Who we are
The data controller with conduct of your personal information is Foresters Friendly Society Limited of Third Floor, Enterprise House, Ocean Way, Ocean Village, Southampton, SO14 3XB.
The Society’s data protection officer is Chris Davidson of Third Floor, Enterprise House, Ocean Way, Ocean Village, Southampton, SO14 3XB.
Information: Collection, Use and Grounds for Processing
Sources of information
The Society collects and processes information about you from a variety of sources. These are summarised below:
(a) Information you provide to us – this includes the contents of your Intermediary Application Form and where you supply us with personal information by other means (such as letter, email, phone call or by contacting us through our website www.forestersfriendlysociety.co.uk)
(b) Information provided by a third party – this includes where your firm provides us with your information, for example on an Intermediary Application Form, or as a point of contact for us.
(c) Information obtained from public sources – sometimes we might obtain information about you from public sources, such as the Financial Services Register.
The information about you which we hold may include your name, address, place of work, email address and phone number.
Purpose and grounds for processing
We process your personal information primarily to administer the contractual relationship between (i) the Society and your firm; or (ii) the Society and you.
We carry out this processing on the grounds that it is necessary for us to perform our contract (for the payment of commission under our Intermediary Terms of Busines) with you, including taking pre-contractual steps you have instructed us to take (for example, assessing your firm’s eligibility to become an intermediary for the Society).
We may also process your information for research and marketing purposes which allow us to improve our processes, systems, product range and to notify you of changes to the same. We do so because we have a legitimate business interest in improving our service offering. In accordance with Data Protection Law, we are satisfied that your interests and fundamental freedoms do not take priority over our legitimate business interest.
Where we conduct direct marketing, we will obtain your opt-in consent beforehand. Your marketing communication preferences can be updated from your Account section of the Website or by contacting us directly.
In certain circumstances, your information may also be processed on the basis of your express consent, although this is uncommon.
How long we keep your Information for
We only keep your information for so long as it is reasonably necessary. Generally speaking, we retain your
information for the following periods of time:
(a) if your intermediary application is unsuccessful or withdrawn, for 3 Months from the date we notify you that it has been unsuccessful or you withdraw your application (whichever is later); or
(b) if you become an intermediary of the Society, for 6 years from the date you cease to be an intermediary of the society or you cease to be an employee or contractor for the Intermediary or Authorised Signatory.
These periods may be extended if, for example, there is a legal dispute between us or if we are otherwise required by statute or a regulatory body to retain the information for a longer period. We will notify you if we need to extend the period for which we retain your information.
In certain cases we may anonymise your information, along with the information of our other members, for recordkeeping purposes, statistical analysis and to improve our business practices and computer systems.
Once anonymised, you are no longer identifiable from the information we hold about you. This anonymised information is kept indefinitely.
How we share your Information
Your personal information is not shared with anyone except where we are required to do so to comply with the law, to protect our rights or to properly administer the contract between us.
In order to achieve this purpose, we will share your personal information with our external IT providers who host our IT systems. Typically, your personal information will be encrypted before it is transferred to our hosts but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with your account on our computer system. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity and to comply with data protection law at all times.
We may share anonymised data (which you cannot be identified from) with contractors and other third parties for the purpose of improving our business practices and computer systems.
To the best of our knowledge, understanding and belief, your information will not be transferred outside of the European Economic Area (EEA) or to any country which is not approved by the European Commission.
If this changes then we will let you know.
Under data protection law you have the following rights:
(a) the right to be informed as to what we do with your information. This includes, but is not limited to, the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for;
(b) the right to access a copy of your information which we hold. This is called a ‘subject access request’.
Additional details on how to exercise this right are set out in the ‘Access to Information’ section, below;
(c) in certain circumstances, the rights to request that we erase, rectify, cease processing and/or delete your information;
(d) in certain circumstances, the right to request copies of the information we hold about you in a machine
readable format so that you can transfer it to other services;
(e) the right to object to processing of your information where it is likely to cause or is causing damage or distress;
(f) the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your information) if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your information, clicking the unsubscribe link in marketing emails we send you, opting out of marketing communications by changing your account details through our website portal or by contacting us using the details set out in the ‘Contact’ section, below;
(g) the right to object to decisions being made about you by automated means;
(h) the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and
(i) the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.
Access to Information
Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. If you make your request before 25 May 2018, you will need to pay a £10 fee and you must send us proof of your identity before we can supply the information to you.
From 25 May 2018 you will:
(a) no longer have to pay a £10 fee but we will be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the information we hold about you if your request is clearly unfounded or excessive; and
(b) in certain circumstances, be entitled to receive the information in a structured, commonly used and machine readable form.
Unfortunately, the transmission of information via the internet is not completely secure. Although the Society will do its best to protect your personal information, it cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk.
IP Addresses and Cookies
The Society may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and management. This is statistical data about users’ browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. Cookies help us to improve our Website and deliver a better and more personalised service; to allow us to estimate audience size and usage pattern; to store information about your preferences and so allow our Website to be customised according to your individual interests; to speed up your searches; and to recognise you when you return to our Website.