Privacy Policy

Introduction

Here at Origen, we’re committed to protecting and respecting your privacy. Looking after the personal information that we collect about individuals is our top priority. We want you to be confident that your information is in safe hands. So, we’ve developed this Privacy notice to explain how we use the personal information that we collect in relation to our retirement, investment and protection advice and services.

Most personal information we collect relates to the individuals who are provided with financial advice. However, in certain circumstances we may obtain some personal information about other individuals. For example for:

your partner, in relation to your financial situation, or life cover;
a beneficiary you nominate for your product;
parents and/or grandparents of a minor for whom we advise a certain suitable product should be taken out;
potential beneficiaries, in the event of a death, so we can determine who we should arrange providers to pay any funds to;
any legal personal representatives (where applicable);
anyone holding a lasting power of attorney or similar.

We’ll process their personal information in accordance with this Privacy notice.

Our data security policies mean that we hold all personal information securely and limit access to those who need to see it in line with our obligations under data protection law.

Contact details

If you have any questions about this notice or data protection, please contact our Data Protection Officer.
Write to: Data Protection Officer, Origen Financial Services, Second Floor, Ascent 4, 2 Gladiator Way, Farnborough, GU14 6XN.

Email: compliance@origenfs.co.uk

If you’re contacting us by email please remember not to send any personal, financial or banking information because email isn’t a secure method of communication. If you decide to send information in this way, you’re doing so at your own risk as there’s no guarantee that any email sent by you to us will be received or remain private during transmission.

How we obtain the personal information

You or someone representing you, for example, your attorney, will provide us with personal information about you. Where you are a member of a Defined Benefit pension scheme and have been contacted regarding a pension liability management project, we’ll receive some information about you from the trustees of the pension scheme.

We may obtain information about you via forms, both paper-based and online, or by phone, email, social media tools or otherwise.

You can find additional information on the more common ways we capture your personal information below:

Method	Description
From you or your attorney	We obtain personal information about you through our initial fact finding meetings with yourself, where the adviser will ask specific questions to enable suitable advice to be provided.
Electronically from your employer or existing scheme trustees	Where you are part of your employer’s pension scheme, we’ll obtain personal information about you from either your employer or the nominated scheme trustees to administer the scheme appropriately. This information is usually sent to us electronically.
Competitions or surveys	If you enter any competitions or take part in a survey, we’ll need to capture some minimal personal information from you.

We may also obtain personal information from third party sources, such as:

service providers who help us to maintain the integrity and accuracy of our data, for example:
- providing us with updated address details for customers who’ve moved house and not informed us, and
- detecting individuals who are deceased;
parties you’ve instructed to act on your behalf, for example, a family member or solicitor who is acting under a power of attorney, as well as accountants, lawyers and other professional service firms that you’ve given authority to;
regulators, such as the Information Commissioners Office (ICO), the Pensions Regulator (TPR), the Financial Conduct Authority (FCA) and the Financial Ombudsman Service (FOS);
financial crime detection agencies, sanction lists and databases;
government agencies and bodies, such as the courts, the Department for Work and Pensions (DWP), HM Revenue & Customs (HMRC) and the police.

The types of personal information that we collect

The type of personal information we process about you will depend on the type of service or interaction we have with you, but could include the following. This list is non-exhaustive:

Category	Data Type
Contact information	Home address, email address, telephone (home and mobile) number
General	Name, nationality, date of birth, marital/relationship status, policy/plan number
Financial	Bank account/card details, transactional/contribution information, tax details, fund values
Government identifiers	Passport, ID card or Drivers Licence number (including copies of these for identification purposes), National Insurance number
Sensitive Personal information	Gender, health data (both physical & mental), racial or ethnic origin, sexual preference/life, religion or philosophical beliefs We don’t necessarily request all these data types – some may become available to us indirectly via other means, for example, through information during a phone call or meeting with our adviser.
Authentication	Login credentials
Vulnerability	Details regarding life events (including aspects such as health, personal circumstances etc.) that will help us to identify if you are someone who may be classed as vulnerable so we can best meet your needs
Crime, fraud and sanctions	Criminal offences/convictions (including alleged), information received via sanction lists and fraud databases
Employment	Job title, salary, length of service
Marketing (including surveys and competitions)	Marketing preferences (opt in or out), responses to surveys including those relating to your customer experience, responses to competitions
Device information	IP address, location data, unique device ID

