Privacy Policy
At Gravesham Friendly we take your privacy seriously and are committed to keeping your personal information safe and secure. It is important that you take some time to read this Privacy Policy to understand how and why we collect, store and process your personal data and to understand your rights as the data subject. If you have any queries or concerns regarding our use of your personal data, please contact us via one of the channels provided in the ‘About Us’ and ‘Contact Us’ sections of this Privacy Policy.
About us
Gravesham Friendly (‘we’ or ‘us’ or ‘our’, ‘the Society’) gather and process your personal information (personal data, data) in accordance with this privacy policy and in compliance with the relevant data protection Regulations and Laws, including the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR) 2003
Gravesham Friendly office is at The Old Rectory, Springhead Enterprise Park, Springhead Road, Northfleet, Gravesend, Kent, DA11 8HN. We are a Friendly Society registered in England and Wales under number 189F. We act as the Data Controller when processing your personal data and we are registered on the Information Commissioner’s Office Register; registration number Z306566X. Mr Paul Osborn is our Appointed Person in respect of your data. Please contact us at info@graveshamfriendly.co.uk or telephone 01474 567050 if you have a query regarding your data.
Information That We Collect
Gravesham Friendly processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way other than as specified in this notice.
We take every reasonable measure and precaution to protect and secure your personal data from unauthorized access, alteration, disclosure or destruction and have several layers of security measures in place, such as enterprise grade firewalls, multi factor authentication and web/email filtering technology.
The personal data that we typically collect from you includes: –
- Identity data – first name, maiden name, last name, marital status, title, date of birth and gender.
- Contact Data – address, email address and telephone numbers.
- Financial Data – bank account and payment card details.
- Transaction data – details of payments to and from you and other details of services you have purchased from us.
- Special Category Data – health and medical information in relation to your application for membership and any subsequent claims for insured benefits or Discretionary Grants that you may make.
We collect data from you in a variety of ways, including via telephone, post, email and from our website.
How We Use Your Personal Data
Gravesham Friendly takes your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. We use your personal data to meet our contractual obligations with you and to meet our statutory and legal obligations.
Purposes for which we will use your personal data
We obtain personal information about you and other personal details to help us carry out a variety of activities. These include:
- To process and deliver services to you – processing your membership application to the Society, processing claims, managing payments, fees and charges and recovering money owed to us and arranging and managing tenancies of our properties.
- To keep you informed – notifying you about changes to membership information, terms and conditions, and changes to our Privacy Policy. Sending you our Newsletter and our Annual General Meeting information and accompanying documents.
- To prevent and detect crime – we have a legal obligation to protect our members and ourselves from Financial Crimes such as Money Laundering.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider we need to use it for another reason and that reason is compatible with the original purpose.
Legal Bases For Processing of Personal Data
We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:
- For the performance of your contract with us and the provision of our services to you. For example, to process your application for membership of the Society, or to pay your insured benefits or any Discretionary Grants that you apply for.
- Where it is necessary for our Legitimate Interests as a business and a provider of insurance services and then only if your interests and fundamental rights do not override those interests. For example, to send you our Newsletter and information regarding our Annual General Meeting (AGM) or to prevent and report Fraud.
- To comply with a legal obligation, for example Anti-Money Laundering legislation, the requirements of the Financial Conduct Authority and the Prudential Regulation Authority, or those of HMRC.
- Other processing of personal data with your consent, for example to process Special Category Data such as your medical and health information.
Special Category Data
Owing to the products and services that we offer Gravesham Friendly sometimes needs to process sensitive personal information about you. Your medical and health information is classed as Special Category Data. Where we collect such information, we will only request and process the minimum data necessary for the specified purpose in order to perform our contract with you and to deliver insurance related benefits, or to pay any Discretionary Claims that you apply for.
The legal bases for collecting and processing your Special Category Data are Performance of a Contract and your Explicit Consent. You can modify or withdraw consent at any time, which we will act on immediately, unless there is a legitimate or legal reason for not doing so. However, please be aware that failing to provide, or withdrawing your consent to process Special Category Data may result in the Society being unable to pay your claims for your insured benefits, such as Sickness Benefit, or any Discretionary Claims that you apply for.
