Privacy Policy

Privacy notice for customers, potential customers, and the general public of Holloway Friendly

Who are we?

Who does this Privacy Notice apply to?

Why do we need your information?

What information do we need to produce a quote and how do we collect it?

What information do we need if you apply for a plan with us and how do we obtain it?

What information will we collect during your Plan lifetime?

What information do we need if you make a claim or wish to cash-in your Plan?

How do you prevent fraud?

What information do we collect when you visit our website?

What other information processing happens if you visit our offices?

Legal Basis for using personal information

Who do we share your information with?

Your Rights

Changes to this privacy notice



Who are we?

We are The Original Holloway Friendly Society (Holloway Friendly). We are the Data Controller for all information collected and stored about you, unless otherwise stated in this Privacy Notice. If you have any queries or concerns about how we handle your information, or want to exercise your rights, please contact us at the contact points listed under ‘ Your Rights’. 

Who does this Privacy Notice apply to?

Where we use the word ‘you’ in this Privacy Notice, we mean the person who is or will be covered by our insurance plan. If you are acting on behalf of this person, then you should bring this Notice to their attention before submitting any information to us. You should only supply information to us about another person if you have their permission first. Normally we do not require information from you about other people, such as your close family members, in a way that allows them to be identified easily.
From time to time, we will update this Privacy Notice to reflect changes in regulation or the law or the involvement of new third parties. You can always view our most up-to-date Privacy Notice here or can request it by contacting us.
By providing your information, you acknowledge that we will use it as set out in this Privacy Notice. We will contact you if we intend to use your information for different purposes to the ones set out in this Privacy Notice.

Why do we need your information?

We process your information to:

  • allow us to identify if we can offer you one of our insurance plans, what would be insured, and how much the plan is likely to cost.

If you decide to apply for one of our plans, we use your information to:

  • decide whether we can accept your application, what it would cover and how much we will charge.
  • administer your Plan, including contacting you, assess any claim that you might make, supply support services if you are unable to work, and deliver other benefits linked to your Plan.
  • send information relating to your membership of the society and voting rights.
  • fulfil our legal and regulatory obligations.
  • manage our business for our members including improving our products and services

Details of the legal basis for using your information can be found  here
Holloway Friendly will not sell your information to another company or use it to market the products or services of other companies to you. We do share information with third parties for various reasons. Find out more about  third parties

What information do we need to produce a quote and how do we collect it?

We collect information directly from you or your adviser, or from websites that you visited and used to obtain a quote from us. We need your date of birth, occupation, gender and information about your hobbies (particularly active hobbies). We need some sensitive information from you about your current and former physical and mental health and your lifestyle e.g. how much you drink and whether you smoke. This allows us to determine if we can offer you a plan and if we can, how much it would cost. If you do not apply to take out a plan, we will retain your information for 6 months.

What information do we need if you apply for a plan with us and how do we obtain it?

We collect your information directly from you or your adviser. Initially, we need the same information for a plan application as we collected for the quote. We need some additional information, including where you have lived, your bank details and your doctor’s name and address. We need some sensitive information about your current and former physical and mental health, and your lifestyle e.g. how much alcohol you drink and whether you smoke. If you have already provided this information, we may ask you to confirm it or to provide more detail or evidence. We will ask you whether close family members have suffered from certain medical conditions. In certain, limited, circumstances we will ask you to tell us about genetic tests that you have taken. We will ask for details of other, similar insurance policies that you have and with your consent, for information from the other insurers about those policies. We collect this information on our online and paper application forms or in a recorded telephone call between you and our medical underwriting experts, Morgan Ash or Capita MDG, and from the information you supplied to obtain a quote. Where we need to obtain further data about your lifestyle or medical history from a third party to decide the terms on which we can offer you a plan, we will contact you and ask for your specific consent to do so. E.g. sometimes, with your permission, we ask your doctor to verify or clarify what you have told us. We may share information with Capita Life and Pensions Regulated Services who sometimes assist us in making underwriting decisions. That is decisions about what cover we can offer you and at what price.

We need your information to work out whether we can offer you a plan, on what terms and at what cost. If you do not give us your information or prohibit us from collecting it, we may not be able to offer you a plan or it may cost you more than it otherwise might. We use some of your information to meet legal and regulatory obligations such as the rules relating to money laundering prevention. If, having applied for a plan, you decide not to take one out or cancel it during the cancellation period, we will keep your information for up to 3 years in line with our regulatory obligations.

