Welcome to Saga's privacy hub. Protecting your personal information and being clear about how we use your data is important to us.
The Saga Group consists of the following Saga companies, which are registered as data controllers with the Information Commissioner’s Office (ICO):
Saga uses a variety of trading names including:
Saga are committed to protecting your privacy. We comply with the principles of the UK General Data Protection Regulation (GDPR) and associated data protection legislation. We aim to maintain best-practice standards in our processing of personal, sensitive data and/or special category personal data.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We do collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We may also collect information about criminal convictions and offences. For example, we may require details of motoring convictions to ensure the insurance price we provide is accurate or we may need medical information for travel insurance purposes or if you ask us to book an easy access room due to a disability. We will not collect or use these types of data without your consent, unless the law requires us to do so or where we believe it is in your best interests. If we do, it will only be when it is necessary as determined by the law and the ICO.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact, Technical and Profile Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
apply for our products or services;
create an account on our website;
subscribe to our service or publications;
request marketing to be sent to you;
enter a competition, promotion or survey; or
give us feedback or contact us.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
See below for: Purposes For Which We Use Your Data to find out more about the types of lawful basis that we will rely on to process your personal data. We do not sell, trade, or rent your personal information to others.
When you are travelling with us please be aware that there may be Saga photographers and/or videographers on board or as part of our escorted tours taking photos and videos of guests and crew to produce photographs, images and media that may be included in Marketing Brochures, on our Social Media platforms and Cruise Videos. They are happy to take reasonable steps to avoid filming or photographing you where you indicate this is your preference, but you may be included unless you tell us otherwise and we are unable to guarantee that you will not be included on an incidental basis. We care about your privacy so if you do not wish for your photograph to be taken at any time, or to be included in any video, please let a member of staff or the photographer know. Whilst we take every precaution to protect your privacy, we are not responsible for passengers who may take your photograph or video you without our knowledge. We ensure that all our customers are notified prior to travelling on our trips if a professional photographer or camera crew is being engaged and you have the right to say no or opt-out of being included in any photos being taken for these purposes, including any subsequent content or images used.
If you have any queries about the use of images after your trip, please write to the Data Protection Officer at Saga Group Plc, 3 Pancras Square, London N1C 4AG or email firstname.lastname@example.org
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To provide you with a quote (for insurance or travel) and to register you as a new customer||
|To provide goods and/or services that you request. This may be through:
||Performance of a contract with you|
|To communicate with you about an enquiry you have made, to notify you if there is a problem with your product or service, to let you know about important functionality changes to the website or if there is another genuine reason for doing so||
|Provide you with emergency support during your travel, holiday or cruise with us||
|To ensure quality assurance and for audit purposes and compliance with regulations||
|To carry out market research, offer renewals and for statistical purposes.||
|To carry out fraud prevention and credit checks. To help us prevent fraud and money laundering, assess your premium at quote and renewal, for credit applications and to assist with identity checks in order to prevent money laundering. A copy of this search will be left on your credit file but will not affect your credit score. To assess financial and insurance risk we make full and open checks on electoral roll registers and public data provided to us by credit reference bureaus and other third parties. For identity checking for money laundering purposes.||
|To prevent and detect crime. To manage risks to our business includes pricing insurance risk. To prevent fraudulent behaviour on our websites||
|To process and deliver your order including:
(a) Manage payments, fees and charges
|To manage our relationship with you which will include:
|To enable you to partake in a prize draw, competition or complete a survey||
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, statistical reporting and hosting of data)||
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||
||Necessary for our legitimate interests (to study how customers use our products/services, to develop them,
to grow our business and to inform our marketing strategy)
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences,
including customer value and retention
Necessary for our legitimate interests (to define types of customers for our products and services,
to keep our website updated and relevant,
to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you.
To personalise information sent to you.
Both may involve the profiling of data.
As previously mentioned, we do not sell, trade or rent your information, and will never disclose information about you (including information obtained from our dealings with you) to third parties, except:
a) where we have a legal interest in a company;
c) where third parties administer part or all the product or service. An example of this is where you book a travel product with us under Civil Aviation Authority (CAA) rules we have to place any funds paid to us into a trust administered by PT Trustees limited, details of how they process your information can be found on their website: https://pttrustees.com/privacy-notice;
d) for underwriting, pricing, insurance rating analysis and testing purposes, and to maintain management information for business analysis;
e) for tailoring adverts you see when you are online. These might be on the Saga website, social media sites such as Facebook, search results, or other sites that sell advertising space;
f) for marketing purposes, where we have a legal basis for doing so;
g) where we have engaged a third party to carry out market research on our behalf and who may contact you for the purpose of obtaining feedback about the products and services that we offer;
h) where we have your consent to do so;
i) where you have a travel booking, in the event of our insolvency we, or any appointed insolvency practitioner, may disclose your personal information to the CAA, and/or ABTA so that they can assess the status of your booking and advise you on the appropriate course of action under any scheme of financial protection. The CAA’s General Privacy Notice is at https://www.caa.co.uk/Our-work/About-us/General-privacy-notice/ ABTA’s Privacy Notice is at https://www.abta.com/privacy-notice.
