Privacy Notice (United Kingdom)

I. Introduction
 

This Privacy Notice applies to members of UK pension plans/pension schemes whose trustees or employers (as relevant) have entered into a contract of insurance with an insurer, called an annuity, which has been reinsured by us, American National Insurance Company. You may have a group annuity contract certificate relating to this. As a reinsurer, we reinsure all or part of the risk associated with the contract issued by the relevant insurer. This Privacy Notice also applies to individuals working for our insurer clients or service providers who contact us for business purposes and to individuals residing in the United Kingdom who visit our website. If you are a business contact, our Privacy Notice and Terms and Conditions may also be relevant to you when you visit our website or connect with us about products and services.

The Privacy Notice explains how American National Insurance Company (“American National,” “Company”, “we,” “us,” or “our”) collects, uses, and protects your Personal Data. It also describes your privacy rights and how to exercise them.

Specifically, the Privacy Notice includes information about:

• How to contact us;
• What types of Personal Data we collect;
• Where we obtain Personal Data;
• How we use Personal Data;
• How we disclose Personal Data to third parties;
• How we protect Personal Data;
• How long we store Personal Data; and
• Your privacy rights in relation to our processing of Personal Data.

Please read this Privacy Notice carefully to understand how we will treat your Personal Data. The Privacy Notice may change from time to time, and you should review it periodically.

The Privacy Notice was last updated on April 29, 2026.
 

II. About American National
 

American National and our affiliated insurance companies write a broad array of financial products and services, including reinsurance, and conduct business in all 50 states of the United States and Puerto Rico. Each company is financially responsible for only the products and services it issues.

American National was founded in 1905 and is headquartered in Galveston, Texas. As a leading provider of financial products and services for more than a century, American National strives to be a prudent steward of assets and to operate responsibly and fairly for everyone.

American National is committed to compliance with applicable legal and regulatory requirements relating to data protection, privacy, and cybersecurity as further set out in our Code of Business Conduct and Ethics.

For the purposes of applicable laws and regulations relating to data protection and privacy, American National acts a controller with respect to your Personal Data. As a controller, we are a company that determines why and how your Personal Data is processed, and we are required under applicable law to provide notice of any processing undertaken.

III. How to Contact Us

American National is located at One Moody Plaza, Galveston, Texas, 77550.

You may contact us by:

• Writing to the above address;
• Calling 00 +1 (877) 327-6329; or
• Sending an email to privacycompliance@americannational.com

You may want to contact us to:

• Ask any questions you have about the information contained in this Privacy Notice;
• Request a printed copy of this Privacy Notice; or
• Make a complaint.
   

IV. Definitions
 

“Personal Data” has the meaning given to it in applicable data protection laws, and for the avoidance of doubt, means any information which directly or indirectly identifies or otherwise relates to an individual, which is in the possession or under the control of American National (or our representatives and service providers). This includes pseudonymous data. It does not include anonymous data, which is not subject to applicable data protection laws. Pseudonymous data refers to data that has undergone processing techniques to replace, remove, or transform information that identifies an individual. For example, replacing one or more identifiers which are easily attributed to individuals (such as names) with a pseudonym (such as a reference number).

“Process” or “processing” means any operation that is carried out with respect to Personal Data, including but not limited to collecting, storing, using, disclosing, transferring, or deleting Personal Data.

V. What Types of Personal Data We Collect
 

American National may collect and process the following Personal Data when it acts as a reinsurer:

• Personal data relating to underlying members/group annuity contract certificate holders, which may include:
  • Name
  • Date of birth
  • Gender
  • Postcode
  • Mailing address
  • Marital status
  • Contingent annuitant information, such as name, mailing address, date of birth, gender, and relationship to certificate holder
  • Group annuity contract certificate number
  • Scheme/plan membership ID number
  • Benefit details, such as types, values, annual increases, and dates
  • Payment information, such as amounts, frequency, and dates
  • Deduction information, such as types and amounts
  • Member type, such as pensioner, deferred pensioner, and dependent
  • Employment details, such as date of hire, date of termination, age at retirement, length of service, and compensation information
  • Fraud data
  • Sanctions data
• In addition to the above, we may check death registry data, which may include checking:
  • Name
  • Mailing address
  • Postcode
  • Life status
  • Spousal information, such as name and contact details (please see more on this in the “Where We Obtain Personal Data” section below).
• For insurer clients, business partners, and service providers, we may collect contact information, which may include:
  • Name
  • Telephone number
  • Email address
  • Job title
  • Company name
• Where you visit our website, we may collect the following website information:
  • Information, including version number, about the web browser or application you are using;
  • IP address; and
  • Information from cookies (please see our cookies policy).