What information will we collect during your Plan lifetime?

We need you to keep us informed about your income because if your income changes, it can affect the amount of your cover, how much you can claim, and how much you pay. We need you to make sure we have your current contact details, so that we can stay in touch with you. If we lose touch, we may use a third-party tracing service to try and find you.

If you want to increase your cover, we might need you to re-confirm some of your information, including your income, lifestyle, hobbies and health information so we can consider your request. We might need to ask for some new information if your circumstances have changed.

If you temporarily stop paying for your Plan, and this is allowed under our agreement with you, we will need you to confirm how your circumstances have changed e.g. if you are taking a career break or are having a child. The payment options will vary by product and are set out in the product terms and conditions.

 

What information do we need if you make a claim or wish to cash-in your Plan?

If you make a claim because you cannot work, we gather information on your employment, including your recent income, other insurance that you have, medical information that is relevant to your sickness or injury, so that we can determine why you are unable to work normally. We collect this information by asking you to complete a claims notification form either on-line or over the telephone. We may allow you to send us a photographs of medicine or an injury etc. or share information over Skype or other similar service.

We may ask for permission to receive information about you from your employer or from your doctor or other medical professionals. We keep a copy of this information and/or take notes, which we keep with our claims decision records as required by regulation. You do not have to give us permission to talk to your employer or doctor, but we may not be able to pay you income under your Plan if we cannot collect sufficient evidence.
We are committed to treating all claims fairly and therefore sometimes ask a specialist third party firm to review our claim decisions and confirm we have done so. Where it is difficult for us to make a decision on your claim without expert medical advice we will share medical data with Our Chief Medical Officer, an employee of Capita Life and Pension Services (Ltd).

With your consent obtained at the time, we may share relevant information with services, charities or companies that may help in your recovery. If we become aware of serious health concerns which your doctor may not be aware of we will share the information with them.

When paying claims, including proceeds for those policies with a cash-in value, we will need to identify you (or the person who we are paying) Usually, this means that we need copies of official documents such as passports, or driving licences.

We keep this information for up to 6 years after your Plan ends to meet regulatory requirements and to deal with any queries or complaints you may have.

How do you prevent fraud?

To protect Member funds and to prevent and detect fraud, we sometimes access publicly available information about claimants. These sources include social media and electoral roll data. 

If fraud is suspected, we may decide to pass information to fraud prevention agencies or employ covert surveillance methods. This activity is only undertaken after a formal review by one of our senior managers and our Data Protection Officer. It would be considered if we have reasonable grounds to suspect that false, inaccurate or inconsistent information has been given to us.

What information do we collect when you visit our website or you email us?

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to analyse aggregate information. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.

Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:

  • To estimate our audience size and usage pattern.
  • To recognise you when you return to our site.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

Our cookies do not store sensitive information such as your name, address or payment details.

However, if you'd prefer to restrict, block or delete cookies you can use your browser to do this. Each browser is different, so check the 'Help' menu of your particular browser (or your mobile phone's handset manual) to learn how to change your cookie preferences.

What is a cookie?

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time.

Most Internet browsers support cookies; however, users can set their browsers to decline certain types of cookies or specific cookies. Further, users can delete cookies at any time.

Why do we use cookies?

We use cookies to learn how you interact with our content and to improve your experience when visiting our website.

Third-party cookies belong to and are managed by other parties, such as google analytics. These cookies may be required to render certain forms and so we can produce information about how people use our website to enable us to improve it.

Session Cookies

Session cookies are temporary cookies that are used to remember you during the course of your visit to the website, and they expire when you close the web browser.

Persistent Cookies

Persistent cookies are used to remember your preferences within the website and remain on your desktop or mobile device even after you close your browser or restart your computer. We use these cookies to analyse user behaviour to establish visit patterns so that we can improve our website functionality for you and others who visit our website(s).

How are third party cookies used?

For some of the functions within our websites we use third party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third party suppliers) may contain third party cookies, and we encourage you to consult the privacy policies of these third party vendors on their websites for information regarding their use of cookies.

How do I reject and delete cookies?

You can change your preferences by changing your browser settings. Please note that most browsers automatically accept cookies. Therefore, if you do not wish cookies to be used, you may need to actively delete or block the cookies.

