Privacy Policy

Summary

  • The Hunnaball Family Funeral Group Limited (“we”, “our”, “us” or “the Company”) is committed to protecting the privacy and security of your personal information. Full details of this commitment, including how we collect and use your personal information in compliance with the General Data Protection Regulation, is contained within our Customer Privacy Notice (“Privacy Notice”). A copy of the Privacy Notice is available on our website (www.hunnaball.co.uk) or upon request.
  • This Customer Privacy Summary (“Privacy Summary”) seeks to summarise the content of our Privacy Notice and should be read in conjunction with the Privacy Notice.
  • We may, during the course of our dealings with you, collect various personal information such as your name, address, email address, contact number, credit card details and information about your religious beliefs.
  • The personal information we collect will usually be used for the purposes of performing the contract that we have entered into with you. This information may also be used to provide you with marketing information from time to time, as it is in our legitimate interest to keep in touch with you to ensure that you are aware of the full range of services that we offer.
  • In certain circumstances, we may also share your personal information with third parties, including doctors and debt-collectors. For full details of these third parties, please refer to
    our Privacy Notice.
  • The personal information that we collect will be retained for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider several factors, such as the amount, nature, and sensitivity of the personal data and the potential risk of harm from unauthorised use or disclosure.
  • You have the right, at any time, to request access to your personal information, request erasure of your personal information, object to processing of your personal information, request the restriction of processing of your personal information and request the transfer of your personal information to another party.
  • In addition to the above, where you have provided your consent to the collection, processing and transfer of your personal information, you also have the right to withdraw your consent for that specific processing at any time. If you wish to do so, or if you have any questions regarding this Privacy Summary or our Privacy Notice generally, please contact our Compliance Manager, Chris Partner, as follows:

Phone: 01206 986239
Email: chrispartner@hunnaball.co.uk
Post: The Gate House, Old Coach Road, Colchester, CO1 2TH

Customer Privacy Notice

What is the purpose of this document?

The Hunnaball Family Funeral Group Limited (“Company”) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during
and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR).

The Company is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This notice does not form part of any contract to provide services that we have entered into with you. We may update this notice at any time. It is important that you read this notice so that you are aware of how and why we are using
such information.

The kind of information we hold about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data, which require a higher level of protection.

We will collect, store, and use the following categories of personal information about you:

  • Personal contact details such as your full name, postal address, telephone number, e-mail address, mobile telephone number and family details
  • Demographic information such as preferences and interests.
  • Your credit or debit card details where you make a payment. We process these only for the purpose of providing these to our secure third party payment providers (see below for details) and do not retain them after the payment is processed.

We will automatically collect the following categories of personal information about you when you use our website:-

  • Your IP address (automatically collected)
  • Your web browser type and version (automatically collected)
  • Your operating system (automatically collected)
  • A list of URLS starting with a referring site, your activity on this Website, and the website you exit to (automatically collected)
  • Your Cookie information (see our Cookie Statement: https://hunnaball.co.ukprivacy for details)

The more sensitive “special categories” of data includes data such as information about race, ethnicity, religious belief, sexual orientation, political opinions, health, genetic or biometric information and information about criminal offences or convictions. Processing of this data is prohibited unless one of the additional grounds in Article 9 of the GDPR apply.

We will collect, store, and use information in respect of your religious beliefs, which is a “special category” of personal information about you. The purpose of collecting this information about you is to organise the correct service for the funeral. The grounds for processing this personal data under Article 9 of GDPR will be that you have given your explicit consent to this.

How is your personal information collected?

We collect personal information about you when you complete our Funeral Arrangement Form (online or in person) and when you access and use our website. We have CCTV installed in our premises in public areas and particularly around entrances and exits; this is for the purposes of prevention and detection of crime and employee monitoring.

How we will use your personal information, and the legal basis for this We need all the categories of information in the list above (see paragraph headed “The kind of information we hold about you”) primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

The specific situations in which we will process your personal information are listed below:

