Introduction

The following information is in respect of Mobius Life Limited (hereafter referred to as “MLL”) and Mobius Life Administration Services Limited (hereafter referred to as “MLAS”).

Where the information following is regarding both companies (MLL & MLAS) “Mobius Life”, “we” “us” and “our” “both companies” will be used to confirm the information is in respect of both companies. If the information is only applicable to one of the companies “MLL” or “MLAS” it will be referred to specifically.

Both companies are subject to European Directives/Regulations, acts of the UK Parliament (UK laws), and regulatory rules and guidance by UK supervisory authorities. Both companies’ main activity is investment administration. Both companies are data controllers, and are registered and regulated by the Information Commissioner’s Office (which is a UK supervisory authority).

The key difference between them is MLL is authorised by the Prudential Regulatory Authority and regulated by the Financial Conduct Authority (“FCA”) and the Prudential Regulatory Authority (“PRA”), as MLL provides life insurance policies (“long term contracts of insurance”) to its customers, whereas MLAS does not, and therefore MLAS is not required to be regulated by the FCA or PRA.

We hope you find the information and links below informative and reassuring.

Data protection legislation information

The European Directive 2016-679 General Data Protection Regulation (GDPR) was finalised in 2016 and replaced the European Directive 95-46-EC GDPR on 25 May 2018.

The Data Protection Act 2018 received royal ascent on 23 May 2018 and has replaced the Data Protection Act 1998.

This policy 

This policy provides you with information for you to make an informed decision regarding how we hold and process your data.

Mobius Life has been protecting your data under the Data Protection Act 1998 and European Directive 95-46-EC General Data Protection Regulation (GDPR).

MLL has been a registered data controller with the Information Commissioner’s Office, since 5 September 2002 and MLAS since 2 May 2006.

Mobius Life reserves the right to amend our data protection and retention policy at any time and will place any such amendments on our website. This policy is not intended to, nor does it, create any contractual rights whatsoever or any other legal rights, nor does it create any obligations on Mobius Life in respect of any other party or on behalf of any party.

The information provided in this policy was updated on 25 May 2018.

Personal data and categories

Personal data is personal information (hereafter referred to as “data” or “information”), which can identify a living person or living people (known as an individual or individuals), referred to hereafter as either a “data subject”, “you”, “your”, “person”, “persons” “individual” or “individuals”.

Examples of the personal data we collect can be your name, your signature, your email address, your address, your phone number, and any other data which will enable us to continue to service your relationship with us.

There are two types of personal data categories:

  • Standard Personal Data: is any information relating to an identified or identifiable natural person, i.e. your data, which is not classified as ‘special category personal data’
  • Special Category Personal Data: is a type of data deemed to be sensitive to the data subject which include your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual (“natural person”), data concerning health, data concerning a natural person's sex life or sexual orientation.

We process standard personal data and special category personal data under the lawful basis of ‘contract’ making the confirmation and purpose for processing clear during the collection process. For more information on lawfulness, please see the next section below.

Lawful Basis for Controlling & Processing

Below are the legal options available to us for controlling and processing your data.

  1. Consent: the data subject has given consent to the processing of their personal data for one or more specific purposes, or consent has been given by an authorised person or authorised organisation to provide consent on the data subjects behalf (see “Processing representatives’ data” below);
  2. Contract: processing is necessary for the performance of a contract to which the data subject is party to or in order to take steps at the request of the data subject prior to entering into a contract;
  3. Compliance with legal obligation: processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. Protection of vital interests of the Data Subject: processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. Public interest/official authority: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and
  6. Legitimate interest: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Processing your data (“customer”)

If you have a policy or an investment administration agreement with us, we use option b) (“contract”) to control and process your data, as without the minimal amount of data which we require, we would not be able to distinguish between you and someone else.

If we decide to process your data further past the legal basis of contract, we ensure the additional processing is not overridden by your rights, by informing you of our intention before we conduct the additional processing.

Processing representatives’ data (“associates”)

Our definition of a “representative” is a third party who is acting in some way between you and us to supply you and/or us with a service. Some examples for you could be your employer, a financial adviser, an Actuary, a friend etc.

If the representative is forwarding your information to us, or communicating with us on your behalf we use option c) (“Compliance with legal obligation”) as you may ask us where we received your information from.

Representatives have the same rights in respect of their data, providing we can identify them as an individual, so this document is applicable to them as well.

If you decide to appoint a representative to act on your behalf by power of attorney, we will classify them as your ‘authorised representative’, and we will check to ensure they are authorised by you to represent and act for you.

Marketing

Where we have established a lawful basis confirmed as “contract” or “compliance with legal obligation”, we may process your contact details for marketing you directly.

If we have your contact details and “contract” or “compliance with legal obligation” cannot be established as the lawful basis, we may use either “consent” or “legitimate interest”.

We will inform you if any additional processing is required to conduct the marketing, and you can request we stop, restrict and object to receipt of marketing material, by exercising your rights.

If you would like to receive any marketing material we produce please email: ClientServices@MobiusLife.co.uk

Data privacy notices

Below are links to Mobius Life’s data privacy notices, which explain your rights regarding the data we process.

MLL provides different types of polices, and has employed a third party to assist with the member administration processing of our Group Personal Pension Plans, Stakeholder Pension Plans, and Personal Pension Plans.

MLL has therefore provided two data privacy notices depending on the type of policy you may have.

MLL Group Personal Pension Plans, Stakeholder Pension Plans, and Personal Pension Plans:

Link: Data Privacy Notice - Group / Stakeholder / Personal Pension Plans

MLL Trustee Investment Plans:

Link: Data Privacy Notice - Trustee Investment Plans

MLAS has one data privacy notice:

Link: Services Data Privacy Notice - Mobius Life Administration

Personal Data Collection

We collect personal data either directly from you via applications, emails, letters, facsimiles and telephone conversations, or from third parties. If we receive your data from a third party we will inform you within one month of receipt.

