Isle of Man Privacy Policy

We take our duty to safeguard your data seriously. Our Privacy Policy sets out our privacy commitment to you and explains your rights.

Who we are

Old Mutual Isle of Man is a Branch of Old Mutual Life Assurance Company (South Africa) Limited (OMLACSA). The Branch is registered in the Isle of Man and its principal place of business is 5A Village Walk, Onchan, Isle of Man IM3 4EB, British Isles and is licensed by the Isle of Man Financial Services Authority. OMLACSA is a registered long-term insurer and a licensed Financial Services Provider in South Africa.

Old Mutual Life Assurance Company (South Africa) Limited is part of Old Mutual Limited (OML) and is listed on the Johannesburg Stock Exchange with secondary listings in London, Malawi, Namibia, and Zimbabwe.

Where we collect personal information from

You may have supplied your personal data to us through:

  • application form
  • claim form or other documents
  • emails and letters
  • phone
  • by consent through your Financial Advisor
  • via other companies within OMLACSA or OML

Your Financial Adviser should tell you when they pass your details on to us and you should have given your consent to allow your Financial Adviser to pass your details to us.

Your personal data

‘Personal data’ means any information that can be used to identify an individual person. This means information that could identify you directly or indirectly, and can include your name, address, date of birth, email address, bank details, identification number, location data, online identifier, or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural, or social identity.

As required under the regulations the information we collect will be adequate, relevant, and limited to what is necessary for the purpose the information is being collected.

All personal data we collect, and hold will be processed lawfully, fairly and in a transparent manner in relation to you as our data subject.

What is sensitive data?

In some circumstances we may collect sensitive information about you such as:

  • details of your health;
  • your race / ethnic origin; and
  • genetic or biometric data (such as fingerprints).

We do not require data concerning political opinion, membership of a trade union, religious or philosophical beliefs which are also categorised as sensitive personal data however this information may be disclosed by you as part of the underwriting process, if you consider it is relevant. We have a very general question on the application form which asks clients to disclose any feature of their lifestyle which may affect / threaten their life expectancy and through this you may disclose further sensitive information.

OMLACSA will require your explicit consent to process sensitive information. If we do not receive this consent from you, we will not be able to provide you with your product.

If you make any of your sensitive personal data public such as putting information on social media, we can process that data as this information will be in the public domain.

We can also further process your sensitive personal data in the exercise or defence of legal claims for or against OMLACSA or whenever we need to comply with a court order.

How we use your personal information

As the controllers of your personal data OMLACSA may process your data:

a) to administer and operate the IP+ Contract

b) to fulfil OMLACSA's legitimate interests, during the operation, support, and development of our businesses, evaluating customer service, efficiency, cost, and risk and for management purposes

c) carrying out anti money laundering and conflict of interest checks for the prevention of financial crime or fraud

d) exercising and defending our legal rights, complying with regulatory authorities and legislation

e) for audits by national and regulatory enforcement

We will ensure your personal data is processed in a manner that is appropriately secure and we will protect your information against unauthorised or unlawful processing, accidental loss, destruction, or damage. We will do this with the implementation of internal policies, procedures, encryption of emails and data, building security such as swipe cards for building access, CCTV, internal IT testing, IT testing by external parties, internal auditing and staff training therefore treating your personal data with integrity and with the utmost confidence.

OMLACSA will not need to obtain consent of the data subject where we cannot be reasonably expected to have obtained that consent for the processing of your data. OMLACSA can process your personal data when we are not aware of you withholding consent.

Your data will not be further processed in a manner that is incompatible with the above purposes.

How the law protects you

Data Protection law allows OMLACSA to process and retain your personal information only if we have a good reason to do so. This includes sharing your information outside of OMLACSA. We must have one or more of the following reasons to process and retain your data:

  • To fulfil a contract, we have with you
  • When it is our legal duty
  • When it is in our legitimate interest
  • When you consent to it. (When you give your consent, it should be given freely by you along with an informed indication of your wishes which signifies your agreement of your personal data being processed).

