1. Important notice
This is the Privacy Policy for www.facfo.org. It describes who we are, how we obtain and use your personal data, why we are allowed to do so by law, who has access to your personal data and what your rights are. Please review it carefully.
This website is not intended for children and we do not knowingly collect data relating to children.
You have the right to object to us processing your personal data for our legitimate business interests or for direct marketing purposes (including any related profiling). For more information about your rights and how you can exercise them, please see the section Your rights.
2. About us
We are The Federation of African Caribbean Funeral Operatives, a not-for-profit limited company incorporated in (and subject to the laws of) England and Wales with registration number 13203116.
We take your privacy seriously and use your personal data as further explained in this Privacy Policy. We are the “controller” of the personal data you provide to us.
3. What personal data we collect and why
Personal data is any information which identifies you personally whether directly (for example, your name) or indirectly (for example, information about your use of our products and services).
We may collect, store and transfer different kinds of personal data abot you which as have grouped together as follows:
We collect the following personal data from you:
- Identity and Contact Data: includes first name, last name, email address, username or similar identifier we collect when you create an account with us, given us feedback or leave a review, or where you enter a prize draw, competition, promotion or survey with us.
- Marketing and Communications Data: includes your preferences in receiving marketing from us and any third parties and your communication preferences. Where you have consented, we use your personal data to contact you about how we can help you find products and services.
- Technical Data: includes internet protocol (IP) address, your login data and any technology on the devices you use to access the website and/or app.
- Profile Data: includes your username and password, your interests, preferences, feedback and survey responses.
- Usage Data: includes information about how you use our website, app, products and services.
- Correspondence: We collect any additional personal data that you may provide to us from time to time if you contact us by email, letter or telephone, through our website or app, including where you use the integrated messaging functionality, or by any other means. If you contact us by telephone, we may record the call and make notes in relation to your call for training and service improvement purposes, to comply with our legal obligations and to be able to deal with any dispute or defence of a claim which may arise in the course of us providing our products and services to you. If you use our messaging functionality, we will store the messages in line with our retention policy
We also obtain information about you from other sources:
- Cookies and similar technologies: We track your use of our website through cookies and other similar technologies so that we can provide important features and functionality on our website, monitor its usage, and provide you with a more personalised experience. Our website uses pixels from Facebook to tailor the advertising you see on Facebook to relevant products, services, businesses or causes you may be interested in based on your searches on Yell.com. Please see our Cookie Policy to find out more.
- Third parties: We obtain personal data about you from third parties where you have given that third party consent to share such information with us. Details of these third parties, the type of personal data we obtain from them and why, are set out in the table below.
Type of data | Source | Nature of source (public/private) | Location of source | Why do we need this information |
Public profile and email address | Public | USA | We need this information to authenticate you on our consumer app where you choose a social log-in route |
4. How we use your personal data
We use your personal data for the following purposes:
Where applicable, to contact you in relation to a prize draw or competition you have entered.
We use your personal data to process your entry to a prize draw, competition or relevant promotion.
Direct marketing (including by third parties)
If you have provided your consent or we otherwise have the right to do so, we may use your contact details to send you direct marketing and keep you informed of promotional offers by email, SMS, post or telephone relating to our products and services.
You can unsubscribe from our direct marketing at any time by clicking the “Unsubscribe” link in any of our emails or by contacting us (see How you can contact us).
Our trusted business partners would also like to use your name, email address, postal address and telephone number to inform you of similar products, services and promotional offers. We will only share your personal data with our partners where you have provided us with your consent to do so. You can unsubscribe at any time by clicking the “Unsubscribe” link in any of their emails or managing your preferences via their website.
Please see Who we share your personal data with and where it is stored by them to find out exactly who our marketing partners are.
To conduct automated decision-making and profiling
We use technology which tracks your use of our website, app, products and services to help us build a profile of your preferences. What this means for you is that you are more likely to receive direct marketing and promotional offers that are tailored to your specific preferences, based on your previous activity.
If you don’t agree with an automated decision that our technology has made in relation to you, you can let us know (see How you can contact us) and we may decide to look into it for you. You may still have the right to object to us processing your personal data for the purpose of automated decision-making or to restrict us from doing so (see Your rights).
Please note that the legal basis for us carrying out these activities is that it is in our legitimate interests to do so, having taken into account whether your interests and fundamental rights and freedoms are overridden by this type of processing. See Legal grounds for processing) for more information.
To track your usage of our website, communications, products, and services
We use cookies and similar technologies to track your activity on our website so that we can provide important features and functionality on our website, monitor its usage, and provide you with a more personalised experience. Please see our Cookie Policy to find out more.
To conduct internal training
We may use your personal data for internal training purposes so that our staff has the knowledge and expertise they need to ensure we provide you with the best possible user experience. For example, if you contact us by telephone, we may record the call and make notes in relation to your call for training and service improvement purposes.
