Skip to content
Back to Insurance
Back to Holidays
Back to Saga Money
Back to Saga Magazine
Person in a yellow top pointing at a screen while talking to a second person

SAGA PRIVACY HUB

Saga Privacy Hub

Welcome to Saga's privacy hub. Protecting your personal information and being clear about how we use your data is important to us.


You can read more about how we handle your data in our privacy policy below. We've also made a short film where we share the main points from our privacy policy. It explains what information we need to know about you, why we need it, what we use it for and how we keep it safe. We hope you find this film helpful.

Keeping In Touch

We'd love to keep in touch with you to let you know about products, services, customer discounts and rewards. You can update your preferences at any time, letting us know which areas you'd like to hear about and how you'd like to hear from us, simply click on the 'Manage preferences' button below.  
Saga Group Privacy Policy
This is the standard data protection privacy policy for the Saga Group.

When it comes to your privacy we never compromise. We will always be clear about why we need the details we ask for, and ensure your personal information is kept as secure as possible. How we do this is explained in this privacy policy.

Last updated: 19 September 2023
Introduction

This privacy policy gives you information about how Saga collects and processes your personal data. It is important you read this document together with any other privacy or fair processing policies we give you on specific occasions where we collect or process your personal data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Who are we?

The Saga Group consists of the following Saga companies, which are registered as data controllers with the Information Commissioner’s Office (ICO):

  • Saga PLC
  • Saga Cruises Limited
  • Saga Group Limited
  • Saga Leisure Limited
  • Saga Membership Limited
  • Saga Pensions Trustees Limited
  • Saga Personal Finance Limited
  • Saga Publishing Limited
  • Saga Services Limited
  • ST& H Limited
  • Acromas Insurance Company Limited (AICL)
  • CHMC Limited (ClaimFast)
  • Customer KNECT Limited
  • PEC Services Limited
  • Saga Travel Group
  • Titan Transport Limited
  • The Big Window Consulting Limited

Saga uses a variety of trading names including:

  • Saga Money
  • Saga Spaces
  • Possibilities
  • Saga Holidays
  • Saga Magazine
  • Saga Exceptional
  • Saga Shipping
  • Titan Travel

This privacy policy is issued on behalf of the Saga Group, so when we say “Saga”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the Saga Group responsible for processing your data. When you purchase a product or service with us, we will tell you which Saga company is the data controller of your personal data.

Saga are committed to protecting your privacy. We comply with the principles of the UK General Data Protection Regulation (GDPR) and associated data protection legislation. We aim to maintain best-practice standards in our processing of personal, sensitive data and/or special category personal data.

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, title, marital status, next of kin, family members, dependents, co-travellers, date of birth, nationality, gender and proof of your identity.
  • Contact Data includes billing address, delivery address, email address, telephone numbers, emergency contacts.
  • Financial Data includes bank account, payment card details, income, credit rating and payment details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us, travel arrangements, quotes, contact history, claims history and communications history.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, account number, unique ID’s, vehicle registration, policy number, quote number, claim number, passport number, visa documents, your interests, preferences, feedback and survey responses
  • Usage Data includes information about how you use our website
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences. This may include information we have obtained from credit reference agencies
  • Image Data includes photographs, CCTV footage, webcam footage.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We may also collect information about criminal convictions and offences. For example, we may require details of motoring convictions to ensure the insurance price we provide is accurate or we may need medical information for travel insurance purposes or if you ask us to book an easy access room due to a disability. We will not collect or use these types of data without your consent, unless the law requires us to do so or where we believe it is in your best interests. If we do, it will only be when it is necessary as determined by the law and the ICO.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

How is your personal data collected

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact, Technical and Profile Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

    • apply for our products or services;

    • create an account on our website;

    • subscribe to our service or publications;

    • request marketing to be sent to you;

    • enter a competition, promotion or survey; or

    • give us feedback or contact us.

