Privacy Notice
Welcome to our Privacy Notice
This notice explains how we collect, use, share, and protect your personal information when you use any of our products and services. This includes making an application, agreeing a contract, submitting a claims request, visiting our website, or any other interaction you have with Cirencester Friendly Society.
We only collect the personal information needed to provide the service you expect. We will contact you if we plan to use your personal information for purposes not mentioned in this privacy notice.
About us
We are Cirencester Friendly Society.
We are in charge of handling all the personal information we receive from Insurance Intermediaries we work with or those obtained directly from yourself. This means we decide how your personal information is collected, used, and stored, following data protection laws.
Definitions
“We/Us/Our” means Cirencester Friendly Society. Our registered office is Mutuality House, The Mallards, South Cerney, Gloucestershire GL7 5TQ.
We are registered in England under company number 11103686 and registered with the Information Commissioner’s Office (ICO), registration number Z7738566.
“You” means the person who is or will be covered by any of our products and services.
“Third party” means someone or a business who is not you or us.
“Insurance Intermediaries” means any independent Financial Adviser, or Financial Adviser associated with a firm selling our products and services to you. They are required to bring this notice to your attention before submitting any information to us.
What personal information we collect
These are the types of personal information we will collect from you where applicable:
-
Your identity and contact details such as - your name, address, phone number, email address, date of birth, national insurance number, gender, and nationality.
-
Your medical information, e.g. BMI, weight, and your full health report.
-
Your hobbies and details about your lifestyle e.g. if you are a smoker or you partake in hazardous hobbies.
-
Your employment information e.g. occupation, occupational status (employed, self-employed, Company Director), salary or declared earnings, and or working days/hours and, information about your taxable earnings such as your tax return(s), company accounts, payslips and P60.
-
Your identity verification information where required such as your passport/driving licence.
-
Your financial information, such as debit card information, and information about your bank account.
-
Your contact with us, such as a note or recording of a call you make to the Society, an email or letter sent, or other records of any contact with us.
-
Your Membership contract information, such as your contract number, direct debits, dates of payment owed or received, or any other information related to your Membership.
-
Details of your family members, next of kin or beneficiaries.
-
When you give us consent to do so, details of any additional support you may require, to aid your engagement with us.
-
Details of any changes in your circumstances.
-
Website user information (including website behaviour and cookie tracking).
-
CCTV images of you when you visit our premises.
How we collect your personal information
We will collect your personal information when you or your associated insurance intermediary:
-
Request a quote.
-
Submit an application.
-
Make a claim.
-
Call us for anything related to our services (all our calls are recorded for training and monitoring purposes) including requests such as change of address, name and or occupation etc.
-
Via other insurers, doctors or other third parties with your consent or where we have legal grounds to do so.
-
When you visit our website.
-
Where your information is publicly available.
-
If you take part in a competition, prize draw, event or survey ran by us.
-
Subscribe to our newsletters.
-
CCTV on our premises.
How we use your personal information
Your privacy is important to us – just as knowing how we use your information is important to you. Cirencester Friendly Society will process your data based on the following:
For the performance of the contract, we have with you:
-
To act on your request. For example, when you request a quote, submit an application, or for the purpose of processing your application. This allows us to identify whether we can offer you any of our products/services and what it will cost you in premiums.
-
To share your personal information with our insurance intermediaries and service providers (where required) when you apply for a product and to help manage your contract. Further information on how we share your data is outlined below.
-
To collect payment for your insurance premium and issue service correspondence where required. We will also use your data to send you information relating to your Membership of the Society and voting rights at our Annual General Meeting.
-
To assess your claim and deal with matters in relation to your claim.
-
To assess any of the benefits associated with your contract and to provide support that might aid your recovery.
-
To address any complaints you might have.
-
To allow us to create and maintain additional records related to you such as details of your contract, payments, review outcomes, changes in your circumstances and our communications with you.
With your consent:
-
We will require your consent where we do not rely on another legal reason and or where it is required to process any sensitive information that you provide to us.
-
We will require your consent to record any additional needs you might have on our systems, and to process the sensitive information that you or your medical practitioners provide to us such as your medical records/health data, disability information.
-
Should you need to make claim, we may also require your consent to request your data from other third parties such as your doctors, employer, accountants, HMRC or other insurance providers that you might have a contract with, in order to assess and process your claim.
-
We will require ‘dual’ consent when we provide additional services such as treatment and support services. Providing a dual consent allows us to share your data with these third parties so this service can be provided to you and the outcome can be shared with us.
-
When you give your consent, you will be given details on how to change your mind should you want to. However, please note that this might lead to the withdrawal of some or all our products/services.
Where we have a Legitimate Interest to do so:
-
To improve our products and services and ensure effective and competitive running of the Society.
-
To record telephone calls for training and monitoring purposes, and for your protection.
-
To inform you about any changes or amendments to our products and services.
-
To offer and provide financial support via our 125 Foundation if you are eligible. More information on the 125 Foundation can be found on our website here.
-
For keeping accounting records, receiving professional advice (e.g. legal advice) and to manage the Society’s risks to ensure we continue to have funds available to pay claims and to keep our premises, colleagues, and information safe.
-
To carry out aggregated and anonymised research about general engagement with our products, services, and systems, or if you choose to participate in Member surveys, service pilots, and research campaigns.
Whenever we rely on this legal reason to process your data, we assess the Society’s interests to make sure they do not override your rights.
To comply with our Legal Obligations:
-
We may process your personal information to ensure compliance with a mandatory legal obligation (e.g. The Financial Conduct Authority or the Prudential Regulation Authority’s regulations) or where there is substantial public interest, for example suspicious activity reporting, financial crime and/or money laundering related activities, tax evasion and/or to safeguard the well-being of certain individuals as well as identity verification.
-
To prepare returns to regulators and relevant authorities including preparation of income tax, capital gains tax, capital acquisition tax and other revenue returns.
Automated means
We use automated decision-making processes within our underwriting procedures. This involves the use of various algorithms and technology to assess a range of factors and make decisions regarding eligibility and or determining insurance premiums.
It is important to us that while automated decision-making plays a role in our underwriting process, it is complimented by meaningful human oversight and review to ensure fairness and accuracy.
We understand the significance of your data privacy and security. Rest assured, we implement stringent measures to safeguard your information and comply with the relevant data protection laws.
If you have any concerns or questions regarding the use of automated decision making in our underwriting process, please do not hesitate to contact us at dpo@cirencester-friendly.co.uk.
Use of cookies
To make your visit to our website more attractive and to enable certain functions, we employ the use of cookies on some of our pages. These are small text files that are stored on your computer.
Some of these cookies are deleted upon exiting the browser (so-called session cookies). Other cookies are stored on your computer and enable us to recognise you when you return to our website (persistent cookies). For more information please check out our cookie policy here.
How we share your personal information
We only disclose your personal data in the ways set out in this notice or subject to any agreements in place between us. We do or may share your personal data in the following circumstances:
-
To third parties who process personal data on our behalf, such as our systems providers, identity verification and claim verification providers.
-
To trained medical professionals and medical support services, or employment and rehabilitation advisers.
-
To third parties who process personal data on their own behalf (Associated Insurance Intermediaries i.e. your broker or Financial Adviser).
-
To third parties that provide our Membership benefits to you.
-
To third parties with whom information is shared for money laundering checks, credit risk reduction and other fraud and crime prevention purposes.
-
To third parties to provide communication and mailing services.
-
To any regulator (e.g. Financial Conduct Authority, Prudential Regulation Authority), external auditor or applicable body or court where we are required to do so by law or regulation or as part of any investigation.
-
To any central or local government department and other statutory or public bodies, such as the HMRC, Department for Work and Pensions.
-
Where we need to do so in order to exercise or protect our legal rights, other users, or our systems and services.
We will not sell or rent your data to third parties or share your data with third parties for marketing purposes. Where we rely on consent as the lawful basis for sharing your data, we will notify you and obtain your consent before doing so.
How long we keep your personal information for
How long we hold your personal information for will depend on whether you hold a contract with us.
Personal information that we process for any purpose, shall not be kept for longer than is necessary. We will assign clearly defined retention periods to your information to ensure it is kept for the appropriate length of time.
We will retain your personal data for the duration of your contract and for as long as it is needed for the purposes set out in this notice (usually 7 years after your contract ceases), to respond to any future complaints or for as long as we are legally required to retain it.