To conduct market research and analytics
We may analyse your personal data (potentially in combination with personal data relating to other customers) to better understand our user base. We may also invite certain users to be involved in market research. If you accept our invitation, we will use your feedback to improve our products and services.
To maintain our records and improve data accuracy
Like any business, we process personal data in the course of maintaining and administering our internal records. This includes processing your personal data to ensure that the information we hold about you is kept up to date and accurate.
To respond to enquiries, complaints, and disputes
We use the personal data we hold about you to help us respond to any enquiries or complaints you have made, or deal with any dispute which may arise in the course of us providing our products and services to you, in the most effective manner.
To investigate, detect and prevent fraud and comply with our legal obligations
In certain circumstances, we use your personal data only to the extent required in order to enable us to comply with our legal obligations, including for fraud detection, investigation, and prevention purposes. This may require us to provide your personal data to law enforcement agencies, including Trading Standards, if they request it.
5. Legal grounds for processing
Data protection law requires us to only process your personal data if we satisfy one or more legal grounds. These are set out in data protection law and we rely on a number of different grounds for the processing we carry out. These are as follows:
Consent
In certain circumstances, we process your personal data after obtaining your consent to do so for the purposes of:
- sending you marketing communications about our products and services;
- sharing your name, email address, postal address and telephone number with our trusted business partners so that they may market to you about their own similar products and services;
- conducting marketing research;
- using your location to deliver specific messaging and to you and to facilitate the messaging functionality on our app and websites (as applicable).
Necessary for the performance of a contract and to comply with our legal obligations
It is necessary for us to process your contact details, to set up your account and for the performance of any contract between us: ). In particular, we rely on this legal ground to:
- where you enter one of our prize draws, competition or promotions;
- communicate with you about major changes to the terms of this Privacy Policy or to any related or similar information.
In certain circumstances, we also use your personal data only to the extent required in order to enable us to comply with our legal obligations, including to detect, investigate and prevent fraud.
Necessary for the purposes of our legitimate business interests or those of a third party
It is sometimes necessary to collect and use your personal data for the purposes of our legitimate interests as a business, which are to:
- better understand our user base so that we can improve our products and services and marketing activities (which could also benefit you);
- comply with our contractual obligations to third parties, for example to produce aggregated underwriting risk analysis reports for our commercial lenders and commercial insurers;
- develop and improve our website to enhance the user experience;
- train our staff so that we can provide you with a better user service;
- respond to any enquiries or complaints you have made, or deal with any dispute which may arise in the course of us providing our products and services to you; and
- ensure effective operational management and internal administration of our business, document retention, compliance with regulatory guidance and exercise or defence of legal claims.
Please note that where we wish to rely on this legal ground for processing, we are required by data protection law to consider whether our legitimate interests are overridden by your interests or your fundamental rights and freedoms. We may continue to process your personal data on the basis of our legitimate interests only if we determine that your interests, rights, and freedoms are not overridden by our legitimate interests.
We have considered these matters and on balance, we consider that the benefits described above are not outweighed by your interests or your fundamental rights and freedoms.
Where we think there is a risk that one of your interests or fundamental rights and freedoms may be affected we will not process your personal data unless there is another legal ground for us to do so (either that we have obtained your consent to the processing of it is necessary for us to perform our contract with you or to comply with our legal obligations).
6. Who we share your personal data with and where it is stored by them
We may provide your personal data to:
- our suppliers and services providers, including other companies in our group, who perform certain business services for us and act as “processors” of your personal data on our behalf; and
- other organisations, who use your personal data for their own purposes and are “controllers” of such data in their own right. Such organisations may be located outside the EEA.
In addition, we may disclose your personal data:
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to protect the rights, property or safety of our business, our customers or others. This includes, in specific cases, exchanging information with other organisations for the purposes of fraud protection; and
- to successors in title or replacement operators of all or part of our business.
In some cases, the personal data we collect from you may, for the purposes set out above, be transferred outside the European Economic Area (“EEA”) and such destinations may not have laws that protect your personal data to the same extent as in the EEA. We are required by data protection law to ensure that where we or our “processors” transfer your personal data outside the EEA, it is treated securely and is protected against unauthorized access, loss or destruction, unlawful processing, and any processing which is inconsistent with the purposes set out in this Privacy Policy.
The table below sets out details of the third parties to whom we currently disclose your personal data. The table also explains how these organisations use your personal data, whether they are our “processors” or use your personal data for their own purposes once they have received it, any processing they perform outside the EEA, and the safeguards that are used to protect your personal data if this happens. This information may be updated from time to time.
Please ask us if you would like more information about the safeguards that are used to protect your personal data when it is processed outside the EEA (see How you can contact us).
