Last updated 10 March 2021
We will always respect your privacy and security.
We won’t sell your data to any third parties.
We’ll only make contact with you if we have a lawful reason to do so.
We won’t pass your data on to anyone who shouldn’t have it.
There’s some data we may have to keep for legal reasons. There are also some communications we’ll send you because we genuinely believe you’ll find them interesting. But if, at any time, you want us to remove your data from our systems, then you can ask us to that by dropping a line to: email@example.com
WE WILL RESPECT AND PROTECT YOUR PRIVACY
- We comply with EU General Data Protection Regulation (UK GDPR) for the protection of personal data, as well as the principles of data security in the configuration of our services.
- We process your personal information to let us administer your account and provide products and services you’ve bought from us. To buy a MyDigiSafes account, we will have to collect, store and use elements of your personal data. This means we will be processing your data on a contractual basis. If you don’t provide this personal data, then we cannot execute the contract. That means we may have to terminate our services to you.
- If you have any questions about this policy, or how we use your personal data, please contact firstname.lastname@example.org
WE MAY COLLECT SOME INFORMATION FROM YOU AND/OR FROM THIRD PARTIES
We may collect and process information about you in these categories:
- Identity data such as your first name, last name and job title,
- contact data such as your email address, phone number and correspondence address
- demographic data such as your date of birth and your postcode (or equivalent)
- other identifying information that you provide us, including without limitation unique identifiers such as passwords, and information in emails or letters that you send to us
- information you provide by filling in forms on our website (or the websites/platforms operated by our approved independent agents/subsidiaries/introducers)
- information you provide us, or that we may collect from you, when you report a problem or otherwise provide feedback relating to your account or our services generally
- your name and email address from a third party, such as our approved independent agents/subsidiaries/introducers, if that third party has a lawful reason to share your information with us.
- Financial data such as your credit or debit card details or your bank account details.
When you buy an account from us, we will need this information:
- Your title
- First name(s), surname or company name
- Address (street, street number, postal code, city and country/region)
- email address
- Phone and mobile number
- Bank details (account number, account holder and card number)
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this, and we may also report this to the appropriate authorities.
We may monitor, record, store and use any communications with you for training purposes and as a reference point for auditing any instructions given to us.
WE WILL USE YOUR INFORMATION LAWFULLY
We will only use your personal information where we have a lawful basis to do so. The lawful purposes that we rely on under this policy are:
- consent (where you choose to provide it);
- performance of our contract with you;
- compliance with legal requirements; and
- legitimate interests. When we refer to legitimate interests, we mean our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests.
If you register for a MyDigiSafe account, we shall use your personal data to process your registration and, as appropriate, your account, and to provide a MyDigiSafe account to you on a contractual basis.
We may from time to time need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of any legal reporting obligations we have, our anti-money laundering processes or to protect a third party’s rights, property, or safety.
We may also use your personal data for our legitimate interests including:
- to improve our site and services;
- in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
- to use the contact details of your appointed users, for example your executor, attorney and personal representative, and try and reach them up to five times, after which we will discontinue
- to deal with any questions or comments you raise;
- to prevent fraud or to indicate possible criminal acts or threats to public security;
- for audit purposes;
- for market research and analytic purposes;
- to contact you to respond to your request;
- to contact you about changes to this policy; and
- to send you marketing communications by post, email or contact you by telephone about our products and services
If you give us your consent to do so, we may also send to you by email marketing communications about us or our group companies’ products and services.
If you give us your consent, we may collect your device’s location information to provide you with location-based services.
If we intend to further process your personal data for any other reason, we’ll give you information about that before it happens.
WE MAY NEED TO DISCLOSE YOUR INFORMATION
For our legitimate interests, we may share your personal data, with our service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, payment providers, accountants, auditors and lawyers. We shall provide our service providers, sub-contractors and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
If we need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety then in doing so, we may share your personal data with third party authorities and regulatory organisations and agencies.
If we choose to merge, sell assets, consolidate or restructure, finance, or sell of all or a portion of our business by or into another company then the new owners may use your personal data in the same way that we do as set out in this policy.
In the unlikely event that we cease trading, we – or receivers/liquidators, etc – would also have to share your information with any other parties that may need the information under such circumstances.
WHERE WE HOLD AND PROCESS YOUR INFORMATION
Your data is securely stored on data centres in the United Kingdom
RETENTION OF YOUR INFORMATION
We keep your personal data only for as long as we need to. This depends on why it was collected, or if we have a continuing legal basis to do so (such as to fulfil a contract between us, perform a service you requested or for our legitimate interests). Rest assured, if we no longer have a reason or legal requirement to process your personal data, we will delete it or store it in a way so that it no longer identifies you.
