Massey Bros. Data Privacy Statement
Date: May 27th 2018
Who Are We?
This is the Data Privacy Statement of Massey Bros. Funeral Homes, with head office at 109 The Coombe, Dublin 8. This statement also covers all of our branches.
You can find details of all branches and contact numbers at: https://wordpress-335176-1030568.cloudwaysapps.com/about-us/our-locations/
Massey Bros. is one of Ireland’s longest established funeral directors; the company was first established in the 1930s. The company is a member of the Irish Association of Funeral Directors and subscribes to its Code of Practice and Customer Care Charter.
About This Statement
This Data Privacy Statement is designed to demonstrate our firm commitment to privacy, our compliance with the General Data Protection Regulation (GDPR) and to inform you of the personal data that we collect and process in connection with your interaction with Massey Bros.
It also sets out details of what personal data we process, why we process it, with whom your personal data is shared, and a description of your rights with respect to your personal data.
Please note that under GDPR, the definition of personal data only applies to living data subjects.
Personal Data Processed
The personal data we hold, process and retain will be used for the management of your account, for administrative purposes, for meeting our legal and regulatory obligations and for marketing, where you give consent. We hold it and use it to protect your rights and interests and to manage our relationship with you appropriately, effectively and lawfully. At the same time, it enables us to run our business.
Where there is a need to process your data for a purpose other than those set out in this Data Privacy Statement, or otherwise outlined to you, we will inform you of this and, if required, we will seek your consent.
This is the personal data shared with us by the person organising the funeral, which may include a name, address, email address and phone number. We will only ever ask for the minimum personal data required in order for us to make the arrangements in a suitable manner.
We retain all data relating to funeral arrangements indefinitely. We do this because we often get requests from families years later enquiring about details of previous funerals, when arranging a subsequent funeral. These records are kept in a locked facility in our head office.
We ask for your consent to contact you within one year in relation to the remembrance of your loved one, and only do so if we receive your consent.
We do not retain any credit card details.
We provide a service where you can take out an insurance policy to cover the cost of your funeral. The information required includes name, address, phone number, email address, date of birth, smoking habits, health details and next of kin details. This information is kept securely and shared with our insurance broker.
Golden Charter Service
This is a prepayment and pre-arrangement option for funerals.
The information required includes name, address, phone number, email address.
The information is kept in a secure trust and shared only with verified Golden Charter staff.
We provide a facility to leave condolences on our website. We ask for your name and email address. These condolences are securely stored in the backend of our website, and deleted on a regular basis.
Grant & Sponsorship Applications
We receive applications for grants and sponsorship on forms available on our website, which ask for your name, email address and a contact telephone number. These are stored securely and retained for a period of 6 years, after which they are deleted.
We have events throughout the year for remembrance purposes and to raise money for charity. We sometimes take photographs to put on our social media. We always announce this at the event and ask people who do not consent to this to avoid having their photo taken. In the event that a photo of someone who did not consent did appear on our social media, we would take it down immediately.
How is your Personal Data Shared?
Your personal data may be disclosed to third parties where we are legally obliged to do so. It will also be disclosed during activities where we have lawful contractual agreements in place that enable us to operate Massey Bros.
Massey Bros. shares your personal data with sub-contractors used in the provision of funeral services, including:
- Production of keepsakes
- Headstones & monuments
- Soloists / musicians
- Clergy/Civil Celebrant/Humanist Celebrant
- Sub-contracted hearse drivers
- Catering companies/ public houses/ hotels
- Death Notices – newspapers, radio and RIP.ie
All of our sub-contractors have been instructed on how to process any personal data we share with them, in terms of keeping the information secure and private, and not retaining it for any longer than necessary.
Subject Access Requests
You have the following rights under data protection law;
- Information Request. The right to receive a copy of and/or access the personal data that we hold about you, together with other information about our processing of that personal data.
- Update Data. The right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update your data such that it is complete.
- Data Deletion. The right, in certain circumstances, to request that we erase your personal data.
- Restrict Processing. The right to object to our use of your personal data or the way in which we process it.
- Object to Processing. The right, in certain circumstances, to request that we no longer process your personal data for particular purposes.
- Data Portability. The right, in certain circumstances, to transfer your personal data to another organisation.
- Review Automated Decisions. The right to object to automated decision making and/or profiling.
We fulfill all subject access requests within one month, where possible. If you have a request, please contact Elaine Galvin by email at [email protected]
If you have a complaint about how we have handled your personal data or a subject access request, please contact Peter Maguire, Director and Business Manager, at [email protected]
You also have the right to complain to the Data Protection Commissioner if you are not satisfied with how Massey Bros. have dealt with your Subject Access Request.
A cookie is a file containing an identifier that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, and remember your preferences.
- Analytical cookies. We use Google Analytics to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Marketing cookies. We use Google Adsense cookies to target advertising based on what’s relevant to a user, to improve reporting on campaign performance, and to avoid showing ads the user has already seen.
For more information, please see our Cookies Policy.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include staff training and awareness, and we review these measures regularly.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Data Breach Management
We fully comply with GDPR requirements in relation to data breach management. We commit to report these within 72 hours to the Data Protection Commissioners, to inform affected data subjects as soon as possible, to log all breaches internally and put corrective action in place to ensure that they do not reoccur.
Will Your Personal Data Be Transferred Abroad?
No, all of our personal data is managed on a server based in our head office, located in Dublin.
Changes to the Privacy Statement
Any changes to this Privacy Statement will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use personal data in a manner significantly different from that stated in this website, Privacy Statement, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will have a choice as to whether or not we use your information in the new manner.