1. Welcome to our Privacy Notice
We recommend that you read through our Privacy Notice, because it’s really important that you understand how we use, process and store your personal information.
Shepherds Friendly (‘we’, ‘us’) is committed to protecting and respecting your rights. This Privacy Notice (‘notice’) explains how we collect, store and use personal information when our Members and Website Visitors (‘you’, ‘your’ or ‘you’re’) purchase one of our products or otherwise provide us with personal information. Our Privacy Notice will provide you with details about:
- The types of personal information we collect from you;
- How we use it;
- The rights you have to control our use of it.
We collect and use your data in accordance with all applicable data protection and privacy legislation in force from time to time in the UK including the UK General Data Protection Regulation, the Data Protection Act 2018; and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) (“data protection law”).
2. Who is Shepherds Friendly?
- Shepherds Friendly is a trading style of The Shepherds Friendly Society Limited, which is an incorporated Friendly Society under the 1992 Friendly Societies Act. Registration Number 240F.
- We are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.
- Our FS Registration number is 109997, and our registered office is Haw Bank House, High Street, Cheadle, Cheshire, SK8 1AL.
- We are registered as a data controller with the Information Commissioners Office (registration number Z5402720). Being registered as a data controller means that we decide how and why personal information is processed.
- The Data Protection Officer for Shepherds Friendly is Tim Robertson. Our Data Protection Officer acts as an independent advocate for the proper care and use of your personal information.
3. Data controller
For the purposes of Data Protection law, Shepherds Friendly is the Data Controller of personal information covered by this Privacy Notice. You may contact us about all issues related to this Privacy Notice, your personal information and to exercise your rights under Data Protection law.
Contact Details of the Controller and Data Protection Officer: Tim Robertson
Post: Shepherds Friendly Society Limited, Haw Bank House, High Street, Cheadle, Cheshire. SK8 1AL
Email: [email protected]
Telephone: 0161 428 1212
4. When do we collect personal information?
We collect and process personal information about you, in order to provide our products and services. We may also collect and use your personal data to communicate with you about our products and related matters, such as finance enquiries relating to your plan or managing your personal details.
We only collect the personal information we need so that we can provide you with the service you expect from us.
Any personal information you supply will be held securely, in accordance with data protection law; this allows us to effectively manage your relationship with us. If you choose not to provide the information required to apply for one of our plans, unfortunately we cannot provide you with a Shepherds Friendly plan.
5. Where do we collect your data?
5.1 Visiting and using our website:
To use our website, you do not have to provide us with personal information. Personal information is only collected voluntarily, for example, when requesting a quote illustration or applying for a plan. We also collect Internet Provider (IP) addresses and store them temporarily in order to monitor flow of traffic to our website.
5.2 Communicating with us including by telephone, by email or post:
If you contact us by telephone, email or post we may collect and retain your contact details and the contents of your communication in hard and/or electronic copy. We use details such as these to help us handle any queries you might have and for keeping records of communications.
Where you apply for, or take out a plan with us, we may also contact you for telephone interviews, assessments or reviews, or otherwise to manage applications and plans, and we may retain records of these communications.
We would like to make you aware that calls to Shepherds Friendly may be recorded for training or monitoring purposes. We do not share any part of these recordings with third parties, unless we are legally required to do so.
5.3 Registering and using ‘Your Account’ (member log-in)
To use our member log-in facility ‘Your Account’ you will need to provide personal information. This is to allow us to carry out necessary security checks and prevent unauthorised users from gaining access to ‘Your Account’.
5.4 Making a claim on your plan
To make a claim on your plan you will need to complete a claim form, which may require additional personal information to be submitted, which may include sensitive personal data as defined by Data Protection law. This enables us to handle your claim quickly and efficiently. It also allows us to carry out necessary investigative processes and assessments to process your claim and to prevent fraudulent claims. We may also collect additional information from related interviews and discussions with you.
5.5 Visiting, using and registering for our intermediary website
To use our intermediary website, you do not have to provide us with personal information, however, to access specific areas of the intermediary website you will need to register as a Shepherds Friendly intermediary, and this does require the submission of personal information. https://intermediary.shepherdsfriendly.co.uk/privacy-notice/
5.6 Third parties
Plan Applications: When you apply for a plan with us, we may collect relevant information about you from other parties, such as your employer, medical professionals, rehabilitation advisers and other insurers.