VI. Where We Obtain Personal Data
 

Where you are an underlying member, American National as a reinsurer will receive your Personal Data from insurance companies that have a relationship with your employer or trustee. We typically receive Personal Data in scenarios where an employer decides to derisk its pension plan by transferring the funds and liabilities of the plan to a group annuity contract issued by an insurance company and then reinsured by American National.

In addition, American National may collect your Personal Data from a death registry in the United Kingdom to verify the life status of various individuals associated with your certificate, including the certificate holder, spouse, and beneficiaries. Where Personal Data concerns a deceased individual, UK data protection laws do not apply. However, we will still treat this information as confidential.

Where you are an insurer client, business partner, or a service provider, American National may collect your Personal Data directly from you to confirm your contact information and to gather up-to-date details. We may also collect your Personal Data when you interact with our website.
 

VII. How We Use Personal Data
 

American National expects to process your Personal Data for the following purposes:

• To conduct and support reinsurance operations, which includes providing reinsurance quotes to insurers;
• To discuss, negotiate, and conclude reinsurance agreements, including retrocession;
• To decide whether to provide reinsurance in relation to an individual or group of policyholders;
• To analyze and determine pricing of reinsurance for pension risk transfer transactions;
• To evaluate reserves and mortality assumptions;
• To verify and confirm your identity;
• To update information about you, to ensure it is accurate and current;
• To confirm life status;
• To audit benefit payments;
• To perform sanctions checks;
• To detect, prevent, and investigate fraud and other illegal activities;
• To enhance the security of our network and information systems;
• To conduct internal experience analysis and research in support of reinsurance and pension risk transfer transactions;
• To perform obligations and exercise rights under contracts, including our reinsurance contracts with insurer clients;
• To meet obligations imposed by law or regulation;
• To respond to queries, complaints, general business communications, and legal and regulatory requests;
• To establish, exercise, or defend legal claims; and
• To facilitate a proposed or actual business dealing such as a sale or merger.

Following the pension risk transfer transaction between an insurer client of American National and your employer/trustee, and pursuant to a written agreement, the insurer client will cede all or part of the risk to American National and then share some of your Personal Data with American National.

Lawful Basis for Processing.

We are required by law to have a “lawful basis” (i.e., a reason or justification) for processing your Personal Data. We rely on the following lawful bases to process your Personal Data:

• Necessary for compliance with a legal or regulatory obligation. From time to time, we may need to process Personal Data to comply with a legal or regulatory obligation.
  
  We rely on this lawful basis when processing any data subject rights requests in accordance with applicable data protection laws and for activities relating to the prevention, detection, and investigation of any crime. We also rely on it to comply with our financial reporting obligations and compliance with subpoenas or similar court orders.
  
  
• Legitimate interest. We may also process the Personal Data we collect for our legitimate business interests when permitted by applicable law.
  
  “Legitimate interests” means the interests of our company in conducting and managing our business, for example:
  • As necessary for the performance of the group annuity contract between an insurer client and your employer or the trustee of the pension plan/scheme or for the performance of your certificate, as we reinsure all or part of the risk associated with the group annuity contract and your certificate;
  • For theoretical and actual pricing of reinsurance and annuities;
  • For internal experience analysis;
  • For internal research in support of reinsurance and pension risk transfer transactions;
  • If we find out that your name appears on a sanctions list (OFAC), we will rely on our legitimate interests to process that information to the extent it’s relevant to our reinsurance of the risk associated with the group annuity contract and your certificate;
  • To update information about you, to ensure it is accurate and current;
  • To enhance the security of our network and information systems; and
  • In connection with promoting our products and services and/or data analysis.
• When we process your Personal Data for our legitimate interests, we consider the following three questions:
  • Is there a legitimate interest behind the use of your Personal Data?
  • Is our use necessary for that purpose?
  • Do your rights override our legitimate interest?

