Date of last revision: 05 April 2018
We take your privacy very seriously. Please read this privacy statement (referred to from here as the “Notice”) carefully as it contains important information about how we collect, process and protect personal data. This Notice describes how we handle personal data collected through our Website www.celticresearch.com/ (“Website”) and the personal data that we process in the course of providing our services to our customers (“Services”). Information about our Services is available here: www.celticresearch.com/about-us/what-we-do/.
1. About us. For the purposes of data protection law, the “controller” (i.e. the organisation who is responsible for, and controls the processing of, your personal data) is Celtic Research Limited, a company incorporated in England and Wales under company number 04568474 and having its registered office address at 9 Broad Street, Montgomery, Powys, Wales, United Kingdom (“we”).
If you would like to contact us in relation to this Notice please send an email to firstname.lastname@example.org.
2. Information about you that we collect from you. When you contact us (for example through our Website, or by email, letter or telephone) we may collect certain personal information (known as personal data) from you such as:
We may also collect personal data from you in the course of providing our Services to our customers, including for example:
3. Information about others that we collect from you. You may wish to provide us with personal data about your relatives or other individuals, in connection with our Services. If you provide us with personal information about a living individual, please ensure you obtain that person’s specific consent to this, wherever possible, before you provide their personal data to us.
4. Information about you from other sources. In order to provide our Services to our customers, we may collect information about you from third-party sources, for example:
The types of personal data about you that we may collect from third-party sources include:
5. Purposes and legal bases of processing.
In order to process personal data, we must have a lawful reason. We always ensure this is the case, and we set out our lawful bases below.
5.1. Legitimate Interests. We process your personal information for our legitimate business purposes, which include the following:
Wherever we process your personal data for these purposes, we ensure that your interests, rights and freedoms are carefully considered.
We may also process your personal data on grounds of legitimate interest in order to let you know about our products or services that we consider may be of interest to you. We carry out this processing on the legal basis that we have a legitimate interest in marketing our Services and only to the extent that we are permitted to do so by applicable direct marketing laws. Please see the clause titled “Marketing” below for further information about our marketing activities and regarding your right to opt out.
5.2. Special category personal data. Sometimes we process what is known as “special category personal data”. This is personal data of a particularly sensitive kind, namely any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; genetic data and/or biometric data for the purpose of identifying a natural person; data concerning health; and data concerning a natural person’s sex life or sexual orientation.
We process special category personal data for historical research purposes in the course of providing Services, and also for reasons of substantial public interest (namely the correct administration of the law of succession).
Wherever we process your special category personal data for these purposes we ensure that your interests, rights and freedoms are carefully considered.
5.3. Contractual Necessity. Where you are our customer, we may process your personal data for the following purposes on the legal basis that it is necessary for us to provide our Services to you:
Accordingly, your failure to provide such personal data may hinder or prevent us from providing our Services to you.
5.4. Compliance with laws. We may process your personal data in order to comply with applicable laws (for example, if we are required to co-operate with a police investigation pursuant to a court order).
6. Recipients of your personal data. We may provide your personal information to the following types of recipients for the purposes set out in this Notice:
7. Information transfers. Although we are based in England, we may transfer your personal information to a location (for example, to a secure server) outside the European Economic Area, if we consider it necessary or desirable for the purposes set out in this Notice. In such cases, to safeguard your privacy rights, transfers will be made to recipients to which a European Commission “adequacy decision” applies (this is a decision from the European Commission confirming that adequate safeguards are in place in that location for the protection of personal data), or will be carried out under standard contractual clauses that have been approved by the European Commission as providing appropriate safeguards for international personal data transfers, copies of which are available to view on the Commission’s website (https://ec.europa.eu/info/index_en).
8. Data retention period. We use the following criteria to determine data retention periods for your personal data:
8.1. Retention for providing the Services. We will retain your personal data as long as necessary for us to provide relevant Services.
8.2. Retention in case of queries. We will retain your personal data as long as necessary to deal with your queries.
8.3. Retention in case of claims: We will retain your personal data for as long as we may require it to defend claims that may be brought against us or our customers.
8.4. Retention in accordance with legal and regulatory requirements. We will retain your personal data after we have completed relevant Services based on our legal and regulatory requirements.
9. Marketing. We may store your contact details, and carry out marketing profiling activities, for direct marketing purposes. If you have given your consent, or where we are otherwise permitted to do so, we may contact you about our products or services that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time by sending an email to email@example.com
10. Keeping your information secure. We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. Please contact us at firstname.lastname@example.org if you would like more information about this.
11. Your information rights. We draw your attention to your following rights under data protection law
Further information about your information rights is available on the ICO’s website: https://ico.org.uk/.
12. Contact us. We welcome your feedback and questions. If you would like to contact us in relation to this Notice, please send an email to email@example.com.
13. How to complain. If you have a complaint about the way we handle your personal data, please contact us at firstname.lastname@example.org. In addition, you have a right to raise a concern with the UK’s information regulator, the ICO: https://ico.org.uk/.