Sensitive personal information

There will be occasions where we’ll ask for (or receive) sensitive personal information, also known as special categories of personal data. This consists of information relating to:

health (for example, a medical condition)
racial or ethnic origin
religious or philosophical beliefs
genetic or biometric data
sex life or sexual orientation
political opinions
trade union membership
criminal convictions and offences

An example of the type of situation where we’ll capture sensitive personal information about you is if we advise you on the suitability of a Protection product with us, for example, life or critical illness cover. As part of that process, we are required to capture some health information so we can assess and identify applications that may have an increased risk and where appropriate, determine the rate of premium or whether special terms are required.

The most common types of sensitive personal information we process are:

health information: this could include information contained within medical reports, test results, details of your physical and/or mental health condition (previous and existing), medication prescribed to you, medical diagnoses, details of any treatment plans, personal behaviours, such as alcohol consumption and smoking (where applicable), and
criminal information: for the purposes of detecting or preventing financial crime, we may obtain information relating to criminal activity such as suspected fraud and criminal convictions.

we may also process other types of sensitive personal information simply because it can be derived from other information provided to us. An example could be where information relating to an individual’s sexual orientation can be deduced when the gender of their spouse is collected.

How we use personal information

We have listed below the ways in which we will use the personal information that we collect:

Category	Purposes
General	Assess financial requirements and suitability of products Communicate with you and other parties Administration when a plan or policy has been set up Provide services to any arrangement, trust or scheme that your plan or policy is part of; Produce and issue all necessary and regulatory documentation to meet ongoing servicing commitments Make any corrections/updates to personal information where required – for example, change of name or address Manage complaints and feedback Manage and respond to questions Improve our services, provide staff training and maintain information security, including recording and monitoring of telephone calls Manage our business operations, including conducting internal audits and reviews, financial analysis and producing management information *Testing of our IT systems, however if we do this, all personal information will be anonymised
Regulatory	Detect, prevent and investigate fraud and other financial crime activities by conducting anti-money laundering, fraud and sanction checks Comply with all of our regulatory, legal and professional requirements, including co-operating fully with regulatory bodies, such as the Financial Conduct Authority, Information Commissioners Office, the Pensions Regulator, and other government bodies Help us to identify vulnerable customers, to enable us to better meet their needs and meet our regulatory responsibilities as to how we treat these individuals Manage any requests where an individual chooses to exercise any of their rights
Marketing and data analysis	Production and issuing of marketing materials, including running promotions. We keep a record of the policies you hold, and may use your information to let you know about other products and services that might be of interest to you from Origen Financial Services Limited. If you don’t want to receive this kind of information, you can let us know at any time by writing to Client Services, Origen Financial Services, Second Floor, Ascent 4, 2 Gladiator Way, Farnborough, GU14 6XN , by emailing clientservices@origenfs.co.uk or by calling 0344 209 3925 (all calls are charged at your phone company’s basic rate. All calls are recorded for business purposes.) Conduct customer insight, market research and focus groups, including campaign planning, creating promotional materials, gathering customer feedback and customer surveys to help us to improve the customer experience. *Conduct profiling and data analysis

Please see additional information below on some of the uses.

Profiling and data analysis

We may use some of your data to conduct profiling and data analysis to build, train and audit models and algorithms that help us to:

understand our customers better to enable us to develop products and services that most appropriately meet their needs;
ensure we present the most appropriate content to customers, and
identify instances where customers may require additional support.

We use various data types to conduct profiling and analysis and with all activities involving your information, we’ll only do this where the law allows us to.

Our analysis isn’t used to make any decisions about you directly but combined with data relating to other customers etc to enable us to make improvements to our processes and services.

Marketing consent and updating your preferences

How we will keep in touch if you are not an Origen client
If you are not a client of Origen Financial Services, we will only contact you with information about the services we offer if you have provided specific consent for us to do so.