We must have your consent to discuss your account with a third party, for example a family member. You may give this consent either orally or in writing and you may give it at any time by contacting us.
We use delivery email services to send our marketing and transactional emails, including Adobe, Thunderhead, Sitecore and Numero. For emails delivered by Adobe we use ‘tracking pixels’ which are similar to cookies to improve our emails. If you are unhappy with this but would still like to receive our emails you can block the pixels by switching off images in your email settings. You can unsubscribe from our marketing emails at any time by updating your marketing preferences in MySaga by visiting saga.co.uk or by calling 0800 092 3665.
We may be obliged by law to pass on your information to the police or any other statutory or regulatory authority. In some cases, exemptions may apply under relevant data protection legislation, whereby we can legitimately release personal data e.g. to prevent or detect crime or in connection with legal proceedings.
After you purchase a product or service from us, we may enter into an arrangement for that service to be provided by a new third party. If this happens, the terms and conditions of your contract with us will provide that you consent to the transfer and processing of personal and/or special category personal data to the new provider, subject to the requirements of the GDPR and associated legislation.
If we provide information to a third party (either a provider of a product or service, or an external data processing agency such as a mailing house) or a company in which Saga has a legal interest, we will exercise the strictest contractual controls, requiring them and any of their agents and/or suppliers to:
In addition, we will restrict the information disclosed to the absolute minimum necessary.
We may submit your details to fraud prevention agencies and other organisations to help us prevent fraud and money laundering. We will also conduct a search with a credit reference agency to help us in providing a quote, and to check which payment options we can make available to you. This is referred to as a "soft search", which means a copy of this search will be left on your credit file but will not affect your credit score.
Any searches we make to provide a motor insurance quote whereby you wish to pay in instalments may involve additional credit checks via a credit reference agency, which are sometimes referred to as a "hard search". If you go on to pay by instalments, this check will be noted on your credit file and may be reflected in your credit score. You will be informed prior to this search taking place.
In order to assess financial and insurance risk, we obtain information held on electoral roll registers and publicly available data sources, which is provided to us by credit reference agencies and other third parties. This helps us to assess your premium at quote and renewal, for credit applications and to assist with identity checks in order to prevent money laundering.
If you apply for other financial services and/or products, a check of your details with fraud prevention agencies may be necessary. The precise nature of these processes will be explained when you apply.
Our own security procedures mean that we may occasionally have to request proof of identity or check your presence on the electoral roll.
When you contact us, we may ask for your permission to contact you about the products and services we offer. Where we have obtained your permission, we may contact you by post, telephone, email, text or other means to tell you about offers, products and services that may be of interest to you.
Where we have not yet been able to ask you about your marketing preferences, we may send you relevant communications about offers, products and services by post, telephone, email or text based on your previous dealings with us. For example, if you have previously asked for an insurance quote, we may send you communications about our insurance products which we feel you may be interested in. We will only ever do this in compliance with our legal obligations which includes where we believe it is in our legitimate interest to do so. You may contact us at any time to advise us that you do not want to receive such communications from us. You can update these preferences by calling us on 0800 092 3665 or by visiting MySaga at www.saga.co.uk.
At any time, you can opt out of receiving marketing information, revise the products you would like to hear about or change the method we use to communicate with you. You can update these preferences by calling us on 0800 092 3665 or by visiting MySaga at www.saga.co.uk.
We make outbound phone calls for several reasons relating to our many products, including breakdown cover and insurance. Sometimes we will need to call you in relation to an enquiry you may have started on our website. We are fully committed to the regulations set out by Ofcom and follow strict processes to ensure we comply with them.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please write to the Data Protection Officer at Saga Group Plc, Pancras Square, London N1C 4AG or email email@example.com If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Please advise us in writing of any changes in your circumstances, or if you feel we hold inaccurate information about you so that we can update our records accordingly.
