The Exeter Privacy Policy

The Exeter Privacy Policy

This privacy policy explains how Exeter Friendly Society Limited & The Exeter Cash Plan trading as The Exeter ("The Exeter", "We", "Us" or "Our") uses and protects any information that You ("You" or "Your") give Us by which You can be identified or are identifiable ("Personal Information") when You use Our Services. This privacy policy applies when You request quotations and apply for our insurance products (private medical insurance plans, cash plans, protection products), Our administration of Your insurance products, collecting premiums and the use of Our website, collectively known as the “Services”.

We are committed to ensuring that Your privacy and Your Personal Information are protected. If We ask You to provide certain Personal Information when using Our Services, then You can be assured that it will only be used in accordance with this privacy policy.

For what purpose will Personal Information be collected, and how is it collected?

1. Personal Information provided by You:

We need to collect Personal Information from You so that We can provide and You can receive the Services in relation to the policy that We have entered into, for example when You apply for one of Our products or make a claim. However, You should be aware that We will also process Your Personal Information to comply with a legal obligation (amongst others) or where We have a legitimate business objective (such as ensuring that We deliver the Services and develop Our products in a way that meets Our customers' needs). However, We will take all reasonable steps to ensure that We only collect the minimum Personal Information that is necessary to achieve this objective and will not use it for any other purpose not envisaged in this Privacy Policy or as otherwise notified to You. If We do not collect Your Personal Information it will severely restrict our ability to provide the Services to You, and in a tailored way.

Your Personal Information will be collected in a variety of ways, for example, by use of Our website, completion of an application form, or completion of a claim form and sent by various methods including by post, email and by telephone.

The Personal Information You provide to Us will include:

• Basic personal identifiers, including (but not limited to) Your name, address, email address, bank account details and date of birth
• Additional lifestyle information, for example relating to Your hobbies or occupation
• Sensitive Personal Information, including health information, for the purpose of arranging, underwriting, administering, administering a claim and complying with an obligation under Your insurance contract. We consider such processing to be in the public interest and processing will only be carried out when necessary and proportionate for the purpose.
• Information on family members of a nature listed above, when they are entitled to the Services We provide. Where applicable, please ensure that the family members have had sight of this privacy policy.

2. Information from other sources

We may also acquire Your Personal Information from reputable third-party companies who operate in accordance with UK data protection legislation. We will only take receipt of such Personal Information where You will have already submitted Your Personal Information to these companies and have specifically given permission to allow them to pass it on to other companies that provide similar or complementary products and services to Us. We may also obtain information from credit agencies, public sources, social media and similar online resources.

3. Information We collect through Our website (‘cookies’):

We collect certain types of information from Your web browser via 'cookies' when You use Our website. To find out more information please refer to Our Cookie Policy.

How Your Personal Information is used:

We will use Your Personal Information for the following reasons:

• To administer and manage the Services that We provide which will include providing quotations for our products, underwriting, calculating and adjusting premiums, claims handling and policy renewals
• To perform ancillary business processes connected to Our Services, for example auditing, accounting, internal record keeping, planning and to comply with legal and regulatory obligations
• Research and statistical analysis in connection with improvement of Our Services and products
• To safeguard against criminal activity, crime and fraud
• To customise the website according to Your interests
• To contact You for market research
• To inform You about new products, special offers or other information which We think You may find interesting. We will only do this where You have indicated that You would like to receive such information.

This list is not necessarily exhaustive as changing business needs or external factors may influence the use of the information We hold. Should there be a need to use Personal Information for other reasons, We will update this Policy.

Who else might need to see the Personal Information held?

We may need to send Personal Information to other firms in connection with Our Services, including the following:

• Firms that partly or wholly help Us to administer Our Services. This will include policy administration and assessing validity and payment of claims under the insurance contract
• Joint Data Controllers, specifically Pacific Life Re Ltd, Tower Bridge House, St Katherines Way, London and Swiss Re Europe S.A., Castle House, Castle Hill Avenue, Folkestone
• Our banks and similar financial services firms including currency conversion and payment service providers
• Delivery or courier services
• Analytics providers and search information providers
• Credit reference agencies
• Legal or regulatory organisations
• Our legal advisers in connection with obtaining legal advice or pursuing a claim
• Your appointed insurance adviser
• Other insurers to recover for proportionate share of treatment costs following claims
• Law enforcement agencies and other third parties: Your Personal Information may be shared with other agents or databases for the purposes of preventing and detecting fraud. Some of these organisations will act as data processors on Our behalf (in which case We will ensure that they are subject to appropriate contract terms as required by applicable data protection regulations in the UK) and others, such as separately regulated payment services providers, may act as data controllers themselves (in which case they will be separately responsible to You for the way in which they process, store and transfer Personal Information).

