Employee Privacy Notice

Business Lines

back
- Protection We are global experts in managing and evaluating mortality, critical illness, disability, medical and associated risks.
  - Europe
  - Asia
  - Australia
  - North America
- Savings & Retirement We provide longevity and funded reinsurance solutions that seek to reduce risk exposures, improve capital efficiency and increase new business volumes.
About us

back
- About us We are a global reinsurance company providing protection and savings and retirement products. Our client base stretches across the world from the UK and Europe to North America, Asia and Australia.
Insights
Careers

back
- Overview Join us and take your career to the next level.
  - Early careers
  - Current vacancies
- Working here Learn more about what it's like to work here.
  - Diversity & Inclusion
  - Health and wellbeing
Sustainability

back
- Overview As a business we recognise the need to play our part in addressing the global challenges of climate change and social inequality as well as ensuring corporate transparency and accountability.
  - Environmental stewardship
- Philanthropy Philanthropy is a key component of our approach to Sustainability, from driving positive impact through our social engagement to supporting initiatives that provide for a more sustainable environment.
  - Charity partners
contact us

Pacific Life Re Employee Privacy Notice

WHO WE ARE

The Pacific Life Re Division ("PL Re") is a division Pacific Life (“PL”) and operates through various legal entities, including their respective branches and representative offices, under the common control of Pacific Mutual Holding Company. Your employer is a company within the Pacific Life group of companies so all references in this Privacy Notice to "PL Re", or “PL” "we", "us", "our" and similar terms should be interpreted as including your employer.

WHAT IS THIS NOTICE FOR?

This Privacy Notice describes the categories of personal data that we collect, how we use your personal data, how we secure your personal data, when we may disclose your personal data to third parties, and when we may transfer your personal data outside of your home jurisdiction. This Privacy Notice also describes your rights regarding the personal data that we hold about you including how you can access, correct, and request erasure of your personal data.

We will only process your personal data in accordance with this Privacy Notice unless otherwise required by applicable law. We take steps to ensure that the personal data that we collect about you is adequate, relevant, not excessive, and processed for limited purposes.

WHO DOES THIS NOTICE APPLY TO?

This notice is intended to cover employees across the UK, Ireland, Bermuda and Asia. Privacy legislation and individual privacy rights vary between jurisdictions, so while this notice is applicable to all employees in principle, and we will comply with the requirements of each jurisdiction in which we operate, individuals’ rights may vary depending on their home jurisdiction.

Employees in Korea should refer to the Korea Privacy Notice for specific terms that apply under Korean law.

WHAT DATA WE PROCESS

Data we process may include:

Basic personal details such as name, address, personal email addresses and telephone/mobile numbers.
Date of birth.
Gender.
CV and/or application forms.
References and interview notes.
Data relating to your education and training.
Data relating to your professional qualifications.
Government identification data including passport, national or social insurance number, driving licence number and national identification card number.
Employment records including letters of offer and acceptance, employment contract and proof of eligibility to work.
Emergency contact data.
Data relating to performance management, disciplinary matters and grievances.
Data relating to absence from work, including sickness and holidays.
Data relating to salary and other remunerative benefits.
Bank account details and payroll data.
Data relating to joining and membership of pension scheme and application to and administration of health benefits, including marital and dependent status.
Photographs and video.

Some of the personal data we process falls into the special categories of data which are sensitive and attract higher standards of protection. Some or all of these may be considered sensitive in your home jurisdiction. The special categories of data we may process are:

data concerning health;
data concerning a person’s sex life,
data revealing racial or ethnic origin;
data revealing religious or philosophical beliefs;
trade union membership;
genetic data;
biometric data;
data concerning a person’s sexual orientation;
data relating to criminal convictions and offences.

We may collect and process the following sensitive special categories of personal data when you voluntarily provide them for the following legitimate business purposes; to carry out our obligations under employment law, for the performance of the employment contract, or as applicable law otherwise permits:

Physical or mental health information or disability status to comply with health and safety obligations in the workplace, to make appropriate workplace accommodations, as part of sickness absence monitoring, and to administer health benefits.
Race or ethnic origin, religious affiliation, health information and sexual orientation to ensure meaningful equal opportunity monitoring and reporting.

WHY DO WE NEED IT?

There are several legal bases for processing data. We rely on the following:

1. The processing is necessary for the performance of the employment contract.

We need to process your personal data to establish, manage, administer and terminate your employment relationship with us.

2. The processing is necessary for legitimate business purposes pursued by us.

Employing staff to carry out the functions necessary to perform the business of reinsurance is in our legitimate business interests.

3. Consent. We may request that you provide certain optional data voluntarily to enable us to, amongst other things, carry out meaningful equal opportunity monitoring and reporting.

4. The processing is necessary for compliance with a legal obligation to which we are subject.

We are subject to legal and regulatory requirements relating to our business as a reinsurer and may need to process your personal data for those purposes.

HOW DO WE COLLECT IT?

As a rule, we collect personal data directly from you. Where the personal data that we collect about you is held by a third party, we will usually obtain your permission before collecting it.

From time to time, we may receive personal data from third parties we have instructed. Where this is the case, we will take reasonable steps to ensure that such third parties have the legal right to disclose that personal information to us.

We may collect information about you without your knowledge or consent. We will only do so where it is permitted or required by applicable law or regulatory obligations.

WHAT DO WE USE IT FOR?

We use your data to:

Determine eligibility for initial employment, including the verification of references and qualifications.
Complete pre-employment vetting.
Administer pay and benefits, including pension scheme.
Process employee work-related claims (e.g. worker compensation, insurance claims, etc.)
Establish training and/or development requirements.
Conduct performance management.
Assess qualifications for a particular job or task.
Gather evidence for disciplinary action, grievance or termination.
Establish/utilise a contact point in the event of an emergency e.g. next of kin in a personal emergency; personal employee contact details to support business continuity / emergency situation notification to our workforce.
Communicate mass notifications in situations such as local disaster, earthquake, riot etc via our notification tool.
Communicate with business continuity contact points.
Comply with applicable labour or employment statutes.
Comply with regulatory requirements. For example, those arising under the UK Senior Managers and Certification Regime (SMCR).
Comply with health and safety requirements.
Carry out equal opportunity monitoring and reporting.
Ensure the security of company-held information.
Arrange business travel.
Prevent fraud and other financial crime.
Ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
Support internal administration with our affiliated entities.
Analyse data to review and better understand employee retention and attrition rates.

We do not use personal data in any automated decision-making process.

Monitoring

We may monitor your use of our devices and network:

to provide access to the network,
for security and operational purposes,
to ensure compliance with Pacific Life policies, procedure and standards,
to prevent unauthorised use, and
to comply with legal and regulatory obligations.

Some of our physical locations are equipped with CCTV cameras which are installed for the purpose of preventing or detecting crime or other wrongdoing and protecting our staff and property from damage or harm.

Some of our physical locations are equipped with turnstile monitoring which is installed for the purposes of recording compliance with local requirements for office attendance. In addition, we may also monitor use of allocated and hot desks to allow us to understand attendance patterns, manage office space more efficiently and plan future requirements.

HOW DO WE SECURE IT?

We have in place physical, electronic, and procedural safeguards to protect personal data that we hold against unauthorised disclosure or unlawful processing. Safeguards include; only holding personal data on secure servers, the use of encryption, firewalls and access controls and the separation of duties within our organisation. When processing personal data, we seek to use only anonymised or pseudonymised data where knowledge of the individual’s identity is not necessary.

HOW LONG DO WE RETAIN IT?

We retain personal data for as long as is necessary to carry out the purpose for which we collected it and any other permissible purposes. We have a retention policy in place which governs retention and destruction of data and is designed to ensure that personal data is kept only for so long as we may be required to keep it in order to manage our business and for a reasonable period thereafter. We will keep personal data relating to employees for a reasonable period beyond the date of termination of the employment relationship, or for as long as we are required to keep it for legal or regulatory purposes (for example for the purposes of providing regulatory references under the SM&CR).

When we delete personal data, it may persist on backup or archive media for legal, tax or business continuity purposes.

WHO DO WE SHARE IT WITH?

We will only share your data where it required by law or necessary for the purposes of administering your employment contract.

We may disclose personal data:

To third-party service providers. We share data with third parties providing services to us or on our behalf. These include, but are not limited to payroll providers, benefits administration providers and data storage and hosting platforms, some of whom maybe located outside your home jurisdiction. These third parties are authorised to use personal data only as necessary to provide the services.
To other companies within the PL group. We may disclose personal data to our affiliated companies to enable us to administer your employment contract and for IT services such as the hosting of applications and systems that are used to process employee data.
To comply with legal obligations or proceedings. We may need to disclose personal data when we respond to court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims or to meet our legal and regulatory obligations.
To protect the rights and property of PL.
During emergency situations or where necessary to protect the safety of persons.
If a business transfer, transaction or change in ownership occurs and the disclosure is necessary to complete the transaction. In these circumstances, we will limit data sharing to what is absolutely necessary, and we will anonymise the data where possible.
Where the personal information is publicly available.
For the prevention or detection of crime.
For additional purposes with your consent where such consent is required by law.

INTERNATIONAL TRANSFERS

We may transfer personal data to third parties and affiliates located in countries that are outside your home jurisdiction for the purposes described in this Privacy Notice.

We ensure that any transfer we make complies with the requirements of:

the General Data Protection Regulations of the European Union (GDPR), and/or;
the United Kingdom implementation of the GDPR (UK GDPR);
the Association of Southeast Asian Nations (ASEAN), and;
the Bermudan Personal Information Protection Act 2016
as applicable.

Under these requirements, international transfers are protected by an approved transfer mechanism. These include:

The inclusion of standard data protection clauses in our agreements with the third parties which are pre-approved by the relevant authority.
The country to which the data is being transferred having been deemed to have adequate data privacy laws by the exporting jurisdiction.

WHAT ARE MY RIGHTS?

Right of access: You have the right to request a copy of the personal data we hold about you.

When requesting access to your personal data, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal data that we hold about you.

There are circumstances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal data that we hold about you. The personal data may also have been destroyed, erased or made anonymous in accordance with our legal retention obligations.

If we cannot provide you with access to your personal data, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.

We will always try to provide your data in the format you request and we will not normally make any charge.

Right of rectification: If any of the data we hold abut you is inaccurate or out of date, you can ask us to correct or update it.

Right to be forgotten: You can ask us to delete any data that we are no longer legally entitled to retain.

Right to object to or restrict processing: You can ask us to stop processing your personal data but only if we are processing it on the basis of “legitimate interest” and if we cannot demonstrate that our reasons for processing override your rights. You can also restrict our processing activities under certain circumstances.

Right to withdraw consent: Where you have provided your consent to the collection, processing, or transfer of your personal data, you may have the legal right to withdraw your consent under certain circumstances.

Right to complain: You can complain the privacy regulator of your jurisdiction if you are dissatisfied with our handling of your data or if you believe we have breached our data protection obligations.

To exercise any of these rights, please contact us using the information in the “WHO CAN I CONTACT” section below.

WHO CAN I CONTACT?

Data Protection Officer: Email: dpo@pacificlifere.com

Privacy Regulators

UK - Information Commissioner’s Office

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

ICO Helpline: +44 (0)303 123 1113

ICO Complaints