1) Welcome to our Privacy Notice

We recommend that you read through our Privacy Notice, because it’s really important that you understand how we use, process and store your personal information.

We respect your right to privacy and will only process personal information you provide to us in accordance with the EU General Data Protection Regulation (GDPR) which is the EU regulation surrounding data protection which became applicable in May 2016, the Privacy and Electronic Communications (EC Directive) Regulations 2003 which is to be replaced by the ePrivacy regulation which is expected to become applicable in May 2018, and other applicable privacy laws.

Shepherds Friendly (‘we’, ‘us’) is committed to protecting and respecting your rights. This Privacy Notice (‘notice’) explains how we collect, store and use personal information when our Members and Website Visitors (‘you’, ‘your’ or ‘you’re’) purchase one of our products or otherwise provide us with personal information. Our Privacy Notice will provide you with details about:

  • The types of personal information we collect from you;
  • How we use it;
  • The rights you have to control our use of it.

2) Who is Shepherds Friendly?

  • Shepherds Friendly is a trading style of The Shepherds Friendly Society Limited, which is an incorporated Friendly Society under the 1992 Friendly Societies Act. Registration Number 240F.
  • We are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.
  • Our FS Registration number is 109997, and our registered office is Haw Bank House, High Street, Cheadle, Cheshire, SK8 1AL.
  • We are registered as a data controller with the Information Commissioners Office (registration number Z5402720). Being registered as a data controller means that we decide how and why personal information is processed.
  • The Data Protection Officer for Shepherds Friendly is Tim Robertson. Our Data Protection Officer acts as an independent advocate for the proper care and use of your personal information.

3) Data controller

For the purposes of Data Protection laws, Shepherds Friendly is the Data Controller of personal information covered by this Privacy Notice. You may contact us about all issues related to this Privacy Notice, your personal information and to exercise your rights under Data Protection laws.

Contact Details of the Controller and Data Protection Officer: Tim Robertson
Post: Shepherds Friendly Society Limited, Haw Bank House, High Street, Cheadle, Cheshire. SK8 1AL
Email: info@shepherdsfriendly.co.uk
Telephone: 0161 428 1212

4) When do we collect personal information?

We collect and process personal information about you, in order to provide and communicate information with you on our products, such as finance enquiries relating to your plan or managing your personal details.

Any personal information you supply will be held securely, in accordance with data protection rules; this allows us to effectively manage your relationship with us. If you choose not to provide the information required to apply for one of our plans, unfortunately we cannot provide you with a Shepherds Friendly plan.

5) Where do we collect your data?

5.1) Visiting and using our website:

To use our website, you do not have to provide us with personal information. Personal information is only collected voluntarily, for example, when requesting a quote illustration or applying for a plan. We also collect Internet Provider (IP) addresses and store them temporarily in order to monitor flow of traffic to our website.

5.2) Contacting us by telephone, by email or post:

If you contact us by telephone, email or post we may collect and retain your contact details and the contents of your communication in hard and/or electronic copy. We use details such as these to help us handle any queries you might have and for keeping records of communications. We would like to make you aware that calls to Shepherds Friendly may be recorded for training or monitoring purposes.

5.3) Registering and using ‘Your Account’ (member log-in)

To use our member log-in facility ‘Your Account’ you will need to provide personal information. This is to allow us to carry out necessary security checks and prevent unauthorised users from gaining access to ‘Your Account’.

5.4) Making a claim on your plan

To make a claim on your plan you will need to complete a claim form, which may require additional personal information to be submitted, which may include sensitive personal data as per the GDPR definition. This enables us to handle your claim quickly and efficiently. It also allows us to carry out necessary investigative processes to prevent fraudulent claims.

5.5) Visiting, using and registering for our intermediary website

To use our intermediary website, you do not have to provide us with personal information, however, to access specific areas of the intermediary website you will need to register as a Shepherds Friendly intermediary, and this does require the submission of personal information.

5.6) Third parties

We may work with third party organisations that help promote Shepherds Friendly products. These third party organisations, who operate in accordance with GDPR, supply us with personal information, which allows us to communicate effectively with the user. You will have already offered your Personal Information to these third party companies and specifically given permission (consent) to allow them to pass it on to other companies who provide similar products to us. You can choose to opt-out of these communications at any time.

5.7) Member research

As part of our on-going commitment to putting our members at the heart of everything we do, we carry out member research in the form of online surveys. The surveys collect feedback on user experience and clarity of product literature, both on and offline. The collection of personal information is optional.

For further information on when we collect personal information from you, please see section 4.

6) Why do we collect this personal information?