If you reject the use of cookies, you will still be able to visit our websites but some of the functions may not work correctly. You may also visit  www.allaboutcookies.org for details on how to delete or reject cookies and for further information on cookies generally. By using our website without deleting or rejecting some or all cookies, you agree that we can place those cookies that you have not deleted or rejected on your device.

Cookie

Description

Opt-Out Link/More details regarding specific privacy policy

Google Analytics

We use Google Analytics to understand how our media campaigns work and how you interact with our website in order to improve the user experience.

https://tools.google.com/dlpage/gaoptout

LinkedIn

The LinkedIn insight tag allows us to perform campaign reporting and unlock valuable insights about website visitors that may come via the campaigns we run on LinkedIn.

www.linkedin.com

 We use Transport Layer Security (TLS) to encrypt and protect email traffic. We'll also monitor any emails sent to us, including file attachments, for viruses or malicious software.

What other Information Processing happens if you visit our offices?

In order to protect our Members’ information, our premises and staff, we operate a CCTV system at our Head Office which covers the building, car park and an access road which is also used by the general public. We operate digital access systems which require authorised people, including visitors, to carry a digital chip to enter and move within the premises. The location of the chip can be traced by our Human Resources function so the location of staff and visitors can be identified in an emergency.

Legal Basis for using Personal Information

 

Why we need the Information

Categories of Information we process for that purpose

The Legal Basis for Processing

To provide you with a quote

Your date of birth, occupation, income, your gender, and information about some hobbies.

Sensitive information on: your current and former physical and mental health and your lifestyle e.g. how much you drink and whether you smoke.

The processing is necessary, at your request, as a step in preparation to entering into a contract.

We apply an exemption for insurance purposes and/or you consent.

If you do not consent we cannot supply an accurate quote. 

To review your application for a plan and offer you terms including working out whether to offer you a plan, on what terms and working out the cost.

 

Your date of birth, occupation, income your gender, and information about some hobbies. Information about other insurance policies you hold.

Sensitive information your current and former physical and mental health, your height and your lifestyle e.g. your weight, how much you drink and whether you smoke.

Limited information about, genetic test results and information about illnesses and conditions your natural parents, brothers and sisters have suffered from.

In some cases, we may need more details about medical conditions you have suffered from or treatment you have received for this purpose.

The processing is necessary, at your request, as a step in preparation to entering into a contract.

 

We apply an exemption for insurance purposes and/or you consent.

If you do not allow us to obtain this data we may not be able to offer you a plan or your plan may not cover you for certain medical conditions or it may cost more than it otherwise would. 

To administer and service your plan, including tracing you if we lose touch, amending your Plan at your request and resolving any complaints as well as sending you information about your rights as a Member, e.g. attending Annual General Meetings and voting rights.

 

Your name, address, e-mail address, phone numbers, bank details and date of birth.  Your occupation and income

Sensitive information on your current and former physical and mental health, and your lifestyle e.g. your weight, how much you drink and whether you smoke.

Processing is necessary for the performance of a contract (Article 6 1 (b) GDPR)

We apply an exemption for insurance purposes and/or you consent

If you do not allow us to obtain this information we may not be able to amend your Plan as you wish.

To assess and pay claims or when you cash in your Plan

Your name, address, passport number and other unique identifiers on information to allow us to identify you, bank account details  and employment details and income

Sensitive information on your physical and/or mental health that is impacting on your ability to work.

Processing is necessary for the performance of a contract.

We apply an exemption for insurance purposes and/or you consent.

If you do not allow us to obtain this information we may not be able to pay claims.

To provide access to services and support that might aid recovery.

Your name, address, and contact number.

Sensitive information on your physical and/or mental health that is impacting on your ability to work.

We will pass information on to third parties with your consent supplied at the time

Once we have passed your information on the third party will be responsible for your information.

If we think your life may be at risk if we do not pass on information e.g. if we discover something about your health and cannot easily obtain your consent.

To prevent detect and investigate fraud

Your name, address, passport number and other unique identifiers on information to allow us to identify you.

Sensitive information on your physical and/or mental health that is impacting on your ability to work.

The processing is necessary for a legal obligation of an insurer. And the processing is necessary for the legitimate interests of Holloway Friendly and its Members in preventing fraud.

