• Data protection
• How we use and collect data
• How we use your personal data
• Your rights
Protecting the privacy and personal information of our visitors is of the utmost importance to us. This privacy notice sets out how we handle the information we learn about you when you visit this website, how we use it, and your rights in relation to how we hold and process this information. Capital Life Funeral Planning Ltd is registered in England & Wales, company number 03534103, registered address: c/o Spencer Gardner Dickens, 3 Coventry Innovation Village, Cheetah Road, Coventry, England, CV1 2TL.
When you use this site you trust us with your information. By helping you understand our privacy practices, we want to show that we are committed to keeping that trust. This privacy notice (together with our Terms & Conditions and any other documents referred to in it), describes how we collect and use personal information about you in accordance with the General Data Protection Regulation (GDPR).
It is important that you read this notice in conjunction with any other privacy notice which we may provide on specific occasions so that you are aware of how we are collecting or processing information about you and why we are using such information.
Data controllers and processors
Capital Life Funeral Planning Ltd is both a data controller and data processor for the purposes specified in this notice. Any information you provide on our site is controlled by Capital Life Funeral Planning Ltd, which is registered as a data controller with the Information Commissioner under reference: ZA238382
All personal details that you submit to us will be held in accordance with our responsibilities in compliance with European Data Protection Legislation; defined as, for the periods in which they are in force, the European Data Protection Directive 95/46/EC, all laws giving effect or purporting to give effect to the European Data Protection Directive 95/46/EC (such as the Data Protection Act 1998) or otherwise relating to data protection (to the extent the same applies) and, from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/670) or any equivalent legislation amending or replacing the GDPR.
You can contact us directly about how we use your personal information or to exercise your data subject rights:
• Post: Data Protection Officer, Capital Life, Brooke Court, Lower Meadow Road, Handforth, Wilmslow, SK9 3ND
• Email: email@example.com
This privacy notice only covers our website and does not extend to other third-party websites accessed from this website. If you follow a link to a third-party website, please be aware that they will have their own privacy notices and that we do not accept any responsibility or liability for third-party privacy notices. Please check all applicable third-party privacy notices before submitting any personal information.
How we use and collect data
Information we may collect about you
We may collect and process the following information about you (“your information” or “your data”):
• Information that you provide by filling in forms on our site. This includes information you provide when registering for an account with us or applying for any of the products and other services we offer. We may also ask you for information if you report a problem with our site, or if you contact us and request assistance with using our site.
• The contents of any correspondence you send us.
• Details of products and services you have purchased, your visits to our site including but not limited to; traffic data, location data, web logs and other communication data, whether it is required for our own purposes or otherwise, as well as the resources that you access by using our website.
• Information obtained from you or third parties, when you register for an account with us or purchase any of our products, or other services which you or they give to us at any time.
IP addresses and Cookies
We may collect information about your computer for system administration, including where available your IP address, operating system and browser type. This information is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
How we use your personal data
Personal data includes any information that directly or indirectly identifies you. This can include any addresses, dates of birth, email addresses or any other information you provide to us as part of the application process for the purpose of buying our products or services. The principle purpose of collecting personal data from you via this website is to provide information or services specifically requested by you. When you complete our online forms, we ask for your personal details and other selected information so that we can deal with your request as efficiently and effectively as possible.
Why do we process your personal data?
We use your personal data to:
• Ensure that content from our site is presented in the most effective manner for you and your device.
• Process your application for funeral plans.
• Manage your plan.
• Verify your identity including anti-money laundering checks. We also use your personal data for crime and fraud prevention purposes.
• Meet our regulatory compliance and reporting obligations.
• Carry out our obligations in respect of the provision of your plan and the provision of our services.
• Enforce any of our rights against you.
• Develop and improve our services to you and notify you about changes to our services.
When we process your data for marketing purposes so that you can receive communications from us, we will only do so when we have obtained a valid opt-in consent from you. You may revoke your consent at any time.
Disclosure of your information
We may disclose your information to any member of our group, which means that we may disclose your information to our ultimate holding company and its subsidiaries.
If it is necessary for us to fulfil a contract with you, we may share your information with our business partners, suppliers and subcontractors, but only with your consent. We partner with the following lists of groups, suppliers and subcontractors in order to manage your Plan. In some cases, they may process personal data, for example, to provide an identity verification check.
• Group companies and subsidiaries, including Capital Life Ltd
• Funeral Directors
• TSO Host
• Amazon Web Services
• Quote My Life
We will never sell, trade, or rent your personal information to others, however, we may share your information with selected third parties in the following instances:
• In the event that we sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets. In such an event, we will ensure that the prospective seller or buyer treats your information as confidential.
• If a third party acquires Capital Life Funeral Planning Ltd or substantially all of its assets, in which case information held by Capital Life Funeral Planning Ltd about its customers will be one of the transferred assets. In such an event, we will ensure that the third party treats your information as confidential.
• If we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, as part of legal proceedings, to enforce or apply our terms and conditions which apply to your products and services or to protect the rights, property, or safety of Capital Life Funeral Planning Ltd, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
When we process your data for marketing purposes, it will be based on us having obtained opt-in consent from you to do so. You may remove your consent at any time by unsubscribing.
Accessing and correcting your personal information
We take reasonable steps to keep your information accurate, complete and current, but you can also ask us to change any information we hold about you to keep it that way. Please remember that it is your responsibility to tell us about any updates to your information.
Rights to access a copy of your personal information
You can request a copy of the personal information that we hold about you. This is known as a ‘Data Subject Access Request’, and we normally have one month to respond to such a request. You can make a ‘Data Subject Access Request’ by using the contact information detailed above in this notice. Any access request is free of charge although we may ask you to provide us with a form of approved identification in order for us to verify your identity.
Right to be forgotten
In certain circumstances, you have the right to ask us to delete the personal information we hold about you, for example; if your personal information is no longer necessary for the purposes it was collected for, or your personal information has been processed unlawfully. There are legitimate reasons that we must retain some of your personal information after you have requested its deletion, including compliance with legal or regulatory obligations to which we are subject, or for any legal claims.
Right to request a restriction on our processing of your personal information
You can request that we restrict our processing of your personal information in specific circumstances. Where a restriction is in place, we can continue to store your information, but we will only process it with your consent or for legal, individuals’ rights or important public interest reasons. We will inform you prior to the lifting of any restriction.
Right to object to our processing of your personal information
When our processing of your information is performed on the basis of ‘legitimate business interest’ or ‘public interest’, you can request we stop the processing. We can continue to process your information for the establishment, exercise or defence of legal claims if we demonstrate compelling legitimate grounds which override your interests, rights or freedoms.
Right to complain to a supervisory authority
If you are dissatisfied with our use or management of your personal information, you have the right to complain to an EU Data Protection Supervisory Authority. That authority should be located where you live, where we are based, or where you feel the issue you wish to complain about took place. In the UK, the relevant Data Protection Supervisory Authority is the Information Commissioners Office (ICO). You can contact the ICO through their website: www.ico.org.uk.
If at any time you believe that we have not complied with these principles, please notify us by sending an email to firstname.lastname@example.org, and we will investigate your concerns and take all reasonable steps to resolve the matter promptly.