Here at Future Proof we have taken on board the Information Commission Office’s requirements regarding General Data Protection Regulation and how this will affect our clients’ services now and in the future. During this process we have considered our right to hold client data through our regulatory requirement to evidence our advice and when this might supersede the ICO requirements.
All management and staff are aware of GDPR and the effect this has on how we interact with clients and their data. The CEO, MD, HR, T&C, Client Relationship and Marketing Managers are all on the GDPR committee.
Being a service based company which does not use client data for unsolicited sales and marketing communications we are considered very low risk. Even so we have carefully considered what data we hold, how we hold it, use it and for how long.
Future Proof Limited takes your privacy very seriously. We also pride ourselves on providing you with an excellent service, which means we will need to acquire and retain a certain amount of information. This document is designed to help you understand what information we need, why and how we will use it.
We will only use your personal information to provide the excellent service we promise to offer. We will need to assess your position, provide you with advice and apply for the products you request. We also provide ongoing servicing to ensure your policy or policies remain appropriate and in place, giving you and your family peace of mind.
We will not use your information for blanket marketing nor will we pass your information on to any third parties without your consent.
Information we hold and how we categorise it
We have two types of clients:
- Existing clients where we already have the right to hold their data and contact them.
- New clients/prospective clients where we have the right to hold their data for a period of time and contact them until they are deemed as no longer interested.
A new prospective client becomes a client once we have set up a policy for them, but for the purposes of holding data, as soon as we have given them advice we have a legal obligation to evidence how we arrived at our conclusions and therefore will continue to hold the data.
The information we hold constitutes:
- Contact details as shown on FLG or other CRM in the future
- Medical information as held on a fact find, medical reports or client communications
- Quote and application data as required under FCA regulatory requirements and compliance obligations
- Client phone calls
- Emails and letters from clients
- Financial details
This data is shared with insurance providers, specialist brokers and medical professionals. This is shared as the client progresses through our process and their agreement to progress to quote or application for instance, provides us with their authority to share this information to facilitate their request.
Source of Clients and when we need to hold their information:
We already have transacted business and therefore have a legal obligation to hold their data in perpetuity.
Orphan clients – Existing Client
Existing client data where we have been provided with servicing rights under our agreement with the insurance provider (AIG). This gives us consent to keep in touch and help service their existing policy. We will hold their data for as long as we are contracted by AIG.
Referral from Existing Clients – New Prospective client
We have been asked by an existing client to provide advice to a friend or family member. These are considered new prospective clients.
Referral from partners – New Prospective client
We have been asked by a business partner to offer advice to a client. These are considered new prospective clients.
Non – advised enquiries (such as online enquiries quotes and application with no advice being given) – These are considered a New Prospective client until we send out a trust form when they will then be considered an existing client. When we will send out trust forms we do so with our suggestion on how to complete the form and “advice” on which form and why they should consider it. As this is part of an advised process, although we have not advised on the structure of the policy, we have provided some advice to the customer. We should retain their information to be able to evidence the trust advice given to the client.
Introducers – New Prospective client
We have been asked by a business partner to offer advice to clients. These are considered new clients where their request for a quote provides consent.
What happens to client data
- Where no advice has been given we will hold information for no more than 12 months, which specifically refers to New Prospective clients (as above) where they have requested a quote, but we don’t provide any advice (name, DOB, address, limited medical info). We will only hold this information for 12 months.
- Where advice has been given as in the following situations we will retain client information to evidence the advice but will not use this for marketing without client consent.
- New prospective client requests a quote and a Fact Find is completed (soft/hard facts + medical info). We will have given some advice, maybe a recommendation but it never went any further.
- Existing client requests a quote, Fact Find completed (soft/hard facts + medical info). We will have given some advice, maybe a recommendation but it never went any further.
- Recommendation made and prospective client (now a client) applies for cover but is declined or doesn’t proceed.
- Client applies for cover and it starts.
- Client applies for cover and it starts, but it expires or is cancelled.
What happens if a client exercises their Right to be forgotten
- Where prospective customers have not applied for cover, as illustrated below, we will delete all the information we hold on request. When a new prospective client requests a quote but we don’t make contact (name, DOB, address, limited medical info). When a new prospective client requests a quote, Fact Find completed (soft/hard facts + medical info). We will have given some advice, maybe a recommendation but it never went any further.
- Where a customer, as illustrated below, requests to be forgotten we will be required to retain their information and meet our obligations to evidence our advice process:
- Where an Existing Client requests a quote, Fact Find completed (soft/hard facts + medical info). We will have given some advice, maybe a recommendation but it never went any further.
- Where a recommendation is made, and client applies for cover but is declined or doesn’t proceed.
- When a client applies for cover and it starts.
- When a client applies for cover and it starts, but it expires or is cancelled.
What is our Lawful basis for processing personal data
By providing contact information and requesting a quote, a prospect or client has shown legitimate interest in our services and would therefore expect to be contacted.
Once advice has been given there is a legal obligation for us to prove this advice was correct. If a prospective client or a client ever acted on that advice, whether through us or independently, and decided it was incorrect, we could be held accountable and would need to support/evidence that advice.
Compliance to FCA Rules and Guidelines: We have a legal obligation to fully evidence every application we submit. This is set out in our Training and Competence manual.
When do we need specific client consent to contact you?
When we receive contact from a NEW potential client requesting a quote or advice or we receive a notification that a potential client has requested contact. We take that request as showing they have an interest in our services and therefore consent to us contacting them to offer a quote or advice based on their requirements.
If a client states, they are no longer interested in our quote we stop contacting them and will not contact them unless we have their specific consent to do so. We will ask the client if they are happy for us to keep in touch with them and record this on their record. If this is not given, we will amend their contact preferences to ‘do not contact’.
Once a prospective client has received advice and they agree to proceed, they become a client. We will be providing an ongoing service for them – for instance to manage an application or service a new policy. This request to progress is their consent for us to keep in touch and complete their journey, unless they specifically ask us to no longer contact them.
For policies we have set up but then a client asks to cancel their policy we will stop contacting them, but we retain their data to evidence our advice process and change their contact preferences to ‘do not contact’.
Orphan clients are considered to be existing clients and therefore we have authority to contact them to service their policy as laid out in our servicing agreement with AIG.
We do not transact any business with people under the age of 18.
Once we are made aware of a data breach we will identify the data affected and what information it relates to. We will then contact the relevant parties to confirm the data breach and how this affects them. Should we identify an improvement in our data handling procedure because of a breach we will implement it and let all parties know.
Making a complaint
If you’re unhappy with how we’ve handled your information you can refer your concerns to the Information Commissioner’s Office, the body that regulates the handling of personal information in the UK, at: