Home

Privacy policy

1. Introduction 

 1.1 Who are we? 

The Just group of companies (‘Just Group’) consists of: 

  • Retire Different Limited
  • Just Direct Limited
  • Just Group plc 
  • Just Retirement Limited 
  • Just Retirement Money Limited 
  • Just Retirement Management Services Limited 
  • HUB Financial Solutions Limited 
  • HUB Pension Consulting Limited 
  • Partnership Life Assurance Company Limited 
  • Partnership Services Limited 
  • Partnership Group Holdings Limited 
  • Partnership Home Loans Limited

Where one of our companies processes your data, it will be registered with the Information Commissioner's Office, the data protection regulator in the UK. 

This privacy policy is issued on behalf of the Just Group, so when we say “Just”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the Just Group responsible for processing your data. 

When you purchase a product or service with us, we will tell you which Just company is the data controller of your personal data. 

1.2 Purpose of this notice 

Here at Just Group, we take the protection and privacy of your personal information very seriously. We want to be clear about what personal information we hold and how we use it, so we have developed this policy because we want you to feel confident about the privacy and security of your personal information. 

We pride ourselves on being honest and transparent about how we use your data and ensure that we continue to use your data fairly and lawfully. 

1.3 Who is this notice for? 

This document is intended for anyone who provides their data to Just. You might be classified as any of the following: 

  • website user; 
  • app user; 
  • potential customer; 
  • existing customer; 
  • former customer; 
  • general consumer; 
  • beneficiary of a product; 
  • member of a bulk purchase annuity scheme; 
  • dependant of a customer; or 
  • someone who makes a call to one of our contact centres. 

2. Your data 

2.1 What information do we collect? 

Quick overview: 

We collect the following types of information when you engage with us: 

  • contact; 
  • personal details; 
  • health and/or medical details; 
  • other ’special category data’; 
  • vulnerability, including health information; 
  • bank and payment details; 
  • identity checks and evidence; 
  • criminal conviction data; 
  • technical and usage; 
  • contact centres and call recordings; 
  • marketing preferences; or 
  • market research, feedback and user experience. 

We may also collect this data from other third parties as necessary. 

To use your data, data protection laws say that we must have a suitable lawful basis to do so. At least one of the below must apply at all times: 

  • contractual duty; 
  • legal obligation; 
  • legitimate interest; 
  • public interest; 
  • vital interest; or 
  • consent. 

See the sections below for further information on what information we use, why and the lawful basis for doing so. 

2.1.2 Contact 

We ask for these details so that we know who you are and how we can contact you, either if we need to or you have asked for us to: 

  • your name; 
  • where you live (including previous addresses); 
  • your contact details such as telephone number, email address or postal address; or 
  • third party contacts (e.g. an attorney under a Power of Attorney document, solicitors, or anyone that has been appointed to legally act on your behalf). 

We use this information to ensure that we can provide you with the products or services you have asked for, and to communicate with you about them. 

Lawful basis: contractual duty, legal obligations, legitimate interest and/or consent. 

2.1.3 Personal details 

These are some of the extra details that we ask for or gather, to understand more about you and how our products and services can best suit your needs. You might also provide this information through our application forms, contact forms or live chat. 

  • age and/or date of birth 
  • sex 
  • gender 
  • family details 
  • financial details 
  • lifestyle and social circumstances 
  • health details 
  • employment 
  • visual images and personal appearance 

We may sometimes need to collect these details about other people linked to you, such as an attorney (under a Power of Attorney), dependant or spouse. In these cases, you might provide this information to us on behalf of that person, or we may ask the person for these details directly. 

Lawful basis: contractual, legal obligations, legitimate interest and/or consent. 

‘Special category data’: explicit consent or substantial public interest. 

2.1.4 Special category 

From time to time, we may need to obtain and use data about you that is considered to be more sensitive that other information about you, and this is referred to as ‘special category data’. The data protection laws say that we must treat this type of information with more care and must meet more criteria to be able to use it. 

