Date of last revision: 05 April 2018
We take your privacy very seriously. Please read this privacy statement (referred to from here as the “Notice”) carefully as it contains important information about how we collect, process and protect personal data. This Notice describes how we handle personal data collected through our Website www.celticresearch.com/ (“Website”) and the personal data that we process in the course of providing our services to our customers (“Services”). Information about our Services is available here: www.celticresearch.com/about-us/what-we-do/.
1. About us. For the purposes of data protection law, the “controller” (i.e. the organisation who is responsible for, and controls the processing of, your personal data) is Celtic Research Limited, a company incorporated in England and Wales under company number 04568474 and having its registered office address at 9 Broad Street, Montgomery, Powys, Wales, United Kingdom (“we”).
If you would like to contact us in relation to this Notice please send an email to email@example.com.
2. Information about you that we collect from you. When you contact us (for example through our Website, or by email, letter or telephone) we may collect certain personal information (known as personal data) from you such as:
- your contact details (such as your name, email address and telephone number)
- any other personal information that you provide to us.
We may also collect personal data from you in the course of providing our Services to our customers, including for example:
- your date of birth and gender
- identity numbers and details (such as the number of your driving licence or passport, your social security number, national identity card number, medical card number, any identifiers with Her Majesty’s Revenue and Customs, or any document used as proof of identity or address)
- payment information, such as payment card details
- information about your personal circumstances that is relevant to our provision of the Services.
3. Information about others that we collect from you. You may wish to provide us with personal data about your relatives or other individuals, in connection with our Services. If you provide us with personal information about a living individual, please ensure you obtain that person’s specific consent to this, wherever possible, before you provide their personal data to us.
4. Information about you from other sources. In order to provide our Services to our customers, we may collect information about you from third-party sources, for example:
- public and historical records, for example newspapers, birth records and marriage records
- government sources, for example the General Register Office (Ireland), the General Register Office (Northern Ireland), the National Records of Scotland, the General Register Office for England and Wales and Her Majesty’s Court and Tribunals Service
- record-indexing websites
- friends, neighbours and others who have come into contact with you.
The types of personal data about you that we may collect from third-party sources include:
- contact details (such as postal address, telephone number and email address)
- present and past names, surnames and aliases
- date of birth
- marital status and other life events
- religious affiliation
- bankruptcy status (which we are required to produce by law at the point of distribution of an estate).
5. Purposes and legal bases of processing.
In order to process personal data, we must have a lawful reason. We always ensure this is the case, and we set out our lawful bases below.
5.1. Legitimate Interests. We process your personal information for our legitimate business purposes, which include the following:
- to conduct and manage our business
- to enable us to carry out our Services and research
- to ensure our website and systems are secure
- to improve and update our Services for the benefit of our customers
Wherever we process your personal data for these purposes, we ensure that your interests, rights and freedoms are carefully considered.
We may also process your personal data on grounds of legitimate interest in order to let you know about our products or services that we consider may be of interest to you. We carry out this processing on the legal basis that we have a legitimate interest in marketing our Services and only to the extent that we are permitted to do so by applicable direct marketing laws. Please see the clause titled “Marketing” below for further information about our marketing activities and regarding your right to opt out.
5.2. Special category personal data. Sometimes we process what is known as “special category personal data”. This is personal data of a particularly sensitive kind, namely any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; genetic data and/or biometric data for the purpose of identifying a natural person; data concerning health; and data concerning a natural person’s sex life or sexual orientation.
We process special category personal data for historical research purposes in the course of providing Services, and also for reasons of substantial public interest (namely the correct administration of the law of succession).
Wherever we process your special category personal data for these purposes we ensure that your interests, rights and freedoms are carefully considered.
5.3. Contractual Necessity. Where you are our customer, we may process your personal data for the following purposes on the legal basis that it is necessary for us to provide our Services to you:
- to identify you
- to respond to your enquiry if you contact us through our Website
- to provide pre-contractual information about our Services
- to provide our Services
- to carry out billing and administration activities
- to customise our Services to you.
Accordingly, your failure to provide such personal data may hinder or prevent us from providing our Services to you.
5.4. Compliance with laws. We may process your personal data in order to comply with applicable laws (for example, if we are required to co-operate with a police investigation pursuant to a court order).
6. Recipients of your personal data. We may provide your personal information to the following types of recipients for the purposes set out in this Notice:
- other companies within our group
- our employees, consultants and agents
- our service providers
- law enforcement agencies in connection with any investigation to help prevent unlawful activity
- administrators and custodians, whether private or public bodies, or individuals engaging in the administration of an estate
- courts of law.
7. Information transfers. Although we are based in England, we may transfer your personal information to a location (for example, to a secure server) outside the European Economic Area, if we consider it necessary or desirable for the purposes set out in this Notice. In such cases, to safeguard your privacy rights, transfers will be made to recipients to which a European Commission “adequacy decision” applies (this is a decision from the European Commission confirming that adequate safeguards are in place in that location for the protection of personal data), or will be carried out under standard contractual clauses that have been approved by the European Commission as providing appropriate safeguards for international personal data transfers, copies of which are available to view on the Commission’s website (https://ec.europa.eu/info/index_en).
8. Data retention period. We use the following criteria to determine data retention periods for your personal data:
8.1. Retention for providing the Services. We will retain your personal data as long as necessary for us to provide relevant Services.
8.2. Retention in case of queries. We will retain your personal data as long as necessary to deal with your queries.
8.3. Retention in case of claims: We will retain your personal data for as long as we may require it to defend claims that may be brought against us or our customers.
8.4. Retention in accordance with legal and regulatory requirements. We will retain your personal data after we have completed relevant Services based on our legal and regulatory requirements.
9. Marketing. We may store your contact details, and carry out marketing profiling activities, for direct marketing purposes. If you have given your consent, or where we are otherwise permitted to do so, we may contact you about our products or services that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time by sending an email to firstname.lastname@example.org
10. Keeping your information secure. We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. Please contact us at email@example.com if you would like more information about this.
11. Your information rights. We draw your attention to your following rights under data protection law
- the right to be informed about the collection and use of your personal data;
- the right of access to your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information
- the right to have inaccurate personal data that we process about you rectified
- the right (in certain circumstances) to have personal data that we process about you blocked, erased or destroyed
- the right to object to the processing of your personal information in the ways described in clauses 5.1 and 8
- the right (in certain circumstances) to request a copy your personal data that you have provided to us, in a machine-readable format, in order for you to transmit those data to another organisation.
Further information about your information rights is available on the ICO’s website: https://ico.org.uk/.
12. Contact us. We welcome your feedback and questions. If you would like to contact us in relation to this Notice, please send an email to firstname.lastname@example.org.
13. How to complain. If you have a complaint about the way we handle your personal data, please contact us at email@example.com. In addition, you have a right to raise a concern with the UK’s information regulator, the ICO: https://ico.org.uk/.