And for sensitive information

Preventing Fraud is necessary for reasons of substantial public interest.

To run Holloway Friendly’s business efficiently and in line with legal and regulatory obligations. 

e.g.  Running effective, compliance monitoring, internal and audit functions, and supply information to external auditors. 

Ensuring we are treating our current and future Members fairly in pricing, dealing with claims, paying bonuses and paying out plan proceeds.

Keeping accounting records, receiving professional advice (e.g. Legal advice.) and managing risk so we can make sure we have money available to pay claims.

Your date of birth, occupation, income your gender, and information about some hobbies. Information about other insurance policies you hold.

Sensitive information on your current and former physical and mental health, your height and your lifestyle e.g. your weight, how much you drink and whether you smoke.

Limited information about, genetic test results and information about illnesses and conditions your natural parents, brothers and sisters have suffered from.

Processing fulfils legal obligations to have robust, controls, Compliance and Internal Audit functions and to manage all risks so we can ensure we have enough money to pay claims now and in the future.

Our legitimate interests in understanding customer behaviour and claims rates etc. so we can run Holloway Friendly effectively for its Members. 

Sensitive information: We apply an exemption for insurance purposes (Article 9 (1) (g).

To keep our staff, premises and personal data safe.

Car registration number, images of visitors from CCTV, information about where visitors have gone within our premises.

The processing is necessary for the purposes of meeting a legal obligation, to keep personal data safe (Article 6 1 C) and, we have a legitimate business interest in protecting our staff, premises and data. 

 

Who do we share your information with?

From time to time, we appoint third parties to support us in supplying services to you. Where these third parties need to access your information or process it to do their jobs, we remain responsible to you for how they do this they are called Data Processors. We have contracts in place with all of our Data Processors which prohibit them doing anything with your information unless we have instructed them to do it, or explicitly allowed them to do it. They will not share your personal information with any organisation apart from us without our agreement, unless they are legally obliged to do so e.g. if they suspect money laundering. They will hold your information securely and retain it for the period we instruct, in line with this Privacy Notice.

None of our Data Processors are allowed to send your personal information outside the European Economic Area without our express permission.  If any of our Data Processors ask our permission, we will insist they take the steps to protect your information before agreeing to their request.  

We may appoint new third parties from time to time and will update our Privacy Notice when we do.

Table of Data Processors:

Name/Category of Recipient

Processing undertaken

Information They Receive

RHM Telecommunications

Storage of Telephone calls.

Any information you discuss with us in a recorded telephone call which can include sensitive information about your health e.g. when we are working out the terms we can offer you for a plan or when you are making a claim.

 

Medicals Direct Screenings Ltd

Tele-interviewing

Sensitive information provided by you about your current and former physical and mental health, your lifestyle and illnesses of close family members you disclose.

MorganAsh

Tele-interviewing

Sensitive information provided by you about your current and former physical and mental health, your lifestyle and illnesses of close family members you disclose.

Varistha Ltd

IT development, support and data storage.

All information relating to quotes, plan applications, policies and claims.

OAC plc

Actuarial support including setting prices, assessing risks, measuring claims experience and capital management

All information relating to quotes, plan applications, policies and claims.  Often such data is aggregated and/or anonymised. e.g. names are not routinely included.

Corporate Mailing Solutions Ltd

Printing and issuing letters, checking the information we hold about your address is correct from publicly available sources such as the electoral roll and other registers.

Contact details e.g. name and address and plan details contained in letters which are sent to you.

Printwaste Recycling & Shredding

Confidential and Non Confidential waste collection and destruction.

Confidential and non- confidential waste created at our office.

Capita Life and Pensions Regulated Services

Underwriting support

Sensitive details about health and lifestyle of you and your close family members.

IRESS Portal Limited

Portal Services

Details provided to allow a quote to be created on line such as occupation, age, name, income.

Fraud Prevention Agencies and investigators.

Identification of people who may be likely to undertake fraud.

Typically name, address, age and other details to allow identification such as National Insurance or passport numbers Sensitive information about injuries and illnesses may be shared where necessary for covert surveillance.

 

Other Recipients

We disclose personal information to other third parties where we are required or permitted to do so by law or regulation or where you give your consent.  Once we have done so, these third parties become responsible for your information and become Data Controllers in their own right.

Category/Name of Recipient

Why do we share your peronsal information

Where to find more information

Regulated Insurance Intermediaries

So your insurance intermediary can act for you in arranging or servicing the plan and meet their regulatory obligations.

Your adviser can give you information about their own privacy notice.

Best Hopes Coaching and Consulting

With your permission, where their consulting services may help your recovery.

http://www.besthopes.co.uk/

 

Vitality 360

With your permission, where their consulting services may help your recovery.

http://vitality360.co.uk/ 

Financial Conduct Authority

We are required by law to share infomration with our regulator at their request.

https://www.fca.org.uk/privacy

Prudential Regulation Authority

We are required by law to share information with our regulator at their request.

www.bankofengland.co.uk

Financial Ombudsman Service

At your request, the ombudsman will consider a complaint you make to him about us if we have not been able to resolve it to your satisfaction.

http://www.financial-ombudsman.org.uk/help/privacy_statement.html

Information Commissioner’s Office

At your request, the Information Commissioner’s Office, will consider a complaint you make to them about us if we have not been able to resolve it to your satisfaction.

https://ico.org.uk/global/privacy-notice/

The police, HMRC and other crime prevention agencies https://ico.org.uk/global/privacy-notice/

Where they request information to prevent or detect crime e.g. where they have a court order or where we reasonably suspect a crime may have been committed.

Police or HMRC Websites

Ernst and Young LLP

So they can act as our Internal Auditor. All information relating to quotes, plan applications, policies and claims, where relevant to an audit they are undertaking.

 

 

www.ey.com/uk/en/home/privacy-notice http://www.ey.com/uk/en/home/privacy-notice

PricewaterhouseCoopers

So they can act as our external Auditor.  External Auditors have to be given access to all information on request to perform their role

 

 

https://www.pwc.com/gx/en/site-information.html

Reinsurance companies

Reinsuring of the insurance risks we take on to allow effective capital management

Contact us at the contact points below if you want to know if your information is shared with a reinsurer and which one.  

 

Your Rights

You have the right to:

  • access your information and some details of how we use it such as the purpose of the processing, the categories of information that we hold, to whom it has been disclosed and how long it will be stored.  We do not normally make a charge for supplying this information. However, we reserve the right to do so when you make a large number of such requests, or request a large number of copies of your information and data protection law allows us to make a charge. We will agree with you how to securely provide access to your information, in writing or by electronic means, where this is possible.
  • data portability.  For some information, typically the personal information you supplied to us, you have the right to ask that we send it to a third party you have chosen. The third party will then become responsible for looking after it. 
  • rectification.  We try and keep the personal information we have about you up to date and accurate.  However, if it is not correct or in incomplete, you can ask us to correct it or add other information to it.
  • erasure.  This has sometimes been called ‘the right to be forgotten’ in the press. You can ask us to delete some of the your information if you think we no longer need it for the purpose for which we collected it or where we are only processing it with your consent and you wish to withdraw consent.  There may be reasons why we cannot delete your information e.g. if we are obliged to keep it for legal or regulatory reasons.  Where this is the case we will tell you, and indicate how long we need to keep it.
  • restriction of processing.  You can ask us to stop processing your information in certain situations e.g. if you are concerned your information is inaccurate and you want us to verify it or you don’t think we have the right or need to process it, but don’t want us to delete it.
  • Right not to be subject to automated decision making.  When you first ask us for a quote or make an initial application e.g. by submitting your information to us through a website or your adviser our systems will not produce a quote or allow your application to proceed if you have certain medical conditions, lifestyle factors or you tell us that you do certain jobs or work in certain locations, where we will be unable to offer you a plan. You have the right to object to automatic decisions made in this way and if you do so, one of our team will reconsider your application/request for a quote.

You also have the right to ask us to stop sending you marketing messages.  We do not currently do this.

If you want to exercise any of these rights, complain to us or ask us questions please email us at Dataprotectionofficer@holloway.co.uk or write to us at:

Data Protection Officer
Holloway House71 Eastgate Street
Gloucester
GL1 1PW

You have the right to make a complaint to the Information Commissioner’s Office (ICO at any time about the way we use your personal information. More information can be found at the ICO’s website https://ico.org.uk. ).  The ICO is the supervisory authority for data protection matters for Data Controllers based in the UK.

Changes to this privacy notice

This privacy notice was last updated on 24 May 2018. 

Download acrobat reader