We obtain personal information about you and other personal details to help us carry out a variety of activities. These include:

6.1) Staying in touch with you

Making sure we provide our members with excellent customer service is very important to us and to do this we try, where possible, to communicate information in the way you want to be contacted. Most of the time you will be contacted by phone or email, although you may receive updates by letter or text message. You can opt-out or change your preferred method of communication at any time by simply contacting us – see section 14.

6.2) Process application

When applying online for one of our plans we will collect details about you such as:

  • Your contact details such as your name, address, email and telephone number;
  • Your bank account details;
  • Your date of birth or age;
  • Your gender;
  • Your identification number, for example, your National Insurance(NI) number;
  • Your residency status;
  • Your tax-payer status;
  • Your health details such as medical history;
  • Your employment details, for example, if you work full or part-time;
  • Any previous claims made on alternative insurance claims;
  • Your relationship status;
  • If you have a mortgage.

6.3) Prevent and detect crime

To help protect our members and ourselves against fraud and to comply with legal and regulatory obligations, your information is checked by Credit Reference Agencies (CRAs) to:

  • Detect and prevent crime, fraud and money laundering;
  • Verify your identity;
  • Confirm your home address.

We carry out checks on your personal information using Experian. You have the right to apply to Experian for a copy of your file. There may be a small charge for this.

Post:
Customer Support Centre
Experian Ltd
PO Box 8000
Nottingham
NG80 7WF

Online:
www.experian.co.uk

6.4) Research purposes

We use your information to carry out aggregated and anonymised research about general engagement with our products, services and systems, or if you choose to participate in member surveys, member focus groups and product research campaigns (on the basis of our legitimate interests to improve our products, services and member service).

6.5) To process your claim

We need to collect personal information from you when you submit a claim for your plan and we will do this via a Claim Form. Personal information you provide us will include:

  • Your contact details such as your name, address, email and telephone number;
  • Your date of birth or age;
  • Your employment details, for example, if you work full or part-time;
  • Your health details such as medical history, also known as Special Category Personal Information.

7) Who do we share your personal information with?

We may need to share your personal information with external companies (third parties). We share your personal information with carefully selected third parties to help us administer your plan and provide essential services to you. These third parties include:

Our service providers and professional advisers:

  • Actuarial services;
  • Auditor services;
  • Funeral service provider (Golden Charter) for our Over 50s Life Insurance Plan;
  • I.T. support services;
  • Trained medical professionals and medical support services, should you apply for one of our protection plans;
  • Other third parties where required or permitted by law, or with your consent;
  • Marketing support services.

Crime detection, prevention and prosecution:

  • Credit reference or identity verification services;
  • Disclosure services.

Regulatory and governmental bodies:

  • Including the Financial Conduct Authority and the Prudential Regulation Authority
  • HMRC;
  • and law enforcement authorities.

We will never sell your personal information to third parties, or share it with anyone who is not listed above.

8) Do you share personal information outside of the UK?

We may transfer personal information that we collect from you to third party processors who are located in countries that are outside of the European Economic Area (EEA). Please be aware, countries which are outside the EEA may not offer the same level of data protection as the United Kingdom, although our collection, storage and use of your personal information will continue to be governed by this Privacy Notice.

Please see section 7 for further information on who we share your personal information with.

9) How long will you keep my personal information for?

How long we hold your personal information for will depend on whether you hold a plan with us. If you provide us with your personal information but then do not take out a plan (i.e. you receive a personalised quote but decide not to continue with your application) then we will hold your data for a maximum of 30 days. After this time any personal information we hold will be anonymised. During the 30-day period your personal information will only be used to remind you of your quote details and it will not be shared with any external third parties.

If you provide us with your personal information and subsequently take a plan out with us, then we will hold your personal information for as long as you hold a plan with us and for an appropriate period thereafter, to allow us to assist with any query or complaint you may have after your plan has ended.

Your personal information may be processed automatically depending on how and why it was provided to us

For example: If you apply for our Income Protection Plan, then your personal information may be processed automatically to determine your eligibility for the plan. This can result in one of the following outcomes:

  • You are offered the plan at standard terms;
  • You are offered the plan with one or more medical or lifestyle exclusions;
  • You are offered the plan with a postponed start date;
  • You are offered the plan with terms different to those which you initially applied for (e.g. a different term or a longer waiting period);
  • You are offered the plan with a combination of the above conditions (e.g. an exclusion and a longer waiting period);
  • Your application is declined.

10) What are my rights with regards to my personal data?

10.1) Right of Access

You have the right to access and obtain a copy of the personal information that we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.

10.2) Right to Rectification

You have the right to request that we correct any inaccuracies in the personal information stored about you.