Within every communication you receive from us, you will be provided with the option to unsubscribe from these communications. You can do this at any time by writing to Origen Financial Services, Second Floor, Ascent 4, 2 Gladiator Way, Farnborough, GU14 6XN, emailing us at clientservices@origenfs.co.uk or calling us on 0344 209 3925.

Calls are charged at your phone company’s basic rate. All calls are recorded for business purposes.

How we will keep in touch if you are an Origen client

Once you become a client and have received a service from Origen Financial Services, the information held about you may be used to contact you from time to time by post, e-mail, text messaging (SMS) or telephone in order to inform you of other relevant services which we offer.

The lawful basis under Data Protection legislation used to process this information is called legitimate interest. This means that Origen will not be collecting your consent to stay in touch with other relevant services we may offer. Instead Origen will conduct balance tests to ensure your rights as an individual under the UK General Data Protection Regulations (GDPR) and the Data Protection Act 2018 are respected.

Within every communication you receive from Origen, you will be provided the option to unsubscribe from these communications. You can do this at any time by writing to Origen Financial Services, Second Floor, Ascent 4, 2 Gladiator Way, Farnborough, GU14 6XN, emailing us at clientservices@origenfs.co.uk or calling us on 0344 209 3925. Calls are charged at your phone company’s basic rate. All calls are recorded for business purposes.

We won’t sell your personal information to other organisations for a marketing purpose.

Even where you opt out of marketing, we’ll still send you servicing communications and documentation relating to your product of which we have a regulatory responsibility to provide to you. You may also see generic advertising displayed on our website.

Cookies and similar technologies

We may use cookies and other similar tracking technologies on our websites and apps.

Our lawful bases for using personal information

Data privacy laws state that we can only process personal information if it is legal to do so. For the processing to be legal, we must have a suitable lawful basis.

This section details our lawful bases for the various uses of both personal information and sensitive personal information.

Personal information

Depending on the specific purpose, we rely on one or more of the following lawful basis:

to facilitate our fulfilment of a contract we have with you.
in order to comply with a legal obligation on us.
we have your consent.
where it’s in Origen’s legitimate interests.

Legitimate interests

Where we have a business reason for using personal information in a certain way, this is known as being in our ‘legitimate interests’. If we seek to rely on legitimate interests, we are required by law to conduct a balancing test to make sure that our interests don’t override your rights and freedoms.

The outcome of this test determines whether we can rely on legitimate interests as our lawful basis and use the personal information for certain purposes as set out in this privacy notice. If the balance isn’t met, we can’t process your data in the way we had proposed.

Where we do rely on legitimate interests, it’s because we believe our interests will be to the wider benefit of our customers and will normally relate to at least one of the following purposes:

to assess, develop and improve our advice and services.
to enable us to understand our customers’ needs.
to help us to improve our customer engagement.
to make sure we’re treating our customers fairly.
to ensure the integrity and functionality of our IT systems.
to help keep our records up to date.
to make sure we’re efficient in how we fulfil our legal and contractual obligations.

Lawful basis for our processing of personal information

Purpose	Facilitate a contract	Legal obligation	Consent	Legitimate interest
To provide suitable advice and ongoing services
Communicate with you and other parties
Manage third party relationships
Produce and issue all necessary and regulatory documentation
Facilitate withdrawals and instructions, including transfers to other providers
Make any corrections/updates to personal information where required
Manage complaints and feedback
Manage and respond to questions
Improve our products and services, including training of our staff, maintaining information security, including recording and monitoring of telephone calls
Manage our business operations
Testing of our IT systems
Detect, prevent and investigate fraud and other financial crime activities
Comply with all of our regulatory, legal and professional requirements
Help us to identify vulnerable customers
Manage any requests where an individual chooses to exercise any of their rights
Production and issuing of marketing materials
Conduct customer insight, through market research, surveys and focus groups
Profiling and data analysis

Lawful basis for our processing of sensitive personal information

As mentioned previously, there will be occasions where we’ll hold and process information which is defined as ‘sensitive’ or ‘special’. Data privacy laws only allow us to use this type of information if we can rely on a further lawful basis, in addition to the one’s shown above.

