What Personal Data we collect
We may collect a range of Personal Data from you, such as your name, gender, email address, home address and other contact details including phone and/or mobile phone details, details of your employment or business and other interests, communications with you (including notes from arrangement meetings) and financial and payment information. We may also collect Personal Data that may reveal race or ethnic origin, religious or philosophical beliefs, but only where you choose to give this to us.
Information about cookies
When you use our website, we collect certain standard information that is sent by your browser to our website. This includes technical information, such as your IP address, browser type, operating system, language, time zone setting and location, access times and any referring website addresses. A cookie is a small text file stored on your web browser. We do not use any information retained for marketing purposes.
How your Personal Data is obtained
We obtain Personal Data when you knowingly and voluntarily disclose this to us, both in an online and offline context. We collect Personal Data when you:
- visit our website and / or complete one of our web forms (e.g. to contact us);
- visit one of our premises;
- make an enquiry to us;
- communicate with us via social networking websites, third party apps or similar technologies;
Where you provide us with Personal Data about someone other than yourself (e.g. a next of kin or family member on whose behalf you are arranging a funeral plan), you must obtain their freely given, informed consent before doing so.
We may also collect information received by us from third party sources, for example relating to your use of other websites which we operate and from related third parties such as sub-contractors. This information will only be obtained from reputable third-party organisations that operate in accordance with GDPR.
How your Personal Data will be used
We use your Personal Data to manage and administer your funeral wishes, pre-paid funeral plan, cemetery and cremation applications, floral and tribute orders. We may also act as controller and processor in certain instances. We undertake at all times to protect your Personal Data in a manner which is consistent with our duty of professional care and the requirements of GDPR. We will also take all reasonable security measures to protect your Personal Data in storage.
Use of your Personal Data for marketing purposes
Any information that you choose to give us will not be used for marketing purposes by us. We will hold your Personal Data only for administering and managing your contact with us. Pre-paid funeral plans have their own specific marketing policy, which you will agree to during any plan application processing.
We will keep information about you confidential and we will from time to time share your Personal Data for audit, compliance and administration purposes as well as for the management of your contract with us. We will only disclose your information with third parties with your express consent except in the following categories of third parties:
- OSIRIS – Our funeral management service software providers who do not store your data but may access it in the case of provinding us with support services;
- Insurance companies, loss assessors, regulatory authorities and other fraud prevention agencies;
- Any mailing or printing agents, contractors and advisors that provide a service to us or act as our agent on the understanding that they keep the information confidential;
- Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so if the law permits
- Anyone to whom we may transfer our rights and duties under any agreement we may have with you;
We may disclose your Personal Data to third parties in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets. If a change happens to our business, the new owners may use your personal data in the same way as set out in this privacy notice.
Your Personal Data is not kept for longer than is necessary for the purposes for which it is collected. This means that data and records (including Personal Data) are destroyed or erased from our systems when no longer required. The amount of time that records are kept for varies depending upon the type of Personal Data they contain.
Subject access requests
The GDPR grants you the right to particular data we hold about you. This is referred to as a subject access request. We shall respond promptly, and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold, including the following:
- Sources from which we acquired the information;
- The purpose for processing the information;
- Persons or entities with whom we are sharing the information.
Your choices and rights
You have a number of rights in respect of your Personal Data and you can make a number of choices. If you wish to:
- request a copy of the Personal Data that we hold about you;
- request that we rectify, delete, or limit the processing of your Personal Data.
Accuracy of information
To provide the highest level of customer service possible we need to keep accurate Personal Data about you. We take reasonable steps to ensure the accuracy of any Personal Data or sensitive information we obtain. We ensure that the source of any Personal Data or sensitive information is clear, and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information and you can help us by informing us of when these changes occur.
If you have a complaint regarding the use of your Personal Data or sensitive information then please contact us in writing: Rob Crumpton, Crumpton Rudd Funerals, 14 Park Gardens, Kingston upon Thames, Surrey, KT2 5LT.
If you are not satisfied with the handling of your concern or complaint by us, you can escalate this to your national Data Protection Authority. In the United Kingdom, this is the Information Commissioner’s Office.