Claims: When you make a claim on your plan, we may ned to obtain relevant information about you from other parties. This may include other insurance providers, and, where relevant, your doctor or other treating physician.
Marketing: We may work with third party organisations that distribute and help promote Shepherds Friendly products. More information about our marketing activities is described in section 6.5 of this notice.
5.7 Member research
As part of our on-going commitment to putting our members at the heart of everything we do, we carry out member research in the form of online surveys. The surveys collect feedback on user experience and clarity of product literature, both on and offline. The collection of personal information is optional in these surveys.
We use your information to carry out aggregated and anonymised research about general engagement with our products, services and systems, or if you choose to participate in member surveys, member focus groups and product research campaigns (on the basis of our legitimate interests to improve our products, services and member service).
6) Why do we collect this personal information?
6.1 Staying in touch with you
Making sure we provide our members with excellent customer service is very important to us and and we may communicate with you and provide you with information about products which you have purchased or enquired about. We try, where possible, to communicate information in the way you want to be contacted. Most of the time you will be contacted by phone or email, although you may receive updates by letter or text message. You can opt-out or change your preferred method of communication at any time by simply contacting us – see section 15 of this notice.
6.2 Process application
When applying online for one of our plans we will collect details about you such as:
- Your contact details such as your name, address, email and telephone number;
- Your bank account details;
- Your date of birth or age;
- Your gender;
- Your identification number, for example, your National Insurance(NI) number;
- Your residency status;
- Your tax-payer status;
- Your health details such as medical history (more information below);
- Your occupation, your employment or self-employment details, for example, if you work full or part-time, and, where relevant (including for our income protection plans) your income, financial and tax details;
- Any previous claims made on alternative insurance claims;
- Your relationship status;
- If you have a mortgage;
- Records of any interviews with you.
We may need to collect some sensitive data from you (known as special categories of data), such as health details, if these are relevant to the nature of the plan. So, for example, for our income protection plan, we will need information about any existing medical conditions.
This information will be used to assess your eligibility, to provide you with relevant quotations and, if you take out a plan, to manage your plan with us, including underwriting and claims handling. In assessing your eligibility for the plan, we may also use automated decision-making – see section 11 of this notice.
During the term of a plan, we may also create and hold additional records relating to you, such as information about the plan itself, payments, outcomes of reviews, information about changes to your circumstances, and communications with you. For claims, see section 6.4 of this notice.
6.3 Prevent and detect crime
To help protect our members and ourselves against fraud and to comply with legal and regulatory obligations, your information is checked by Credit Reference Agencies (CRAs) to:
- Detect and prevent crime, fraud and money laundering;
- Verify your identity;
- Confirm your home address.
We carry out checks on your personal information using Experian. You have the right to apply to Experian for a copy of your file. There may be a small charge for this.
Customer Support Centre
PO Box 8000
6.4 To assess and process your claim
We need to collect personal information from you when you submit a claim for your plan, and we will do this via a Claim Form. Personal information you provide us or which we may otherwise obtain may include:
- Your contact details such as your name, address, email and telephone number;
- Your date of birth or age;
- Your employment details, for example, if you work full or part-time;
- As relevant to our income protection plan, information about your income and finances, fitness to work, reasons for incapacity, occupation, residence, lifestyle, sports, hobbies and pastimes, and other information about your employment;
- Outcome of any interviews or assessments which we ask you to attend (for example with our medical, employment and rehabilitation advisers);
- As relevant to your claim, information about other insurance policies or claims against other parties;
Special categories of data
- We may collect sensitive personal data which can include health details such as medical details. For example, when making a claim on our income protection plan, we may need information to determine whether you are suffering from an illness or injury and how such illness or injury arose. This may include medical certificates and other health information provided by you, your doctors and physicians.
- We may also collect information about any suspected or actual participation in a criminal act (which may exclude you from being able to claim under a plan).
We may use your information to provide direct marketing communications to you by post, email and telephone, to offer similar goods and services to those you have enquired about or that you have already bought, or where you have consented to us doing so. You can opt out of, or withdraw your consent to, receiving such marketing communications at any time. More information on how to opt out is included within each marketing communication, or otherwise please use the contact details at sections 3 and 15 of this notice.
We may make some decisions relating to our direct marketing activities by automated means. See section 11 below.
We may work with third party organisations that distribute and help promote Shepherds Friendly products. These third–party organisations, who operate in accordance with UK Data Protection law, supply us with personal information, which allows us to communicate effectively with the user. You will have already offered your Personal Information to these third–party companies and specifically given permission (consent) to allow them to pass it on to other companies who provide similar products to us. You can choose to opt-out of these communications at any time. Further details of third–party organisations that help promote Shepherds Friendly products is available on request.
7) Who do we share your personal information with?
We may need to share your personal information with external companies (third parties). We share your personal information with carefully selected third parties to help us administer your plan and provide essential services to you. These third parties include:
Our service providers and professional advisers:
- Actuarial services;
- Auditor services;
- Business Partners;
- Funeral service provider (Golden Charter) for our Over 50s Life Insurance Plan;
- I.T. support services;
- Trained medical professionals and medical support services, or employment and rehabilitation advisers, should you apply or make a claim on one of our protection plans;
- Other third parties where required or permitted by law, or with your consent;
- Marketing support services;
- Market Research agencies;
- Mailing houses.
When we use appointed service providers and agents, we have a contract in place that requires them to keep your information secure.
Crime detection, prevention and prosecution:
- Credit reference or identity verification services;
- Disclosure services.
Regulatory and governmental bodies:
- Including the Financial Conduct Authority and the Prudential Regulation Authority
- and law enforcement authorities.
We will never sell your personal information to third parties or share it with anyone who is not listed above. The names and locations of third parties we use are available on request.
8) Do you share personal information outside of the UK?
We may transfer personal information that we collect from you to third party processors who are located in countries that are outside of the European Economic Area (EEA). Please be aware, countries which are outside the EEA may not offer the same level of data protection as the United Kingdom, although our collection, storage and use of your personal information will continue to be governed by this Privacy Notice.
Please see section 7 of this notice for further information on who we share your personal information with.
9) How long will you keep my personal information for?
How long we hold your personal information for will depend on whether you hold a plan with us. If you provide us with your personal information but then do not take out a plan (i.e. you receive a personalised quote but decide not to continue with your application) then we will hold your data for a maximum of 30 days. After this time any personal information we hold will be anonymised. During the 30-day period your personal information will only be used to remind you of your quote details and it will not be shared with any external third parties.
If you provide us with your personal information and subsequently take a plan out with us, then we will hold your personal information for as long as you hold a plan with us and for an appropriate period thereafter, to allow us to assist with any query or complaint you may have after your plan has ended.
10) What are my rights with regards to my personal data?
10.1 Right to be informed
You have the right to be informed as to what we do with your information. This includes, but is not limited to, the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for.
10.2 Right of Access
You have the right to access and obtain a copy of the personal information that we hold about you, unless we are exempted by law from disclosing it to you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
10.3 Right to Rectification
You have the right to request that we correct any inaccuracies in the personal information stored about you.
10.4 Right to Erasure
In certain circumstances, you have the right to request that we erase your personal information. For example, you may exercise this right in the following circumstances:
- The personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed by us; or
- Where you object to the processing and there are no overriding legitimate grounds for the processing;
- Your personal information has been unlawfully processed.
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
10.5 Right to Restriction
You have the right to restrict our processing of your personal information where any of the following circumstances apply:
- Where you feel that the personal information which we hold about you is not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your personal information;
- Where the processing is unlawful and you do not want your personal information be erased, but request the restriction of its use instead;
- Where we no longer need to process your personal information (e.g. any of the Purposes outlined above have been completed or expire), but we require it in connection with legal proceedings;
- Where you have objected to our processing of your personal information pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms;
- Where you exercise your right to restrict our processing of your personal information, we will only continue to process it with your consent or in connection with legal proceedings or for the protection of the rights of other people or for reasons of important public interest.
10.6 Right to Communication
If you ask us to correct, erase or restrict the processing of your personal information, and we have shared your data with a third party, we will notify those third parties of your request.