We have different retention policies for different types of personal data, taking into account:
- The purpose for collecting the personal data;
- How long it will take to fulfil that purpose; and
- Any specific reason or overriding legal obligation to retain the personal data for a specific amount of time.
No matter how long the retention period, you can ask us to delete your personal data in certain circumstances.
WE TAKE SECURITY MEASURES SERIOUSLY
Keeping your personal data secure is our highest priority. We limit access to only those employees who have to come into contact with your information to do their jobs and deliver our services.
Unfortunately, no website or app can guarantee complete security, but we have created an organisation-wide security programme designed to keep your personal data as safe as possible. It uses a range of technical, organisational and administrative security measures and best-practice techniques, depending on the type of data being processed. For example, the computer systems we use to store your data have access limitations and in-cloud based servers that use industry-standard disc encryption. We use TLS and HTTPS encryption to protect your personal data when we transfer it across the internet. And we carry out security assessments on Third Party Processors who handle your data.
To make sure we maintain a culture of ‘Privacy by Design’, we provide thorough data protection and privacy training to all employees. We develop our services with the goal of using the minimum amount of personal data possible, including through use of data minimisation techniques like anonymisation and pseudonymisation. Also, whenever we develop or update our services in ways that involve the collection or use of new forms of personal data, we conduct a privacy impact assessment to understand, and reduce, the likelihood of any unintended impact on you.
From time to time for our legitimate interests, we may send you marketing communications by email, post or we may telephone you with information about our products and services that we think might interest you.
If you give your consent to do so, we may also use your information to predict what you might be interested in and then to send you marketing communications by email about us or our group companies’ products and services that we have predicted might interest you.
You can choose to no longer receive marketing either by post, telephone and/or by email by contacting us at email@example.com . To unsubscribe from emails only, you can click unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. If you still have an account with us, we shall continue to email you in relation to your account only.
YOU HAVE RIGHTS UNDER UK GDPR
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here
Under the UK GDPR, you have the right to ‘block’ or request the deletion or removal of personal data to prevent further processing. This right to erasure is also known as ‘the right to be forgotten’.
Specific circumstances in which you can request the deletion or removal of personal data includes:
- Where the personal data is no longer necessary for the purposes for which it is collected or otherwise processed.
- Where you withdraw consent.
- When you object to the processing and there is no overriding legitimate interest for continuing the processing.
- Where the personal data was unlawfully processed (i.e. otherwise in breach of the UK GDPR).
- Where the personal data has to be erased in order to comply with a legal obligation.
- In case a deletion is not possible due to legal, statutory or contractual retention periods, or if it requires disproportionate efforts or prejudices your legitimate interests, the data will be blocked or anonymised instead of deleted.
You also have the right to see what personal information we are processing. This can be requested by emailing us firstname.lastname@example.org. We won’t charge for this service unless you make multiple requests, in which case there may be nominal charge to cover the administration of those requests.
You may also ask us for a copy of the personal data that has been processed through automated means. This will be provided in a structured, commonly used, and machine-readable format (where technically feasible) which you may then transmit to another controller.
You have the right to request us to send this to another controller on your behalf, but only if this is technically feasible for us to do so. You have the right to withdraw your consent for us to collect, process and store your data at any time. If you wish to withdraw your consent, please confirm this in writing to our postal address.
HOW TO ACCESS AND AMEND YOUR INFORMATION
You can access a broad range of information by logging into your MyDigiSafe account.
ADVERTS YOU MIGHT SEE WHILST USING MyDigiSafe
You may see occasional relevant adverts while using our services. These will either be delivered by us directly or by third party advertising solution providers we partner with (let’s call them “Third Party Ad Solutions”).
The majority of these adverts will be personalised to make them relevant to you and will fall into two different categories. Firstly, adverts that are personalised for you based on information collected by us or by Third Party Ad Solutions whilst you use our services (“MyDigiSafe-related Information”). So, for example, if you do not have a will or Lasting Power of Attorney, you might see adverts about these. MyDigiSafe-related Information will never include your name, contact details or other information that would enable you to be identified in the offline world. Secondly, adverts that are personalised for you based on Third Party Partners when you have been introduced to MyDigiSafe by them (“non-MyDigiSafe Partners”). Collectively, we refer to these as “interest-based” advertisements.
The information required to deliver these interest-based advertisements will be stored by Third Party Ad Solutions alongside your IP address and/or a cookie ID, so that you can be served the adverts without the Third Party Ad Solutions needing to store any information that would enable you to be identified in the offline world, like your name or address.
If you’re concerned about any aspect of data protection or if you feel your privacy has been breached by us, we want to hear from you. Please contact us at email@example.com
If you are unhappy with the final response you receive from us, then you may complain to the Information Commissioner’s Office (ICO) and we ask that you do so within three months of your last meaningful contact with us.
You can call the ICO on 0303 123 1113 or by visiting their website: https://ico.org.uk/.