  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

  • Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
    • Technical Data from the following parties:
      1. analytics providers such as Decibel Insight, Google based outside the UK;
      2. advertising networks based inside OR outside the UK; and
      3. search information providers based inside OR outside the UK].
    • Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as price comparison websites for insurance products.
    • Identity and Contact Data from data brokers or aggregators for marketing purposes.
    • Identity and Contact Data from publicly available sources [such as Companies House and the Electoral Register based inside the UK] Including data from credit reference agencies
    • Databases including, but not limited to, the Motor Insurer’s Bureau (MIB), the Claims Underwriting Exchange (CUE), Motor Insurance Anti-Fraud Theft Register (MIAFTR) and the Insurance Fraud Bureau (IFB) for detection of financial crime and fraud.
    • Government agencies and regulatory bodies including the police and the Driver and Vehicle Licencing Agency (DVLA)
How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.
  • Where it is necessary in order to protect your vital interests or those of another individual.
  • Where we identify other products or services that you may find useful, we may contact you where we are permitted to do so

See below for: Purposes For Which We Use Your Data to find out more about the types of lawful basis that we will rely on to process your personal data. We do not sell, trade, or rent your personal information to others.

Travelling with Us

When you are travelling with us please be aware that there may be Saga photographers and/or videographers on board or as part of our escorted tours taking photos and videos of guests and crew to produce photographs, images and media that may be included in Marketing Brochures, on our Social Media platforms and Cruise Videos. They are happy to take reasonable steps to avoid filming or photographing you where you indicate this is your preference, but you may be included unless you tell us otherwise and we are unable to guarantee that you will not be included on an incidental basis. We care about your privacy so if you do not wish for your photograph to be taken at any time, or to be included in any video, please let a member of staff or the photographer know. Whilst we take every precaution to protect your privacy, we are not responsible for passengers who may take your photograph or video you without our knowledge. We ensure that all our customers are notified prior to travelling on our trips if a professional photographer or camera crew is being engaged and you have the right to say no or opt-out of being included in any photos being taken for these purposes, including any subsequent content or images used.

If you have any queries about the use of images after your trip, please write to the Data Protection Officer at Saga Group Plc, 3 Pancras Square, London N1C 4AG or email data.protection@saga.co.uk

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To provide you with a quote (for insurance or travel) and to register you as a new customer
  1. Identity
  2. Contact
  • (a) Performance of a contract with you
  • (b) Necessary for our legitimate interests
  • To provide goods and/or services that you request. This may be through:
  • the administration of your policy and managing any claims you make, e.g. insurance
  • the booking and the administration of your trip or organising excursions
  • working out which departure airports are near to you, or
  • when we will be delivering certain products in your area
  • (a) Identity
  • (b) Contact
  • (c) Technical
  • (d) Profile
  • Performance of a contract with you
    To communicate with you about an enquiry you have made, to notify you if there is a problem with your product or service, to let you know about important functionality changes to the website or if there is another genuine reason for doing so
  • (a) Identity
  • (b) Contact
  • (a) Performance of a contract with you
  • (b)Necessary for our legitimate interests (to enable us to communicate effectively with you)
  • Provide you with emergency support during your travel, holiday or cruise with us
  • (a) Identity
  • (b) Contact
  • (a) In order to protect the vital interests of the data subject or another person
  • (b)Necessary for our legitimate interests (to allow us to support you in an emergency)
  • To ensure quality assurance and for audit purposes and compliance with regulations
    1. Identity
    2. Contact
    3. Financial
    4. Transaction
  • (a) Performance of a contract with you
  • (b) Necessary for compliance with a legal obligation
  • (c) Necessary for our legitimate interests
  • To carry out market research, offer renewals and for statistical purposes.
  • (a) Identity
  • (b) Contact
  • (c) Financial
  • (d) Transaction
  • (e) Profile
  • (a) Performance of a contract with you
  • (b) Necessary for our legitimate interests (to provide you with good customer services)
  • To carry out fraud prevention and credit checks. To help us prevent fraud and money laundering, assess your premium at quote and renewal, for credit applications and to assist with identity checks in order to prevent money laundering. A copy of this search will be left on your credit file but will not affect your credit score. To assess financial and insurance risk we make full and open checks on electoral roll registers and public data provided to us by credit reference bureaus and other third parties. For identity checking for money laundering purposes.
  • (a) Identity
  • (b) Contact
  • (c) Financial
  • (d) Transaction
  • (a) Performance of a contract with you
  • (b) Necessary for compliance with a legal obligation
  • (c) Necessary for our legitimate interests (to protect our business from fraud and other financial risks)
  • To prevent and detect crime. To manage risks to our business includes pricing insurance risk. To prevent fraudulent behaviour on our websites
  • (a) Identity
  • (b) Contact
  • (c) Financial
  • (d) Transaction
  • (a) Performance of a contract with you
  • (b) Necessary for our legitimate interests (to protect our business from fraud and other crimes)
  • To process and deliver your order including: (a) Manage payments, fees and charges
  • (b) Collect and recover money owed to us
  • (a) Identity
  • (b) Contact
  • (c) Financial
  • (d) Transaction
  • (a) Performance of a contract with you
  • (b) Necessary for our legitimate interests (to recover debts due to us)
  • To manage our relationship with you which will include:
  • (a) Notifying you about changes to our terms or privacy policy
  • (b) Asking you to leave a review or take a survey
  • (c) Helping you if you contact our Customer Services
  • (a) Identity
  • (b) Contact
  • (c) Profile
  • (d) Marketing and Communications
  • (a) Performance of a contract with you
  • (b) Necessary to comply with a legal obligation
  • (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
  • To enable you to partake in a prize draw, competition or complete a survey
  • (a) Identity
  • (b) Contact
  • (c) Profile
  • (d) Usage
  • (e) Marketing and Communications
  • (a) Performance of a contract with you
  • (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
  • To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, statistical reporting and hosting of data)
  • (a) Identity
  • (b) Contact
  • (c) Technical
  • (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
  • (b) Necessary to comply with a legal obligation
  • To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
  • (a) Identity
  • (b) Contact
  • (c) Profile
  • (d) Usage
  • (e) Marketing and Communications
  • (f) Technical
  • Necessary for our legitimate interests (to study how customers use our products/services, to develop them,
    to grow our business and to inform our marketing strategy)
    To use data analytics to improve our website, products/services, marketing, customer relationships and experiences,
    including customer value and retention
  • (a) Technical
  • (b) Usage
  • Necessary for our legitimate interests (to define types of customers for our products and services,