‘Special category data’ can include information directly relating to, or inferring, about you (or another’s): 

  • health; 
  • race or ethnicity; 
  • religious or philosophical beliefs; 
  • trade union membership; 
  • sex life; 
  • sexual orientation; 
  • genetic data; or  
  • biometric data (where used for identification purposes). 

We’ll only process this type of information where you give us your explicit consent to do so, or there is an exception which requires us to do so (such as to comply with a legal requirement or investigation). For example: 

  • Where you have given us explicit consent to do so. This means that you have given us permission to use your data for a specific purpose and have had to take a positive action to allow this (such as providing a signed statement or ticking a box to confirm). 
  • Where there is a need to process your special category data in line with providing you with services or products relating to insurance or occupational pensions. In these instances, we will not ask for explicit consent to use your data, but we are limited in its use. 
  • Where there is a need to safeguard the economic wellbeing of certain individuals. 
  • Where there is a need to prevent fraud. 

Lawful basis: consent, contractual, legal obligation and/or legitimate interest. 

‘Special category data’: explicit consent or substantial public interest. 

2.1.5 Health and/or medical information 

Occasionally, we may need to ask you for information about your health or medical conditions, both past and present. There are a few reasons that we may need to do so: 

  • The product that you're enquiring about, or purchasing is based on medical underwriting, and we are required by law to ask you about your health. 
  • The product that you're enquiring about or purchasing may be enhanced by medical underwriting, and you may be able to get a better deal by providing us with your medical information. 
  • You have a medical condition or symptoms that mean you require extra support from us to help you access our products and services. For example, you may experience hearing loss that means you prefer to be sent letters rather than receive phone calls from us. 

Unless we are required by law to ask you for and use your health data, we’ll only ever record your data where we have your explicit consent to do so, and only use it for a specific reason. For more information about what counts as health data and other ‘special category data’, please see our ‘Definitions’ below. 

2.1.6 Vulnerability 

We want to ensure that everyone can access the products, services and help that they need, when they need it, in a way that works for them. 

Sometimes, this means that we need to process some of the following information about: 

  • your mental and physical capacity; 
  • financial circumstances; 
  • life events; or  
  • health details. 

Lawful basis: legal obligations, legitimate interest and/or consent. 

‘Special category data’: explicit consent and/or substantial public interest. 

2.1.7 Bank and payment details 

We may need to hold your bank account details and other payment details, to make payments to you or to service the products we provide. For example, we may have your: 

  • bank account number;  
  • sort code;  
  • information about one-off or regular payments and withdrawals; or  
  • changes that you make to your products or account. 

Lawful basis: contractual and/or consent. 

2.1.8 Identity checks and evidence 

Depending on the service or products that you use, we may be required to confirm your identity to meet our regulatory and legal requirements. We do this through electronic verification services but may occasionally need to obtain further information from you directly. 

We may ask you to provide us with originals or copies of your identity documents, which contain your personal data and could ask for the following: 

  • passport; 
  • driving licence; 
  • birth certificate; 
  • marriage certificate; 
  • court-issued documents; or 
  • other legally or officially certified documents. 

We’ll ask for these documents when we require additional information to verify your identity, or where we are required to request and verify these by laws. We’ll only ever ask for this information when it is necessary to do so. 

Lawful basis: contractual, legal obligation and/or consent. 

2.1.9 Criminal conviction data 

As part of our legal requirements, we may be required to run searches on you or store data about any criminal convictions, offences and/or related security matters that may be associated with you. It covers not only convictions, but any suspicion or allegations of criminal activity too. 

Data protection law states that we can only use this information in limited circumstances and ensures that extra protection is given to this type of data. 

Where we can, we’ll always ask for your consent to process this information, however in some circumstances we may be required by law to obtain this information. 

Lawful basis: explicit consent or legal obligation (and ‘substantial public interest’ conditions). 