Your Rights
- Right to be informed – You have the right to be informed about our collection and use of your personal data as Data Controller. Including what personal data we hold about you , the purposes of the processing, the lawful bases for processing your data and how long we intend to store your personal data for.
- Right of access – you have the right to access and receive a copy of your personal data unless we are exempt by law from disclosing some or all of this information to you. This is known as a ‘Subject Access Request’ or SAR. You can make a SAR verbally, in writing or via social media. Please allow 5 working days to provide this information to you.
- Right to rectification – If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and update your personal data. You can make a request verbally or in writing.
- Right to erasure – You have the right to request erasure of your personal data. This is also known as ‘the right to be forgotten’. You can make this request verbally or in writing. Please be aware that this right is not absolute and will only apply in certain circumstances:
- the personal data is no longer necessary for the purpose for which we originally collected and processed it
- where our legal basis for processing your data consent and you withdraw your consent
- where our legal basis for processing your data is legitimate interests and you object and there is no overriding legitimate interest to continue this processing
- we are processing the data for direct marketing purposes and you object
- we have to comply with a legal obligation
- we have processed the data to offer services to a child.
5. Right to restrict processing – you have the right to request the restriction or suppression of your personal data. You can make a request verbally or in writing. Please be aware that this right is not absolute and will only apply in certain circumstances:
- you contest the accuracy of your data and we are verifying the accuracy
- your data has been unlawfully processed
- we no longer require your data, but you need us to keep it to in order to establish, exercise or defend a legal claim
- you have objected to us processing your data and we are considering whether our legitimate grounds override your interests.
6. Right to Data Portability – You have the right to portability of your information. This right allows you to obtain and reuse your personal data for your own purposes across different services. This right only applies to information that you have provided to us as the Data Controller. You can make a request verbally in or writing.
- Right to object – You have the absolute right to object right to us processing your data for direct marketing purposes. You also have the right to object:
- Where we process your data on the grounds of our legitimate interests
- Where we process your data on the basis of ‘public task’
Please be aware that we can refuse to comply with your request if we can demonstrate compelling legitimate grounds for processing which do not override your interests, rights and freedoms.
7. Rights related to automated decision -making including profiling – Gravesham Friendly Society Ltd does not currently carry out automated decision making including profiling.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure. We will aim to respond to your request within one calendar month.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Please be aware that in some circumstances, we may not be able to comply with your request in relation to your rights. This may be because an exemption applies under the UK GDPR and the Data Protection Act 2018, or your request is manifestly unfounded or excessive.
Sharing and Disclosing Your Personal Information
Gravesham Friendly uses third-parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the UK GDPR, the Data Protection Act 2018, the PECR 2003 and any other appropriate confidentiality and security measures.
These third parties include:
- Actuarial Services
- Auditor services
- Tenancy and Property management
- Professional consultants
- Regulatory and governmental bodies
- Technology systems providers
- Mailing Houses
The names and locations of third parties we use are available on request.
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement.
International Transfers
We do not transfer your personal data outside the European Economic Area (EEA)
Data Retention
Gravesham Friendly only ever retains personal information for as long as is necessary to provide our services and meet legal requirements. For example, if you are a member of the Society, we will retain your personal data for the duration of your membership and for a period of time thereafter as required for regulatory or legal reasons.
We have review, retention and destruction policies in place to meet these obligations.
If you require information about how long, and why, we will retain specific items of personal data please ask us verbally or in writing for an explanation of our retention periods using the contact details provided in the ‘Contact Us’ section of this Privacy Policy.
Notification of a Data Breach
You will be notified immediately, if a breach of data occurs that is likely to result in a high risk of your rights and freedoms being adversely affected.
Contact us
If you would like further information regarding privacy, including how we collect, store and process personal information; or if you would like to make a complaint regarding privacy, please contact us by any of the following means:
Telephone: 01474 567050
Email: info@graveshamfriendly.co.uk
Post: The Old Rectory, Springhead Road, Northfleet, Kent DA11 8HN
If you have contacted us about a privacy issue or have made a privacy related complaint, and you remain unsatisfied, you have the right to refer your complaint to the Information Commissioners Office (ICO) at:
Telephone: 0303 123 1113
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF