Policyholder Privacy Policy

What this Privacy Policy Covers

This Privacy Policy gives you information about how POIS, part of Foresters Friendly Society Limited (the “Society”), treats personal information we receive about you. This Privacy Policy applies to information we receive about you from the following sources:

policy applications and letters sent by post;
policy applications and enquiries submitted through our websites (www.pois.co.uk and www.forestersfriendlysociety.co.uk and online applications https://forms.pois.co.uk and https://forms.forestersfriendlysociety.co.uk)
telephone calls or email;
policy applications submitted by intermediaries (e.g. independent financial advisers); and
information provided by our external medical assessors.

Please read the following sections carefully to understand how your personal information will be used and handled by the Society. Your use of our Website is also subject to our Website’s Terms and Conditions.

The Society collects and uses your data in accordance with current data protection law (which includes, from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679)) (“data protection law”).

Who we are

The data controller with conduct of your personal information is Foresters Friendly Society Limited of Third Floor, Enterprise House, Ocean Way, Ocean Village, Southampton, SO14 3XB.

The Society’s data protection officer is Roel van der Zanden of Third Floor, Enterprise House, Ocean Way, Ocean Village, Southampton, SO14 3XB. Tel 02380 216 846.

Our Website may, from time to time, contain links to and from the websites of the Society’s partner networks, advertisers and affiliates. Please note that those websites will have their own privacy policies and the Society does not accept any responsibility or liability for such policies / websites. Please check any policies before submitting personal information to those websites.

Intermediaries

If you are an intermediary acting for an individual and you provide that individual’s personal information to us via our Website, over the phone or by other means then you warrant and confirm that you are supplying their information in accordance with data protection law and that you have first drawn their attention to this Privacy Policy. Please refer to your Intermediary Terms of Business for further information concerning your data protection obligations.

If you are an individual and a third party (e.g. your independent financial adviser) is authorised to supply your personal information to us under data protection law, then this Privacy Policy refers to that third person as an “authorised intermediary”.

For the avoidance of doubt, the terms of this Privacy Policy concern the relationship between the Society and you, not the relationship between your authorised intermediary and you. If you have any questions about how your authorised intermediary processes your personal information, please speak to them directly.

Parents, Guardians and Sponsors

If you are a parent, guardian or sponsor of a child policyholder or child policy applicant then this Privacy Policy, unless otherwise stated, applies to your personal information and to the personal information of the child.

Information: Collection, Use and Grounds for Processing

The Society collects and processes information about you from a variety of sources. These are summarised below:

i. Information you give to us:

This includes information about yourself which you provide to us by paper or online application form, enquiry letter, online form, email, phone call or by contacting us through the ‘Contact Us’ section of our Website.

The information you give us may include your name, address, email address, phone number, date of birth, gender, personal description and bank details and payment history, national insurance number, marriage certificate, passport, utility bills, driving licence, birth certificate, evidence of earnings.

In some circumstances, if you are an employee applicant, we may also process personal data relating to your employee number.

In other circumstances, if for example, a policy holder is granting another person administrative power over their affairs, we will require details of the appropriate Power of Attorney, Will, Grant of Probate, Death certificate in order legitimately to deal with the appointed representative of the policy holder.

Information you give us might also include “special categories” of more sensitive personal information. This could include information about your health and genetics which we need to consider when determining your eligibility or suitability for our policies.

We process this information to:

(a) supply you with details of our products and services where you have requested these from us;

(b) validate your identity and to check your eligibility and suitability for certain products or services which we offer and to notify you (directly or through your authorised intermediary) of what products and services we can offer you or whether your application for one of our policies has been successful;

(c) supply you with the products or services you have purchased or requested from us (including taking pre-contractual steps such as checking your eligibility and suitability for certain products or services);

(d) manage your account and policies held with us (including the processing of any payments or claim you make under a policy you hold with us) and to respond to you when you contact us;

(e) notify you of changes to our products, services, procedures and terms (including material changes to this Privacy Policy) from time to time;

(f) comply with our record keeping and regulatory compliance obligations; and

(g) where you have opted to receive the same, to send you marketing communications concerning our product and service offerings.

We process this information on the following grounds:

(i) because the processing is necessary for us to provide you with the products or service you have requested from us, including us carrying out any pre-contractual steps you have asked us to take (e.g. checking your eligibility or suitability for a particular policy);

(ii) because, in certain circumstances, the processing is necessary in order to protect your vital interests. In the case of special categories of information, this may be because you have become physically or mentally unable to give your consent to the processing;

(iii) because, in certain cases, the processing is necessary for us to comply with our legal obligations, for example where regulations oblige us to keep records of our customers’ details or the details of policy quotes supplied to potential customers;

(iv) because, where we wish to use your information to notify you of other products and services which we think will be of interest to you, we have a legitimate business interest in doing so and that interest is not overridden by your interests or fundamental rights and freedoms (for example because you can opt-out of such materials at any time);

(v) additionally, in the case of special category information, because you have consented to us processing your information for the purposes of checking your eligibility, suitability or signing you up to our products or services. If you are a child under 16 then a parent or guardian will consent on your behalf; and

(vi) additionally, in the case of special categories of information where there is a dispute or potential for a dispute between us, because the processing is necessary for the establishment, exercise or defence of a legal claim.

ii. Information provided by third parties:

This is relates to circumstances where a third party sends us information about you. Examples of when this might occur include where:

you consent to your doctor or another medical professional providing us with your medical records;
your authorised intermediary making a policy application on your behalf and provides us with information about you as part of the application process; or
as part of your policy application, you complete a telephone medical assessment with our external medical assessors and they share the results with us.

The information we receive about you from third parties may include your name, address, email address, phone number, date of birth, gender, personal description and bank details.

We may also receive special categories of more sensitive personal information about you. This could include information about your health and genetics which we need to consider when determining your eligibility or suitability for our products or services.

We process this information to:

(a) supply you (directly or through your authorised intermediary) with details of our products and services where these have been requested from us;

(d) manage your account and policies held with us (including the processing of any payments or claim you make under a policy you hold with us) and to respond to you when you contact us;

(e) notify you of changes to our products, services, procedures and terms (including material changes to this Privacy Policy) from time to time;

(f) comply with our record keeping and regulatory compliance obligations; and

(g) where you have opted to receive the same, to send you marketing communications concerning our product and service offerings.

We process this information on the following grounds:

(i) because the processing is necessary for us to provide you with the products or services you (or your authorised intermediary acting on your behalf) has requested from us, including us carrying out any pre-contractual steps you (or your authorised intermediary acting on your behalf) have asked us to take for you. For example, checking your eligibility or suitability for a particular policy;

(v) additionally, in the case of special categories of information, because you have (directly or acting through your intermediary) consented to us processing your information for the purposes of checking your eligibility, suitability or signing you up to our products or services. If you are a child under 16 then a parent or guardian will consent on your behalf; and

iii. Information we collect about you:

We collect non-personally identifying information which web browsers and servers typically make available. This includes technical information, such as your IP address, your login information and information about your visit, such as records of how you navigate the pages on our site and how you interact with the pages. For details on how we use cookies, please see our ‘Cookies’ section below.

We process this information to:

(a) to allow us to administer the account you hold with us;

(b) to ensure that content from our Website is presented in the most effective manner for you and for your computer; and

How long we keep your Information for

We only keep your information for so long as it is reasonably necessary. Generally speaking, we retain your information for the following periods of time:

(a) if you (or a third party acting on your behalf) makes an enquiry with us but you do not proceed with making an application, 1 year from the date of the enquiry;

(b) if you (or a third party acting on your behalf) makes an application for one of our policies but that application is then withdrawn, 2 years following the date of withdrawal;

(c) if you (or a third party acting on your behalf) makes an application for one of our policies but your application is rejected by us, 2 years following the date of rejection (or the date that rejection is subsequently confirmed by our underwriting team, if applicable); and

(d) if your active policy is cancelled (by whatever means), 6 years after the date of cancellation.

These periods may be extended if, for example, there is a legal dispute concerning the terms of your policy or if we are otherwise required by statute or a regulatory body to retain the information for a longer period. We will notify you if we need to extend the period for which we retain your information.

In certain cases we may anonymise your information, along with the information of our other members, for record-keeping purposes, statistical analysis and to improve our business practices and computer systems. Once anonymised, you are no longer identifiable from the information we hold about you. This anonymised information is kept indefinitely.

Your personal information is not shared with anyone except where we are required to do so to comply with the law, to protect our rights or to properly administer your policy (including processing a policy application you have made).

In order to achieve this purpose, we will share your personal information with the following people or groups of people:

(a) your doctor or nominated health professional;

(b) if you are a child, your parent or guardian;

(d) our external IT providers who host our IT systems. Typically, your personal information will be encrypted before it is transferred to our hosts but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with your account on our computer system. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity and to comply with data protection law at all times;

(e) Brokers of Group policies, where appropriate;

(f) Credit Agencies (such as Equifax);

(g) our Underwriters;

(h) our Payment Processing companies (such as World Pay);

(i) Your employer, where payroll deductions are being made for you;

(j) The Society’s Court Secretaries, where appropriate, of your local Court so that they may contact you about the events and activities of your local Court.

We will only share your special category information where you have consented to us doing so in advance, for example where you have instructed your authorised intermediary to submit a policy application to us on your behalf. If you do not consent to us processing certain information about you, such as your medical history, then we may not be able to.

We may share anonymised data (which you cannot be identified from) with contractors and other third parties for the purpose of improving our business practices and computer systems.

