OneFamily Privacy Notice

OneFamily is committed to preserving the privacy and security of your personal information. We ask that you read this Privacy Notice carefully as it provides you with important information on:

  • your rights and obligations
  • how we collect and use your personal information
  • who we share your personal information with
  • what we do to keep it secure
  • how to contact the OneFamily Data Protection Officer

This Privacy Notice applies to you if you access or apply for any of our products or services over the phone, or by post or online via our websites and online services. It will also apply to you if you register and vote via the Foundation website or are a financial adviser or mortgage broker who introduces potential customers to us.


1. Who are we?

When we say ‘OneFamily’, ‘we’, ‘us’ or ‘our’ we’re generally referring to the separate and distinct legal entities that make up the OneFamily Group who are data controllers as set out below:

Product /Services/ Activity Data controller
Lifetime mortgages OneFamily Lifetime Mortgages Limited
Lump sum investment bonds
Regular premium savings bonds
Life Insurance
Family Assurance Friendly Society Limited
Junior ISAs
Child Trust Fund
Family Equity Plan Limited
Child Trust Fund Engage Mutual Funds Limited
Unit Trusts Family Investment Management Limited
ISAs (formerly PEPs) Family PEP Managers Limited
Advice on lifetime mortgages OneFamily Advice Limited
Foundation activities OneFamily Foundation Limited
Cash savings Governor Finance Limited
Insurance intermediary Engage Mutual Services Limited

OneFamily acts as the data controller in the collection, use, storing, protection and transfer of your personal information.


2. What types of personal information do we collect?

The personal data we collect includes:

Identity and contact details - your title, name, address, date of birth, contact details and contact details history, passport information and security details such as your national insurance number

Employment - your employment status and details of your work or profession

Financial - your financial position, status and history

Transactional - details about your transactions with us, such as, Direct Debit mandate instructions and any claims. Your online account login details, including your user name and password and memorable information

Communications - information about you from emails, secure messages or letters you send to us or information gathered during telephone conversations with you

Open data on public records - details about you that are in public records such as the Electoral Register and company registers, and information about you that is publicly available, such as the press and online search engines

Criminal history – details of criminal records, convictions or allegations

Photographs or videos – for some OneFamily activities we may use photographs or videos of our customers and individuals who are involved in Foundation grants/awards

Information Technology - when you use our websites, we monitor website behaviour via analytics software and we collect information about how each visitor uses our site.  This information is then used to compile reports and to help us improve our site.  We collect information about any device you have used to access our services (such as your IP address).  For our terms of use of our website including information on cookies and tags, please follow this link:

Special Categories of Data - the law and other regulations treat some types of personal information as special. These categories are personal data relating to your:

  • Racial or ethnic origin
  • Religious, political or philosophical beliefs
  • Trade union membership
  • Genetic and bio-metric data
  • Health data
  • Lifestyle information, including data related to sex life or sexual orientation.


3. How do we collect your personal information?

 Personal information provided by you directly

  • When you engage with us for a product or service
  • When you visit or register details on our websites
  • When you request a quote, or fill in an application form either online or by post
  • When you telephone us, you provide us with information, including answers to your security questions and we record your conversations with us
  • When you send communications to us via post or electronically
  • When you take part in our competitions, promotions or surveys
  • When you provide us with your customer feedback and/or join customer forums.
  • When you engage with the OneFamily Foundation
  • When you register with the OneFamily Foundation and take part in our OneFamily Foundation events including voting for a community project or charity.

We collect information from other sources about you

  • From a broker or intermediary who we work with to provide products, services or quotes to you
  • Business partners such as financial services institutions and insurers who are a part of providing your products and services or operating our business
  • Credit reference and fraud prevention agencies to verify your identity and to comply with anti-money laundering legislation
  • Public records and government and non-government agencies such as the Electoral Register and property registration authorities
  • Someone authorised on your behalf, such as a Power of Attorney
  • Medical professionals to confirm certain health information.


4. How do we use your information?

The purposes and reasons for processing your personal data are detailed below.

