Privacy notice
1. What is the purpose of this Privacy Notice?
The Shepherds Friendly Society (Shepherds Friendly, we/our) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (data protection law). It applies to our members and customers.
The Shepherds Friendly Society is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
This notice applies to current and former members and customers. This privacy notice does not form part of any contract to provide services. We may update this notice at any time.
It is important that you read this notice, so that you are aware of how and why we are using your personal information.
2. Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
3. Who are Shepherds Friendly?
- Shepherds Friendly is a trading style of The Shepherds Friendly Society Limited, which is an incorporated Friendly Society under the 1992 Friendly Societies Act. Registration Number 240F.
- We are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.
- Our FS Registration number is 109997, and our registered office is Haw Bank House, High Street, Cheadle, Cheshire, SK8 1AL.
- We are registered as a data controller with the Information Commissioners Office (registration number Z5402720). Being registered as a data controller means that we decide how and why personal information is processed.
4. The kind of information we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection.
We may collect, store, and use the following categories of personal information about you:
- your contact details, date of birth and National Insurance number;
- your gender;
- your marital status and family details;
- information about your contract of employment (or self-employment) including start and end dates of employment, role, working hours, salary (including details of previous remuneration), bonus, and benefits;
- your bank details and information in relation to your tax status including your national insurance number;
- your identification documents including passport and driving licence and information in relation to your residency and tax-payer status;
- any previous claims made on alternative insurance claims;
- electronic information in relation to your use of IT systems/telephone systems;
- any other category of personal data which we may notify you of from time to time.
We may also collect, store and use the following “special categories” of more sensitive personal information: · your racial or ethnic origin;
- your genetic or biometric data;
- your health and medical history;
- your sex life and sexual orientation.
5. Why do we collect information about you?
We collect and process personal information about you, in order to provide our products and services. We may also collect and use your personal data to communicate with you about our products and related matters, such as finance enquiries relating to your plan or managing your personal details.
6. When do we collect information about you?
6.1 Using our website and mobile app
To use our website, you do not have to provide us with personal information. To use our mobile, you will need to create an account, which will require you to provide us with personal information. Personal information is only collected voluntarily, for example, when requesting a quote illustration or applying for a plan.
We collect Internet Provider (IP) addresses and store them temporarily in order to monitor flow of traffic to our website. We also monitor mobile app usage.
6.2 Communicating with us including by telephone, by email or post:
If you contact us by telephone, email or post, we may collect and retain your contact details and the contents of your communication in hard and/or electronic copy. We use details such as these to help us handle any queries you might have and for keeping records of communications.
Where you apply for, or take out a plan with us, we may also contact you for telephone interviews, assessments or reviews, or otherwise to manage applications and plans, and we may retain records of these communications.
We would like to make you aware that calls to Shepherds Friendly may be recorded for training or monitoring purposes. We do not share any part of these recordings with third parties, unless we are required to do so by law or regulation.
7. Registering and monitoring your online account
To use our member log-in facilities, you will need to provide personal information. This is to allow us to carry out necessary security checks and prevent unauthorised users from gaining access to your online account.
8. Making a claim on your plan
To make a claim on your plan you will need to complete a claim form, which may require additional personal information to be submitted, which may include sensitive personal data as defined by Data Protection law.
This enables us to carry out necessary investigative processes and assessments to process your claim, and to prevent fraudulent claims. We may also collect additional information from related interviews and discussions with you.
9. Third parties
Plan Applications: When you apply for a plan with us, we may collect relevant information about you from other parties, such as your employer, medical professionals, rehabilitation advisers and other insurers.
Claims: When you make a claim on your plan, we may need to obtain relevant information about you from other parties. This may include other insurance providers, and, where relevant, your doctor or other treating physicians.
Marketing: We may work with third party organisations that distribute and help promote Shepherds Friendly products.
10. Member Research
Shepherds Friendly carries out member research in the form of online surveys. The surveys collect feedback on user experience and clarity of product literature, both on and offline. The collection of personal information is optional in these surveys.