Where we process your Personal Data because it is necessary for our legitimate interests, you can object to this processing at any time using the contact details in this Privacy Notice.

• Substantial public interest. We may process data to detect, prevent, and investigate fraud and other illegal activities. We rely on substantial public interests to do this for the purpose of insurance or where necessary for the prevention or detection of crime.

In summary, where applicable, it is necessary and appropriate for American National to process your Personal Data to carry out our legal and regulatory obligations, for our legitimate interests as a reinsurer, as well as substantial public interests.

VIII. Disclosure of Personal Data to Third Parties
 

American National may share your Personal Data with the following categories of recipients:

• Our corporate affiliates;
• Third-party service providers, such as companies that support the offsite storage of back-ups;
• Our insurer clients and business partners;
• Other reinsurance companies or financial institutions;
• UK death registries (to verify the life status of individuals associated with your certificate);
• Professional advisors, such as lawyers, accountants, auditors and/or consultants; or
• Courts and government agencies, such as law enforcement authorities or regulators.

We also reserve the right to transfer any information we have about you in connection with any sale or transfer of all or a portion of our business or assets, including in the event of a reorganization, sale, merger, dissolution, or liquidation.

We disclose Personal Data in accordance with data protection principles and as necessary or appropriate to cede risk, to perform services on our behalf, or to otherwise help us carry out the purposes described above.

Where we engage with third parties, these parties will be subject to a duty of confidentiality and governed by a written contract requiring appropriate privacy and security measures and controls.

For example, American National expects to share your Personal Data with other reinsurance companies to further cede risk. We also anticipate sharing your Personal Data with a UK death registry to verify the life status of individuals associated with your certificate.
 

IX. Transfers of Personal Data Abroad

We take appropriate steps to protect your Personal Data regardless of where it is stored, taking into consideration the requirements of applicable data protection laws. These steps include entering into written contracts with third parties requiring appropriate privacy and security measures and controls. For example, if we transfer your Personal Data outside the United Kingdom or the European Economic Area, we will ensure there is an approved mechanism for providing appropriate safeguards to protect it. This includes approved mechanisms such as standard contractual clauses and the UK international data transfer addendum.

X. How We Protect Personal Data
 

Our commitment to corporate security is demonstrated through the implementation of policies, controls, and procedures, which are externally audited. Our security policies, controls and procedures are regularly reviewed and updated so that we maintain good practices across our business to keep your information safe.

Your Personal Data is only accessible to our employees and other representatives who have a legitimate business need to know the information.

XI. How Long We Store Personal Data

We store Personal Data for the purposes stated above for 7 years following the year of receipt.

We follow our records retention policy and schedule to ensure Personal Data is kept only as is reasonably necessary for the disclosed purposes. Our records retention policy and schedule are based on criteria including legal and regulatory requirements, contractual obligations, security risks, storage constraints, and business needs. We also ensure that, in compliance with applicable law, we do not retain Personal Data longer than necessary.

XII. Your Privacy Rights
 

In certain circumstances, you have the following rights under the applicable data protection and privacy laws and regulations:

• The right to access personal data relating to you (known as Subject Access Requests);
• The right to correct any mistakes in your personal data. This includes the right to ask us to complete information that you think is incomplete;
• The right to require us to delete your personal data in certain circumstances;
• The right to restrict our processing of your personal data in certain circumstances;
• The right to object to us processing your personal data in certain circumstances; and
• The right to have your personal data provided to another controller.

You are not required to pay any charge for exercising your rights. To make a request, please contact us at privacycompliance@americannational.com.
 

XIII. How to Complain
 

If you have a problem or concern relating to the ways we process your personal data or the contents of this Privacy Notice, please contact us first. We hope that we will be able to address the problem or concern to your satisfaction. However, you also have the right to make a complaint to the Information Commissioner’s Office. The process for making a complaint to the Information Commissioner’s Office is available here: https://ico.org.uk/make-a-complaint

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk