We comply with EU General Data Protection Regulation (GDPR) for the protection of personal data, as well as the principles of data security in the configuration of our services.
We process your personal information to let us administer your account and provide products and services you’ve bought from us. To buy a product or service, we will have to collect, store and use elements of your personal data. This means we will be processing your data on a contractual basis. If you don’t provide this personal data then we cannot execute the contract. That means we may have to terminate our services to you.
If you have any questions about this policy, or how we use your personal data, please contact firstname.lastname@example.org.
We will always respect your privacy and security.
We won’t sell your data to any third parties outside of our own group.
We’ll only make contact with you if we have a lawful reason to do so.
We won’t pass your data on to anyone who shouldn’t have it.
There’s some data we may have to keep for legal reasons. There are also some communications we’ll send you because we genuinely believe you’ll find them interesting. But if at any time, you want us to remove your data from our systems, then you can ask us to that by dropping a line to: email@example.com.
WE WILL RESPECT AND PROTECT YOUR PRIVACY
WE MAY COLLECT SOME INFORMATION FROM YOU
We may collect and process information about you in these categories:
identity data such as your first name, last name and job title;
contact data such as your email address, phone number and correspondence address;
demographic data such as your date of birth and your postcode (or equivalent);
other identifying information that you provide us, including without limitation unique identifiers such as passwords, and information in emails or letters that you send to us;
information you provide by filling in forms on our website (or the websites/platforms operated by our approved independent affiliates/product providers);
information you provide us, or that we may collect from you, when you report a problem or otherwise provide feedback relating to a product or our services generally;
your name and email address from a third party, such as our approved independent affiliates/providers/introducers, if that third party has a lawful reason to share your information with us;
Financial data such as your credit or debit card details or your bank account details;
Technical data when you use our website, such as internet protocol (IP) address, your login data, browser type and version, your device’s geographic location.
When you buy a product, for example a funeral plan, from us, we will need this information:
First name(s), surname or company name
Address (street, street number, postal code, city and country/region)
Phone and mobile number
Bank details (account number, account holder and card number)
Next of Kin name, contact details, relationship to you. We shall only use this information to contact the next of kin if we are unable to contact the plan holder.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect identify fraud, we will record this, and we may also report this to the appropriate authorities.
We may monitor, record, store and use any communications with you for training purposes and as a reference point for auditing any instructions given to us.
WE WILL USE YOUR INFORMATION LAWFULLY
We will only use your personal information where we have a lawful basis to do so. The lawful purposes that we rely on under this policy are:
consent (where you choose to provide it);
performance of our contract with you;
compliance with legal requirements; and
legitimate interests. When we refer to legitimate interests we mean our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests.
If you apply for a Funeral Plan, or you request a consultation or a quote for a Funeral Plan, we shall use your personal data to consider your application and, as appropriate, your account, and to provide the Funeral Plan to you on a contractual basis.
We may from time to time need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of any legal reporting obligations we have, our anti-money laundering processes or to protect a third party’s rights, property, or safety.
We may also use your personal data for our legitimate interests including:
to improve our site and services;
in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
to deal with any questions or comments you raise;
to prevent fraud or to indicate possible criminal acts or threats to public security;
for audit purposes;
for market research and analytic purposes;
to contact you to respond to your request;
to contact you about changes to this policy; and
If you give us your consent to do so, we may also send to you by email marketing communications about us or our group companies’ products and services.
If you give us your consent, we may collect your device’s location information to provide you with location-based services.
If we intend to further process your personal data for any other reason, we’ll give you information about that before it happens.
WE MAY NEED TO DISCLOSE YOUR INFORMATION
If you buy a Funeral Plan through us, we and/or the provider of that plan must disclose your information to the Funeral Director nominated to the funeral plan or a Funeral Director that you’ve nominated to conduct the funeral. When you buy a Funeral Plan, you consent to the transfer, storage and use of your Information by the Funeral Director with whom we share your Information.
For our legitimate interests, we may share your personal data with our service providers, sub-contractors and affiliates that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, payment providers, accountants, auditors and lawyers. We shall provide our service providers, sub-contractors and affiliates only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
If we need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety then in doing so, we may share your personal data with third party authorities and regulatory organisations and agencies.
If we choose to merge, sell assets, consolidate or restructure, finance, or sell all or a portion of our business by or into another company then the new owners may use your personal data in the same way that we do, as set out in this policy.
WHERE WE HOLD AND PROCESS YOUR INFORMATION
The information we collect from you we may store, process and transmit in Europe and around the world - including outside the United Kingdom. Information may also be stored on the devices you use to access our website.
Where your personal data is transferred outside the United Kingdom, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to protect your personal data.
RETENTION OF YOUR INFORMATION
We will retain personal information in accordance with applicable laws.
As a general rule, if you currently have a contract or intend to enter into a contract with us, we will store the data for a period of 7 years after the contract ends, so that we may comply with our general legal obligations and for the exercise or defence of any legal claims.
However, we may also be required to retain any personal information we hold for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents and in order to deal with any dispute you might raise.
Where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
WE TAKE SECURITY MEASURES SERIOUSLY
We may, for example, use encryption technology to secure your information during transmission to our platform as well as external and on-host firewall technology to prevent network level attacks. Only employees that need to access your Information are able to do so.
However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure. If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.
If you give us your consent to do so, we may use your information to predict what you might be interested in and then to send you marketing communications by email about us or our group companies’ products and services that we have predicted might interest you.
You can choose to no longer receive marketing either by post and/or by email by contacting us at firstname.lastname@example.org or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. If you still have a plan via us, we may continue to email you in relation to your account only.
YOU HAVE RIGHTS UNDER GDPR
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below.
Under the GDPR, you have the right to ‘block’ or request the deletion or removal of personal data to prevent further processing. This right to erasure is also known as ‘the right to be forgotten’.
Specific circumstances in which you can request the deletion or removal of personal data includes:
Where the personal data is no longer necessary for the purposes for which it is collected or otherwise processed.
Where you withdraw consent.
When you object to the processing and there is no overriding legitimate interest for continuing the processing.
Where the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
Where the personal data has to be erased in order to comply with a legal obligation.
In case a deletion is not possible due to legal, statutory or contractual retention periods, or if it requires disproportionate efforts or prejudices your legitimate interests, the data will be blocked or anonymised instead of deleted.
You also have the right to see what personal information we are processing. This can be requested by emailing our compliance officer. We won’t charge for this service unless you make multiple requests, in which case there may be nominal charge to cover the administration of those requests.
You may also ask us for a copy of the personal data that has been processed through automated means. This will be provided in a structured, commonly used, and machine-readable format (where technically feasible) which you may then transmit to another controller.
You have the right to request us to send this to another controller on your behalf, but only if this is technically feasible for us to do so. You have the right to withdraw your consent for us to collect, process and store your data at any time. If you wish to withdraw your consent, please confirm this in writing to our compliance officer.
HOW TO ACCESS AND AMEND YOUR INFORMATION
You can access a broad range of information about your funeral plan by contacting us via phone or email.
You can do this by emailing email@example.com.
If you’re concerned about any aspect of data protection or if you feel your privacy has been breached by us, we want to hear from you. Please contact our compliance officer – the quickest way to do this is with an email to firstname.lastname@example.org.
If you are unhappy with the final response you receive from us, then you may complain to the Information Commissioner’s Office (ICO) and we ask that you do so within three months of your last meaningful contact with us.
You can call the ICO on 0303 123 1113 or by visiting their website: https://ico.org.uk/.