2.1.10 Technical and usage 

When accessing any of our websites, online services or mobile phone apps (including live chat functions), we may obtain the following information: 

  • details about the current device you're using;  
  • details about the technology you're using to access our sites;  
  • your IP address;  
  • your MAC address; 
  • the location from which you're accessing our sites; 
  • location services of your operating system or browser; or 
  • analytics about how you use our site, such as the pages that you visited, the amount of time you spent on the site and what you clicked on. 

This information helps us to keep everything working as it should, keep our technology and your data safe and provide useful insights to help improve our services. 

We obtain a lot of this information through cookies, and more details are available within our Cookie policy

Lawful basis: legal obligation, legitimate interest and/or consent. 

2.1.11 Tracking and analytics on our app and website 

Just's mobile app uses a library of different technologies to provide tracking and analytic information, such as Software Development Kits (SDKs) and Application Programming Interfaces (APIs). These technologies are embedded in the app and allow us to collect data about the app, activity in the app and the device that the app is running on. They are contained within the codebase of our application and when they are activated, they will run in the background of the app as you use it. The analytics they generate are used for identifying and fixing issues, product development and understanding user needs. 

We define the SDKs (and other similar technologies) that we use into two types: ‘strictly necessary’ and ‘optional’. 

Strictly necessary 

These SDKs are defined as ‘strictly necessary’ because they help us to keep everything working as it should and keep our technology and your data safe. We need to apply these to ensure our app meets regulatory standards. These cannot be turned off by anyone using the app. 

Our app and website use the following ‘strictly necessary’ SDKs: 

Dynatrace: receives information about app and website performance and health to provide monitoring and assist maintenance of the application and underlying systems. 

Lawful basis for strictly necessary SDKs: legal obligation and/or ‘strictly necessary’ exemption. 

Optional 

These SDKs are defined as ‘optional’ because we’ll only ever activate them if you give us consent to do so. We obtain your consent when you first use our app, and your consent preferences can be updated at any time in our app settings. We use these SDKs to collect information about how you're using our app (including your interests and preferences) to improve and personalise your experience, and to provide insight for developing our products and services. 

Our app and website use the following ‘optional’ SDKs: 

  • Fullstory: collects information about how users are interacting with our app and website with the purpose of improving the user experience and developing the product. 
  • Firebase analytics: collects information about how users are interacting with our app with the purpose of improving the user experience and developing the product. 

Lawful basis for optional SDKs: consent. 

2.1.12 Contact centres and call recordings 

When you call our contact centres, we record all of our calls for training and monitoring purposes. In this case, we record: 

  • the telephone number you're calling from; 
  • the date, time of and duration of your call; 
  • notes about the nature of and a summary of the call; and 
  • your voice. 

Lawful basis: consent and/or legitimate interest. 

2.1.13 Marketing and marketing preferences 

We’d like to keep you up to date on relevant information, articles, events, services and products that we think may be of interest to you. We’ll only ever send you marketing communications if we have your consent to do so. We’ll always ask for your marketing preferences at the first available opportunity. You're entitled to say “no” at any time, if you don’t want to receive marketing information. 

We may contact you in the following ways: 

  • email; 
  • telephone call; 
  • text message (SMS); 
  • in-app notification; 
  • push notifications; or 
  • postal services. 

We may also use your personal data to tailor our marketing communications to you. For example: 

  • Using information about your age, we may send you marketing emails about pension drawdowns if you're approaching your 55th birthday. 
  • Based on what you enquired about, we may send you marketing for products and services that meet your needs, including those from approved partners. 
  • You have the absolute right to object to marketing and can update your preferences at any time by contacting us directly. We’ll never sell your data for marketing purposes. 
  • In line with the Financial Conduct Authority’s Consumer Duty standards, we’re required to send you ‘transactional’ communications which are factual only and are separate to marketing emails. 

Lawful basis: consent and/or legitimate interest. 

2.1.14 Market research, feedback and user experience 

We may also ask you to take part in market research or to provide your feedback and opinions. In this case, we’ll use your contact details to contact you and will record your responses. 

Lawful basis: legitimate interest or consent. 

 2.2 How do we use your information? 

Quick overview 

We'll only ever use your data for a specified purpose (known as a ‘lawful basis’). 

