1) Welcome to our Privacy Notice
This Privacy Notice gives you information about how the Society processes the personal information of individuals associated with intermediaries including directors, employees, representatives and consultants of such intermediaries, as well as the personal information of an intermediary if the intermediary is an individual (we will refer to such persons as “you”). Intermediaries are those firms who sell our products (we will refer to intermediaries as “your firm”).
In this Privacy Notice, defined terms are set out at the bottom of this Privacy Notice for ease of reference. We recommend that you read through our Privacy Notice, because it’s really important that you understand how we use, process and store your personal information.
2) Who is Shepherds Friendly?
- Shepherds Friendly is a trading style of The Shepherds Friendly Society Limited, which is an incorporated Friendly Society under the 1992 Friendly Societies Act. Registration Number 240F.
- We are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.
- Our FS Registration number is 109997, and our registered office is Haw Bank House, High Street, Cheadle, Cheshire, SK8 1AL.
- We are registered as a data controller with the Information Commissioners Office (registration number Z5402720). Being registered as a data controller means that we decide how and why personal information is processed.
- The Data Protection Officer for Shepherds Friendly is Tim Robertson. Our Data Protection Officer acts as an independent advocate for the proper care and use of your personal information.
3) Data controller
For the purposes of Data Protection Laws, Shepherds Friendly is the Data Controller of personal information covered by this Privacy Notice. You may contact us about all issues related to this Privacy Notice, your personal information and to exercise your rights under Data Protection Laws.
Contact Details of the Controller and Data Protection Officer: Tim Robertson
Post: Shepherds Friendly Society Limited, Haw Bank House, High Street, Cheadle, Cheshire. SK8 1AL
Email: [email protected]
Telephone: 0161 428 1212
4) Where do we collect your personal information?
Personal information or Personal Data, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal information about you from the following sources as follows:
4.1) Information you provide to us
This includes the contents of an application form by your firm, and where you supply us with personal information by other means (such as phone call, letter, email, or by contacting us through our intermediary website https://intermediary.shepherdsfriendly.co.uk/ )
It is important that the personal information we hold about you is accurate and current. Please keep us informed if the personal information you have provided to us changes during your or your firm’s relationship with us.
4.2) Information obtained from public sources
This includes information about you from public sources such as the Financial Services Register, and will include information such as an individual’s name, address, functions held, disciplinary history; and if you are a sole trader or a partnership, your permissions.
4.3) Information provided by a third party
This includes where your firm provides us with your personal information, for example on an intermediary application form, or as a point of contact.
4.4) Visiting, using and registering for our intermediary website
To use our intermediary website, you do not have to provide us with personal information, however, to access specific areas of the intermediary website your firm will need to register as a Shepherds Friendly intermediary, and this does require the submission of personal information in relation to you.
5) Information held
The information about you which we may hold includes the following in relation to you :-
- Firm’s name (if the firm is an individual);
- Firm’s address
- email address
- phone number
- Firm’s phone number
- Firm’s details
- Firm’s bank account details
- Firm’s Director details
- Passport/Driving licence details
- Firm’s PI Insurance details
- Details of enforcement sanction or disqualification details or similar (and details of similar in relation to previous firms you have been associated with)
- Details of any insolvency proceedings or similar
- Commercial history of firms or individuals associated with such firms
- Date of birth and gender;
- Your alleged conduct/behaviour as it relates to a complaint;
- Transaction data including details about payments to and from your firm;
- Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our intermediary website;
- Profile data including your username and password, transactions made by your firm, preferences, feedback and survey responses;
- Usage data including information about how you use our website, products and services;
- Marketing and communications data including your preferences in receiving marketing from us and your communication preferences;
- Criminal convictions and offences data.
- Your earnings/assets if you are a guarantor for your firm.
6) Why do we collect this personal information?
We process your personal information primarily to administer the contractual relationship between (1) the Society and your firm, and/or (2) The Society and you and to monitor firms to be sure they do not cause us to be in breach of the law or regulation or cause serious damage to our reputation. Further information on the different lawful bases we rely on to process your personal information is set out in the table below, together with an explanation in sections 6.1 and 6.2.
|Purpose/Activity||Type of data relating to you||Lawful basis for processing including basis of legitimate interest|
|To register a new firm (intermediary)||
To process and deliver payments and other transactions with your firm including:
|To investigate any complaints against your firm||
To manage our relationship with your firm which will include:
|To enable you to participate in a prize draw, competition or complete a survey||
|To administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||
|To use data analytics to improve our website, products/services, marketing, relationships with firms and experiences||
||Necessary for our legitimate interests (to define types of firms for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations about products or services that may be of interest to your firm||
6.1) To perform our contract with your firm
We carry out this processing on the grounds that it is necessary for us to perform our contract (for the entry into and administering of transactions with customers and payment of commission under our agreement with your firm, including taking pre-contractual steps your firm has instructed us to take, for example, assessing the eligibility of a firm to become an authorised intermediary for the Society.
6.2) Prevent and detect financial crime
To comply with our legal and regulatory obligations and in particular to protect the Society and its Members against fraud, your personal information is checked against Credit Reference Agencies to:-
- Detect and prevent crime, fraud, money laundering;
- Verify the identity of a firm or you;
- Verify the address of a firm or you.
6.3) Research and Marketing purposes
Occasionally, we may also process your personal information for research and marketing purposes which allows us to improve our processes, systems and product range. We do so because we have a legitimate business interest in improving our service offering. In accordance with Data Protection Law, we are satisfied that our legitimate business interest is not overridden by your interests or fundamental rights and freedoms.