Where will Personal Information be held?

The Personal Information that We collect from You may be transferred to, or processed or stored in any country, including those outside the European Economic Area. To ensure We meet Our obligation to adequately protect Personal Information We will:

• Ensure the purposes and processing associated with any such transfer will comply with all applicable data protection regulations in the UK and EU
• Ensure that any parties to whom We pass Your information agrees to treat Your Personal Information with the same level of protection as required by the data protection regulations in the UK and EU. You can contact us for more information about the specific protections in place in relation to any such transfer.

By submitting Your Personal Information to Us, You acknowledge that Your Personal Information will be transferred, stored or processed as explained within this privacy policy.

How long will Personal Information be held for?

As part of Our commitment to Your privacy, We will not hold Your Personal Information for any longer than is necessary. Your Personal Information will be retained in accordance with our Personal Data and Record Retention Policy, based on the relevant legal and business requirements and, accordingly, the retention periods for Personal Information will vary according to the nature of the information held. In most cases, information will be stored for seven years, but longer periods may apply to comply with regulatory or legal requirements.
For record keeping purposes, We will retain a record to assist Us in determining future applications for insurance that You may wish to take.

Consent

In most cases, when We process Your Personal Information We will not contact You for consent, for example:

• When We are under a contract with You to provide Our Services
• When We are complying with a legal obligation
• When we are arranging, underwriting, administering, administering a claim and complying with an obligation under Your insurance contract
• When We believe it is in Our legitimate interests and proportionate to our objective, and that the use of the Personal Information is not overly intrusive.

Security

We are committed to ensuring that Your Personal Information is secure. To prevent unauthorised access or disclosure, We have put in place suitable physical, electronic and managerial procedures to safeguard and secure the Personal Information We collect online, including ISO 27001 accreditation.

Keeping Personal Information up to date

Please let us know if Your Personal Information changes as it is important that the information We hold about You is accurate and up to date. We will not be responsible for any errors or Personal Information losses because of not being informed of a change in Personal Information.

Automated decision making

We may also use Your Personal Information to automate some decision-making processes. We will inform You when decisions are made by this process, and You will have the right to ask for the decision to be reviewed in person, for example by having the option of referring a decision to an underwriter.

Your rights regarding Personal Information

You have the right under current legislation to request a copy of the Personal Information We hold about You, often known as a subject access request.
If You wish to request this Personal Information, please write or send an email to Our Data Protection Officer.

You also have a right to:

• Ask Us not to process Your Personal Information for marketing purposes. We will always ensure that You are happy for Us (or carefully selected third parties) to use Your Personal Information for such purposes. You can exercise Your right to prevent such processing by checking certain boxes on the forms We use to collect Your Personal Information. You can also exercise the right at any time by contacting our Data Protection Officer
• If Personal Information about You is wrong or incomplete, ask for this to be rectified
• Ask for Your Personal Information to be deleted or tell us You no longer agree to Us using Personal Information about You and ask us to stop, provided that We do not need to retain the Personal Information to provide You with the Services (or to keep a record that We have done so)
• Ask Us to send You the Personal Information that you have provided to Us or which We have generated as a result of providing the services that We have about You or ask Us to send it to someone else
• Ask us not to use Personal Information about You where it is based on automated decision making (see 'Automated decision making' section of this privacy policy)
• Ask us to provide Your Personal Information in a machine-readable format. We will endeavour to meet such requests if our systems are technically compatible.

Complaints

In the event of a complaint regarding the Personal Information We hold, please refer to Our Complaints Procedure or contact Our Data Protection Officer.
If you remain dissatisfied, you may refer your complaint to the Information Commissioner’s Office. Further information is available on their website: https://ico.org.uk/for-the-public/

Changes to Our Privacy Policy

We will review and amend this Privacy Policy periodically. When this Policy is amended, We will not usually inform individuals that have provided Personal Information to Us of the changes We make.

Data Protection Officer

For any further information on this Privacy Policy, to make a subject access request or to exercise Your rights under the UK data protection legislation, please contact Our Data Protection Officer:
Email: dataprotectionofficer@the-exeter.com
Telephone: 0300 123 3201