We may obtain your data from you directly, or a relevant third party where appropriate. 

We’ll keep your data only for as long as is necessary, in line with our retention policy and regulatory requirements. 

If we need to share your data with anyone else, we only do so where it is absolutely necessary and will ensure the safety and security of your information at all times. 

If we need to share your data with anyone outside of the UK or EEA, we will take additional safeguarding measures as directed by the UK GDPR. 

We sometimes use AI, automated processing and automated decision making in our processes, and will inform you of this when we do. 

2.2.1 Where do we get your information from? 

We may obtain your personal data from any of the following places: 

  • from you directly; 
  • from a legally appointed third party, such as a solicitor or an attorney acting under a Power of Attorney document; 
  • from your financial intermediary or adviser; 
  • from a doctor or other authorised medical professional; 
  • from a family member or friend (for example, where you have been named as a beneficiary on someone else’s policy); 
  • from official sources, such as HMRC, DWP and social services; 
  • from other third parties, such as partner companies or identity verification sites; 
  • if you visit our websites, we may obtain information about you through the cookies on the site; 
  • if you use our app, we may obtain information about you through SDKs and other analytic tools; or 
  • other online trackers. 

2.2.2 How long will you keep my data for? 

We’ll only ever keep your data for as long as it is required, and this may differ depending on the reason we asked for or required your information in the first place. However, our standard retention periods are: 

  • up to 18 months for enquiries of services, products or advice that is not proceeded with; 
  • up to 7 years after the end of the product, service or contract; 
  • indefinitely for telephone; and 
  • indefinitely for defined benefit pensions where a transfer has occurred or been advised. 

2.2.3 Sharing and transferring data 

We may share your personal information with other companies within the Just Group. We do this for a number of reasons, such as: 

  • to provide you with our products or services, where they are offered by different or multiple companies in our group; 
  • ensuring that your experience is a more personalised, streamlined service; 
  • for marketing purposes, to tell you about other products or services that we offer; 
  • keeping accurate records and your information up to date; 
  • management information purposes;  
  • information security; or 
  • regulatory requirements. 

In order to provide you with our products and services, we may need to share some of your personal data with other companies. This is likely to be: 

  • Other financial companies that we work with to provide our services, such as intermediaries, brokers, providers, underwriters and reinsurers. 
  • Our technology providers, or other support services such as product administration, IT support services, data analysis, etc. 
  • Companies that process payments on our behalf. 
  • Regulators and/or public authorities, who have a legal right to request and process your personal information. 
  • Other companies in the event we undergo a reorganisation or are sold to a third party. 

We may also disclose your personal information if legally entitled to or required to do so, for example if required by law, or by a court order, or if we believe that such action is necessary to prevent fraud or cybercrime or to protect the right, property or personal safety of any person. 

These companies are required to process personal information about you in accordance with the current data protection laws and any successor legislation. 

We’ll never sell your data for marketing purposes. 

2.2.4 Transfer of data outside the UK 

We may be required to transfer your personal information to product providers and/or other third parties who help us to run our day-to-day business or provide our products and services. Sometimes, these recipients (or their processors) are based outside of the UK and may not be held to the same high standards of data protection laws or regulations as we are. 

Therefore, we may need to rely on a recognised legal adequacy decision or appropriate safeguarding mechanism, to ensure that your data is treated securely and in accordance with our privacy policy. 

If your information is transferred outside of the UK, we’ll ensure that your data remains properly protected in accordance with best practice and this Privacy policy. 

2.2.5 Automated decision-making and profiling 

Automated decision-making involves using data, analysis and algorithms to make decisions. It can also include what we commonly consider to be ‘artificial intelligence’ solutions (‘AI’). 

There are times when we use automated means to make decisions (without a human or human intervention) that may have a significant impact on you. For example: 

Running anti-money laundering and sanctions checks, as part of our legal requirements. 

Quotes, underwriting, lending and actuarial calculations to determine what products and rates we can offer to you. 