Should you decide not to take out a contract following a quotation or cancel your contract either before it is due to be effective, or within the cooling off period, we will retain your information in line with the duration set out in the Society’s retention periods.
Any data processed on the basis of consent will be retained until the purpose for which it was obtained and is no longer required.
Keeping your personal information secure
Our systems are built and monitored to ensure the safety of your data at all stages from the moment we collect it to the processing and storing of your data. We are dedicated to ensuring the security of your data through robust systems and protocols.
Our measures include employing encryption at distinct levels to safeguard your information from unauthorised access or disclosure. We take reasonable steps to confirm your identity before disclosing any personal information to you.
All our staff get regular training, and we limit access to your personal information to those employees, contractors and other third parties who have a business need to know.
We maintain CCTV records inside and outside our offices for the purposes of detecting, preventing or prosecuting crime.
All personal data collected by the Society is processed and stored in the UK and not outside the European Economic Area. Should we need to transfer your personal data outside of the UK or European Economic Area in the future, such personal data will be covered by the appropriate regulatory control to ensure it is processed appropriately.
When personal data is processed (or will be processed) outside of the UK or European Economic Area, we will notify you.
Additionally, we ensure that any external parties we engage with maintain the security of all personal data they manage on our behalf.
We will never ask for your secure personal, or contract information by an unsolicited means of communication. You are responsible for keeping your personal and account information secure and not sharing it with others.
We will not accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
How we look after Children’s data
We recognise the importance of safeguarding children’s privacy and safety.
We will only collect children’s personal information during the application for the Children’s Critical Illness Support claim, or to provide services related to our Health & Wealth contracts, and only with the explicit permission of a parent or guardian.
Your Rights
Under the data protection laws you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your Rights | More Information |
---|---|
Your right of access (Subject Access Request) | You have the right to ask us for copies of your personal information. This right always applies. We normally have 1 calendar month to respond to your request unless there are reasons which could stop us from doing so. In this case, we will notify you of the reason within 1 calendar month and aim to respond to your request within 2 calendar months from the notification of the delay. |
Right to rectification | You have the right to ask us to correct personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. It is your responsibility to tell us about any changes to your information. |
Your right to erasure | You have the right to ask us to erase your personal data in certain circumstances. However, this is not an automatic right, and we may have some legal and regulatory obligations which mean we cannot fully comply with your request. |
Your right to restriction of processing | You have the right to ask us to restrict the processing of your personal data in certain circumstances. |
Your right to object to processing | Where we process your personal information on the basis of legitimate interest, you have the right to object to the processing of your personal data in certain circumstances. |
Your right to data portability | You have the right to ask that we transfer the personal data you gave us to another third party of your choice, or to you, in certain circumstances. |
To exercise any of your rights, you can do so by contacting our Member Services Team at memberservices@cirencester-friendly.co.uk and 0800 587 5098 or by contacting our Data Protection Officer at dpo@cirencester-friendly.co.uk. To fulfil your request, depending on our relationship with you, we may need to ask you for proof of identity. We’ll handle any requests as soon as possible, at least within one calendar month.
Notification of data breach
If we experience a data breach that is likely to pose a high risk to your rights and freedom, you will be notified immediately and later informed of any actions we took in response.
Changes to this Privacy Notice
We regularly review how we process your personal information, which means we will update this notice from time to time.
Where we have updated this notice, this will be reflected on our website, and we may notify you via email.
This privacy notice was last updated on 29 July 2024.
How to contact us
Email: dpo@cirencester-friendly.co.uk
Web: www.cirencester-friendly.co.uk
Telephone: 0800 587 5098
In Writing: Data Protection Officer, Cirencester Friendly, Mutuality House, The Mallards, South Cerney, Cirencester, GL7 5TQ, United Kingdom.
Complaints
If you feel your rights have not been respected, or do not feel a situation was resolved satisfactorily, you have the right to raise a complaint by following our complaints procedure or contacting the Data Protection Officer at dpo@cirencester-friendly.co.uk.
If you remain dissatisfied, you have the right to raise your complaint with the UK Information Commissioner.
You can contact them as follows:
Web: www.ico.org.uk/make-a-complaint/
Telephone: 0303 123 1113
In Writing: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.
We're here to help
Call us
0800 587 5098
Email us
info@cirencester-friendly.co.uk