Depending on the specific purpose, we rely on one of the following lawful bases:

for reasons of substantial public interest which includes insurance purposes comprising:
the ability to provide suitable advice – for example, using health information to be able to determine the most suitable annuity product;
the ability to detect and investigate fraudulent claims – for example, using criminal records data to help to prevent and detect unlawful acts, and
for the establishment, exercise or defence of legal claims – for example, using health or criminal records as required to establish, exercise or defend legal claims;
it’s necessary to protect the vital interests of you or another party – for example, where an individual is either physically or legally incapable of giving consent.

Sharing your personal information
Our service providers

We’ll share personal information with selected service providers that carry out certain functions on our behalf. These include companies that provide services such as:

technology services, including IT administration and support, software vendors, testing and production support, platform providers.
management of both inbound and outbound communications and scanning of correspondence.
providers of marketing, research or advertising services.
banking and payroll services.
tracing of customers who we’ve lost contact with, identifying customers who have deceased etc.

For those organisations that are carrying out services on our behalf, we’ll only share information where we have a lawful basis for doing so, as described above. We’ll only share with them the appropriate level of personal information necessary to enable them to carry out the service. We contractually require all our service providers:

to keep the information safe and protected at all times, and
to only act on our explicit instructions and not use the data for their own purposes, unless it has been suitably anonymised so it’s no longer personal information.

Other parties we may share data with

It’s often necessary for us to share personal information with other third parties where we have a lawful basis to do so, such as:

regulatory bodies such as the Information Commissioners Office (ICO), Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), HMRC, Financial Ombudsman Service (FOS) and the Pensions Regulator.
product providers who administer your product.
your employer (this could be both past and present) and any party that provides services to your employer relating to the governance, administration and/or evaluation of their pension scheme, including providing advice to their members. Information, such as statistics, may be provided to your employer regarding the scheme’s efficiency, for example, to evaluate pension savings.
trustees or administrators of a trust or pension scheme to facilitate the administration of the trust/scheme.
other parts of the Aegon Group.
organisations such as credit management companies, solicitors, accountants etc who are acting on your behalf.
credit reference agencies.
sanction-checking providers, financial crime detection agencies, financial services organisations and other parties who assist with fraud investigations and/or maintain fraud detection databases. Financial or Pensions Ombudsman, where you’ve asked them to investigate a matter with us.
government agencies, such as the police and courts, who may request information relating to you – we’ll release data if there’s a lawful reason to do so.
general practitioners and other medical professionals in relation to advice we are providing. For example, obtaining medical reports to send on to product providers for the purposes of arranging and underwriting of certain products. Additional data sharing obligations

Except for the above, we won’t disclose your personal information to any third parties, except:

to the extent that we’re required to do so by law;
when protecting your interests or the interests of others or for reasons of substantial public interest;
in connection with any legal proceedings (including prospective legal proceedings);
in order to establish or defend our legal rights;
if we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer; or
if we, or substantially all of our assets are acquired by a third party, we may disclose your personal information to that third party in connection with the acquisition.

Financial crime prevention

We may disclose your information to credit, fraud and financial crime prevention agencies to enable us to verify your identity and make decisions regarding the service Origen will provide. This will be undertaken during the initial process and on an ongoing basis. Our enquiries or searches may be recorded and these agencies may supply us with financial and/or other personal information.

If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud, money laundering, tax evasion and terrorist financing.

We and other organisations may access and use the information recorded by credit, fraud, and financial crime agencies from other countries.

Automated decision making

Origen will not make automated decision making during its service to you.

Retention

We keep personal information for as long as is reasonably required for the purposes in which it was collected. Under certain circumstances, we may have to retain your personal information for longer. This is to make sure that we meet our legal, regulatory and accounting needs as set out by regulatory bodies such as the FCA and others.

In some limited circumstances, we’re required to keep some specific information for longer, for example, pension transfer information. We’ll also retain files if we have reason to believe there’s the possibility of litigation.

We have in place and maintain a retention schedule and regularly review our obligations to make sure we don’t keep personal information longer than we’re legally obliged to.