It is necessary for the performance of our contract with you

  • To take steps before entering into the contract
  • To manage and perform the contract
  • To deal with any of your transactions
  • To update your records
  • To resolve complaints.

It is our legitimate interests to do so

  • To maintain our own records and accounts for business accounting, tax, auditing and risk management purposes
  • To update your records, trace you if we lose contact, and collect and recover money that is owed to us
  • To perform and test the performance of our products and services to ensure we have robust systems and controls to manage our business
  • To carry out searches at credit reference agencies before entering in to a contract with you
  • To carry out market research, analysis and develop statistics, including through reputable agencies to develop new products and services to meet our customers’ needs and to assess how well we are performing
  • To use web profile and usage data to personalise your browsing experience to better aid our understanding of customer behavior so we can serve you better, or target our marketing more successfully
  • To carry out data segmentation and statistical analysis to better aid our understanding of customer behaviour so we can serve you better, or target our marketing more successfully
  • To conduct marketing activities (unless you have opted out of such marketing)
  • To record telephone calls for training and monitoring purposes, and your protection
  • To share your personal information with business partners and service providers when you apply for a product to help manage your products and services
  • To verify application forms for Foundation awards
  • To monitor voting for Foundation awards.

 To comply with our legal obligations

  • To establish your identity to comply with law and regulation concerning the prevention of money laundering, fraud or terrorist financing
  • To help you exercise your rights under data protection law
  • To provide statutory and regulatory information
  • To prepare returns to regulators and relevant authorities including preparation of income tax, capital gains tax, capital acquisition tax and other revenue returns
  • To complete financial background checks before you start working for us
  • For establishment and defence of legal rights.

With your consent or explicit consent:

  • For marketing communications about our products and services. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw such consent at any time
  • Before we collect and process Special Categories of Data such as information about a disability, your health, a vulnerability or a change in your personal circumstances. We may obtain sensitive medical information directly from you or your doctor to administer certain products and services. The provision of this information is subject to you giving us your express consent on the Medical Questionnaire.


5. Who might we share your information with?

OneFamily takes your privacy very seriously and will never disclose your information unless there is a legal basis for doing so. We will not sell, license, trade, or rent your personal information to anyone. Depending on the product or service that you have with us we may disclose your personal information to:

  • Law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies where we are required or requested to do so by law
  • Auditors and actuaries
  • Credit reference agencies and fraud prevention agencies
  • Mortgage funders and lenders
  • Our professional advisers
  • Health insurance and funeral plan providers
  • Business partners (e.g. financial services institutions and insurers)
  • Your broker or financial adviser
  • Trustees of pensions schemes and service providers involved in the administration of these schemes
  • Where we need to do so in order to exercise or protect our legal rights, other users, or our systems and services
  • Subcontractors to perform functions on our behalf. Examples include companies that:
    • Analyse data, providing marketing assistance, providing search results and links (including paid listings and links)
    • Provide us with systems and services that support the administration of our products and services
    • Provide banking and payment services to support or enable payment, for example by direct debit or debit/credit card
    • Companies that help us delete or store data, including for disaster recovery purposes.

Credit referencing agencies

The personal information we collect from your or about you may be shared with credit reference agencies who collect and maintain information on consumers’ and businesses’ credit behaviour on behalf of lenders in the UK.  When you apply for a product, where relevant, we will notify you if your information may be sent to a credit reference agency.

Fraud prevention agencies

We use your personal information in accordance with this Privacy Notice for the purposes of preventing fraud, money laundering and to verify your identity.  We provide this information to fraud prevention agencies.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us.

For other purposes approved by you

  • Family members or other individuals that you have told us may act on your behalf
  • Where the policy is for a child, we may share information about the child and the policy with the named registered contact or parent/guardian or payer of the policy, in line with the terms and conditions of that product
  • In response to requests from individuals (or their representatives) seeking to protect their legal rights or the rights of others
  • In circumstances other than as set out above, you will receive notice when information about you might go to third parties and you will have an opportunity to choose not to share the information.