    to keep our website updated and relevant,

    to develop our business and to inform our marketing strategy)

    To make suggestions and recommendations to you about goods or services that may be of interest to you.

    To personalise information sent to you.

    Both may involve the profiling of data.

  • (a) Identity
  • (b) Contact
  • (c) Technical
  • (d) Usage
  • (e) Profile
  • (f) Marketing and Communications
  • (a) Necessary for our legitimate interests (to develop our products/services and grow our business)
  • (b) Consent
  • Sharing your information

    As previously mentioned, we do not sell, trade or rent your information, and will never disclose information about you (including information obtained from our dealings with you) to third parties, except:

    a) where we have a legal interest in a company;

    b) to fulfil your specific orders for a product, service or information if it is delivered by a third party. In these instances, while the information you provide will be disclosed to them, it will only be used for the administration of the product, service or information provided. This could include (but is not limited to), verification of any quote given to you, claims processing, underwriting, pricing purposes as appropriate, testing, and to maintain management information for business analysis. For example, if you go on a holiday with us, the hotel needs to know who you are. If you take out an insurance policy provided by a third party, they will need your details in order to administer the policy, verify the quote given to you and process any claims. For further details about how your insurer handles your information, please see their Privacy Policy which can be found on their website. See your policy schedule documentation for your insurer contact details;

    c) where third parties administer part or all the product or service. An example of this is where you book a travel product with us under Civil Aviation Authority (CAA) rules we have to place any funds paid to us into a trust administered by PT Trustees limited, details of how they process your information can be found on their website: https://pttrustees.com/privacy-notice;

    d) for underwriting, pricing, insurance rating analysis and testing purposes, and to maintain management information for business analysis;

    e) for tailoring adverts you see when you are online. These might be on the Saga website, social media sites such as Facebook, search results, or other sites that sell advertising space;

    f) for marketing purposes, where we have a legal basis for doing so;

    g) where we have engaged a third party to carry out market research on our behalf and who may contact you for the purpose of obtaining feedback about the products and services that we offer;

    h) where we have your consent to do so;

    i) where you have a travel booking, in the event of our insolvency we, or any appointed insolvency practitioner, may disclose your personal information to the CAA, and/or ABTA so that they can assess the status of your booking and advise you on the appropriate course of action under any scheme of financial protection. The CAA’s General Privacy Notice is at https://www.caa.co.uk/Our-work/About-us/General-privacy-notice/ ABTA’s Privacy Notice is at https://www.abta.com/privacy-notice.