Your rights

You have several rights under data protection laws – you’ll find details of each of these below.

If you chose to exercise any of your rights with regards to your personal information, to make sure that we’re dealing with you, we may ask for evidence of identity. Where you have authorised a third party to act on your behalf, we’ll conduct the necessary checks to make sure the appropriate authorisations have been received. This is to make sure that we only disclose information to the correct and, where applicable, authorised individual or organisation.

In line with our data protection obligations, we aim to respond to all valid requests relating to your personal information within one month. There may be some occasions where it will take us longer, for example, if the request is exceptionally complex. However, in these situations, we’ll let you know as soon as possible and provide details of when we’ll be in a position to respond.

There may be occasions where we don’t have to (fully) comply with a request. In these situations, we’ll explain why we’re unable to do this.

Right of access

The right to request a copy of the personal information we hold about you, along with certain information relating to the processing of your personal information. When you request this information, this is known as making a Subject Access Request (SAR). In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee.

Right of data portability

The right, in certain circumstances, to have personal information that you have provided directly to us about you, transferred securely to another service provider in electronic form. This right is only applicable where:

the processing of your personal information is based either on your consent or in line with the performance of a contract with you, and
the processing of your personal information is carried out by automated (for example, electronic) means.

Right of rectification

The right to have any inaccurate personal information we hold about you corrected.

Right of erasure (‘Right to be forgotten’)

The right to have any out-of-date personal information deleted once there’s no legal requirement or business need for us to retain it. This isn’t an absolute right as we may need to consider other legal and regulatory requirements which could result in us having to retain your personal information for a specific period of time.

Right to restrict processing

The right to restrict some processing, in limited circumstances, and where we don’t have legitimate grounds for processing your personal information.

Right to object

The right to object to your personal information being used to send you marketing material. You can remove or add your consent at any time.

You can also object where you have grounds relating to your particular circumstances and we rely on ‘legitimate interests’ as our lawful basis for processing your personal information. However, where we believe we have compelling legitimate grounds, we’ll continue to process it.

Exercising your rights

To exercise any of these rights, please contact our Data Protection Officer.

Sending data outside of the UK and European Economic Area (EEA)

The personal information that we or those acting on our behalf process, may be transferred outside of the UK or EEA, in connection with the above uses.

Where any such transfer occurs, we take the necessary steps to make sure that your personal information is protected to the same standard as if it were in the UK. This will include measures such as the adoption of contractual agreements with the other party to make sure that adequate safeguards are put in place.

For any transfers to another part of the Aegon group, these will be covered by an agreement which also obliges the other group member to make sure that adequate safeguards are put in place.

Making a complaint

If you believe we haven’t processed your personal information in accordance with our data protection obligations, and that you’ve been affected by this, you can make a complaint by contacting our Data Protection Officer. You also have the right to ask us to escalate your complaint to our Group Data Protection Officer if you don’t think it’s been handled appropriately.

If you’re not satisfied with our response, you can also raise a complaint with the Information Commissioner’s Office, the UK’s independent authority set up to enforce the Data Protection Regulations.

You can contact them at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk/global/contact-us/
Phone: 0303 123 1113

Security

We’re committed to making sure your information is protected and held securely in accordance with our obligations under data protection law. However, the internet isn’t a secure medium and we can’t accept responsibility for the security of an email during transmission or for non-delivery of an email.

There are a few simple steps you can take to protect your computer and internet connection – view our tips here.

We’ve put security policies, rules and technical measures in place to protect the personal information that we have under our control from:

unauthorised access;
improper use or disclosure;
unauthorised modification, and
unlawful destruction or accidental loss.

All our employees and service providers who have access to personal information, are obliged to protect it and keep it confidential.

Links

This website may contain links to other websites. If you use the links to leave this website and visit a website operated by a third party, then we don’t have any control over that website. We can’t be held responsible for the protection and privacy of any information that you provide while visiting such websites.

Updates to this notice

We update our Privacy notice regularly to make sure it continues to reflect our business activities and use of personal information. You can find the date this was last updated at the beginning of this notice.

Last updated February 2025