Privacy Notice – Aileen Hendry – Independent Celebrant
What Is A Privacy Notice?
Under GDPR regulations (effective 25.05.18) you as a client of Aileen Hendry or a subscriber asking to be kept up-to-date about our activities/events have specific rights. To advise you of your rights in a clear and concise manner, we are providing you with this ‘Privacy Notice’.
We are committed to keeping the personal details of our customers and subscribers safe. This notice explains how and why we use personal data so that you remain informed and in control of your information. This privacy notice also explains what personal information we collect and how we use it.
‘client’ - is deemed to include individuals, organisations, businesses, charities or public sector bodies who have entered into a contract with ourselves, or who have contacted us regarding our services, and as such have provided us with personal data.
‘subscriber’ - is deemed to include individuals, organisations, businesses, charities, public sector bodies or clients who have requested to be added to our marketing database, this request either being made in writing or via the online subscriber facility from our website.
‘marketing database’ – managed via MailChimp, this is an electronic database we use to communicate directly with subscribers to make them aware of our activities and upcoming events. Those subscribed to this database will only ever receive communications directly from ourselves (i.e. we do not share data with external sources).
(ii) Who are we?
Aileen Hendry is an independent celebrant, operating as a sole trader within the UK, trading from the following address:
26 King Street, Armadale, West Lothian, EH48 2NP
Mobile: 07948 976 499
Our trading hours are 09.00 to 17.00, Monday to Friday
(iii) Why do we collect personal data?
We will only ever collect, store and use personal data when we have an identified purpose and reason to do so. This is referred to by the Information Commissioner’s Office (ICO) as a ‘lawful basis’. The lawful basis that is applicable to ourselves are as follows:
• Consent: an individual has given us clear consent to process their personal data for a specific purpose. For example, you have subscribed to our marketing database to keep you informed about upcoming events or our activities.
• Contract: processing personal data is necessary for a contract which we have with an individual, including initial point of contact when you may have approached us enquiring about one of our services.
• Legitimate Interests: the processing of personal data is necessary for our legitimate business interests or those of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
(iv) Our uses of personal data
Further information about why we collect your personal data is outlined below:
(a) To fulfil our obligations to our clients/subscribers we maintain records of contact details and will use this information for the fulfilment of
contracts and/or keeping you informed about our events/activities (as applicable).
(v) What kind of personal data do we collect, and how do we collect it?
(a) Basic information
We will usually collect basic information about you, including your name, postal address, telephone number and email address. Usually we collect this data directly from you either in person, by telephone, in writing or via email. Occasionally we obtain information, such as your telephone number or other contact details, from external sources that are acting on your behalf (e.g. a funeral director, or wedding planner).
(b) Sensitive personal data
When we collect or store personal data of a more sensitive nature we will be clear as to why this sensitive data is being sought and we will only do so with your specific consent and permission. In these situations, we would always collect the data directly from yourself. Sensitive data that we may collect and store about you, are for example:
• personal details about yourself or a relative
• emergency (ICE) contacts
• medical conditions/allergies
(c) Children and young people
We do not have any reason to engage with contracts for persons under the age of 16. We are aware, albeit due to the nature of our business it would not be applicable, that in line with data protection law, we will not collect, store or process your personal details if you
are under 13 years of age; unless we have the express permission from your parent or guardian to do so.
(vi) How do we store your data?
(a) Security: All of the personal data processing we undertake will be carried out in accordance with guidance issued by the ICO. Paper records containing personal data are stored securely in locked cabinets, within our locked premises. Electronic data are stored on secure computer
systems and we control, both physically and electronically (e.g. password protection) who has access to this data. Our staff have received training relative to GDPR and data protection, and we have in place data protection procedures which are to be adhered to when handling personal data.
(b) This site is hosted on the Wix.com platform. Cookies are implemented in every site built by Wix. Wix.com provides Aileen Hendry with the online platform that allows us to promote our services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. Wix.com stores your data on secure servers behind a firewall. For more information on how Wix.com uses and stores your data, please see https://www.wix.com/about/privacy.
(c) Payment security: We usually accept payment by BACS transfer, cheque or cash. When requested we can also accept payment by debit/credit card, this being via a secure PayPal service whereby sensitive personal details relating to yourself and your bank account are not available to ourselves. In this respect PayPal security systems and processes are in place between them and yourself.
(d) Data retention policy: We will only use and store information for as long as it required for the purposes it was collected for. We carry out regular reviews regarding what information we hold and delete/destroy that which is no longer required. Data of a sensitive nature is deleted no earlier than upon fulfilment of the contract, and no later than three years after contract fulfilment.
(vii) Your rights
We respect your right to control your data. Your rights include:
(a) The right to be informed: This Privacy Notice outlines how we capture, store and use your personal data. If you have any questions about any elements of this policy, please contact us.
(b) The right of access: If you wish to obtain a record of the personal data we hold about you, you may do so through a Subject Access Request (SAR). Please make such a request in writing or by email to ourselves (details as described above), and when doing so supply us with your name, address, telephone number, email address, along with a note of the details of the information you require. We will respond to any such request within one month of receipt.
(c) The right to rectification: If you believe that any of the personal data we hold about you is inaccurate or incomplete, then please contact us directly and any necessary corrections to your data will be made immediately.
(d) The right to erasure: You can ask us to remove your personal data from our records at any time, and in doing so this will be actioned immediately.
(e) The right to restrict processing: You can ask us to stop using your personal data at any time, and in doing so this will be actioned immediately.
(f) The right to data portability: You can ask to obtain your personal data from us for your own purposes at any time, and in doing so this will be actioned immediately.
(g) The right to object: You can ask to be excluded from our marketing activity at any time, and in doing so this will be actioned immediately.
(h) Rights in relation to automated decision making and profiling: We do not use any system which utilises automated decision making or profiling in respect of your personal data.
For more information on your individual rights, please see the Information Commissioner’s Office: www.ico.org.uk
(viii) Making a complaint
If you have any form of complaint, please contact us using your preferred means of communication via the contact details given above within Section (ii).
We take complaints very seriously and we ensure that:
• Everyone in our organisation knows what to do if a complaint is received
• All complaints are investigated fairly and as a matter of urgency
• Complaints are, wherever possible, resolved
• We learn from complaints in order to help us to improve our business
All complaint information will be handled sensitively, in line with relevant GDPR (data protection) requirements.
Responsibility for this policy and its implementation lies with Aileen Hendry.
Information Commissioner’s Office
For further assistance with complaints regarding your data, please contact the Information Commissioner’s Office, as follows:
• Website: www.ico.org.uk
• Telephone: 0303 123 1113
• Email: email@example.com
(ix) Leaving our website
We are not responsible for the privacy practices or the content of any other websites linked to/from our own website. If you have followed a link from our website to another website, you may be supplying information to a third party.