MyRemembrance

Data Protection Policy

1. Purpose

  • This policy ensures that personal data is:
  • Collected and processed lawfully, fairly, and transparently
  • Used only for legitimate business purposes
  • Kept accurate, secure, and up to date
  • Retained only as long as necessary

2. Scope

  • This policy applies to:
  • All users of our services
  • All employees, contractors, and third-party providers who process personal data on behalf of MyRemembrance

3. Principles of Data Protection

  • We adhere to the following principles:
  • 3.1 Lawfulness, Fairness, and Transparency – Data is processed lawfully and with clear communication to the user.
  • 3.2 Purpose Limitation – Data is collected for specific purposes and not used in ways incompatible with those purposes
  • 3.3 Data Minimization – Only data necessary for our services is collected.
  • 3.4 Accuracy – We take steps to ensure data remains accurate and up to date.
  • 3.6 Integrity and Confidentiality – Data is processed securely with technical and organizational measures in place.

4. User Rights

  • Users have the following rights under GDPR/UK GDPR:
  • Right of Access – Request a copy of personal data held about you
  • Right to Rectification – Request correction of inaccurate data.
  • Right to Erasure (Right to be Forgotten) – Request deletion of your personal data.
  • Right to Restrict Processing – Limit how your data is used.
  • Right to Data Portability – Request a copy of your data in a structured, commonly used format.
  • Right to Object – Object to certain processing activities.
  • Right to Withdraw Consent – Withdraw consent for communications or optional processing.
  • Requests can be submitted to admin@myremembrance.org. We will respond within the legally required timeframe.

5. Data Security Measures

  • We implement security safeguards, including:
  • Encryption of data in transit and at rest
  • Secure hosting and access control
  • Regular monitoring and vulnerability assessments
  • Staff training on data protection principles

6. Third-Party Processing

  • We may engage trusted third-party service providers (e.g., payment processors, analytics providers). These providers are contractually obligated to handle personal data in compliance with GDPR/UK GDPR.

7. Data Transfers Outside the EEA/UK

  • Where personal data is transferred outside the European Economic Area (EEA) or UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent protections.

8. Data Breach Notification7. Data Transfers Outside the EEA/UK

  • In the event of a personal data breach:
  • We will notify the relevant supervisory authority within 72 hours, where required by law.
  • Affected individuals will be informed if the breach poses a high risk to their rights and freedoms.

9. Responsibilities

  • Management is responsible for ensuring compliance with this policy
  • Employees and contractors must follow data protection procedures.
  • Users are responsible for keeping account credentials secure.

7. Contact Information

Admin Panel
Search
Search
0 items
$0.00
Cart