GDPR Policy

Privacy notice

Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the UK GDPR.

This privacy notice tells you what to expect us to do with your personal information when you contact with us or use one of our services.

What is personal data?

Personal data is any information that relates to an identified or identifiable living individual. This can include your:

  • name
  • address
  • email
  • phone number
  • date of birth
  • national insurance number
  • bank details.

Why we collect your personal data

We collect your personal data for various purposes, such as:

  • to provide you with the services you request or need
  • to receive payments from you
  • to communicate with you about our services
  • Security in our premises via CCTV
  • to comply with our legal obligations
  • to improve our website, services, or customer satisfaction (includes feedback)

We only collect the personal data that is necessary for the purpose we are using it for. We do not collect more data than we need or keep it for longer than we must.

How we collect your personal data

We collect your personal data in different ways, depending on how you interact with us. For example, we may collect your data when you:

  • receive a service from us
  • contact us by phone, email, post, or social media
  • apply for a job or volunteer with us
  • make a complaint or give us feedback

We may also receive your personal data from other sources, such as:

  • other local authorities or public bodies
  • third-party service providers or contractors
  • healthcare providers or social care agencies
  • police or courts

We will tell you where we got your personal data from and why we are using it unless we are prevented by law or there is an exemption (such as it would compromise an investigation).

How we use your personal data

We use your personal data in accordance with the data protection principles

This means that we will:

  • only use your personal data for a specific and lawful purpose
  • only use your personal data in a way that is fair and transparent to you
  • only collect and keep the personal data that is relevant and necessary for that purpose
  • keep your personal data accurate and up to date
  • only keep your personal data for as long as we need it for that purpose.
  • keep your personal data secure and protect it from unauthorised access, use, or loss
  • be responsible and accountable for how we use your personal data

When we may share your personal data with third parties

We may share your personal data with other organisations or individuals, such as:

  • other local authorities, government departments or public bodies
  • third-party service providers or contractors that provide services on behalf of Legacy Funeral Services
  • healthcare providers or social care agencies
  • police or courts
  • credit reference agencies or debt collection agencies

We will only share your personal data when we have a legal basis and it is necessary to do so, such as:

  • to provide you with the service you requested or need
  • to comply with our legal obligations, such as safeguarding, auditing, or fraud prevention

We will tell you who we are sharing your personal data with and why, unless we are prevented by law, or there is an exemption.

We will only share the personal data that is necessary for the purpose we are sharing it for. We will not share more data than we need or keep it for longer than we have to.

We will not typically share information outside the EU. Where an organisation is international in nature, we will have completed a risk assessment and there will be a legal basis for this transfer.

How long we keep your personal data for

We keep your personal data for no longer than necessary. Typically 7 years.

How we protect your personal data

We take the security of your personal data very seriously. We make sure the systems we use have sufficient controls and security in place to make sure that staff can be managed effectively and to protect against external threats.

We use various technical and organisational measures to protect your data from unauthorised access, use, or loss. For example

  • encrypted servers
  • firewalls
  • remote backup
  • cloud-based computing including virtual servers
  • password protection
  • policies and procedures around data protection

About your individual rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

  • the right to be informed about how we use your personal data
  • the right to access your personal data and get a copy of it
  • the right to rectify your personal data if it is inaccurate or incomplete
  • the right to erase your personal data if you no longer want us to keep it or we have no legal basis to keep it
  • the right to restrict the use of your personal data if you think it is inaccurate, unlawful, or unnecessary
  • the right to object to the use of your personal data for certain purposes, such as marketing or profiling
  • the right to data portability, which means you can ask us to transfer your personal data to another organisation or to you in a machine-readable format
  • the right to withdraw your consent at any time if we are relying on your consent to use your personal data
  • the right to complain to the Information Commissioner's Office (ICO) if you are unhappy with how we use your personal data

You can:

  • request copies of information we hold about you
  • request changes to information we hold about you

How we update this privacy notice

We may update this privacy notice from time to time to reflect changes in our services, the law, or our data protection practices.

We will publish the latest version on our website and take steps to communicate changes to you, where appropriate.

How you can contact us

If you have any questions, comments, or complaints about this privacy notice or how we use your personal data, you can contact us by:

Email: enquiries@legacyfunerals.co.uk

Post:

Legacy Funeral Services

46 Buckingham Street

Aylesbury

HP20 2LL

You can find out more about your information rights or make a complaint to the ICO:

Information Commissioner's Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF

Website: https://ico.org.uk/