This privacy notice explains how Metfriendly deals with the data we collect from you. It has been written in accordance with the General Data Protection Regulation (GDPR), which is in effect as of 25 May 2018 and applies directly in all member states of the EU. You can trust us to act in accordance with this privacy notice – however, if you have any concerns about your data, or want to report a failing in terms of how your data is being collected or used, you can either contact us or get in touch with the Information Commissioner’s Office (ICO).
We are Metfriendly. Metfriendly is the trading name of the Metropolitan Police Friendly Society Limited. Our address is: Central Court, Knoll Rise, Orpington, Kent, BR6 0JA. Our website is: www.mpfs.org.uk. Our email address for general enquiries is: [email protected]. Our telephone number is: 01689 891454.
Metfriendly is a data controller. This means that we collect data about our members and those to whom we send information, and decide what to do with that data.
Our data protection officer is John Midlane. John is responsible for Metfriendly’s data protection processes. His email address is: [email protected].
Why we process your data
There are three main reasons that we would process your data.
- Because you have purchased one or more of our products. In this case, we may process your data for the following reasons:
- To stay in touch about the product or products you purchased.
- To tell you about your rights as a member, such as your right to attend our Annual General Meeting (AGM).
- To tell you about other Metfriendly products or services that might interest you.
- Because you have requested something from us – e.g. a free Metfriendly calendar, a place at one of our events, or entry into one of our prize draws. If you sign up for postal delivery, we have legitimate interests for using your data. If you prefer email communications, then we will ask for your consent to use your data to carry out your request. The legal basis for this is under section 1(a) Article 6 of the GDPR: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes” (we call this “consent”).
- Because you have opted into our mailing list to receive details of our products and services, and updates on matters that affect policing. If you sign up for postal delivery, we have legitimate interests for using your data. If you prefer to use email, then we will ask for your consent to use your data to carry out your request. The legal basis for this is under section 1(a) Article 6 of the GDPR: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes” (we call this “consent”).
Metfriendly’s legitimate interests
We exist as a mutual friendly society because of our members – without our members, we would not exist. So, we want to grow our membership to replace those who leave and to increase the number of members we have. The more members we have, the lower the costs are for them. We have legitimate interests in growing our membership.
We encourage people to become members by telling them about Metfriendly and its products. We do not want to overwhelm potential members with unwanted or unnecessary communications (this would be counterproductive and deter people), so we make it easy to unsubscribe and try to keep our marketing and communications to reasonable levels.
The kinds of data we process
Almost all the data we collect and process is classed as “ordinary” (names, addresses, emails, etc.). However, we also collect some “special category” data when handling new applications or claims for protection plans. This includes data relating to the health of the applicant or claimant, and sometimes that of their relations.
The GDPR bans the processing of such data unless permitted by a national law. In the UK, the Data Protection Act 2018 allows insurance companies (like us) to process health-related data in order to carry out our insurance business, subject to certain conditions. Metfriendly meets those conditions and so we process your health-related data subject to the same safeguards as the rest of your data.
How we share your data
We do not share data with third parties for marketing purposes.
We do share data with other firms for processing, where we do not (or cannot) do this processing ourselves.
We use mailing houses to process and issue legally required documents such as your annual benefit statement and your invitation to our Annual General Meeting. Your data will only be kept by them for long enough to complete these tasks.
We use a firm to process and send emails for us – see the next section for details.
We also use a UK-based firm to process member referral offers and deliver gift voucher codes. We only share your email address and this will not be used for any other purpose.
If you apply for a protection product from us, or make a claim on one, we will share your data with our reinsurance partner firms to assist us in dealing with your application or claim. The data we share will include data relating to your health (“special data” as defined in the GDPR). These firms are “data controllers” in their own right and will have their own Privacy Notices. They are situated either in the UK or in the EU.
If you hold our Income Protection policy and use the free Personal Nurse Advice service provided by our partner firm RedArc, we will share your personal data with RedArc to enable them to provide this service to you. RedArc has its own Privacy Notice which it would provide to you after you make contact with them.
Why we transfer your data outside the UK
HubSpot is a US based service, which we use primarily for email marketing and for this purpose we transfer data to HubSpot. HubSpot is registered under the US Privacy Shield Framework (see www.privacyshield.gov/welcome), which means that the EU agrees it guarantees sufficient security for transfers of personal data.
When necessary, we also transfer data (including special category data) to our reinsurers in the UK and the EU. We do this if it is necessary for obtaining reinsurance on our protection products (e.g. life insurance and income protection). All our reinsurers have data protection safeguards in place to keep your data secure.
How long we keep your data
We generally keep data for six years after we have stopped using it. For policies, this is measured from the date that the policy ended. For membership, this is measured from the date that the last policy you held with us ended. For marketing, we keep your data for three years from the date that we collected it, or from when we last heard from you – whichever is later.
You have the right to access, correct and delete (in most cases) your personal data from Metfriendly’s database, or to stop us processing your data in a certain way (or at all). If you have given consent for us to use your data in the past, you can withdraw your consent at any time.
Changing your mind about consent
You can withdraw your consent at any time. You can do so by email, telephone or post. Our contact details are on our marketing materials and website. If we need to keep your data for legal or contractual reasons (for example, if you are still a member and have plans held with us), we are able to do so. Otherwise, we will stop processing your data and delete it immediately.
How to complain if something goes wrong
You can complain to the ICO if you believe your data has been lost or mishandled by us. The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Its website is: ico.org.uk. Its phone number is: 0303 123 1113 (charged at a local rate – calls to this number cost the same as calls to 01 or 02 numbers).
Where we get your data from
We obtain most of your data directly from you (the “data subject”). We also obtain data from the Metropolitan Police Federation and the Metropolitan Police and City of London Police payroll services. We use this data to identify you and ensure our records are up to date in terms of your current work location, rank and employment status.
Why we need your data
We need your data to be able to deliver our services and products properly. When you start a contract with us, you will need to provide us with some personal data – otherwise, we will not be able to fulfil our end of the deal.
Automatic decisions we make with your data
Some of our products are only available to people within certain age groups. Similarly, some of our products are only relevant to members of police services. We do not want to send details of such products to people for whom they are not relevant, so we may use an automatic system (“profiling”) to block such communications. If you want to hear about certain products anyway, just let us know, and we will send you information about them on request.
Recording telephone calls
We record incoming and outgoing telephone calls. We do this for a number of reasons: 1) so that you don’t have to provide written confirmation of instructions or information about contracts; 2) to monitor the way our team deals with our customers; and 3) for staff training. We do not share any part of these recordings with third parties, except when we are legally required to do so.
Last updated on 23 May 2018