We will hold your personal information in accordance with the principles of the GDPR (and associated legislation) and for as long as reasonably necessary to fulfil the purposes for which it was collected. We may obtain your data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. We are obliged and permitted by law and regulation to retain certain types of data for a minimum period. The minimum period tends to be for seven years but can be longer (or shorter) if the statute or regulation requires.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
Access to your information: You have a statutory right of access to personal data that we hold about you. In order to exercise this right, we ask that you apply in writing, either via letter or email. Please refer to the information you wish to see giving dates where possible. Please note that we may ask for further information from you including proof of identity.
We will not administer Subject Access requests made by a third party (such as a relative or friend) unless accompanied by written authority of the individual who is the subject of the request, proof of power of attorney or other legal certification.
You will not have to pay a fee to access your personal information (or to exercise any other rights). However, in exceptional circumstances, we may charge a reasonable fee or refuse to comply with your request.
Request the correction or rectification of the personal data that we hold about you: this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Rights related to automated decision-making including profiling: We use the information we know about you to make decisions which inform our pricing, fraud prevention and the products and services we can offer. Automated decision making enables us to make efficient and fair decisions, providing a better service for our customers. Whilst you have the right to object to us using your information in this way, this could have an impact on the products or services we may be able to offer you. We use automated decision making in the following areas:
Pricing – we use the information we know and collect about you to inform decisions around product and service charges. For example, if you apply for insurance, we will compare what you tell us with other records to determine how likely you are to make a claim. This will help us decide whether to offer you the product and what price to charge you.
Tailoring our marketing communications – as mentioned previously, we use your personal information to make decisions about what products, services and offers we think you may be interested in. This ensures the communications you receive from us are tailored and relevant to your interests. You can opt out of this at any time by contacting the Data Protection Officer.
The right to erasure: this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
The right to object to processing: of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Right to restrict the processing of your personal data: this enables you to ask us to suspend the processing of your personal data in the following scenarios:
The right to data portability: you have the right to obtain and reuse the personal data that you have provided to us for your own purposes which includes transferring it to other service providers. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
The right to withdraw consent at any time: where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
What we may need from you: we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it. Sometimes, we may need to contact you or ask you for further information.
We will try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case we will notify you and keep you updated.
Limits to your rights: some of your rights in relation to your personal data are not absolute, for example your right to erasure. Where this is the case, we will inform you of the extent we can comply with your requests and detail our reasons why. More information can be found by visiting the ICO’s website https://ico.org.uk/.
For further information regarding your rights, or to make a request; please write to the Data Protection Officer at Saga Group Plc, Pancras Square, London, N1C 4AG or email firstname.lastname@example.org.
We welcome your questions and comments about privacy. Please write to the Data Protection Officer, Saga, 3 Pancras Square, London, N1C 4AG or email email@example.com
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you feel your personal information has not been handled correctly. You can do this via ico.org.uk/concerns or by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
|Sensitive personal data / special categories of data||These are types of personal data which are important to protect because processing could threaten peoples’ basic rights. For example, information about somebody’s race could be wrongfully used to discriminate against them. Other special categories of data include religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life and sexual orientation.|
|Processing||Anything that is done with personal data. Collecting, keeping, and using personal data are all examples of processing.|
|Profiling||The processing of personal data in order to try and work out the subject’s situation, characteristics, and/or behaviour.|
|European Economic Area (EEA)||A collective of countries which share a single market and regulations which help them trade and interact with one another. This is the group of countries that will be governed by the GDPR, and therefore do not have to implement any further measures or request permission to transfer personal data to each other. They are:
|Data controller||An entity (for example a person or an organisation), who determines for what purpose and how personal data is going to be processed.|
|Data processor||An entity that processes personal data on behalf of a controller. The controller determines the purpose but the processor acts on behalf of the controller.|
|Third Party||An entity who is not the data subject, a processor, or a controller. The third party may receive personal data but does not process it.|
|Lawful basis - Legitimate Interest||Legitimate Interest refers to our conducting and managing business to enable us to provide customers with the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.|
|Lawful basis - Performance of Contract||means processing of your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.|
|Lawful basis - Comply with a legal obligation||means processing of your personal data where it is necessary for compliance with a legal obligation that we are subject to.|
|Lawful basis - Vital Interests||means processing personal data where it is necessary to protect the vital interests of the data subject or another individual|
Third countries (countries outside of the EEA) who have been granted an 'adequacy decision' by the EU Commission which means their data protection levels have been deemed high enough that countries within the EEA (governed by the GDPR), do not have to implement any further measures or request permission to transfer personal data there
The EU Commission has made an adequacy decision about the following countries:
Canada - only covers data subject to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA);