GRPR Policy

This policy lays out what data we will ask you for, why we need it and how long we will keep it.

Privacy & Data Protection

We are committed to protecting your privacy and promise only to use information collected about you to administer your account and to provide you with the goods and services that you have requested from us.  The information you give will only be used to process any good or services you have requested or purchased from us. We will never collect sensitive information about you without your explicit consent. At no time will any information gained about you be passed on to any third-party without your explicit consent in writing. The only exception to this is when required by law.

From time to time we would like to send you details of special offers and new products and services on our websites that we feel may be of interest to you. We will always do this by email and you will need to opt in to receive them.

Anonymous Data Collection

We use technology to collect anonymous information about the use of our website. For example, our web server automatically logs which pages of our website our visitors view, their IP addresses and which web browsers our visitors use. This technology does not identify you personally, it simply enables us to compile statistics about our visitors and their use of our website. Our website contains hyperlinks to other pages on our website. We may use technology to track how often these links are used and which pages on our website our visitors choose to view. Again this technology does not identify you personally – it simply enables us to compile statistics about the use of these hyperlinks. We do track your purchasing habits, or any part of the purchasing process.

In addition, we will not send you email that you have not agreed to receive. If you are a member of our mailing list, you may be contacted with announcements, news, portfolio additions, and new products or services. With each email sent, you have the option of ‘unsubscribing’ from our mailing list at any time, thereby disabling any further such email communication from being sent.

How long do we keep your data?

If you have purchased a product or service from us, we will keep your data for 7 years as per usual business accounting requirements. After this time your data will be securely destroyed.

If you have made an enquiry to us about a product or service, we will keep your data for 1 year as this is deemed a reasonable time for you to further your interest in our products or services. After this time your data will be securely destroyed.

How do we keep your data?

Civil Ceremonies uses all reasonable precautions to keep the information disclosed to us secure. Only the organisation’s staff will normally have access to client data. All staff are made aware of the appropriate policies and their obligation not to disclose personal data to anyone who is not supposed to have it. Information supplied is kept in a secure filing, paper and electronic system and is only accessed by those individuals involved in the delivery of the service.

This personal information is dealt with properly and securely however it is collected, recorded and used, whether on paper, in a computer, or recorded on other material.

How data is obtained

Data is collected over the phone and using other methods such as e-mail and websites. An ‘opt in’ option is included in all contact from the company CRM system, which is in itself fully GDPR compliant.

We take your data seriously

We regard the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions, and to maintain confidence between those with whom it deals. To this end we fully endorses and adheres to the Principles of Data Protection, as set out in the Data Protection Act 1998 and the requirements of the General Data Protection Regulation (GDPR).

The Data Protection Act 1998 regulates the processing of information relating to living and identifiable individuals (data subjects). To do this we follow the eight Data Protection Principles outlined in the Data Protection Act 1998, which are summarised below:

1. Personal data will be processed fairly and lawfully
2. Data will only be collected and used for specified purposes
3. Data will be adequate, relevant and not excessive
4. Data will be accurate and up to date
5. Data will not be held any longer than necessary
6. Data subject’s rights will be respected
7. Data will be kept safe from unauthorized access, accidental loss or damage
8. Data will not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.

The principles apply to “personal data” which is information held on computer or in manual filing systems from which they are identifiable. Our employees who process or use any personal information in the course of their duties will ensure that these principles are followed at all times. Chilterns Celebrant is a Data Controller under the Act, and  is ultimately responsible for the policy’s implementation.

Personal data will not be passed on to anyone outside the organisation without explicit consent from the data owner unless there is a legal duty of disclosure under other legislation, in which case we will discuss and agree disclosure.

Any changes to this policy will be posted so that you are always aware of the information that we collect and how we use it.