Privacy Policy

 

1.1 References in this Privacy Policy to “we”, “our”, or “us” (or similar) are references to Castle Estate Solutions ("CES"). For more information about CES please see Section 10.1. The words “user”, or “you” (or similar) refer to you as an individual or legal entity.

1.2 This Privacy Policy sets out the basis on which we will handle all the information you provide in connection with the services which we provide. When you buy a service or product, such as a funeral plan, or provide information that’s connected to the potential purchase of a service or product, you agree that we can handle that information in line with this Privacy Policy.

1.3 We comply with EU General Data Protection Regulation (GDPR) for the protection of personal data, as well as the principles of data security in the configuration of our services.

1.4 We process your personal information to let us administer your account and provide products and services you’ve bought from us. To buy a product or service, we will have to collect, store and use elements of your personal data. This means we will be processing your data on a contractual basis. If you don’t provide this personal data then we cannot execute the contract. That means we may have to terminate our services to you.

1.5 If you have any questions about this policy, or how we use your personal data, please contact us using the Conatct Form or email address on our website. 

1.6 We will always respect your privacy and security:

(a) We won’t sell your data to any third parties outside of our own group.

(b) We’ll only make contact with you if we have a lawful reason to do so.

(c) We won’t pass your data on to anyone who shouldn’t have it.

 

1.7 There’s some data we may have to keep for legal reasons. There are also some communications we’ll send you because we genuinely believe you’ll find them interesting. But if at any time, you want us to remove your data from our systems, then you can ask us to that by emailing us. 

2. 1 To provide the services which we offer, we must necessarily collect some information from yo, this may include:

(a) identity data such as your first name, last name and title;

(b) contact data such as your email address, phone number and correspondence address;

(c) demographic data such as your date of birth and your postcode (or equivalent);

(d) other identifying information that you provide us, including without limitation unique identifiers such as passwords, and information in emails or letters that you send to us;

(e) information you provide by filling in forms on our website (or the websites/platforms operated by our approved independent affiliates/product providers);

(f) information you provide us, or that we may collect from you, when you report a problem or otherwise provide feedback relating to a product or our services generally;

(g) your name and email address from a third party, such as our approved independent affiliates/providers/introducers, if that third party has a lawful reason to share your information with us;

(h) financial data such as your credit or debit card details or your bank account details;

(i) Technical data when you use our website, such as internet protocol (IP) address, your login data, browser type and version, your device’s geographic location.

(j) next of kin names, contact details, relationships to you. 

2.2 All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect identify fraud, we will record this, and we may also report this to the appropriate authorities.

2.3 We may monitor, record, store and use any communications with you for training purposes and as a reference point for auditing any instructions given to us.

2.4 We will only use your personal information where we have a lawful basis to do so. The lawful purposes that we rely on under this policy are:

(a) consent (where you choose to provide it);

(b) performance of our contract with you;

(c) compliance with legal requirements; and

(d) legitimate interests. When we refer to legitimate interests we mean our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests.

 

2.5 If you apply for a Funeral Plan, or you request a consultation or a quote for a Funeral Plan, we shall use your personal data to consider your application and, as appropriate, your account, and to provide the Funeral Plan to you on a contractual basis.

2.6 We may from time to time need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of any legal reporting obligations we have, our anti-money laundering processes or to protect a third party’s rights, property, or safety.

2.7 We may also use your personal data for our legitimate interests including:

 

(a) to improve our site and services;

(b) in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;

(c) to deal with any questions or comments you raise;

(d) to prevent fraud or to indicate possible criminal acts or threats to public security;

(e) for audit purposes;

(f) for market research and analytic purposes;

(g) to contact you to respond to your request;

(h) to contact you about changes to this policy;

(i) if you give us your consent to do so, we may also send to you by email marketing communications about us or our group companies’ products and services;

(j) if you give us your consent, we may collect your device’s location information to provide you with location-based services;

(k) if we intend to further process your personal data for any other reason, we’ll give you information about that before it happens.

2.8 If you buy a Funeral Plan through us we and/or the provider of that plan must disclose your information to the Funeral Director nominated to the funeral plan or a Funeral Director that you’ve nominated to conduct the funeral. When you buy a Funeral Plan, you consent to the transfer, storage and use of your Information by the Funeral Director with whom we share your Information.

