Last updated: 25 Jun 2020
Section 1 - Scope
In this privacy notice, ‘us’, ‘we’ or ‘our’ refers to Golden Charter Limited.
This notice applies to all data subjects (you) whose personal data is collected regardless of the method by which we collect the information (such as online, by telephone, letter or face to face), in line with the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Section 2 - Responsibilities
Our Data Protection Officer is responsible for ensuring that this notice is made available to you prior to us collecting/ processing your personal data.
The privacy and security of your personal information is very important to us, so we want to assure you that your information will be properly managed and protected when it's in our hands. Please read this notice carefully, as it explains how we, and/or carefully selected third parties we work with, collect and use your personal information.
These terms may apply in addition to other privacy notices or terms we inform you of in specific circumstances when we are collecting or processing personal data.
Section 3 - Privacy Notice
Who are we?
Golden Charter Limited is one of the UK's leading funeral plan providers and we are owned by a UK-wide national association of independent funeral directors. We are registered with the Funeral Planning Authority (FPA). If you would like to contact us about the personal data we hold on you please write, email, or call using the information below.
Contact Name: Data Protection Officer
Address: Golden Charter, 10 Canniesburn Gate, Bearsden, Glasgow, G61 1BF
Telephone: 0808 169 4534
What is personal data?
Under the GDPR personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Special category data is personal data which the GDPR says is more sensitive and so needs more protection. For example, information about an individual’s race, ethnic origin, religion, or health are all considered special categories of data. The special categories of personal data Golden Charter might process are:
Religious preferences: We use this to ensure any religious funeral preferences you may have are met.
Any medical conditions relayed to us: This information will be used to improve our service, and allow us to provide potentially vulnerable customers with the support they need.
Consent is required for us to process both types of personal data, but it must be explicitly given. Where we are asking you for information classed as special category data we will always tell you why and how the information will be used. You may withdraw consent at any time by contacting us.
If you would like more information on GDPR or the Data Protection Act 2018 and how it impacts you, this can be found on the Information Commissioner’s Office (ICO) website at ico.org.uk.
The personal data we would like to collect from/process about you (and the source if not collected directly from you, the data subject) is:
Your name, address, date of birth, telephone number, and email contact
Your preferences relating to your funeral plan and historic legal services products (where applicable)
Your religious preferences if appropriate (also classed as special category data as above)
If you enquire about, or purchase a funeral plan from one of our approved introducer companies or a funeral director we will use the personal data you give them.
The personal data we collect will be used for the following purposes:
To follow up an enquiry you have made, using the contact details provided by you
Administration of your Golden Charter product including passing your information to a funeral director for the contractual provision of our service. This may include the funeral director retaining records of the transaction
To give you access to the Golden Charter Rewards site, where you have given us your email address, this applies to plans taken between 1 April 2019 and 31 March 2020.
Marketing of our products and services
Creating a quotation for a funeral plan product
Carrying out customer satisfaction surveys and market research
To monitor visitors to our website and responses to marketing campaigns
To answer enquiries from you including use of social media and web chat
To undertake general analysis of the demographics of our customer and enquirer base
Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the collection and sharing of your personal data. You can access the privacy controls via Cookie First.
If, at any point, you would like to opt-out of receiving marketing communications from us, or would like to change the channels (such as email, post, or telephone) that we use to contact you, please contact us by one of the methods shown above.
Our legal basis for processing your personal data may be classed as one of the categories below:
Provision of a contract
Any legitimate interests pursued by us are for our marketing purposes and we do not share your details with any third parties for marketing purposes.
In the unlikely event that Golden Charter enters into liquidation, administration, receivership. or suffers some other similar insolvency event, the Golden Charter Trust shall become the data controller in respect of personal data you have provided to us. More information about the Golden Charter Trust can be found on their website www.goldenchartertrust.co.uk.
Section 4 - Consent
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.
Will Golden Charter share my personal data with anyone else?
We will pass your personal data on to third-party service providers contracted to Golden Charter in the course of dealing with you. This may include special categories of data where appropriate. Any third parties that we may share your data with are obliged to keep your details secure, and to use them only to fulfil your funeral plan or legal services product. When they no longer need your data to fulfil this service, they will dispose of the details in line with our procedures. If we wish to pass your special categories of data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise. See the table below for more information on types of third parties.
Section 5 - Disclosure
Golden Charter will pass your personal data to carefully selected third parties for specific purposes. The following third parties will receive your personal data for the following purpose(s) as part of the processing activities: Funeral director → The funeral director needs to know your details to allow them to arrange your funeral when you pass away. They will also be given details of your next of kin if you provide them to ensure they are acting in accordance with your wishes. Funeral directors are allocated plans shortly after the time of purchase so a funeral director will hold your data for a period of time. Funeral directors that work with Golden Charter are bound by a contractual agreement and act in compliance with our guidelines. Golden Charter is the Data Controller in this relationship.
Insurance provider → If you choose to pay your funeral plan by Fixed Monthly Payments, we will pass your personal data to an insurance provider to set up a life assurance policy in your name. Insurance providers who work with us are contractually bound to adhere to Data Protection legislation and act in compliance with our instructions.
Introducers → If you were introduced to us by one of our approved introducers, we will, as part of fulfilling our contractual obligations, pass certain information to them including your name, plan number, and plan status. Introducers who work with us are contractually bound to adhere to Data Protection legislation and act in compliance with our instructions.