    We must have your consent to discuss your account with a third party, for example a family member. You may give this consent either orally or in writing and you may give it at any time by contacting us.

    We use delivery email services to send our marketing and transactional emails, including Adobe, Thunderhead, Sitecore and Numero. For emails delivered by Adobe we use ‘tracking pixels’ which are similar to cookies to improve our emails. If you are unhappy with this but would still like to receive our emails you can block the pixels by switching off images in your email settings. You can unsubscribe from our marketing emails at any time by updating your marketing preferences in MySaga by visiting saga.co.uk or by calling 0800 092 3665.

    We may be obliged by law to pass on your information to the police or any other statutory or regulatory authority. In some cases, exemptions may apply under relevant data protection legislation, whereby we can legitimately release personal data e.g. to prevent or detect crime or in connection with legal proceedings.

    After you purchase a product or service from us, we may enter into an arrangement for that service to be provided by a new third party. If this happens, the terms and conditions of your contract with us will provide that you consent to the transfer and processing of personal and/or special category personal data to the new provider, subject to the requirements of the GDPR and associated legislation.

    If we provide information to a third party (either a provider of a product or service, or an external data processing agency such as a mailing house) or a company in which Saga has a legal interest, we will exercise the strictest contractual controls, requiring them and any of their agents and/or suppliers to:

    • maintain the security and confidentiality of the information and restrict access to those of its own employees
    • use the data for the agreed purpose only and prevent it being used for any other purpose by any other party
    • refrain from communicating with you other than concerning the product in question
    • return the data to us at the conclusion of any contract term and destroy or delete any copies made of all or any part of the information unless copies are needed to be kept to comply with regulations.

    In addition, we will restrict the information disclosed to the absolute minimum necessary.

    Information sent outside the EEA

    We provide products and services including holidays and cruises outside the European Economic Area (EEA) and to some countries that are not Whitelisted Countries. Therefore, if you travel on such holidays the information you provide may occasionally be transferred outside the EEA, where from time to time we work with suppliers and service providers that are either based outside of the EEA or have servers based outside of the EEA. Countries outside of the EEA protect information differently, and so where we do transfer your information to suppliers based outside of the EEA, we will take all steps necessary to ensure that it is adequately protected and used in accordance with this Privacy Policy, including but not limited to relying on any appropriate cross-border transfer solutions such as European Commission's Standard Contractual Clauses.

    Fraud prevention and credit checks

    We may submit your details to fraud prevention agencies and other organisations to help us prevent fraud and money laundering. We will also conduct a search with a credit reference agency to help us in providing a quote, and to check which payment options we can make available to you. This is referred to as a "soft search", which means a copy of this search will be left on your credit file but will not affect your credit score.

    Any searches we make to provide a motor insurance quote whereby you wish to pay in instalments may involve additional credit checks via a credit reference agency, which are sometimes referred to as a "hard search". If you go on to pay by instalments, this check will be noted on your credit file and may be reflected in your credit score. You will be informed prior to this search taking place.

    In order to assess financial and insurance risk, we obtain information held on electoral roll registers and publicly available data sources, which is provided to us by credit reference agencies and other third parties. This helps us to assess your premium at quote and renewal, for credit applications and to assist with identity checks in order to prevent money laundering.

    If you apply for other financial services and/or products, a check of your details with fraud prevention agencies may be necessary. The precise nature of these processes will be explained when you apply.

    Our own security procedures mean that we may occasionally have to request proof of identity or check your presence on the electoral roll.

    Keeping you informed about our products and services

    When you contact us, we may ask for your permission to contact you about the products and services we offer. Where we have obtained your permission, we may contact you by post, telephone, email, text or other means to tell you about offers, products and services that may be of interest to you.

