, the Information Commissioner’s Office (ICO) and Data Protection Commissioner (DPC) wish us to maintain certain records of any dealings with you.
- Where we need to use your personal information to establish, exercise or defend our legal rights, for example when we are faced with a legal claim or where we want to pursue any legal claims ourselves.
- Where we need to use personal and sensitive information for reasons of public interest, such as investigating fraudulent policyholder applications or claims.
- Where you have provided your consent to our use of your personal information. We will usually only ask for your consent in relation to processing your sensitive personal information (such as health data or medical data) or when we would like to provide marketing information to you (including information about other products and services). We do not always need your consent to process your sensitive personal information, but where we do, we will make this clear at the point you provide your personal information. Without your consent, in some circumstances, we may not be able to provide you with cover under a policy or handle a claim, or you may not be able to benefit from some of our services. If consent is provided and then withdrawn, this will not affect the processing carried out before the withdrawal.
- Where we need to enforce compliance with policy terms, website terms or other terms relevant to our relationship and the provision of insurance products and services.
- Where we have appropriate legitimate business interests/needs to use your personal information such as maintaining our business records, developing and improving our products and services, managing and protecting computer systems and networks, maintaining information security and business continuity, all whilst ensuring that such processing does not interfere with your rights and freedoms and does not cause you harm.
- When required, we anonymise or pseudonymise (mask) personal information so that individuals cannot be identified, before we use it for management information and analysis of our products and services. Analysis of this information provides us with insights about our business, and with opportunities to improve our products and services and the health and wellbeing of the people who use them. This analysis also allows us to demonstrate the value of the services we provide to our clients and business partners. The way that we anonymise personal information aligns with regulatory guidance and is achieved using different techniques, for example removing identifying data or overwriting it with randomised non-identifiable data. Anonymisation still constitutes use of your personal information and so to do so lawfully, we rely on the legal ground that was used when your data was originally collected.
- Where we need to use your sensitive personal information such as health data because it is necessary for your vital interests, this being an urgent medical or ‘life or death’ matter.
You will find details of the purposes for processing, types of personal data involved (refer to the ‘What personal information do we collect?’ section for additional info) and legal basis we rely on for each type of personal data processing below.
Detail Section 1 - How we use other AXA entities and third parties to provide travel assistance services
We share your personal data with other companies to settle claims and provide a service, including the provision of emergency assistance or recovery services, under your insurance policy.
Travel assistance cases are overseen by a specialist team within AXA Partners, who utilise other AXA teams and entities, as well as selected third parties to provide the required assistance services in the UK, EEA or worldwide. See section below on ‘Who do we share your personal data with’ for more information. Depending on the context, those providers may act as data controller or data processor (i.e. either where they determine the processing of the information or only at our instruction/on our behalf).
Depending on the product or service you have, we will share details such as your name, address or location, number of passengers, travel information, and other details and circumstances of the relevant incident. These details may include sensitive personal data relevant to the service they are providing, such as the health, vulnerabilities or religious beliefs of the individuals involved in the incident.
Detail Section 2 - How we use details about your vulnerable characteristics when providing a service
We will request information on vulnerabilities that you, your dependants or other individuals receiving services or involved in the assistance case have. This information will be collected and processed based on yours and their consent. If you provide us with details relating to other individuals, please ensure such individuals are aware that we will use their details for the purposes of the insurance claim or service request, that they provide consent to you for this and direct them to this privacy policy for more information.
Information relating to potential vulnerabilities will be shared with third parties only where required to effectively manage an assistance case and will not be used beyond that. We have strict controls in place around who can access this data, where it is held and when it is deleted.
Detail Section 3 - How we use and share personal data with our business partners, clients, and distributors?
Where you purchase insurance products and services from one of our business partners, they will share certain personal information with us to enable us to manage policy validation, claims handling, and other services on their behalf, including but not limited to name, address, email address, policy number, and for travel products, medical conditions.
As part of the business relationship, information about claims and complaints is shared by us to the business partner on a regular basis. Where possible some or all this data is aggregated, pseudonymised or anonymised beforehand.
The business partners you purchase the product from are usually an independent data controller working in conjunction with us, which means they are responsible for the processing that they conduct and will provide information on this in their privacy policy – available in the policy documentation or via their website.
Detail Section 4 - How AXA uses your information to prevent, detect and investigate fraud
AXA has a range of processes that are conducted to help detect, investigate, and prevent fraudulent activity, by our customers, suppliers, and business partners. These are managed by specialist teams within AXA Partners entities and across the AXA Group. They include checking databases and registers, sharing information with and receiving from third parties (including private investigators). See the “Who do we share your personal data with’ section for more information.
We also make use of AI capabilities to enhance our fraud detection, for example in helping us determine document validity. See the section below on AI for additional information.
Detail Section 5 - How we use personal data to meet sanction screening and anti-money laundering obligations
AXA has a range of processes that are conducted to help meet our obligations relating to sanctions screening and anti-money laundering obligations. This will involve processing identification information and documentation, relating to our customers, suppliers, and business partners. These are managed by specialist teams within AXA Partners entities and across the AXA Group. They include screening personal information against formal sanctions lists via a system called NetReveal, with alerts of potential matches being handled by AXA Global Business Services located in India. We take appropriate measures to ensure the data remains protected to an adequate level. See the ‘Who do we share your personal data with’ section for more information.
What is Artificial Intelligence (AI) and how do we use it?
Artificial Intelligence is an umbrella term for a range of technologies that replace manual processes and solve complex tasks by carrying out functions that previously required human action. Tasks that we have traditionally done by thinking and reasoning are increasingly being done by, or with the help of, AI.
We use AI to support our existing activities. This means that how we collect your personal information and the types of personal information we use do not change. To use AI, we combine information you have provided to us directly, information we derive about you from your use of our services or your interactions with us, and information from other people and organisations. We use AI for different purposes, some of which are explained in more detail below.
Supporting processes to provide customer service
We provide virtual assistants and chat bots, so you have a choice of methods to communicate with us, especially out of office hours. The virtual assistants and chat bots may use elements of AI, for example by understanding your questions and guiding you to or presenting you with appropriate help content and information or transferring you to an adviser.
Administration & detection
We may use AI for wider processes that support claims management services, such as indexing the documents that support your claim to your customer record and reviewing documents as part of our fraud detection process.
Customer feedback & surveys
We may use AI to analyse information from customer surveys, feedback forms, calls, and complaints to understand how satisfied our customers are with our products, service, and communications. For instance, we use AI to classify whether a comment or review is positive or negative and what the comment or review is focussed on (e.g. customer service, coverage, claims, etc). This helps us to optimise customer journeys and improve products and services.