Data Retention Policy
Your personal information will be stored either for as long as you (or your joint policyholder) are our customer, or longer if required by law or as necessary to defend ourselves against legal action. Generally we will continue to hold your information for 30 years after you cease to be our customer. This is in order to manage any potentially long running disputes, in order to provide appropriate compensation to legacy holders of policies which have lapsed or to compensate customers in the event of a tax refund.
The General Data Protection Regulation does not set out specific periods for which personal data should be retained by data controllers. However, Article 5 provides that data should be obtained only for specified, explicit and legitimate purposes, and should not be kept longer than is necessary for those purposes. This requires PIA to have a clear policy about the length of time for which personal data will be kept and justifiable reasons why the data is being retained.
PIA has also carried out and documented a Data Privacy Impact Assessment in relation to the data retention period noted above in line with the Article 29 Working Party Guidelines on Data Protection Impact Assessment. The Guidelines include measures which contribute to necessity and proportionality such as:
- Clearly identifying the specific and legitimate purpose for the processing and the appropriate legal basis;
- Ensuring the data is adequate and relevant to what is necessary;
- Limiting storage duration and any other measures that contribute to an individual's rights.
If you would like to exercise any of your rights as noted in Part E of the Privacy Fair Collection Notice in relation to your personal data, you can contact us at the details noted in the 'Contact Us' section of the notice.
Dated: 25 May 2018