Privacy & GDPR Policy
This policy covers the brands, websites, products and services within Civil Ceremonies Ltd, including:
The products and services covered include:
Training courses, ceremony related products, ceremonies with and without a celebrant.
This policy lays out what data we will ask you for, why we need it and how long we will keep it.
- Privacy & Data Protection
We are committed to protecting your privacy and promise only to use information collected about you to provide you with the goods and services that you have requested from us.
We will never collect sensitive information about you without your explicit consent. At no time will any information gained about you be passed on to any third-party without your explicit consent in writing. The only exception to this is when required by law.
From time to time we would like to send you details of special offers and new products and services that we feel may be of interest to you.
- Training Courses – GDPR Special categories of personal data
Some of the information that we are required to obtain from learners who train with us is required by the ESFA, a government department, the Student Loan Company, and the NOCN (awarding organisation). All are not for profit organisations. It is their requirement that we ask you for information about your gender, age, ethnicity, employment, any learning difficulties and home address. GDPR Article 9 lists the conditions for processing such special category data and (d) Not-for-profit bodies is one of these categories and this allows us to ask you for this information on their behalf.
We provide all learners with the ESFA privacy notice issued by the Education and Skills Funding Agency.
- Anonymous Data Collection
We use technology to collect anonymous information about the use of our website. For example, our web server automatically logs which pages of our website our visitors view, their IP address/es and which web browsers our visitors use. This technology does not identify you personally, it simply enables us to compile statistics about our visitors and their use of our website.
Our website contains hyperlinks to other pages on our website. We may use technology to track how often these links are used and which pages on our website our visitors choose to view. Again, this technology does not identify you personally – it simply enables us to compile statistics about the use of these hyperlinks. We do track your purchasing habits, or any part of the purchasing process.
The website does issue ‘cookies’ (these are small files of information which websites use to identify its users), however, these do not contain personal information. Civil Ceremonies does not share this data with third parties. You can disable cookies by altering the settings of your browser and the website will still function. We hold Cyber Essentials Certification which is assessed and renewed annually.
In addition, we will not send you emails that you have not agreed to receive. If you are a member of our mailing list, you may be contacted with announcements, news, portfolio additions, and new products or services. With each email sent, you have the option of ‘unsubscribing’ at any time, thereby disabling any further such email communication.
- How long do we keep your data?
If you have purchased a product or service from us, we will keep your data for 7 years as per usual business accounting requirements. After this time your data will be securely destroyed unless you respond to us positively that you wish to remain in contact with us.
If you have made an enquiry about a product or service, we will keep your data for 1 year as this is deemed a reasonable time for you to further your interest in our products or services. After this time your data will be securely destroyed. However, you have the right to ask us to remove all your data immediately away if you prefer.
- How do we keep your data?
Civil Ceremonies uses all reasonable precautions to keep the information disclosed to us secure. Only the organisation’s staff will normally have access to client data. All staff are made aware of the appropriate policies and their obligation not to disclose personal data to anyone who is not supposed to have it. Information supplied is kept in a secure filing, paper and electronic system and is only accessed by those individuals involved in the delivery of the service. This personal information is dealt with properly and securely however it is collected, recorded and used, whether on paper, in a computer, or recorded on other material.
- Erasure and rectification
You have the right to have inaccurate personal data rectified, or completed if it is incomplete. You can make a request for rectification verbally or in writing and we will action this within one month of the request. You also have a right to have your personal data erased. The right to erasure is also known as ‘the right to be forgotten’. You can make a request for erasure verbally or in writing and we will carry out the erasure within one month of a request.
- How data is obtained
Data is collected over the phone and using other methods such as e-mail and websites. An ‘opt in’ option is included in all contact from the company CRM system, which is in itself fully GDPR compliant.
- We take your data seriously
Civil Ceremonies Ltd regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions, and to maintain confidence between those with whom it deals. To this end Civil Ceremonies Ltd fully endorses and adheres to the Principles of Data Protection, as set out in the Data Protection Act 1998 and the requirements of the General Data Protection Regulation (GDPR).
The Data Protection Act 1998 regulates the processing of information relating to living and identifiable individuals (data subjects). To do this Civil Ceremonies Ltd follows the eight Data Protection Principles outlined in the Data Protection Act 1998, which are summarised below:
- Personal data will be processed fairly and lawfully
- Data will only be collected and used for specified purposes
- Data will be adequate, relevant and not excessive
- Data will be accurate and up to date
- Data will not be held any longer than necessary
- Data subject’s rights will be respected
- Data will be kept safe from unauthorised access, accidental loss or damage
- Data will not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.
The principles apply to “personal data” which is information held on computer or in manual filing systems from which they are identifiable. Our employees who process or use any personal information in the course of their duties will ensure that these principles are followed at all times. Civil Ceremonies Ltd is a DATA CONTROLLER under the Act, and the Managing Director is ultimately responsible for the policy’s implementation.
Personal data will not be passed on to anyone outside the organisation without explicit consent from the data owner unless there is a legal duty of disclosure under other legislation, in which case the Managing Director will discuss and agree disclosure.
If you are unhappy with how Civil Ceremonies Ltd has used your personal data, you can complin to the Information Commissioner’s Office (ICO) at:
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. You can also call their helpline on 0303 123 113 or visit https://www.ico.org.uk