We use your information to carry out research about general engagement with our products, services and systems, or if you choose to participate in member surveys, member focus groups and product research campaigns (on the basis of our legitimate interests to improve our products, services and member service).
Video Recording and Marketing
We may record video footage of our members during Friendly Society events, forums, or meetings. These recordings may be used for:
Internal Purposes: Such as training, event review, or improving member services.
Marketing and Promotional Use: Video footage may be used in marketing materials, including but not limited to our website, social media channels, newsletters, and other promotional campaigns.
If you prefer not to be recorded or have your video footage used for marketing purposes, please inform us at the time of the event or by contacting us at dataprotection@shepherdsfriendly.co.uk.
We will make every effort to accommodate your request.
11. How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances, known as legal bases:
- Where we need to perform the contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests).
- Where it is needed in the public interest (or for official purposes).
12. Staying in touch with you
We may communicate with you to provide you with information about products which you have purchased or enquired about. We will only communicate information in the ways you have agreed to. Most of the time you will be contacted by phone or email, although you may receive updates by letter or text message. You can opt out or change your preferred method of communication at any time by simply contacting us.
13. Processing your application
When applying online for one of our plans we will collect details about you. The type of information we collect will be limited to the information relevant to the nature of the plan.
This information will be used to assess your eligibility, to provide you with relevant quotations and, if you take out a plan, to manage your plan with us, including underwriting and claims handling. In assessing your eligibility for the plan, we may also use automated decision-making.
During the term of a plan, we may also create and hold additional records relating to you, such as information about the plan itself, payments, outcomes of reviews, information about changes to your circumstances, and communications with you.
14. Prevent and detect crime
To help protect our members and ourselves against fraud and to comply with legal and regulatory obligations, your information is checked by Credit Reference Agencies (CRAs) to:
- Detect and prevent crime, fraud and money laundering;
- Verify your identity;
- Confirm your home address.
15. To assess and process a claim
We need to collect personal information from you when you submit a claim for your plan, and we will do this via a Claim Form. Additional personal information you provide us or which we may otherwise obtain may include:
- Information about your income and finances, fitness to work, reasons for incapacity, occupation, residence, lifestyle, sports, hobbies and pastimes, and other information about your employment;
- Outcome of any interviews or assessments which we ask you to attend (for example with our medical, employment and rehabilitation advisers);
- As relevant to your claim, information about other insurance policies or claims against other parties;
Special categories of data:
- We may collect sensitive personal data which can include health details such as medical information. This may include medical certificates and other health information provided by you, or your doctors and physicians.
- We may also collect information about any suspected or actual participation in a criminal act (which may exclude you from being able to claim under a plan).
16. Marketing
We may use your information to provide direct marketing communications to you by post, email and telephone, to offer similar goods and services to those you have enquired about or that you have already bought, or where you have consented to us doing so. You can opt out of, or withdraw your consent to, receiving such marketing communications at any time. More information on how to opt out is included within each marketing communication, or otherwise please use the contact details at the bottom of this notice.
We may work with third party organisations that distribute and help promote Shepherds Friendly products. These third–party organisations, who operate in accordance with UK Data Protection law, supply us with personal information, which allows us to communicate effectively with the user. You will have already offered your Personal Information to these third–party companies and specifically given permission (consent) to allow them to pass it on to other companies who provide similar products to us. You can choose to opt out of these communications at any time. Further details of third–party organisations that help promote Shepherds Friendly products is available on request.
Retargeting and Online Advertising
We may use social media retargeting to show you advertisements on platforms such as Facebook, Instagram, LinkedIn, and Twitter based on your previous interactions with our website or social media profiles. This helps us ensure that the ads you see are relevant and aligned with your interests.
The data we collect for retargeting includes cookie identifiers, IP addresses, and details about your website activity (e.g., pages viewed). We may also receive anonymized data from social media platforms when you interact with our ads. These platforms process your personal data according to their own privacy policies, which we encourage you to review.
We rely on your consent to process data for retargeting, which you provide when accepting cookies or adjusting your advertising preferences on social media. You can withdraw your consent at any time by updating your cookie settings or opting out via the ad settings on each platform.
Website Retargeting
We use website retargeting to show you relevant advertisements based on your interactions with our website. When you visit our site, we may place cookies or similar tracking technologies on your browser, which allow us and our advertising partners to display ads to you on other websites. These ads are designed to be relevant to your interests, based on your previous browsing behaviour on our site.
The information collected for retargeting may include your cookie identifiers, IP address, and details about your site activity (e.g., pages you visited or products you viewed). We share this data with third-party advertising platforms, including Google Ads, Facebook Ads, and other ad networks, to enable retargeting.
We rely on your consent to process data for retargeting, which you provide by accepting cookies through our Cookie Consent Tool. You can withdraw your consent at any time by adjusting your cookie preferences or opting out through services such as Google Ads Settings or Your Online Choices.
We retain retargeting data for as long as necessary to achieve the purpose of delivering relevant advertisements, or until you withdraw your consent.
Targeted Advertising: Retargeting, Prospecting, and Lookalike Audiences
We use various targeted advertising techniques, including retargeting, prospecting, and lookalike audience creation, to deliver relevant ads to both our website visitors and potential customers.
- Retargeting: After you visit our website, we may show you ads on other websites based on your browsing activity. This helps us remind you of products or services that may interest you.
- Prospecting: We also target individuals who haven’t visited our website but whose online behaviour or interests suggest they may be interested in what we offer.
- Lookalike Audiences: To find new customers, we share anonymized data about our existing customers with platforms like Facebook and Google. These platforms identify individuals with similar characteristics and show them our ads.
You can control how these platforms use your data by updating your privacy settings on those platforms.
If you have any questions or would like to exercise your rights, please contact us at dataprotection@shepherdsfriendly.co.uk.
17. If you do not provide personal information
If you do not provide certain information when requested, we may not be able to enter into or perform a contract with you, or we may be prevented from complying with our legal obligations.
18. Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
19. How we use particularly sensitive personal information
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations and in line with our data protection policy.
- Where it is needed in the public interest, and in line with our data protection policy.
- Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
20. Who do we share your personal information with?
We may share your personal information with third parties, where required by law, where it is necessary to administer our contract with you and provide essential services, or where we have another legitimate interest in doing so.
How secure is my information with third-party service providers and other entities in our group?
All of our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies and contracts with them. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
When might you share my personal information with other entities in the Society?
We will share your personal information with other entities in the Society as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.
What about other third parties?
We may share your personal information with other third parties, for example with a regulator or to otherwise comply with the law.
20.1 Our third parties
- Actuarial services;
- Auditor services;
- Business Partners;
- Reinsurers;
- Funeral service provider (Golden Charter) for our Over 50s Life Insurance Plan;
- I.T. support services;
- Trained medical professionals and medical support services, or employment and rehabilitation advisers, should you apply or make a claim on one of our protection plans;
- Other third parties where required or permitted by law, or with your consent;
- Marketing support services;
- Market Research agencies;
- Mailing houses.
- Third Party Analytical Software
20.1.1 Crime detection, prevention and prosecution
- Credit reference or identity verification services;
- Disclosure services.
20.1.2 Regulatory and governmental bodies
- Including the Financial Conduct Authority and the Prudential Regulation Authority
- HMRC;
- and law enforcement authorities.
We will never sell your personal information to third parties or share it with anyone who is not listed above. The names and locations of third parties we use are available on request.
Do we share personal information outside of the UK?
We may transfer personal information that we collect from you to third party processors who are located in countries that are outside of the European Economic Area (EEA). Please be aware, countries which are outside the EEA may not offer the same level of data protection as the United Kingdom, although our collection, storage and use of your personal information will continue to be governed by this Privacy Notice
21. Data security
We have put in place measures to protect the security of your information. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those members of staff, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Use of Hashing for Data Security
In certain cases, such as when we share your personal data with third-party platforms for targeted advertising or lookalike audience creation, we use a technique called hashing. Hashing transforms your personal data, such as your email address, into a pseudonymized string of characters that cannot be easily reversed or traced back to you.
This ensures that while the advertising platform can match the hashed data to its users for the purpose of serving ads or creating audiences, your original personal data remains secure and protected. We rely on our legitimate interest to process hashed data in a way that protects your privacy while enabling us to deliver relevant and personalised content.
22. Automated Decision-Making, including Profiling
As a Friendly Society, we sometimes make automated decisions about you based on your information. These decisions can include whether or not you are eligible for one of our plans.
The Society may refuse plan applications where the applicant’s risk profile is too high. This is necessary to ensure that the Society maintains a manageable level of risk across all its members. In certain circumstances, the decision to reject your application is made automatically, based on certain checks and calculations during our application process.
If you are an adult, we may carry out automated decision making using your information for marketing purposes. This is done to record your preferences and to create a personal profile which ensures you only receive marketing information from us which we think will interest you. You can object to us processing your personal information for direct marketing purposes.
Where decisions which significantly affect you are made by solely automated means, you have a right to obtain human intervention, to express your point of view and to contest the decision. Where your application for a plan is refused based on a solely automated decision, you will be notified that it has been rejected and you will be provided with contact details of one of our team to arrange to personally consider your application. You may also pass comments to the team member as part of the review process.
Additional information about automated decision-making activities (including the logic involved, the significance and consequences for you), and how to exercise your rights is provided during the eligibility and marketing processes.
Use of Artificial Intelligence (AI)
We use AI technologies across various aspects of our operations, including:
Marketing and Personalisation: AI helps us analyse your preferences, interactions, and behaviours to deliver relevant marketing content, product recommendations, and services. For example, AI may use your past engagement with us to predict and offer services that are most relevant to your interests. This helps us ensure that our communications and marketing campaigns are tailored and useful to you.
Service Improvements: AI-powered tools may analyse your interactions with our website, apps, or other platforms to optimise your experience and suggest content or products you may find valuable.
Please note that while AI automates some of our marketing processes, decisions that have a significant legal or personal impact on you will always be subject to human oversight.
23. How do we look after children’s data?
We understand the importance of taking precautions to protect the privacy and safety of children. We will only collect the personal information of children during the application process for child savings plans, and only with express parental or guardian permission.
We do not market our services directly to children or collect more personal data than is necessary for these purposes. Parents or guardians may request access to, modification, or deletion of their child’s personal data at any time.
24. Data retention
How long will you use my information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
25. Rights of access, correction, erasure, and restriction
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- Right to withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
26. Notification of a data breach
If a breach or loss of data occurs that is likely to result in a high risk of adversely affecting your rights and freedoms, you will be notified immediately and later report the action we took in response to the breach.
27. Data protection officer
We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. The name of our DPO is Andrew Gurton. If you have any questions about how we collect, store and use personal information; would like to make a complaint regarding privacy; or if you have any other privacy related questions, please contact them by using any of the following means:
Telephone: 0161 428 1212
Email: dataprotection@shepherdsfriendly.co.uk
Post: Shepherds Friendly Society Ltd, Haw Bank House, High Street, Cheadle, Cheshire. SK8 1AL
If you have already contacted us but are still not satisfied, you have the right to refer your complaint to the Information Commissioners Office (ICO). They can be contacted by using any of the following means:
Telephone: 0303 123 1113
Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Live chat: Available by visiting their website www.ico.org.uk
28. Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will let you know when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Privacy notice for candidates
This privacy notice is for candidates for job roles at Shepherds Friendly. It describes how we collect and use personal information about you during the recruitment process, in accordance with the General Data Protection Regulation (GDPR).
Privacy Notice – For candidates for job roles within the Society