Privacy
This privacy notice explains how Metfriendly deals with the data we collect from you. It has been written in accordance with the UK General Data Protection Regulation (UK GDPR) tailored by the Data Protection Act 2018, which is in effect as of 1 January 2021, replacing the EU GDPR. You can trust us to act in accordance with this privacy notice – however, if you have any concerns about your data, or want to report a failing in terms of how your data is being collected or used, you can either contact us or get in touch with the Information Commissioner’s Office (ICO).
Our details
We are Metfriendly. Metfriendly is the trading name of the Metropolitan Police Friendly Society Limited. Our address is: Central Court, Knoll Rise, Orpington, Kent, BR6 0JA. Our website is: www.metfriendly.org.uk Our email address for general enquiries is [email protected] Our telephone number is: 01689 891454. Metfriendly is a data controller. This means that we collect data about our members and those to whom we send information, and decide what to do with that data. If you have any queries about our use of your data and how it is protected please contact us at [email protected]Why we process your data
There are three main reasons that we would process your data.- Because you have purchased one or more of our products. In this case, we may process your data for the following reasons:
- To stay in touch about the product or products you purchased.
- To tell you about your rights as a member, such as your right to attend our Annual General Meeting (AGM).
- To tell you about other Metfriendly products or services that might interest you.
- Because you have requested something from us – e.g. a free Metfriendly calendar, a place at one of our events, or entry into one of our prize draws. If you sign up for postal delivery, we have legitimate interests for using your data. If you prefer electronic communications (emails, text/SMS messages, or voice calls), then we will ask for your consent to use your data to carry out your request. The legal basis for this is under section 1(a) Article 6 of the GDPR: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes” (we call this “consent”).
- Because you have opted into our mailing list to receive details of our products and services, and updates on matters that affect policing. If you sign up for postal delivery, we have legitimate interests for using your data. If you prefer to use electronic communications (emails, text/SMS messages, or voice calls), then we will ask for your consent to use your data to carry out your request. The legal basis for this is under section 1(a) Article 6 of the GDPR: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes” (we call this “consent”).
Metfriendly’s legitimate interests
We exist as a mutual friendly society because of our members – without our members, we would not exist. So, we want to grow our membership to replace those who leave and to increase the number of members we have. The more members we have, the lower the costs are for them. We have legitimate interests in growing our membership. We encourage people to become members by telling them about Metfriendly and its products. We do not want to overwhelm potential members with unwanted or unnecessary communications (this would be counterproductive and deter people), so we make it easy to unsubscribe and try to keep our marketing and communications to reasonable levels.The kinds of data we process
Almost all the data we collect and process is classed as “ordinary” (names, addresses, emails, etc.). However, we also collect some “special category” data when handling new applications or claims for protection plans. This includes data relating to the health of the applicant or claimant, and sometimes that of their relations. The GDPR bans the processing of such data unless permitted by a national law. In the UK, the Data Protection Act 2018 allows insurance companies (like us) to process health-related data in order to carry out our insurance business, subject to certain conditions. Metfriendly meets those conditions and so we process your health-related data subject to the same safeguards as the rest of your data.How we share your data
We do not share data with third parties for marketing purposes. We do share data with other firms for processing, where we do not (or cannot) do this processing ourselves. We use mailing houses to process and issue legally required documents such as your annual benefit statement and your invitation to our Annual General Meeting. Your data will only be kept by them for long enough to complete these tasks. We use a firm to process and send emails for us – see the next section for details. We also use a UK-based firm to process member referral offers and deliver gift voucher codes. We only share your email address and this will not be used for any other purpose. If you apply for a protection product from us, or make a claim on one, we will share your data with our reinsurance partner firms to assist us in dealing with your application or claim. The data we share will include data relating to your health (“special data” as defined in the GDPR). These firms are “data controllers” in their own right and will have their own Privacy Notices. They are situated either in the UK or in the EU/EEA. If you hold our Income Protection policy and use the free Personal Nurse Advice service provided by our partner firm RedArc, we will share your personal data with RedArc to enable them to provide this service to you. RedArc has its own Privacy Notice which it would provide to you after you make contact with them.Why we transfer your data outside the UK
HubSpot is a US based service, which we use primarily for email marketing and for this purpose we transfer data to HubSpot. HubSpot has incorporated “Standard Contractual Clauses” into its contract with us, which means that it has equivalent safeguards on your data as any EU country. When necessary, we also transfer data (including special category data) to our reinsurers in the UK and the EU/EEA. We do this if it is necessary for obtaining reinsurance on our protection products (e.g. life insurance and income protection). All our reinsurers have data protection safeguards in place to keep your data secure.How long we keep your data
We generally keep data for six years after we have stopped using it. For policies, this is measured from the date that the policy ended. For membership, this is measured from the date that the last policy you held with us ended. For marketing, we keep your data for three years from the date that we collected it, or from when we last heard from you – whichever is later.Your rights
You have the following rights: The right to be informed We provide details about us, how and why we collect data, and how we process it, here in this Privacy Notice, and when we collect data. The right of access You can ask us for a copy of your personal data, and other supplementary information, called a subject access request or ‘SAR’. Your request can be verbal or in writing, including via social media, and with a very few exceptions, is free. The right to rectification You can have incorrect information corrected or incomplete data completed free of charge, by asking in writing or verbally. The right to erasure You have the right for your personal data to be deleted from all our records – although this only applies in certain circumstances (for instance, it does not apply if we need your data to process a contract that we have with you). The right to restrict processing You can instruct us not to process your data although we can continue to store it. This is not an absolute right and only applies in certain circumstances (if and while you are contesting accuracy of data, or when data has been unlawfully processed but you oppose erasure and request restriction instead; if we no longer need the personal data but you want us to keep it to establish, exercise or defend a legal claim; or if you have objected to processing your data under Article 21(1), and we are considering whether legitimate grounds override your rights). The right to data portability The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services, to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. The right only applies to information that you have directly provided to us. The right to object You can object to the processing of your personal data in certain circumstances; in particular, you have an absolute right to stop your data being used for direct marketing. You can make an objection verbally or in writing. We offer you the chance to opt out of marketing in all our marketing communications. You need to specify reasons why you are objecting to the processing of your data, based on your particular situation. In these circumstances this is not an absolute right, and we may not comply if we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or if the processing is for the establishment, exercise or defence of legal claims. We would balance your interests, rights and freedoms with our own legitimate grounds. If we are satisfied that we do not need to comply with your request we would let you know. We would explain our decision and inform you of your right to make a complaint to the ICO and your ability to seek to enforce your rights through a judicial remedy. Rights in relation to automated decision making and profiling. This right applies where we make a decision solely by automated means without any human involvement; and profiling (automated processing of personal data to evaluate certain things about you). We can only carry out this type of decision-making where the decision is:- necessary for the entry into or performance of a contract; or
- authorised by Union or Member state law applicable to us; or
- based on your explicit consent.