2.9 For our legitimate interests, we may share your personal data with our service providers, sub-contractors and affiliates that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, payment providers, accountants, auditors and lawyers. We shall provide our service providers, sub-contractors and affiliates only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.

2.10 If we need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety then in doing so, we may share your personal data with third party authorities and regulatory organisations and agencies.

2.11 If we choose to merge, sell assets, consolidate or restructure, finance, or sell all or a portion of our business by or into another company then the new owners may use your personal data in the same way that we do, as set out in this policy.

 

3.1 The information we collect from you we may store, process and transmit in Europe and around the world - including outside the United Kingdom. Information may also be stored on the devices you use to access our website.

3.2 Where your personal data is transferred outside the United Kingdom, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to protect your personal data.

 

3.3 We will retain personal information in accordance with applicable laws:

(a) as a general rule, if you currently have a contract or intend to enter into a contract with us, we will store the data for a period of 7 years after the contract ends, so that we may comply with our general legal obligations and for the exercise or defence of any legal claims.

(b) however, we may also be required to retain any personal information we hold for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents and in order to deal with any dispute you might raise.

(c) where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

4.1 We maintain commercially reasonable technical, administrative, and physical safeguards to ensure your information is treated securely and in accordance with this Privacy Policy, and to protect against unauthorised access or alteration to, disclosure, or destruction of your Information.

 

4.2 We may, for example, use encryption technology to secure your information during transmission to our platform as well as external and on-host firewall technology to prevent network level attacks. Only employees that need to access your information are able to access it.

4.3 Unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure.  If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.

 

5.1 If you give us your consent to do so, we may use your information to predict what you might be interested in and then to send you marketing communications by email about us or our affiliates' products and services that we have predicted might interest you.

5.2 You can choose to no longer receive marketing either by post and/or by email by contacting us or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.

 

5.3 If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. If you still have a plan via us, we may continue to email you in relation to your account only.

6.1 You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below.

 

6.2 Under the GDPR, you have the right to ‘block’ or request the deletion or removal of personal data to prevent further processing. This right to erasure is also known as ‘the right to be forgotten’.

 

6.3 Specific circumstances in which you can request the deletion or removal of personal data includes:

 

(a) where the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

(b) Where you withdraw consent.

(c) When you object to the processing and there is no overriding legitimate interest for continuing the processing.

(d) Where the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).

(e) Where the personal data has to be erased in order to comply with a legal obligation.

 

6.4 In case a deletion is not possible due to legal, statutory or contractual retention periods, or if it requires disproportionate efforts or prejudices your legitimate interests, the data will be blocked or anonymised instead of deleted.

6.5 You also have the right to see what personal information we are processing. This can be requested by emailing us. We won’t charge for this service unless you make multiple requests, in which case there may be nominal charge to cover the administration of those requests.

 

6.6 You may also ask us for a copy of the personal data that has been processed through automated means. This will be provided in a structured, commonly used, and machine-readable format (where technically feasible) which you may then transmit to another controller.

6.7 You have the right to request us to send this to another controller on your behalf, but only if this is technically feasible for us to do so. You have the right to withdraw your consent for us to collect, process and store your data at any time. If you wish to withdraw your consent, please confirm this in writing to our compliance officer.

7.1 You can access a broad range of information about any plans you hold via us by phone or email.

8.1 If you’re concerned about any aspect of data protection or if you feel your privacy has been breached by us, we want to hear from you. Please contact us immediately. 

8.2 If you are unhappy with the final response you receive from us, then you may complain to the Information Commissioner’s Office (ICO) and we ask that you do so within three months of your last meaningful contact with us. You can call the ICO on 0303 123 1113 or by visiting their website: https://ico.org.uk/.

 

9.1 Our site may contain links to third party websites, plug-ins and applications. We are not responsible for the content of such third party content, or their privacy policies. If you provide any information to the third party, then you should check the third party website to find the applicable privacy policy.

9.2 This Privacy Policy was created and last updated on 19th December 2021. This was the first iteration and there is no previous version.

10.1 CES is a trading style of Castle Tower Consulting Ltd (Registered in England & Wales Company Number 13176955)

Registered Office: 86-90 Paul Street, London, England, United Kingdom, EC2A 4NE