10.3) Right to Erasure

In certain circumstances, you have the right to request that we erase your personal information. For example, you may exercise this right in the following circumstances:

  • Your personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed by us;
  • Where you withdraw consent and no other legal ground permits the processing;
  • Where you object to the processing and there are no overriding legitimate grounds for the processing;
  • Your personal information has been unlawfully processed; or
  • Your personal information must be erased for compliance with a legal obligation.

Where we store your personal information for statistical purposes, we may not be able to comply with such a request where it would likely impair such statistical purposes or where we require your personal information for compliance with a regulatory or legal obligation or in connection with legal proceedings.

10.4) Right to Restriction

You have the right to restrict our processing of your personal information where any of the following circumstances apply:

  • Where you feel that the personal information which we hold about you is not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your personal information;
  • Where the processing is unlawful and you do not want your personal information be erased, but request the restriction of its use instead;
  • Where we no longer need to process your personal information (e.g. any of the Purposes outlined above have been completed or expire), but we require it in connection with legal proceedings;
  • Where you have objected to our processing of your personal information pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms;
  • Where you exercise your right to restrict our processing of your personal information, we will only continue to process it with your consent or in connection with legal proceedings or for the protection of the rights of other people or for reasons of important public interest.

10.5) Right to Communication

If you ask us to correct, erase or restrict the processing of your personal information, and we have shared your data with a third party, we will notify those third parties of your request.

If a breach or loss of your data occurs, you will be notified immediately by us.

10.6) Right to Data Portability

To further strengthen your control over your personal information, you have a right to receive and transfer the personal information that you provide to us in a structured, commonly used and machine readable format where we process your personal information on the legal bases of: a) your consent; or b) where it is necessary to perform our contract with you and such processing is carried out by automated means. Where you make such a request, we will directly transfer your personal information on your behalf to another controller of your choice (where it is feasible for us to do so).

10.7) Right to Object to Processing

In certain circumstances, you have a right to object to our processing of your personal information where we process it on the legal bases of: a) our legitimate business interest (e.g. the statistical purposes outlined above), including profiling based on our legitimate business interests; or b) your consent to marketing. We may not be able to comply with such a request where we can demonstrate that there are compelling legitimate grounds for us to process your personal information which override your interests, rights and freedoms or where the processing of your personal information is required for compliance with a legal obligation or in connection with legal proceedings.

10.8) Right to Object to Automated Decision-Making, including Profiling

You have a right not to be subjected to decisions based solely on automated decision-making, including profiling, which produce legal effects concerning you or similarly significantly affects you.

We may not be able to comply with such a request where we rely on the legal bases of:

  • your explicit consent; or
  • where it is necessary to enter and perform our contract with you (as detailed in section 9).

You will, however, be entitled to have a person from our team review the decision so that you can query it and set out your point of view and circumstances to us.

11) How do we look after children’s data?

We understand the importance of taking extra precautions to protect the privacy and safety of children. We will only collect the personal information of children during the application process for child savings plans, and only with express parental or guardian permission.

12) Legal bases for processing of personal data

The legal bases for our processing of personal information are as follows:

  • The processing is necessary for our legitimate interests as a business and provider of insurance services, for example to allow you to apply for one of our plans, to allow you to make a complaint about our services, to allow us to maintain accurate customer records, and otherwise manage our relationship with you;
  • The processing is necessary to comply with a legal obligation, for example anti-money laundering legislation, the requirements of the Financial Conduct Authority and the Prudential Regulation Authority, or those of HMRC;
  • Other processing of personal data with your consent.
  • For the performance of your contract with us and the provision of our services to you.

We will only process special categories of personal data (e.g. your medical history) with your explicit consent.

We will only collect the personal information we need so that we can provide you with the service you expect from us. If you choose not to provide us with any of the data we have requested, this may result in us being unable to offer you the service you request.

13) Notification of a data breach

If a security breach causes an unauthorised intrusion into our system that materially affects you, we will notify you as soon as possible and later report the action we took in response to any breach.

14) Contacting us

If you have any questions about how we collect, store and use personal information; would like to make a complaint regarding privacy; or if you have any other privacy-related questions, please contact us by using any of the following means:

Telephone: 0161 428 1212
Email: info@shepherdsfriendly.co.uk
Post: Shepherds Friendly Society Ltd, Haw Bank House, High Street, Cheadle, Cheshire. SK8 1AL

If you have already contacted us but are still not satisfied, you have the right to refer your complaint to the Information Commissioners Office. They can be contacted by using any of the following means:

Telephone: 0303 123 1113
Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Live chat: Available by visiting their website www.ico.org.uk

Privacy notice for staff

This privacy notice is for staff at Shepherds Friendly. It describes how we collect and use personal information about you during the recruitment process, in accordance with the General Data Protection Regulation (GDPR).

Privacy Notice – For candidates for job roles within the Society