Whilst it’s necessary for us to do this to be able to enter into a contract with you (for our products and services), you have the right to request that a member of our team reviews any of the decisions made through automated means, and to challenge any decisions that we make in this way. 

 

3. Your data rights 

Under data protection law, you have specific rights about your data and how your data is used. These rights are: 

  • Your right of access  
  • You have the right to ask us about the information we hold about you, how we use it and for copies of your personal data. 
  • Your right to rectification  
  • You have the right to ask us to correct personal data that you think is inaccurate. You also have the right to ask us to complete information that you think is incomplete. 
  • Your right to erasure  
  • You have the right to ask us to erase your personal data in certain circumstances. 
  • Your right to restriction of processing  
  • You have the right to ask us to limit the processing of your personal data in certain circumstances. 
  • Your right to object to processing  
  • You have the right to oppose to the processing of your personal data in certain circumstances. 
  • Your right to data portability  
  • You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances. 
  • Your right to withdraw consent  

When we use consent as our lawful basis you have the right to withdraw your consent. 

If you make a rights request, we have one calendar month to respond to you. That time may be paused if we need any additional information to confirm your identity. 

Requests for copies of your personal information will normally be provided free of charge. However, where requests are repetitive, or manifestly unfounded or excessive, we may charge you a reasonable fee to cover the administrative costs of providing the information or may refuse to act on the request. 

To make a data protection rights request, please contact us using the contact details in section 4 of this privacy notice. 

For more information of your rights you can contact the data protection regulator, the Information Commissioner's Office (ICO) – www.ico.org.uk 

4. How to contact us 

 You can contact us at any time for any of the following: 

  • questions or comments about this privacy notice; 
  • ask for more information about how your data is used, 
  • change your preferences, 
  • exercise any of your data rights; and/or 
  • express a concern. 

Email: dataprotection@wearejust.co.uk 

Post: 

Data Protection Officer, Just Group plc, Enterprise House, Bancroft Road, Reigate, Surrey, RH2 7RP 

5. How to contact the ICO 

We are regulated by the UK data protection regulator, the Information Commissioner's Office (ICO). 

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also make a complaint to the ICO. 

You can contact them in the following ways: 

Post: 

Information Commissioner’s Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

  

Telephone helpline: 0303 123 1113 

Website: www.ico.org.uk/make-a-complaint

6. Definitions 

6.1 What is personal data? 

Under the UK GDPR, ‘personal data’ is referred to as ‘information relating to an identified or identifiable natural person’. Really, it’s just information about you. 

We collect and use both ‘personal data’ and ‘special category data’. 

Personal data can include (but is not limited to): 

  • name; 
  • date of birth and/or age; 
  • residential address; 
  • email address; 
  • telephone number;  
  • location or tracking data, such as IP address;  
  • National Insurance Number (NINO), passport number and other unique identifiers; 
  • policy number; or 
  • factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity. 

‘Special category data’ can include information directly relating to, or inferring, about your (or another’s): 

  • health; 
  • race or ethnicity; 
  • religious or philosophical beliefs; 
  • trade union membership; 
  • sex life; 
  • sexual orientation; 
  • genetic data; or  
  • biometric data (where used for identification purposes). 

6.2 What is processing? 

‘Processing’ refers to any action that we take with your personal data. It includes (but isn’t limited to): 

  • obtaining; 
  • recording (either electronically or on physical documents); 
  • storing; 
  • amending; 
  • organising or restructuring; 
  • sharing (both internally and in some instances, with other companies); 
  • accessing; 
  • using your data in quotations, policy administration, analysis and reporting; or 
  • deletion. 

6.3 Lawful basis 

Whenever we collect or use your personal data, we must have a valid reason for doing so. This reason is known as a ‘lawful basis’, and one of the following six bases must always apply: 

  • consent; 
  • contract; 
  • legal obligation; 
  • vital interests; 
  • public task; or 
  • legitimate interests. 

One of the aims of this Privacy policy is to ensure you know under which lawful basis we use your data, and why.