Name of recipient | Why your personal data is shared | Location of processing | Safeguards used to protect personal data processed outside the EEA |
Our suppliers and service providers (“processors”) | |||
Deya Limited(“Deya”) | Deya facilitates the delivery of the Yellow Pages directory and verifies receipt of delivery | UK | N/A – processing is taking place within the EEA. |
Hibu Inc. (“Hibu”) | Hibu is a US-based group company and currently shares some computer systems with Yell | USA | There is no adequacy decision by the European Commission in respect of transfers of personal data to the locations specified in the column to the left. This means that the European Commission does not consider the laws in these locations to protect personal data to the same extent as in the EEA.Consequently, we have entered into standard data protection clauses (known as controller-processor model clauses) with Hibu pursuant to Article 46(2) of the GDPR. Such clauses provide adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals when personal data is transferred to locations for which there is no adequacy decision. |
NSC Programming Limited (“NSC”) | NSC provides services in connection with our legacy data systems. | UK | N/A – processing is taking place within the EEA. |
Rackspace International GmbH (“Rackspace”) | Rackspace hosts our data. | UK | N/A – processing is taking place within the EEA. |
SAP (UK) Limited (“SAP”) | SAP hosts our data. | UK | N/A – processing is taking place within the EEA. |
Shift 6 Limited (“Appsee”) | Appsee provides user behaviour analysis pertaining to our apps | EEAIsrael | N/A – processing is taking place within the EEA.EU decisions as to adequacy decision |
Smile Family Inc. (“SendBird”) | SendBird provides the functionality for our messaging platform in the Merchant and Consumer apps | EEAUSA | N/A – processing is taking place within the EEA.Privacy Shield |
Tata Consultancy Services Limited (“Tata”) | Tata operates our customer services and conducts a number of business operations on our behalf which require us to share your personal data with them, including data input, product support and account management services. | IndiaPhilippines | Model clauses – as above for Hibu. |
The Why Agency Limited(“The Why Agency”) | The Why Agency facilitates the Yell booth competition at our Yell roadshow. | EEA | N/A – processing is taking place within the EEA. |
Wipro Limited (“Wipro”) | Wipro provides helpdesk support services. | IndiaPhilippines | Model clauses – as above for Hibu. |
7. How long we keep your personal data for
We retain your personal data for no longer than is necessary for the purpose(s) for which it was provided. What this means in practice will vary between different types of data. When determining the relevant retention periods, we take into account factors including:
- legal obligation(s) under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law;
- potential or actual disputes; and
- guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your personal data from our systems when it is no longer needed.
8. Your rights
You have the following rights regarding your personal data:
Rights | What does this mean? |
1. Right to be informed | You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this Privacy Policy. |
2. Right of access | You have the right to obtain access to your personal data (if we are processing it) and certain other information (similar to that provided in this Privacy Policy). This is so you are aware and can check that we are using your personal data in accordance with data protection law. |
3. Right to rectification | You are entitled to have your personal data corrected if it is inaccurate or incomplete. |
4. Right to erasure | This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions. |
5. Right to restrict processing | You have the right to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future. |
6. Right to data portability | You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party. |
7. Right to object to processing | You have the right to object to us processing your personal data for our legitimate business interests or for direct marketing purposes (including in each case any related profiling). |
8. Right to withdraw consent to processing | If you have given your consent to us to process your personal data for a particular purpose (for example, direct marketing), you have the right to withdraw your consent at any time (although if you do so, it does not mean that any processing of your personal data up to that point is unlawful). |
9. Right to make a complaint to the data protection authorities | You have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy with how we have handled your personal data or believe our processing of your personal data does not comply with data protection law. |
For more information about your rights or if you would like to exercise any of your rights, you are welcome to contact us at the contact details set out below under How you can contact us.
9. How you can contact us
If you would like to exercise your data protection rights or if you are unhappy with how we have handled your personal data, you may contact us by:
- emailing: info@facfo.org;
- calling: 0208 895 6485; or
- submitting a message through our WhatsApp number: 07986 726238.
- If you would like to contact our data protection officer, you may do so by emailing info@facfo.org.
If you’re not satisfied with our response to any enquiry or complaint or believe our processing of your personal data does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) by:
- writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF;
- calling: 0303 123 1113; or
- submitting a message through the ICO’s website at: ico.org.uk.
10. Links to other websites
Our website contains hyperlinks to websites owned and operated by third parties. This Privacy Policy does not apply to those other websites. We encourage you to read the privacy statements on the other websites you visit, as they will govern the use of any personal data you provide when visiting those websites. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
11. Changes to this Privacy Policy
This Privacy Policy may be updated from time to time so you may wish to check it each time you provide personal data to us. We won’t alert you to minor changes, but if there are any major changes we will let you know and where appropriate ask for your consent.