 Other reasons for sharing data

 We will transfer your personal information to other organisations in certain scenarios such as:

  • If we're discussing selling or transferring part or all of a business, your information may be disclosed to prospective purchasers, but only so they can evaluate that business
  • If we are reorganised or sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.

Transfer of data outside of the EEA

We’re based in the UK, but sometimes your personal information may be transferred by us or our data processors to countries outside of the European Economic Area. If this is the case, we will ensure that the information is transferred in accordance with this Privacy Notice and as permitted by the applicable laws on data protection.

Links to other websites

We sometimes provide you with links to other websites, but these websites are not under our control. Therefore, we will not be liable to you for any issues arising in connection with their use of your information, the website content or the services offered to you by these websites. We advise you to consult the privacy notice and terms and conditions on each website to see how each supplier may process your information.


6. Security of your personal information

We take the security of your personal data seriously and the following measures are in place to protect your information including:

  • We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you
  • We maintain a CCTV record inside and outside our head office for the purposes of detecting, preventing or prosecuting crime
  • We implement access controls to our information technology, such as firewalls, ID verification and logical segmentation and/ or physical separation of our systems and information.


7. How long do we keep your personal information for?

We keep your personal information only for as long as necessary. The criteria we use to determine data retention periods include:

  • regulatory and legal requirements
  • good business practice
  • time periods applicable to assessing and defending claims and/or investigations
  • dealing with any queries you may have.


8. Your rights

Your Rights More information
Right to access You can request a copy of the personal information that we hold about you. This is generally known as a ‘Data Subject Access Request’ and we normally have 1 month to respond.

To request this information, you will need to contact us.

Right to rectification We take reasonable steps to keep your information accurate and current. However, please remember that it is your responsibility to tell us about any updates to this information.
Right to erasure or to be forgotten In certain circumstances, you have the right to ask us to erase your personal information. However, this right will need to be balanced against other factors, for example the type of personal information we hold about you and why we have collected it. There may be some legal and regulatory obligations which mean we cannot comply with your request.
Right to restriction of processing In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.

Where a restriction is in place we can continue to store your information but only otherwise process it with your consent or for the establishment, exercise or defence of legal claims, for the protection of another individual’s rights or for important public interest reasons.

We will inform you before any restriction.

Right to be informed You have the right to be informed.  We must provide you with fair processing information.  This information is contained in this Privacy Notice.
Right to data portability In certain circumstances, you have the right to ask that we transfer any personal information you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your personal information.
Right to object to processing Where our processing of your information is performed on the basis of ‘Legitimate Interest’ or ‘public interest’, you can request we stop the processing. We can continue to process your information for the establishment, exercise or defence of legal claims and if we demonstrate compelling legitimate grounds which over-ride your interests, rights or freedoms.

You can object to our processing of your information for direct marketing purposes and we will cease any processing related to direct marketing.

Right not to be subject to a decision based solely on automated processing You have the right to object to us making automated decisions about you, including profiling that would have a legal or significant effect on you.

We will inform you when we will make this type of decision.

If you would like to exercise any of these rights, please contact us.


9. Changes to this Privacy Notice

We may change this Privacy Notice from time to time.  Any changes to this Privacy Notice will be posted on our websites, and/or where we think it is appropriate, via email so that you will always know what information we gather, how we might use that information, and whether we will disclose that information to anyone.

Please check our website regularly to see recent changes.

This Privacy Notice was last updated in May 2018.


10. How to contact us about the privacy of your information

All comments, complaints and requests relating to our use of your personal information are welcomed and should be addressed to:

Contact:  The OneFamily Data Protection Officer

Address: OneFamily, 16-17 West Street, Brighton BN1 2RL

Email: [email protected].  Please don’t send confidential personal information by email as it’s not secure and there’s always the risk it could be intercepted.

You also have the right to complain to the Information Commissioner’s Office, which is the body created to uphold information rights. Go to to find out more.