Personal Data and Privacy Notice

1. Your privacy is important to us. We collect and process some of your personal information to allow us to operate as a business, provide you with our services and to meet the legal obligations we have as a regulated financial services firm.
2. To provide you with our services, we collect and use the following personal data about you at various points during your interactions with us. Personal data is information which relates to an identified or identifiable living individual, either on its own or combined with other available information.
3. When you use our services, we will collect the following personal data:

3.1 personal information you provide to us when applying to enter into a Transaction with us and use our services. This includes your full name, date of birth, postal address, email address, nationality and national ID number;

3.2 documents we request in order to verify your identity;

3.3 your death certificate that we will receive from our third-party supplier LexisNexis, or any other similar third-party provider as chosen by us from time to time, to verify your death;

3.4 details of the bank account you use in connection with our services;

3.5 information relating to your Policy;

3.6 technical information on your use of our Website, including your IP address, operating
system and device ID; and

3.7 analytics on how you use our services.

4. When you contact us, we will collect information you give to us when you get in touch via email or via post.
5. When you visit our Website and its sub-domains, we will collect technical information on how you use our Website including your [IP address, device type and approximate location.]
6. In relation to marketing, if you have provided us with your consent to do so we may send you certain direct marketing communications through various channels, including email, push notifications and post. You can withdraw this consent by contacting us by post or by emailing data.protection@webuylifepolicy.com
7. We only process your information where we have a lawful basis for doing so. There are 6 main lawful bases which organisations can rely on. The most relevant to our business are described below:

7.1 we have a legitimate interest in processing your personal information for a specific purpose, but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy);

7.2 we have to comply with obligations arising from the performance of a contract between you and us;

7.3 we have a duty to comply with a legal or regulatory requirement; or

7.4 you have provided us with consent to process your personal information.

Lawful BasisPurpose
Legitimate Interest Where using your information is necessary to pursue our legitimate business interests to:

  • provide our business services to you;
  • take steps to enter into and fulfil contracts with suppliers where sharing personal data is required for that contract and the performance of the services;
  • market our services (in certain circumstances);
  • operate, improve, and optimize our product and Website;
  • monitor and make improvements to our Website to enhance security and prevent fraud;
  • perform other routine business operations; or
  • protect our business and defend ourselves against legal claims.

Where we use your information for our legitimate interests, we have assessed whether such use is necessary and that such use will not infringe on your other rights and freedoms.

Contract Where using your personal information is necessary for performing a contract we have with you.
Legal Obligation Where we retain information to enable us to bring or defend legal claims.

  • Where we are required to retain transactional information and correspondence.
  • Where we verify your identity as part of our anti-money laundering controls or making transaction reports to regulators.
  • Where we send you information to comply with a legal obligation (e.g., where we send you information about your legal rights).
Consent Where you have provided consent to receiving marketing materials about new features or services we may provide.
8. We keep your information safe by adopting robust security measures to prevent unauthorised access, disclosure, modification or erasure of your personal information. These measures include staff policies and training, internal IT and network security, incident and breach reporting processes, business continuity and disaster recovery processes.
9. If an event or incident affecting your personal data occurs, we will keep you informed. We may also need to notify the regulator (where required under Applicable Requirements) and if we make decisions about your data jointly with another party (for example, a third-party marketing provider), we may need to notify them.
10. Your information is processed and stored at our operating offices as well as on servers managed by our hosting providers.
11. [In some circumstances, your information may be stored or transferred somewhere outside of the UK or the European Economic Area (EEA) (for example, where it is processed by our staff, or the staff of a third party we contract with, who operate outside the UK and/or EEA). In these situations, we have contracts in place to ensure information is protected to the same standards as it is in the UK and/or EEA.]
12. Your information is shared with our employees, consultants and/or agents who require it in order to provide you with our services, resolve any issues or queries, or improve our services.
13. [Some of your information is processed by third parties we use to provide different elements of our service. We conduct due diligence on these third parties, to make sure your information is handled securely and only allow third parties to process your personal information where it is required for them to carry out their function.
14. Your personal data may be processed by third parties that we use to provide the following services:
15. Core Service:

15.1. Emailing users;

15.2. Handling payments;

16. Product Developments:
17. Usage analytics;

17.1. Customer feedback and surveys;

18. Legal Requirements:

18.1. KYC Process;

18.2. Regulatory reporting;

18.3. Tax reporting; and

18.4. Transaction monitoring.

19. Technical

19.1. Hosting and backend infrastructure;

19.2. Infrastructure and security monitoring;

19.3. Traffic optimization and distribution; and

20. Other:

20.1. Marketing and Direct marketing where we have your consent or a legitimate interest to do so; and

20.2. Where you have requested that we share your information with a third party.

21. We will never sell any of your personal information.
22. We will not request copies of your medical records.
23. We store your information for the duration of time required by the purpose under which we collected the information. Information we collect:

23.1. in relation to our legitimate interests of providing you with our services will be kept for as long as you remain a user of our services.

23.2. for the purposes of performing a contract between you and us is kept until the contract has been completed.

23.3. in relation to our legal and regulatory obligations is retained for the duration set out in the legislation we are subject to, which in most cases is 5-7 years following the end of our business relationship with you

24. You have rights under the law and this privacy notice in relation to your personal data. If you
would like to make a request in relation to these rights, then please contact us by email. You have
the right to:

24.1. request to access the information we hold about you.

24.2. ask us to update any of your information which is inaccurate or incorrect.

24.3. ask us to delete, stop processing or limit our use of your information that we hold (although if we have a legal obligation to retain this information, we are unable to delete it until the required retention period has elapsed).

24.4. ask us to send you or another organisation an electronic copy of your personal data.

Please note we do not provide investment, financial, or tax advice. We recommend that you seek advice from an independent financial advisor, if you are considering selling your policy. Please be advised we can only purchase policies classed as 'pure protection policies' that do not have any surrender value upon lapsing. If you do decide to sell your policy, you will no longer have any rights to future proceeds from the policy. This means that you, your family, or your estate will not receive any money from the insurer going forward, and you will also give up any control over the policy.