Last updated: 25 Jun 2020
Section 1 - Scope
In this privacy notice, ‘us’, ‘we’ or ‘our’ refers to Golden Charter Limited.
This notice applies to all data subjects (you) whose personal data is collected regardless of the method in which we collect the information (such as online, by telephone, letter or face to face), in line with the requirements of the UK-GDPR and the Data Protection Act 2018.
Section 2 - Responsibilities
The Data Protection Officer is responsible for ensuring that this notice is made available to you prior to us collecting/processing your personal data.
The privacy and security of your personal information is very important to us so we want to assure you that your information will be properly managed and protected when it's in our hands. Please read this notice carefully as it explains how we, and/or carefully selected third parties we work with, collect and use your personal information.
These terms may apply in addition to other privacy notices or terms we inform you of in specific circumstances when we are collecting or processing personal data.
Section 3 - Privacy Notice
Who are we? - Golden Charter Limited is one of the UK's leading funeral plan providers and we are owned by a UK-wide national association of independent funeral directors. We are registered with the Funeral Planning Authority (FPA). If you would like to contact us about the personal data we hold on you please write, email or call using the information below.
Contact Name: The Data Controller/Data Protection Officer
Address: Golden Charter,10 Canniesburn Gate, Bearsden, Glasgow, G61 1BF
Telephone: 0800 111 4514 What is personal data? - Under the UK’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Special category data is personal data which the GDPR says is more sensitive and so needs more protection. For example, information about an individual’s race, ethnic origin, religion or health are all considered special categories of data. The special categories of personal data Golden Charter might process are:
Religious preferences: We use this to ensure any religious funeral preferences you may have are met.
Any medical conditions relayed to us: This information will be used to improve our service, and allow us to provide potentially vulnerable customers with the support they need.
Consent is required for Golden Charter to process both types of personal data, but it must be explicitly given. Where we are asking you for special categories of data we will always tell you why and how the information will be used. You may withdraw consent at any time by contacting us.
If you would like more information on UK-GDPR or the Data Protection Act 2018 and how it impacts you, this can be found on the Information Commissioner’s Office (ICO) website at ico.org.uk.
The personal data we would like to collect from/process about you (and the source if not collected directly from you, the data subject) is:
Your name, address, date of birth, telephone number and email contact
Your preferences with regards to your funeral plan and Will products
Your religious preferences if appropriate (this is also classed as special category data as above)
If you purchase a plan from one of our approved introducer companies or a funeral director we will use the personal data you give them.
The personal data we collect will be used for the following purposes:
Administration of your Golden Charter product which in some cases includes a Will, including passing your information to a funeral director for the contractual provision of our service. This may include the funeral director retaining records of the transaction
To give you access to the Golden Charter Rewards site, where you have given us your email address
Marketing of Golden Charter’s products and services
Creating a quotation for a funeral plan product
Carrying out customer satisfaction surveys and market research
To monitor visitors to our website and responses to marketing campaigns
To answer enquiries from you including social media and web chat
To undertake general analysis of the demographics of our customer and enquirer base
Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the collection and sharing of your personal data. We use Cookie First for cookie management – to access our privacy controls or amend your preferences, please click the blue circle icon in the bottom left of your screen to view. If at any point you would like to opt-out of receiving marketing communications from us, or would like to change the channels (such as email, post or telephone) that we use to contact you, please contact us by one of the methods shown above.
Our legal basis for processing your personal data may be classed as one of the categories below:
Provision of a contract
Any legitimate interests pursued by us are for our own purposes and we do not share your details with any third parties for marketing purposes.
In the unlikely event that Golden Charter entersminto liquidation, administration, receivership or suffers some other similar insolvency event, the Golden Charter Trust shall become a data controller in respect of personal data you have provided to us. More information about the Golden Charter Trust can be found on their website www.goldenchartertrust.co.uk.
Section 4 - Sharing your data
Will Golden Charter share my personal data with anyone else? We will pass your personal data on to third-party service providers contracted to Golden Charter in the course of dealing with you. This may include special categories of data where appropriate. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil your funeral plan or legal services product. When they no longer need your data to fulfil this service, they will dispose of the details in line with Golden Charter’s procedures. If we wish to pass your special categories of data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise. See the table below for more information on the types of third parties.
Section 5 - Who do we share with?
Golden Charter will pass your personal data to third parties. The following third parties will receive your personal data for the following purpose(s) as part of the processing activities:
Funeral director→ The funeral director needs to know your details to allow them to arrange your funeral when you pass away. They will also be given details of your next of kin if you provide them to ensure they are acting in accordance with your wishes. Funeral directors are allocated plans shortly after the time of purchase so a funeral director will hold your data for a period of time. Funeral directors that work with Golden Charter are bound by a Data Processor Agreement and act in compliance with our guidelines.
Insurance provider → If you choose to pay your funeral plan by Fixed Monthly Payments or by Single Premium, Golden Charter will pass your personal data to an insurance provider to set up a life assurance policy in your name. Insurance providers who work with Golden Charter are contractually bound to adhere to Data Protection legislation and act in compliance with our instructions.
Introducers → If you were introduced to Golden Charter via an approved Introducer, we will, as part of fulfilling our contractual obligations, pass certain information to them including your name, plan number and plan status. Introducers who work with Golden Charter are contractually bound to adhere to Data Protection legislation and act in compliance with our instructions.
Fulfilment companies → These are companies who will print and send Golden Charter’s marketing and post purchase paperwork. Such companies that work with Golden Charter are bound by a Data Processor Agreement and act in compliance with our guidelines.
Third party payment processors → For any purchases you make using a payment card, Golden Charter uses a third party payment processor to take this payment. Third party payment processors who work with Golden Charter are contractually bound to adhere to Data Protection legislation and act in compliance with our instructions.
Golden Charter Rewards → If you supply us with your email address, we will pass this to a third party supplier to administer and offer benefits to you.
The Golden Charter Trust → For administration of your funeral plan. We have a robust agreement providing that all data must be used in accordance with your rights and Data Protection legislation.
Barnett Waddingham → For administration of your funeral plan and facilitating Barnett Waddingham’s role as actuaries to the Golden Charter Trust. If you would like more information about Barnett Waddingham and their own privacy notice please see their website www.barnett-waddingham.co.uk. We have detailed binding contractual arrangements which ensure that personal data is kept safe and used strictly in accordance with Data Protection legislation.
Third party supplier → From time to time Golden Charter may use the services of market research companies to follow market trends and monitor satisfaction with our products and services. Third party suppliers who work with Golden Charter are contractually bound to adhere to Data Protection legislation and act in compliance with our instructions.
Digital Services → From time to time we will seek the assistance of select third parties who help with advertising on our website and tracking/reporting website visitors. If you consent then it is likely that certain data which may be classified as personal data, e.g. your IP address, will be able to be accessed by the likes of Google’s Double Click and Google Analytics
Section 6 - Retention Period
Golden Charter will process personal data for the length of time required to fulfil our obligations contractually or legally.
Golden Charter will process (collect, store and use) the information you provide in a manner compatible with the UK’s General Data Protection Regulation (GDPR).
We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. Golden Charter is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Section 7 - International transfers of your personal data
In this Section, we provide information about the circumstances in which your personal data may be transferred to a third country under UK data protection law. We may transfer your personal data from the European Economic Area (EEA) to the UK and process that personal data in the UK for the purposes set out in this notice, and may permit our suppliers and subcontractors to do so, during any period with respect to which the UK is not treated as a third country under EU data protection law or benefits from an adequacy decision under EU data protection law; and we may transfer your personal data from the UK to the EEA and process that personal data in the EEA for the purposes set out in this notice, and may permit our suppliers and subcontractors to do so, during any period with respect to which EEA states are not treated as third countries under UK data protection law or benefit from adequacy regulations under UK data protection law.
Our data storage is situated in Ireland with the back up in Germany. The competent data protection authorities have made an adequacy determination with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the competent data protection authorities, a copy of which you can obtain from EDPB-EDPS Joint Opinion 1/2021 on standard contractual clauses between controllers and processors | European Data Protection Board (europa.eu).
Our processors listed below are subject to the laws of the United States of America and transfers of personal data to these organisations require additional safeguards in place supplementary to Standard Contractual Clauses. We have in place effective supplementary measures, which combined with the standard contractual clauses reach a level of protection that is now essentially equivalent to the level of protection guaranteed within the UK. These measures include encryption at rest and in transit, additional contractual measures including transparency measures and a risk assessment on the likelihood of statutory authorities accessing Golden Charter data.
Amazon Web Services https://aws.amazon.com/privacy/
Section 8 - Your right as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access - you have the right to request a copy of the information that we hold about you.
Right of rectification - you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten - in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing - where certain conditions apply you have a right to restrict the processing.
Right of portability - you have the right to have the data we hold about you transferred to another organisation. Golden Charter will endeavour to provide you with the detail we hold on you to allow you to take it to another organisation. This may be limited by technological requirements.
Right to object - you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling - you also have the right to be subject to the legal effects of automated processing or profiling.
Right to judicial review - in the event that Golden Charter refuses your request under rights of access, we will provide you with a reason why. You have the right to complain as outlined in the section below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
Can I find out the personal data that Golden Charter holds about me? Yes, Golden Charter, at your request, can confirm what information we hold about you and how it is processed. In order to do this please write to The Data Controller, Golden Charter, Canniesburn Gate, 10 Canniesburn Drive, Bearsden, Glasgow G61 1BF. Alternatively you can email your request to The Data Protection Officer at email@example.com or call us on 0800 111 4514
We may ask for verification in order to fulfil your request.
Section 9 - Complaints
In the event that you wish to make a complaint about how your personal data is being processed by Golden Charter (or third parties as described above), please contact our Customer Resolution Team on 0800 171 2955 or email firstname.lastname@example.org.
If you are unhappy with how your complaint has been handled, you have the right to lodge a complaint with Golden Charter’s Data Protection Officer.
You also have the right, if you are still not satisfied with how we have handled your personal data, to contact the supervisory authority, the Information Commissioner’s Office (ICO).
The details for each of these contacts are:
Contact Name: The Data Protection Officer
Address: Golden Charter,10 Canniesburn Gate, Bearsden, Glasgow, G61 1BF
Telephone: 0800 111 4514
Contact Name: Information Commissioner’s Office
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Other websites linked on our site
The Data Protection Officer is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the UK-GDPR and the Data Protection Act 2018.