The processing of your information is done so within the legitimate interests of business or commercial activities (these are not overridden by prejudice to your privacy rights). For OMLACSA to comply with applicable regulations it will be necessary, in some cases, to disclose your personal details which would be classed as a legal duty. We will also process your data for us to assist you with your IP+ contract under the general terms and conditions which OMLACSA considers to be a legal contract between you and OMLACSA.

Third party data processing for administration purposes

We can process your personal information if it is necessary for the purpose of carrying on business which consists of effecting or carrying out a contract or is personal data which relates to a data subject who is not a party to the contract or seeking to become a party to the contract and can reasonably be carried out with the consent of the data subject.

Again, as above, processing can be carried out without obtaining consent of the data subject where we cannot be reasonably expected to obtain consent for the processing of that information for instance a nominated beneficiary of a contract who does not know that they have been nominated. OMLACSA can process the data subject's personal data when OMLACSA is not aware of you withholding consent.

Sending data outside the European Economic Area (EEA)

Your personal data may be transferred to another country, which may also include countries outside of the EEA. Most notably South Africa is not considered to be an equivalent jurisdiction for the transfer of personal data.

In those cases where the relevant country has been checked to ensure it has an equivalent level of data protection by the European Commission, or we need to make the transfer to perform a contract in your interests, we will ensure that the transferred personal data is protected by a data transfer contract. Further details can be obtained by making a request in writing to our Data Protection Officer (DPO). We can provide you with copies of any data transfer agreements on request.

To ensure we are only transferring data to countries which have the correct adequacy ratings we regularly check the EU website.

How we use your information to make automated decisions

OMLACSA does not use automated decision-making processes.

If you choose not to give personal information

OMLACSA may need to collect personal information by law, or under the terms of a contract we have with you.

If you choose not to provide your personal data, it may delay or prevent us from meeting our obligations. It may mean that we cannot perform services to run your contracts which could result in a need to cancel a contract or service you have with us.

Any data collection that is optional would be made clear at the point of collection.

How long we keep your personal information

We will retain your personal data in a form which can identify you for seven years after your contract has finished. Reasons to retain data can include:

  • Respond to questions or complaints
  • To demonstrate we treated you fairly
  • Maintain records according to rules that apply to us in our jurisdiction.

Should you wish to have a look at our document retention schedule stating what documents are kept and for how long please contact our DPO who can give you a copy of our document retention schedule.

We may extend retention periods if we are required to preserve personal data in connection with investigations, proceedings, and litigation.

How to obtain a copy of your personal information

You have a right of access to your information completely free of charge (if it is a simple request). If we do need to charge you, we will confirm what the charge is and why it is necessary to charge you. Usually, we will only charge if the information is clearly unfounded or excessive. Therefore, if you keep requesting information then it may be necessary to charge you. We will take into consideration the cost of obtaining your information and the length of time it will take to respond to your request. If you request additional copies we can also charge for the additional copies.

Should you wish to have access to your personal data you can write to the DPO to request copies. This is called a subject access request. If you wish to have more details as to how this works please contact our DPO.

If you request information that is too much or if we hold a lot of information about you, we will ask you to be specific about the information you are looking for in order that we can locate it and get it to you.

If we consider that you are asking for too much information, we do have the right to say no. If we do consider your request to be excessive, we will send you a letter or an email setting out why.

For your protection we may ask for identification confirming that it is you asking for the information. If you request copies of your information, we must provide you with your information within one month from the date we receive your identification documents.

You have a right to an electronic copy of your personal data which we can send to you encrypted.

If your request to have a copy of your personal data adversely affects the rights and freedoms of others, we will not be able to provide this however we will send a letter to you confirming this.

Letting us know if your personal information is incorrect

You have the right to question any information we have about you that you think is wrong or incomplete.

We will endeavour to ensure that all information we retain for you is accurate, complete, and up to date. Please do let us know if you have a change of personal details such as surname or contact details and help us keep your details up to date. If you become aware that the information, we hold is incorrect and have let us know we will take every reasonable step to ensure that your personal data is rectified without delay. It is a good idea to regularly check the information we have for you.

What if you want us to stop using your personal information?

You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information. This is your ‘right to object’ or ‘right to be forgotten’. However, in doing so this may stop us being able to provide you with your contract or disrupt our service levels to you.