  • We will use your name, postal address, email address, telephone contact details, payment details and family details for the purpose of entering into and performing our contract with you. The basis for this processing will be that it is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into such a contract.
  • We will use your name, postal address, email address, telephone contact details and family details to allow us to answer queries you have raised in relation to our services. The basis for this processing is that it is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into such a contract.
  • We may use your name, postal address, email address, telephone contact details, demographic information and personal information about you which is automatically collected when you use our website (as set out above) to provide you with marketing information in relation to services supplied by us which we believe may be of interest to you. The basis for this processing will be that the processing is necessary for our legitimate interest in keeping in touch with you to make sure that you are aware of the full range of services we offer.
  • We will use name, postal address, email address, telephone contact details, family details and payment details to maintain our own administrative and accounting records and to fulfil related legal obligations to which we may be subject. The basis for this processing will be that it is necessary for the performance of our contract with you.
  • We may use information concerning your religious beliefs for the purpose of performing our contract with you, specifically fulfilling your funeral service requests. The basis for this processing will be that you have given consent to it, and the processing will only take place whilst such consent has been given and has not been withdrawn.
  • We will retain some of your information and information in relation to funeral arrangements for the purpose of being able to refer to this in the event that you wish us to arrange funerals for other family members etc. in the future as we have found that this is a service which is often required by our clients. The grounds for this processing will be that it is necessary for the purpose of our legitimate interest in being able to provide this information when required. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to enter into a contract with your or perform a contract we have entered into with you, or we may be prevented from complying with our legal obligations.

Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. At present we do NOT use Automated decision-making to process personal data.

Data sharing

We may need to share your personal information with third parties where required by law, where it is necessary as part of our working relationship with you or where we have another legitimate interest in doing so.

Which third-party service providers process my personal information?

“Third parties” includes third-party service providers (including contractors and designated agents). In particular we may share your data with third party processors who we engage to process your data on our behalf in order to allow us to provide our services to you, including:-

  • Oak Technology Ltd (trading as Funeral Go) (for storage and sharing of data). Their privacy policy can be found at: https://www.oaktechnology.co.uk/privacy-policy/
  • Debt collectors (for collecting unpaid fees).
  • Doctors.
  • Cemeteries.

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes.

We only permit them to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.

Transferring information outside the EU

We may transfer the personal information we collect about you to countries outside the EU in order to perform our contract with you. When we do so, we will determine whether there is an adequacy decision by the European Commission in respect of those countries or another lawful basis for the transfer under GDPR.

If, for any reason, we intend to transfer the personal information we collect about you to countries outside the EU for which there is no basis for transfer as above, we will write to you to advise you of the potential risks and to seek your explicit consent to the proposed transfer before it takes place.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties that need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. If, for any reason, you cease to be a customer of the Company, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

 

Rights of access, correction, erasure, and restriction

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us at the details below:-

  • Name and role – Chris Partner – Compliance Manager
  • E-mail – chrispartner@hunnaball.co.uk
  • Address – The Gate House, Old Coach Road, Colchester, CO1 2TH / 01206 986239

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using the details listed above (see paragraph headed “Your rights in connection with personal information”). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Compliance Manager

We have appointed a compliance manager to oversee compliance with this privacy notice or to answer any questions about how we process your personal information. Their details are listed above (see paragraph headed “Your rights in connection with personal information”). You have the right to make a complaint at any time to the Information Commissioner’s Office
(ICO), the UK supervisory authority for data protection issues.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Supplier Privacy Notice

What is the purpose of this document?

The Hunnaball Family Funeral Group Limited is committed to protecting the privacy and security of your personal information (and, where applicable, that of your employees). References to “you” in this document includes your employees where applicable. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).

The Hunnaball Family Funeral Group Limited is a “data controller” in respect of personal data which we collect from or about you. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. If applicable, please ensure that a copy of this notice is passed to each of your employees with whom we are likely to be dealing during our working relationship and whose personal information we are therefore likely to collect and use.

This notice does not form part of any contract to receive services that we have entered into with you. We may update this notice at any time. It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

Data protection principles

We will comply with data protection law. This says that the personal information we hold
about you must be:

1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in
any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.

The kind of information we hold about you (or your employees)

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data, which require a higher level of protection.

We will collect, store, and use the following categories of personal information about you:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Gender.
  • Bank account details.
  • Job title.

We may also collect, store and use the following “special categories” of more sensitive personal information:

  • Information about race or ethnicity, religious beliefs, sexual orientation and political opinions.

How is personal information collected?

We collect personal information about you when we make an initial contact with you regarding your services and we will continue to collect personal information throughout our working relationship.

How we will use information about you

We will only use your personal information when the law allows us to. Most commonly, we will use this personal information in the following circumstances:

1. Where we need to perform the contract we have entered into with you.
2. Where we need to comply with a legal obligation.
3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use personal information in the following situations, which are likely to be rare:

1. Where we need to protect your interests (or those of your employees or someone else).
2. Where it is needed in the public interest.

Situations in which we will use personal information

We need all the categories of information in the list above (see paragraph headed “The kind of information we hold about you”) primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights (or those of your employees) do not override those interests. The situations in which we will process personal information are listed below:

  • We will use some or all of the personal information provided by you for the purpose of entering into and performing our contract with you;
  • We may use your name, address, email address and telephone contact details in the course of our legitimate interest in providing you with information as to our requirements for goods or services; and
  • We will use your personal data to maintain our own administrative and accounting records and to fulfil related legal obligations to which we may be subject.

Some of the above grounds for processing will overlap and there may be several grounds
which justify our use of your personal information.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations.

Change of purpose

We will only use personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Where applicable, this notification should then be passed to any relevant employees. Please note that we may process personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How we use particularly sensitive personal information

“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:

1. In limited circumstances, with your explicit written consent (or that of any relevant employees).
2. Where we need to carry out our legal obligations.
3. Where it is needed in the public interest (for example, in order to prevent fraud).

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your and you are not capable of giving consent, or where the information public has already been made public.

Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use  automated decision-making in the following circumstances:

1. Where we have notified you of the decision and given 21 days to request a reconsideration.
2. Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
3. In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.

You will not be subject to decisions that will have a significant impact based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

Data sharing

We may have to share your data with third parties, including third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer personal information outside the EU.
If we do, you can expect a similar degree of protection in respect of all personal information.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Which third-party service providers process my personal information?

“Third parties” includes third-party service providers (including contractors and designated agents).

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers are required to take appropriate security measures to protect personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process such personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may share personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share personal information with a regulator or to otherwise comply with the law.

Transferring information outside the EU

We may transfer the personal information we collect about you to countries outside the EU in order to perform our contract with you. When we do so, we will determine whether there is an adequacy decision by the European Commission in respect of those countries. This means that the countries to which we transfer the data are deemed to provide an adequate level of protection for such personal information.

If, for any reason, we intend to transfer the personal information we collect about you to countries outside the EU for which there is no adequacy decision by the European Commission, we will write to you to advise you of the potential risks and to seek explicit consent to the proposed transfer.

Data security

We have put in place measures to protect the security of your information. Details of these measures are available upon request. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure. We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal information to those employees, agents, contractors and other third parties that need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. If applicable, please forward any such notification to all relevant employees in these circumstances.

 

Data retention

How long will you use my information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice. If, for any reason, you cease to be a supplier of the company, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

 

Rights of access, correction, erasure, and restriction

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if any such personal information changes during your working relationship with us.

Rights in connection with personal information

Under certain circumstances, by law you (or where relevant any applicable employees) have the right to:

  • Request access to personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold corrected.
  • Request erasure of personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal
    information where you have exercised a right to object to processing (see below).
  • Object to processing of personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing personal information for direct marketing purposes.
  • Request the restriction of processing of personal information. This enables you to ask us to suspend the processing of personal information, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of personal information, object to the processing of personal data, or request that we transfer a copy of personal information to another party, please contact our compliance manager, Chris Partner, whose contact details are as follows:

  • 01206 986239
  • chrispartner@hunnaball.co.uk
  • The Gate House, Old Coach Road, Colchester, CO1 2TH

No fee usually required

You will not have to pay a fee to access personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if any request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where you may have provided consent to the collection, processing and transfer of personal information for a specific purpose, you have the right to withdraw such consent for that specific processing at any time. To withdraw consent, please contact our compliance manager, Chris Partner, whose contact details are listed above (see
paragraph headed “Rights in connection with personal information”). Once we have received notification that you have withdrawn consent, we will no longer process the information for the purpose or purposes originally agreed to, unless we have another legitimate basis for doing so in law.

Compliance Manager

We have appointed a compliance manager, Chris Partner, to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle personal information, please contact the compliance manager using the contact details listed above (see paragraph headed “Rights in connection with personal information”).

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. If we do so (and if applicable), please ensure that a copy of the new privacy notice is passed to each of your employees with whom we are likely to be dealing during our working relationship and whose personal
information we are therefore likely to collect and use.

We may also notify you in other ways from time to time about the processing of your personal information. Again, if applicable, please ensure that all such notifications are forwarded to each of your employees with whom we are likely to be dealing during our working relationship and whose personal information we are therefore likely to collect and use. If you have any questions about this privacy notice, please contact our compliance manager.