Direct2Grave Limited (the Company) understands its obligations regarding your fundamental right to privacy and has systems and controls to ensure that your rights and freedoms are protected.
The Company undertakes to meet its obligations under the Data Protection Act, the Privacy and Electronic Communications Regulations and the EU General Data Protection Regulation (GDPR).
Who will process your personal information?
Your personal information will be processed by the Company in accordance with this privacy notice.
Why is your personal information required?
Your personal information is required to enable us to provide you with funeral, memorial and related services e.g. donations, and to contact you, either in writing, by email or telephone before, during and after such services have been supplied.
Please note that GDPR only applies to the living. The data we ask of your loved one, relative or friend is for legal reasons and will be treated in the same way as the data we process from our clients.
Special category data
Such data includes, without limitation, date of birth, religion, bank details, payment card numbers etc. We only ask for the bare minimum to enable us to fulfil our obligations and services to you, our client. Such data (if required) is destroyed securely after its use.
What happens if we want to process your information for other reasons?
Other than in the pursuance of the services we offer you and for legal reasons we will not provide your data to or knowingly allow it to be used by any third party. If we become aware that your data has been stolen, we will endeavour to notify you.
What are the consequences if you do not provide your personal information?
Your personal data is essential to enable us to provide the services requested, without which we may not be able to provide the services requested.
What makes the processing lawful?
Because the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, for compliance with any legal obligation to which we are, or might become in the future, subject for the performance of a task carried out in the public interest, for the purposes of our legitimate business interests.
Keeping your information up to date
We will record your information exactly as you provide it. You may ask us to update it at any time and we will do so promptly.
How will we further use your personal information (our legitimate interests)?
To contact you to ensure that our records of your personal information are correct, to respond to questions or complaints you have about our services or other actions carried out during the course of our business, to update you with changes in our terms and conditions of business, for research and analysis relating to the performance of our business and understanding the changing needs of our clients, to review, improve and develop services we offer or handle complaints, to pursue debts or unpaid fees.
You have the right to object to processing for these purposes and we shall cease unless we can show we have compelling legitimate grounds to continue.
What information is required?
We only collect information that is necessary to carry out the purposes listed above. This includes information you supply and any data we may receive from reference agencies. Where practical and lawful we will inform you about any personal data we receive about you from third parties that you may be unaware of.
How secure will your data be?
We will ensure that your data is only accessible to authorised people in our business and will always remain confidential. Appropriate security measures will be in place to prevent unauthorised access, alteration, disclosure, loss, damage, or destruction of your information.
If we have a contract with another organisation to provide us with services or a service on our behalf to process your personal information, we’ll make sure they give reassurances regarding appropriate security measures in place and only process your information in the way we’ve authorised them to. These organisations will not be entitled to use your personal information for their own purposes.
Sharing your information with third parties
We will share your information with:
- The Company’s staff where and if appropriate
- Organisations and individuals in the private and public domain that need your information for the following purposes:
- Where we instruct clergy or celebrants to provide funeral or memorial services,
- To Identify you as the rightful owner of burial right where we are to inter a deceased or erect a memorial for you
- As an applicant for a cremation or cremation services.
- Doctors who are to provide forms that certify a death.
- Such organisations include Burial Authorities, Local Councils or Religious Organisations who have relevant authority.
- Organisations in the charitable sector nominated by you, a family member or friend to receive moneys in lieu of flowers in order that they might process such donations, collect gift aid and write a letter of thanks.
- Law enforcement agencies, courts or other public authorities if we have to, or are authorised to by law.
- Were we to go through a business transaction, such as a merger, being acquired by another company, whether in whole or in part, your information will, in most instances, be part of the assets transferred.
What about direct marketing?
We may use the information provided now and, in the future, to carry out direct marketing activities as these are legitimate interests pursued by us. You can choose which method you’d prefer we use to contact you (by mail, email or telephone) and you have the right to object at any time to the use of your personal data for this purpose and after such notice we will cease marketing activity. Please see our contact details at the bottom of this document.
Telephone call recording
In line with The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 we may record incoming or outgoing telephone conversations for the following purposes:
- Establishing facts and evidence for business transactions;
- Ensuring compliance with regulatory or self-regulatory practices; ascertaining and demonstrating that standards are being meet;
- Preventing or detecting crime; Investigating or detecting the unauthorised use of that or any other telecommunication system;
- Safeguarding the effective operation of the telecommunications system.
How long will we keep your information for?
We will not keep your information for longer than is necessary. We are currently required to maintain financial information for a period of 7 years and some of this information may include your personal information. Should this period change we reserve the right to keep your information for as long as is legally required.
Requesting a copy of the information we hold
You may at any time ask for a copy of the information we hold about you – it is your legal right. We will provide you with a copy of any non-exempt personal information within one month unless we ask you for an extension of time. To protect your personal data, we will ask you to verify your identity before we release any information. We may refuse your request if we are unable to confirm your identity.
You have the right, on grounds relating to your situation, at any time to object to processing which is carried out as part of our legitimate interests or in the performance of a task carried out in the public interest. We will no longer process your data unless we can demonstrate that there are compelling legitimate grounds which override your rights and freedoms or unless processing is necessary for the establishment, exercise or defence of legal claims. You have the right to object at any time to processing your personal data for marketing activities. In such a case we must stop processing for this purpose.
What are your other legal rights?
In addition to the rights above, you have the additional following rights:
Where you have given consent, you have the right to withdraw previous consent to processing your personal data at any time;
You have the right to request from us access to and correction or deletion of personal data or restriction of processing concerning your data;
You have the right to receive data you have provided to us in a structured, commonly used and machine readable format;
You have the right to lodge a complaint with the regulator (see below). To exercise any of these rights please contact us (details below).
How to contact us
You can contact us about any data protection or marketing issues by:
Writing to: Direct2Grave Limited, The Old Dairy, London Road, Dunton Green, Kent TN13 2TD
- Writing to: Direct2Grave Limited, The Old Dairy, London Road, Dunton Green, Kent TN13 2TD
- Telephoning: nnn nnn nnnn
- Emailing: email@example.com
How do you make a complaint to the regulator?
- By writing to:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- By telephoning: 0303 123 1113
- By emailing: firstname.lastname@example.org
- By using their website: https://ico.org.uk/for-organisations/report-a-breach/