To the best of our knowledge, understanding and belief, your information will not be transferred outside of the European Economic Area (EEA)or to any country which is not approved by the European Commission. If this changes then we will let you know.

Automated Decision Making

At the Society, we sometimes make automated decisions about you based on your information. These decisions primarily relate to whether or not you are eligible for one of our assurance policies.
The Society may refuse policy applications where the applicant’s risk profile is too high. This is necessary to ensure that the Society maintains a manageable level of risk across all its members. In certain circumstances, the decision to reject your application is made automatically, based on certain checks and calculations in our application system. Where this is the case, you will be notified that your application has been rejected and you will be provided with contact details to arrange for an underwriter to personally consider your application.

You can also object to us making automated decisions about you by contacting us in advance of providing your information. The contact details for doing so are set out at the end of this Privacy Policy.
We also carry out automated decision making for marketing purposes, primarily to record your preferences and to create a personal profile which ensures you only receive marketing information from us which we think will interest you. You can object to us processing your personal information in this way at any time by contacting us using the details set out at the end of this Privacy Policy.

Your Rights

Under data protection law you have the following rights:

(a) the right to be informed as to what we do with your information. This includes, but is not limited to, the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for;

(b) where we are processing your special category information (e.g. your sensitive health information) on the grounds of your consent, you have the right to withdraw that consent at any time. As we need to process your health information to administer your policy, withdrawing your consent in this way will have the effect of terminating your policy (or policy application). Please contact us using the details set out at the end of this Privacy Policy or speak to your authorised intermediary if you would like to withdraw your consent and terminate your policy or application. Please note that:

(i) the lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent; and

(ii) if your membership is being investigated for fraud then we may continue to process your special category information insofar as is necessary for establishing or exercising a legal claim

(c) the right to access a copy of your information which we hold. This is called a ‘subject access request’. Additional details on how to exercise this right are set out in the ‘Access to Information’ section, below;

(d) in certain circumstances, the rights to request that we erase, rectify, cease processing and/or delete your information;

(e) in certain circumstances, the right to request copies of the information we hold about you in a machine readable format so that you can transfer it to other services;

(f) the right to object to processing of your information where it is likely to cause or is causing damage or distress;

(g) the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your information) if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your information, clicking the unsubscribe link in marketing emails we send you, opting out of marketing communications by changing your account details through our website portal or by contacting us using the details set out in the ‘Contact’ section, below;

(h) the right to object to decisions being made about you by automated means;

(i) the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and

(j) the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.

You also have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out at the end of the Privacy Policy. The Information Commissioner’s Office website is www.ico.org.uk.

For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner’s Office (www.ico.org.uk).

Access to Information

Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. If you make your request before 25 May 2018, you will need to pay a £10 fee and you must send us proof of your identity before we can supply the information to you.

From 25 May 2018 you will:

(a) no longer have to pay a £10 fee but we will be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the information we hold about you if your request is clearly unfounded or excessive; and

(b) in certain circumstances, be entitled to receive the information in a structured, commonly used and machine readable form.

Data Security

If you choose or are provided with a user identification code, online account login, password or any other piece of information as part of our Website’s security procedures, you must treat that information as confidential and you must not disclose it to any third party. The Society has the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in the Society’s opinion you have failed to comply with any of the provisions of this Privacy Policy or the Terms and Conditions

Unfortunately, the transmission of information via the internet is not completely secure. Although the Society will do its best to protect your personal information, it cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk.

IP Addresses and Cookies

The Society may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and management. This is statistical data about users’ browsing actions and patterns, and does not identify any individual.

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. Cookies help us to improve our Website and deliver a better and more personalised service; to allow us to estimate audience size and usage pattern; to store information about your preferences and so allow our Website to be customised according to your individual interests; to speed up your searches; and to recognise you when you return to our Website.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our Website’s system will issue cookies when you access our Website.

Please note that if you give consent for us to request a copy of your medical records in accordance with the Access to Medical Reports Act 1988, that consent is separate to the consent you may give us to process your information under data protection law.

Changes to this Privacy Policy

Any changes made to this Privacy Policy in the future will be posted on the Website and, where appropriate, notified to you by e-mail. It is recommended that you visit this page from time to time to review any changes. This Privacy Policy was last updated on April 18 2018

Contact

For questions, comments and requests regarding this Privacy Policy please contact us at Third Floor, Enterprise House, Ocean Way, Ocean Village, Southampton, SO14 3XB.

Policyholder

Privacy Policy

What this Privacy Policy Covers

Who we are

Intermediaries

Parents, Guardians and Sponsors

Information: Collection, Use and Grounds for Processing

How long we keep your Information for

How we share your Information

Automated Decision Making

Your Rights

Access to Information

Data Security

IP Addresses and Cookies

Access to Medical Reports Act 1988 Consent

Changes to this Privacy Policy

Contact