Fulfilment companies → These are companies who will print and send our marketing and post-purchase paperwork and are bound by a Data Processor Agreement and act in compliance with our guidelines.
Third party payment processors → For any purchases you make using a payment card, we use third party payment processors to take your payment. Third party payment processors who work with us are contractually bound to adhere to Data Protection legislation and/or the equivalent international data protection standards which apply if any personal data is processed outside of the UK. Some third party payment processors may transfer and store data outside of the UK. We carry out an appropriate risk assessment where this is the case and payment processors may only act in compliance with our instructions.
Golden Charter Rewards → If you supplied us with your email address, we may have passed it to a third party supplier to administer and offer benefits to you (for certain plans purchased up to 31 March 2020).
The Golden Charter Trust → For administration of your funeral plan. We have a robust agreement ensuring that all data is used in accordance with your rights and Data Protection legislation.
Barnett Waddingham → For administration of your funeral plan and facilitating Barnett Waddingham’s role as actuaries to the Golden Charter Trust. If you would like more information about Barnett Waddingham and their own privacy notice please visit their website www.barnett-waddingham.co.uk. We have detailed binding contractual arrangements which ensure that personal data is kept safe and used strictly in accordance with Data Protection legislation.
Third party supplier → From time to time, we may use the services of market research companies to follow market trends and monitor satisfaction with our products and services. Third party suppliers who work with us are contractually bound to adhere to Data Protection legislation and act in compliance with our instructions. Digital Services → From time to time, we will seek the assistance of select third parties who help with advertising on our website and tracking/capturing information on website visitors. Unless you have adjusted your computer’s browser settings then it is likely that certain data which may be classified as personal data, e.g. your IP address, will be able to be accessed by the likes of Google's Double Click and Google Analytics.
Section 6 - Retention Period
We will process personal data for the length of time required to fulfil our obligations contractually or legally.
We will process (collect, store and use) the information you provide in a manner compatible with the GDPR.
We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Section 7 - Your right as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access - you have the right to request a copy of the information that we hold about you.
Right of rectification - you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten - in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing - where certain conditions apply you have a right to restrict the processing.
Right of portability - you have the right to have the data we hold about you transferred to another organisation. We will endeavour to provide you with the detail we hold on you to allow you to take it to another organisation. This may be limited by technological requirements.
Right to object - you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling - you also have the right to be subject to the legal effects of automated processing or profiling.
Right to judicial review - in the event that we refuse your request under rights of access, we will provide you with a reason why. You have the right to complain as outlined in the section below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
Can I find out the personal data that Golden Charter holds about me?
Yes, at your request, we can confirm what information we hold about you and how it is processed. In order to do this, please write to The Data Controller, Golden Charter, Canniesburn Gate, 10 Canniesburn Drive, Bearsden, Glasgow G61 1BF. Alternatively, you can email your request to The Data Protection Officer at firstname.lastname@example.org.
What forms of identification will I need to provide in order to access this?
We accept the following forms of identification when information on your personal data is requested: photographic identification such as a valid passport or driving licence, and a utility bill showing the same name and address.
Section 8 - Complaints
In the event that you wish to make a complaint about how your personal data is being processed by us (or third parties as described above), please contact our Customer Resolution Team on 0800 171 2955 or email email@example.com.
If you're unhappy with how your complaint has been handled, you have the right to lodge a complaint with our Data Protection Officer.
You also have the right, if you're still not satisfied with how we have handled your personal data, to contact the supervisory authority, the Information Commissioner’s Office (ICO).
The details for each of these contacts are:
Contact Name: The Data Protection Officer
Address: Golden Charter, 10 Canniesburn Gate, Bearsden, Glasgow, G61 1BF
Telephone: 0808 169 4534
Contact Name: Information Commissioner’s Office
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Other websites linked on our site
The Data Protection Officer is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR and the Data Protection Act 2018.
Section 9 - International transfers of your personal data
In this Section, we provide information about the circumstances in which your personal data may be transferred to a third country under UK data protection law.
We may transfer your personal data from the European Economic Area (EEA) to the UK and process that personal data in the UK for the purposes set out in this notice, and may permit our suppliers and subcontractors to do so, during any period with respect to which the UK is not treated as a third country under EU data protection law or benefits from an adequacy decision under EU data protection law; and we may transfer your personal data from the UK to the EEA and process that personal data in the EEA for the purposes set out in this notice, and may permit our suppliers and subcontractors to do so, during any period with respect to which EEA states are not treated as third countries under UK data protection law or benefit from adequacy regulations under UK data protection law.
Our data storage is situated in Ireland with the back up in Germany. The competent data protection authorities have made an adequacy determination with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the competent data protection authorities, a copy of which you can obtain from EDPB-EDPS Joint Opinion 1/2021 on standard contractual clauses between controllers and processors | European Data Protection Board (europa.eu).
Our processors listed below are subject to the laws of the United States of America and transfers of personal data to these organisations require additional safeguards in place supplementary to Standard Contractual Clauses. We have in place effective supplementary measures, which combined with the standard contractual clauses reach a level of protection that is now essentially equivalent to the level of protection guaranteed within the UK. These measures include encryption at rest and in transit, additional contractual measures including transparency measures and a risk assessment on the likelihood of statutory authorities accessing Golden Charter data.
Amazon Web Services https://aws.amazon.com/privacy/