    Where we have not yet been able to ask you about your marketing preferences, we may send you relevant communications about offers, products and services by post, telephone, email or text based on your previous dealings with us. For example, if you have previously asked for an insurance quote, we may send you communications about our insurance products which we feel you may be interested in. We will only ever do this in compliance with our legal obligations which includes where we believe it is in our legitimate interest to do so. You may contact us at any time to advise us that you do not want to receive such communications from us. You can update these preferences by calling us on 0800 092 3665 or by visiting MySaga at www.saga.co.uk.

    We may process your information to send you communications that are tailored to your interests or to market products which we feel are like those you have shown an interest in previously. This is called “profiling for marketing purposes”. This might be in the form of display advertising you see on websites, social media (for example, using Facebook Custom Audiences and Google Custom Match), television or internet search results. We may also use profiling to tailor communications we send to you via post, telephone, email or text. If we run specific marketing campaigns through social media and digital advertising platforms you may see Saga advertising. These campaigns tend to be based on general demographics and interests and sometimes your contact details such as an email address or phone number. We would use this information to tailor the advertising you see. If you do not wish to see this advertising, you will need to adjust your preferences within the relevant social media settings and your cookie browser settings (please see our Cookie Policy for more information regarding how to do this).

    At any time, you can opt out of receiving marketing information, revise the products you would like to hear about or change the method we use to communicate with you. You can update these preferences by calling us on 0800 092 3665 or by visiting MySaga at www.saga.co.uk.

    We make outbound phone calls for several reasons relating to our many products, including breakdown cover and insurance. Sometimes we will need to call you in relation to an enquiry you may have started on our website. We are fully committed to the regulations set out by Ofcom and follow strict processes to ensure we comply with them.

    Change of purpose

    We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please write to the Data Protection Officer at Saga Group Plc, Pancras Square, London N1C 4AG or email data.protection@saga.co.uk If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

    Amendment and retention of information

    Please advise us in writing of any changes in your circumstances, or if you feel we hold inaccurate information about you so that we can update our records accordingly.

    We will hold your personal information in accordance with the principles of the GDPR (and associated legislation) and for as long as reasonably necessary to fulfil the purposes for which it was collected. We may obtain your data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. We are obliged and permitted by law and regulation to retain certain types of data for a minimum period. The minimum period tends to be for seven years but can be longer (or shorter) if the statute or regulation requires.

    Data security

    We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

    Your rights

    Under certain circumstances, you have rights under data protection laws in relation to your personal data.

    Access to your information: You have a statutory right of access to personal data that we hold about you. In order to exercise this right, we ask that you apply in writing, either via letter or email. Please refer to the information you wish to see giving dates where possible. Please note that we may ask for further information from you including proof of identity.

    We will not administer Subject Access requests made by a third party (such as a relative or friend) unless accompanied by written authority of the individual who is the subject of the request, proof of power of attorney or other legal certification.

    You will not have to pay a fee to access your personal information (or to exercise any other rights). However, in exceptional circumstances, we may charge a reasonable fee or refuse to comply with your request.

    Request the correction or rectification of the personal data that we hold about you: this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

    Rights related to automated decision-making including profiling: We use the information we know about you to make decisions which inform our pricing, fraud prevention and the products and services we can offer. Automated decision making enables us to make efficient and fair decisions, providing a better service for our customers. Whilst you have the right to object to us using your information in this way, this could have an impact on the products or services we may be able to offer you. We use automated decision making in the following areas:

    • Pricing – we use the information we know and collect about you to inform decisions around product and service charges. For example, if you apply for insurance, we will compare what you tell us with other records to determine how likely you are to make a claim. This will help us decide whether to offer you the product and what price to charge you.


    • Tailoring our marketing communications – as mentioned previously, we use your personal information to make decisions about what products, services and offers we think you may be interested in. This ensures the communications you receive from us are tailored and relevant to your interests. You can opt out of this at any time by contacting the Data Protection Officer.

    The right to erasure: this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

    The right to object to processing: of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

    Right to restrict the processing of your personal data: this enables you to ask us to suspend the processing of your personal data in the following scenarios:

    • If you want us to establish the data's accuracy.
    • Where our use of the data is unlawful but you do not want us to erase it.
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

    The right to data portability: you have the right to obtain and reuse the personal data that you have provided to us for your own purposes which includes transferring it to other service providers. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

    The right to withdraw consent at any time: where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

    What we may need from you: we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it. Sometimes, we may need to contact you or ask you for further information.

    We will try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case we will notify you and keep you updated.

    Limits to your rights: some of your rights in relation to your personal data are not absolute, for example your right to erasure. Where this is the case, we will inform you of the extent we can comply with your requests and detail our reasons why. More information can be found by visiting the ICO’s website https://ico.org.uk/.

    For further information regarding your rights, or to make a request; please write to the Data Protection Officer at Saga Group Plc, Pancras Square, London, N1C 4AG or email data.protection@saga.co.uk.

    Updates to our privacy policy and your comments

    We keep our privacy policy under regular review, and we publish the date this privacy policy was last updated. If we decide to change our privacy policy, we will update all relevant documentation and post any changes on our websites so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it. We may also notify you by email sent to the email address specified on your account.

    We welcome your questions and comments about privacy. Please write to the Data Protection Officer, Saga, 3 Pancras Square, London, N1C 4AG or email data.protection@saga.co.uk

    You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you feel your personal information has not been handled correctly. You can do this via ico.org.uk/concerns or by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

    Third-party links

    This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

    Link to Cookie policy
    Click here to see our Cookie policy
    Glossary

    Glossary

    Sensitive personal data / special categories of data These are types of personal data which are important to protect because processing could threaten peoples’ basic rights. For example, information about somebody’s race could be wrongfully used to discriminate against them. Other special categories of data include religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life and sexual orientation.
    Processing Anything that is done with personal data. Collecting, keeping, and using personal data are all examples of processing.
    Profiling The processing of personal data in order to try and work out the subject’s situation, characteristics, and/or behaviour.
    European Economic Area (EEA) A collective of countries which share a single market and regulations which help them trade and interact with one another. This is the group of countries that will be governed by the GDPR, and therefore do not have to implement any further measures or request permission to transfer personal data to each other. They are:
    • Austria
    • Belgium
    • Bulgaria
    • Croatia
    • Czech Republic
    • Cyprus
    • Denmark
    • Estonia
    • Finland
    • France
    • Germany
    • Greece
    • Hungary
    • Iceland
    • Ireland
    • Italy
    • Latvia
    • Liechtenstein
    • Lithuania
    • Luxembourg
    • Malta
    • Netherlands
    • Norway
    • Poland
    • Portugal
    • Romania
    • Slovakia
    • Slovenia
    • Spain
    • Sweden
    Data controller An entity (for example a person or an organisation), who determines for what purpose and how personal data is going to be processed.
    Data processor An entity that processes personal data on behalf of a controller. The controller determines the purpose but the processor acts on behalf of the controller.
    Third Party An entity who is not the data subject, a processor, or a controller. The third party may receive personal data but does not process it.
    Lawful basis - Legitimate Interest Legitimate Interest refers to our conducting and managing business to enable us to provide customers with the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
    Lawful basis - Performance of Contract means processing of your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
    Lawful basis - Comply with a legal obligation means processing of your personal data where it is necessary for compliance with a legal obligation that we are subject to.
    Lawful basis - Vital Interests means processing personal data where it is necessary to protect the vital interests of the data subject or another individual
    Whitelisted countries

    Third countries (countries outside of the EEA) who have been granted an 'adequacy decision' by the EU Commission which means their data protection levels have been deemed high enough that countries within the EEA (governed by the GDPR), do not have to implement any further measures or request permission to transfer personal data there

    The EU Commission has made an adequacy decision about the following countries:

    • Andorra;
    • Argentina;
    • Guernsey;
    • Isle of Man;
    • Israel;
    • Jersey;
    • New Zealand;
    • Switzerland;
    • Uruguay;
    • United Kingdom
    • Gibraltar
    • The Republic of Korea
    • Japan - only covers private sector organisations;

    Canada - only covers data subject to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA);