The Exeter Privacy Policy

This privacy policy explains how Exeter Friendly Society Limited & The Exeter Cash Plan trading as The Exeter ("The Exeter", "We", "Us" or "Our") uses and protects any information that You ("You" or "Your") give Us by which You can be identified or are identifiable ("Personal Information") when You use Our Services. This privacy policy applies to the use of Our private medical insurance plans, cash plans, protection products and the use of Our website, collectively known as the “Services”.

We are committed to ensuring that Your privacy and Your Personal Information are protected. If We ask You to provide certain Personal Information when using Our Services, then You can be assured that it will only be used in accordance with this privacy policy.

What Personal Information will be collected, and how is it collected?

Personal Information provided by You:

We need to collect Personal Information from You so that We can provide and You can receive the Services in relation to the policy that We have entered into, for example when You apply for one of Our products or make a claim. However, You should be aware that We may also process Your Personal Information to comply with a legal obligation (amongst others) or where We have a legitimate business objective (such as ensuring that We deliver the Services and develop Our products in a way that meets Our customers' needs). However, We will take all reasonable steps to ensure that We only collect the minimum Personal Information that is necessary to achieve this objective and will not use it for any other purpose not envisaged in this Privacy Policy or as otherwise notified to You. If We do not collect Your Personal Information it will severely restrict our ability to provide the Services to You, and in a tailored way.

This Personal Information can be collected in a variety of ways, for example, by use of Our website, completion of an application form, or completion of a claim form and sent by various methods including by post, email and by telephone.

The Personal Information You provide to Us might include:

  • Basic personal identifiers, including Your name, address, email address and date of birth
  • Additional lifestyle information, for example relating to Your hobbies or occupation
  • Sensitive Personal Information, including health information. When Sensitive Personal Information is required, We will explain why the Personal Information is needed and obtain Your explicit consent before it is collected (and you will have the right to withdraw your consent at any time – (see ‘Consent’ section of this privacy policy))
  • Information on family members of a nature listed above, when they are entitled to the Services We provide. Where applicable, please ensure that the family members have had sight of this privacy policy.

Information from other sources:

We may also acquire Your Personal Information from reputable third party companies who operate in accordance with UK data protection legislation. We will only take receipt of such Personal Information where You will have already submitted Your Personal Information to these companies and have specifically given permission to allow them to pass it on to other companies that provide similar or complementary products and services to Us. We may also obtain information from credit agencies, public sources, social media and similar online resources.

Information We collect through Our website (‘cookies’):

We collect certain types of information from Your web browser via 'cookies' when You use Our website. To find out more information please refer to Our Cookie Policy.

How Your Personal Information is used:

  • To administer and manage the Services that We provide which may include underwriting, calculating and adjusting premiums, claims handling and policy renewals
  • To perform ancillary business processes connected to Our Services, for example auditing, accounting, internal record keeping, planning and to comply with legal and regulatory obligations
  • Research and statistical analysis in connection with improvement of Our Services and products
  • To safeguard against criminal activity, crime and fraud
  • To customise the website according to Your interests
  • To contact You for market research
  • To inform You about new products, special offers or other information which We think You may find interesting. We will only do this where You have indicated that You would like to receive such information.

This list is not necessarily exhaustive as changing business needs or external factors may influence the use of the information We hold. Should there be a need to use Personal Information for other reasons, We will update this Policy.

Who else might need to see the Personal Information held?

We may need to send Personal Information to other firms in connection with Our Services, including the following:.

  • Firms that partly or wholly help Us to administer Our Services
  • Payment and delivery services
  • Analytics providers and search information providers
  • Credit reference agencies
  • Legal or regulatory organisations
  • Our legal advisers in connection with obtaining legal advice or pursuing a claim
  • A customer’s appointed insurance adviser, although no sensitive Personal Information will be provided to them without Your prior consent (see ‘Consent’ section of this privacy policy)
  • Other insurers to recover for proportionate share of treatment costs following claims
  • Law enforcement agencies and other third parties: Your Personal Information may be shared with other agents or databases for the purposes of preventing and detecting fraud.

Where will Personal Information be held?

The Personal Information that We collect from You may be transferred to, or processed or stored in any country, including those outside the European Economic Area. To ensure We meet Our obligation to adequately protect Personal Information We will:

  • Ensure the purposes and processing associated with any such transfer will comply with all applicable data protection regulations in the UK and EU
  • Ensure that any parties to whom We pass Your information agrees to treat Your Personal Information with the same level of protection as required by the data protection regulations in the UK and EU.

By submitting Your Personal Information to Us, You acknowledge that Your Personal Information will be transferred, stored or processed as explained within this privacy policy.

How long will Personal Information be held for?

As part of Our commitment to Your privacy, We will not hold Your Personal Information for any longer than is necessary. Your Personal Information will be retained in accordance with Our records retention policy, based on the relevant legal and business requirements and, accordingly, the retention periods for Personal Information will vary according to the nature of the information held. In most cases, information will be stored for six years, but longer periods may apply to comply with regulatory or legal requirements.

For record keeping purposes, We may retain a record to assist Us in determining future applications for insurance that You may wish to take.

Consent

In most cases, when We process Your Personal Information We will not contact You for consent, for example:

  • When We are under a contract with You to provide Our Services
  • When We are complying with a legal obligation
  • When We believe it is in Our legitimate interests and proportionate to our objective, and that the use of the Personal Information is not overly intrusive.

However, if We require Personal Information that is considered ‘sensitive’, for example Your medical records, before applying for the Personal Information We will contact You for Your explicit consent. You will have the right to withdraw consent at any time by contacting our Data Protection Officer at the details below.

Security

We are committed to ensuring that Your Personal Information is secure. To prevent unauthorised access or disclosure, We have put in place suitable physical, electronic and managerial procedures to safeguard and secure the Personal Information We collect online, including ISO 27001 accreditation.

Keeping Personal Information up to date

Please let us know if Your Personal Information changes as it is important that the information We hold about You is accurate and up to date. We will not be responsible for any errors or Personal Information losses because of not being informed of a change in Personal Information.

Automated decision making

We may also use Your Personal Information to automate some decision-making processes. We will inform You when decisions are made by this process, and You will have the right to ask for the decision to be reviewed in person, for example by having the option of referring a decision to an underwriter.

Your rights regarding Personal Information

You have the right under current legislation to request a copy of the Personal Information We hold about You, often known as a subject access request.

If You wish to request this Personal Information, please write or send an email to Our Data Protection Officer.

You also have a right to:

  • Ask Us not to process Your Personal Information for marketing purposes. We will always ensure that You are happy for Us (or carefully selected third parties) to use Your Personal Information for such purposes. You can exercise Your right to prevent such processing by checking certain boxes on the forms We use to collect Your Personal Information. You can also exercise the right at any time by contacting our Data Protection Officer
  • If Personal Information about You is wrong or incomplete, ask for this to be rectified
  • Ask for Your Personal Information to be deleted or tell us You no longer agree to Us using Personal Information about You and ask us to stop, provided that We do not need to retain the Personal Information to provide You with the Services (or to keep a record that We have done so)
  • Ask Us to send You the Personal Information that you have provided to Us or which We have generated as a result of providing the services that We have about You or ask Us to send it to someone else
  • Ask us not to use Personal Information about You where it is based on automated decision making (see 'Automated decision making' section of this privacy policy).

Complaints

In the event of a complaint regarding the Personal Information We hold, please refer to Our Complaints Procedure or contact Our Data Protection Officer.

Changes to Our Privacy Policy

We will review and amend this Privacy Policy periodically. When this Policy is amended, We will not usually inform individuals that have provided Personal Information to Us of the changes We make.

Data Protection Officer

For any further information on this Privacy Policy, to make a subject access request or to exercise Your rights under the UK data protection legislation, please contact Our Data Protection Officer, Shalimar Turner:

Email: Shalimar.turner@the-exeter.com

Telephone: 01392 351 972