There may be circumstances where we are able to restrict the use of your data, i.e. restrict its use to certain things, such as legal claims or to exercise legal rights. In these circumstances, we would not use or share your information for other purposes while restricted.

Restriction of processing can be requested when:

  • It is not accurate
  • It has been used unlawfully but you do not want us to delete it
  • It is not relevant anymore, but you want it to be retained for use in legal claims
  • You have already requested your data to not be used but you are waiting for us to tell you if we can continue to use it
  • You can request the restriction or objection to the processing of your personal data by sending the request in writing to our DPO

How to withdraw your consent

You can withdraw your consent for us holding your personal information at any time. Should you withdraw your consent this may impact your IP+ Contract, the service we provide, or stop us being able to assist you with your contract.

How to complain

You can lodge complaints about our processing of your personal data with our DPO in writing.

Old Mutual Isle of Man is a Branch of Old Mutual Life Assurance Company (South Africa) Limited, 5A Village Walk, Onchan, Isle of Man IM3 4EB, British Isles.

Or via E-mail: enquiries@impactiom.com

Should your complaint about our processing of your personal data not be resolved to your satisfaction you can then send your complaint to the Office of the Information Commissioner, you can also contact the Information Commissioner Office using the details on this link: DPA & UCR How to Make a complaint (inforights.im) .


You may visit our offices in South Africa where we operate CCTV. We have CCTV cameras for security reasons for the protection of our staff and visitors. We do not record sound and so your voice will not be captured.

CCTV images are held for three months after which they automatically delete.

We do have the capacity to ‘hold a playback’ which means we can keep the information for longer should there be an incident. The CCTV images may then be used to defend any legal claims. Should your image be held we will inform you.

We have an internal policy for our CCTV which regulates how we use it and the images it stores which is tested by regular internal audits which are carried out on a regular basis.

Use of our Online Services

When entering into an IP+ contract with OMLACSA you will be provided with details to access your information online via your OMLACSA IMS account. This facility provides you with access to your contract details, including valuations etc. When accessing online services, you will be asked to provide some personal data which may include your name and email address.

Recording of phone calls

If you call OMLACSA or OMLACSA calls you, the telephone line may be recorded. The records will be OMLACSA's property and accepted by you as evidence of the orders or instructions given. A copy of the recording will be available on request for a period of seven years.


‘Cookies’ are text files, which are sent to your computer or other devices when you visit a website. To find out more about how we use cookies please see our Cookie Policy.

Who at OMLACSA uses your information?

  • The OMLACSA employees who will to take you through security and answer your queries
  • the compliance team to check your identification documents and protect you against fraudulent claims
  • the OMLACSA employees who will deal with surrendering your contract or to assist making a claim
  • the IT department who provides IT services to all OMLACSA employees which includes backing up information and as such will process your data by backing up our systems

What happens when I surrender my IP+ Contract?

If you chose to cash in your IP+ Contract, surrender your IP+ Contract or no longer wish to use our services we will retain your information for seven years. After the seventh-year anniversary of the surrender or you leave us we will completely delete your data and we will no longer be able to provide any copies should you wish to review your personal data that we held.


We do not use your personal data to directly market our products to you.

Data held by us about children

If you are not yet 18 years old, you can ask us to give you copies of information we hold about you. You can call, write, or email our DPO who will help you. We also have a separate policy which sets out information which you might find clearer and easier to read.


This is our main statement. You will find parts of this statement broken down into smaller sections in our literature and in the General Terms and Conditions. Not all parts of the statement will relate to each client. Therefore, your application forms and literature you receive about us will be tailored to suit you.

The most important thing is that you feel in control of your personal data. We will help you to do this with us as much as we can.

If you are unsure or if you feel something is not clear you can contact our DPO who will be able to answer your questions.

Our Data Protection Officer can be reached in writing to:

Old Mutual Isle of Man is a Branch of Old Mutual Life Assurance Company (South Africa) Limited, 5A Village Walk, Onchan, Isle of Man IM3 4EB, British Isles.

Or via E-mail: enquiries@impactiom.com

Back to top

If you "Accept All", you agree to the use of cookies for an improved browsing experience, enhancing site navigation and analysing site usage.

Learn more here Accept All