You will only receive marketing communications from us if you have requested information from us or your firm has entered into (or in the process of entering into) an agreement with us which appoints your firm as an intermediary, and you have not opted out of receiving that marketing.
6.4) Opting out
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal information provided to and processed by us as a result of your firm entering into (or in the process of entering into) an intermediary Agreement with us, including for example, where we inform you about new products for customers which you might sell on our behalf.
6.6) Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
7) Who do we share your personal information with?
Your personal information is not shared with anyone except with the parties set out below for the use purposes set out in (6) above:
7.1) Third party underwriting platforms through which your firm submits policy applications, such as iPipeline;
7.2) Crime detection, prevention and prosecution:
- Credit reference or identity verification services;
- Disclosure services.
7.3) Regulatory and governmental bodies acting as joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances including:
- the Financial Conduct Authority and the Prudential Regulation Authority
- HMRC; and
- law enforcement authorities.
7.4) Service providers acting as processors based in the UK who provide IT and system administration services;
7.5) Professional advisers acting as processors including lawyers, bankers, auditors, reinsurers and insurers based in the UK who provide legal, banking, accounting and insurance services;
7.6) Market researchers acting as processors based in the UK who provide market consultancy services.
We may share anonymised data (from which you cannot be identified) with contractors and other third parties for the purpose of improving our business practices and computer systems.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
8) Do you share personal information outside of the UK?
We do not transfer personal information outside the European Economic Area (EEA).
9) How long will you keep my personal information for?
We only keep your personal information for so long as it is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Generally speaking, we retain your information for the following periods of time:
- If your firm’s intermediary application is unsuccessful or withdrawn, for 12 months from the date we notify your firm that it has been unsuccessful, or your firm withdraws its application (whichever is applicable); or
- If your firm becomes an intermediary of the Society, for 36 months from the date your firm ceases to be an intermediary of the Society.
These periods may be extended if, for example, there is a legal dispute between us, or between the Society and your firm, or if we are otherwise required by law to retain the information for a longer period. We will notify you if we need to extend the period for which we retain your information.
10) What are my rights with regards to my personal data?
10.1) Right of Access
You have the right to access and obtain a copy of the personal information that we hold about you, unless we are exempted at law from disclosing it to you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
10.2) Right to Rectification
You have the right to request that we correct any inaccuracies in the personal information stored about you.
10.3) Right to Erasure
In certain circumstances, you have the right to request that we erase your personal information. For example, you may exercise this right in the following circumstances:
- The personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed by us; or
- Where you object to the processing and there are no overriding legitimate grounds for the processing;
- Your personal information has been unlawfully processed.
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
10.4) Right to Restriction
You have the right to restrict our processing of your personal information where any of the following circumstances apply:
- Where you feel that the personal information which we hold about you is not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your personal information;
- Where the processing is unlawful and you do not want your personal information be erased, but request the restriction of its use instead;
- Where we no longer need to process your personal information (e.g. any of the Purposes outlined above have been completed or expire), but you require it in connection with legal claims or proceedings;
- Where you have objected to our processing of your personal information pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms;
Where you exercise your right to restrict our processing of your personal information, we will only continue to process it with your consent or in connection with legal proceedings or for the protection of the rights of other people or for reasons of important public interest.
10.5) Right to Data Portability
To further strengthen your control over your personal information, you have a right to receive and transfer the personal information that you provide to us in a structured, commonly used and machine readable format where the personal information is automated information and it was provided on the legal bases of either: a) your consent; or b) where it is necessary to perform our contract with your firm. Where you make such a request, we will directly transfer your personal information on your behalf to another controller of your choice (where it is feasible for us to do so).
10.6) Right to Object to Processing
You have a right to object to our processing of your personal information for direct marketing purposes. You can exercise your right to prevent such processing by clicking the unsubscribe link in marketing emails we send you, opting out of marketing communications by contacting us using the details set out in the ‘Contact us’ section below.
You also have the right to object to processing where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process information which override your rights and freedoms.
What we may need from you in relation to you exercising your rights
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11) Notification of a data breach
If a security breach causes an unauthorised intrusion into our system we will notify you and any applicable regulator where we are legally required to do so.
We may arrange security details for submitting applications to become an intermediary or communicating with us, including a user name, password, security questions and/or such other log-in requirements as we shall specify. You must keep the Security Details safe at all times. You must tell us immediately if there is any breach of security, loss, theft or unauthorised use of any of the Security Details.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
13) Changes to this Privacy Notice
Any changes made to this Privacy Notice in the future will be posted on the Intermediary Website and where appropriate, notified to you by email. It is recommended that you visit the webpage from time to time to review any changes.
14) Contacting us
If you have any questions about how we collect, store and use personal information; would like to make a complaint regarding privacy; or if you have any other privacy related questions, please contact us by using any of the following means:
Telephone: 0161 428 1212
Email: [email protected]
Post: Shepherds Friendly Society Ltd, Haw Bank House, High Street, Cheadle, Cheshire. SK8 1AL
If you have already contacted us but are still not satisfied, you have the right to refer your complaint to the Information Commissioners Office. They can be contacted by using any of the following means:
Telephone: 0303 123 1113
Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Live chat: Available by visiting their website www.ico.org.uk
15) Defined Terms
|“Controller, Personal Data, Personal Data Breach, Special Categories of Personal Data”||as set out in the UK Data Protection Legislation in force at the time.|
|“Data Protection Law”||the UK Data Protection Legislation and any other European Union legislation relating to Personal Data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including without limitation the privacy of electronic communications); and the guidance and codes of practice issued by the relevant data protection or supervisory authority and applicable to a party.|
|“UK Data Protection Legislation”||all applicable data protection and privacy legislation in force from time to time in the UK including the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.|
Updated May 2019