10.7 Right to Data Portability
To further strengthen your control over your personal information, you have a right to receive and transfer the personal information that you provide to us in a structured, commonly used and machine readable format where we process your personal information on the legal bases of: a) your consent; or b) where it is necessary to perform our contract with you and such processing is carried out by automated means. Where you make such a request, we will directly transfer your personal information on your behalf to another controller of your choice (where it is feasible for us to do so).
10.8 Right to Object to Processing
In certain circumstances, you have a right to object to our processing of your personal information where (a) we process it on the legal bases of our legitimate business interest (e.g. the statistical purposes outlined above), including profiling based on our legitimate business interests; or (b) we process it for direct marketing (see section 6.5 of this notice). We may not be able to comply with such a request where we can demonstrate that there are compelling legitimate grounds for us to process your personal information which override your interests, rights and freedoms or where the processing of your personal information is required for compliance with a legal obligation or in connection with legal proceedings.
11) Automated Decision-Making, including Profiling
As a Friendly Society, we sometimes make automated decisions about you based on your information. These decisions can include whether or not you are eligible for one of our plans.
The Society may refuse plan applications where the applicant’s risk profile is too high. This is necessary to ensure that the Society maintains a manageable level of risk across all its members. In certain circumstances, the decision to reject your application is made automatically, based on certain checks and calculations during our application process.
For example, if you apply for our Income Protection Plan, then eligibility for the plan may be determined by automated means as is necessary for us to enter into the contract with you for the provision of the plan. This can result in one of the following outcomes:
- You are offered the plan at standard terms;
- You are offered the plan with one or more medical or lifestyle exclusions;
- You are offered the plan with a postponed start date;
- You are offered the plan with terms different to those which you initially applied for (e.g. a different term or a longer waiting period);
- You are offered the plan with a combination of the above conditions (e.g. an exclusion and a longer waiting period);
- Your application is declined.
Where decisions which significantly affect you are made by solely automated means, you have a right to obtain human intervention, to express your point of view and to contest the decision. Where your application for a plan is refused based on a solely automated decision, you will be notified that it has been rejected and you will be provided with contact details of one of our team to arrange to personally consider your application. You may also pass comments to the team member as part of the review process.
Additional information about automated decision-making activities (including the logic involved, the significance and consequences for you), and how to exercise your rights is provided during the eligibility and marketing processes.
12) How do we look after children’s data?
We understand the importance of taking extra precautions to protect the privacy and safety of children. We will only collect the personal information of children during the application process for child savings plans, and only with express parental or guardian permission.
13) Legal bases for processing of personal data
The legal bases for our processing of personal information are as follows:
- The processing is necessary for our legitimate interests as a business and provider of insurance services, for example to allow you to apply for one of our plans, to allow you to make a complaint about our services, to allow us maintain accurate customer records, to send you information about your plan or similar products and services, and otherwise manage our relationship with you;
- The processing is necessary to comply with a legal obligation, for example anti-money laundering legislation, the requirements of the Financial Conduct Authority and the Prudential Regulation Authority, or those of HMRC;
- Other processing of personal data with your consent.
- The processing is necessary for entering into or performance of your contract with us and the provision of our products and services to you, for example to determine your eligibility for a plan, or where you take out a plan with us.
We will only process special categories of personal data (e.g. your medial history) for the specific purpose to which you consented.
14) Notification of a data breach
If a breach or loss of data occurs that is likely to result in a high risk of adversely affecting your rights and freedoms, you will be notified immediately and later report the action we took in response to the breach.
15) Contacting us
If you have any questions about how we collect, store and use personal information; would like to make a complaint regarding privacy; or if you have any other privacy related questions, please contact us by using any of the following means:
Telephone: 0161 428 1212
Post: Shepherds Friendly Society Ltd, Haw Bank House, High Street, Cheadle, Cheshire. SK8 1AL
If you have already contacted us but are still not satisfied, you have the right to refer your complaint to the Information Commissioners Office. They can be contacted by using any of the following means:
Telephone: 0303 123 1113
Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Live chat: Available by visiting their website www.ico.org.uk
Privacy notice for staff
This privacy notice is for staff at Shepherds Friendly. It describes how we collect and use personal information about you during the recruitment process, in accordance with the General Data Protection Regulation (GDPR).