Any personal information provided by you to Mobius Life, through our website, will be used solely to provide you with the services you have requested via our website and for other related purposes including updating and enhancing Mobius Life’s records.

Use of your data

The information collected from you by Mobius Life is used to process your policy with us, administer your investments, or to keep in contact. The use of your information will be kept to the minimum required for Mobius Life to provide our services to you.

To understand your rights in respect of our use of your data please refer to the relevant data privacy notice (links above). If you cannot access the links, please visit the ‘contact us’ section of this website:

Link: http://mobiuslife.co.uk/about-us/contact/

Data processing

When processing your data, we ensure it is:

  1. Processed lawfully, fairly and in a transparent manner;
  2. Collected for specified, explicit and legitimate purposes;
  3. Adequate, relevant and limited to what is necessary;
  4. Accurate and, where necessary, kept up to date;
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
  6. Processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
  7. Processed in accordance with your rights.

Should we decide to transfer (“outsource”) the processing of your data, in part or full, to another company (‘associate’) either in the UK, other parts of the European Economic Area (“EEA”), or a country or territory outside of the EEA, we review their systems and controls to ensure they can provide a satisfactory level of protection for your rights and freedoms in relation to the processing of your data, and they agree to adhere to the data processing standards which are listed above, and is lawful.

Data retention

Mobius Life will hold and process your data for as long as is necessary. Below are the specific details regarding how long and when we will delete/erase your data and the notification requirements for each company.

The following data retention information is applicable to MLL:

We will hold your data for as long as is necessary for the purpose we collect it, and we may have to hold your data indefinitely for legal reasons.

Generally, we will hold/retain your data for six years unless there is a valid reason to delete/erase it before then. If we decide to delete/erase your data we will notify you of our intention unless it is impractical to do so.

The Financial Conduct Authority (FCA) prescribes we hold your data in relation to any pension transfer, pension conversion, pension opt-out or free standing additional voluntary contribution (FSAVC) polices indefinitely. The FCA prescribes we hold your data in relation to a pension contract for at least five years, and six years for financial promotions. We classify an application form as a financial promotion.

We will therefore hold your data for the required period permissible by our regulators.

We may have to hold your data indefinitely for legal reasons.

If you ask us to delete/erase your data, we will examine the connection of your data with the above to see if they are applicable before we confirm our action or decision not to act.

The following information is applicable to MLAS:

We will hold your data as per for as long as is necessary for the purpose we collect it, and we may have to hold your data indefinitely for legal reasons. If we decide to delete/erase your data we will notify you of our intention unless it is impractical to do so.

If you ask us to delete/erase your data, we will check to see if there is any legal reason we must keep it before we confirm our action or decision not to act.

Access to and correction of your personal data

If you want access to or require the information we hold on you (known as a “subject access request”), or you want the data we hold and process on you updated or corrected, the electronic contact details for doing so can be found on page 2 of the relevant data privacy notice (links provided above).

If you make a subject access request, we will provide you with either a paper copy or electronic copy (if possible), and will be free of charge for an initial request. We are permitted to make a reasonable charge for subsequent requests, which will depend on the amount of work involved.

For details regarding subject access requests please refer to the relevant privacy notice.

If you cannot access the links, please visit the ‘contact us’ section of this website:

Link: http://mobiuslife.co.uk/about-us/contact/

Or please write to:
The Data Protection Officer
7th Floor
20 Gresham Street
London
EC2V 7JE

Keeping you informed

If you provide us with your contact details, e.g. your telephone, facsimile number, postal and/or email address or similar details, we may contact you to seek your consent to be added to our marketing distribution lists. If you would like Mobius Life to keep you informed about our products, services and opportunities, or have any questions regarding this information or Mobius Life please contact us using the contact details on page 2 of the relevant data privacy notice (links provided above).

If you cannot access the links, please visit the ‘contact us’ section of this website:

Link: http://mobiuslife.co.uk/about-us/contact/

To whom will Mobius Life disclose your data

Other than to those individuals and entities listed below who are under a duty of confidentiality to Mobius Life, your details will not be revealed by the company to any external body, unless your consent has been given, or it is under either a legal obligation or any other duty to do so. The information provided by you may be disclosed by Mobius Life to:

  • Regulators
  • Lawyers/Solicitors
  • External Auditors
  • Third party Service Providers
  • Any representative acting on our or your behalf

If you wish to complain

If you have a complaint about the way in which your data is being processed, you can contact our Data Protection Officer. The contact details for raising a complaint can be found on page 2 of the relevant data privacy notice (links provided above).

If you cannot access the links, please visit the ‘contact us’ section of this website:

Link: http://mobiuslife.co.uk/about-us/contact/

Or please write to:
The Data Protection Officer
7th Floor
20 Gresham Street
London
EC2V 7JE

Security of your data

Mobius Life uses appropriate technical and organisational measures to protect your information, with high standards of security, and your information will be treated as confidential, useless you ask us to inform a third party of the information we have.

Cookies

To improve Mobius Life’s Internet service to you, the company will occasionally use a “cookie” and/or other similar files or programs, which may place certain information on your computer’s hard drive when you visit the Mobius Life website.

A cookie is a small amount of data Mobius Life’s web server sends to your web browser when you visit certain parts of our website, the use of which is intended to assist the company’s understanding of your interest in its website. Most Internet browser software allows the blocking of all cookies or enables you to receive a warning before a cookie is stored.

For further information, please refer to your Internet browser software instructions or help screen. For more information about cookies, please read our cookie policy. There is a link to our cookie policy on this website or you can click this link: Cookie policy