Trust and Estate Beneficiaries
Privacy Policy.

Introduction

This Privacy Policy for trust and estate beneficiaries is to make you aware of how and why your personal data will be used and for how long it will usually be retained.  It provides you with information that must be provided by us under the UK General Data Protection Regulation (UK GDPR), and the EU General Data Protection Regulation (EU GDPR), including how to contact us and the Information Commissioner’s Office (ICO) in the event you have a complaint.

We will comply with data protection law principles in respect of the information, which means that the information we collect, and process will be:

  • Used lawfully, fairly and in a transparent way;
  • Collected only for specific, legitimate purposes that have been explained to the relevant trust/estate person, or that such person would reasonably expect, and not used in a way that is incompatible with those purposes;
  • Adequate, relevant, and limited to what is necessary in relation to the above purposes;
  • So far as possible, kept accurate and up to date;
  • Kept in a form that identifies the relevant trust/estate person only for as long as necessary;
  • Kept securely.

 

Key terms

It would be helpful to start by explaining some key terms used in this policy:

We, us, our FBC Manby Bowdler LLP
Personal Data

Any information relating to an identified or identifiable individual including relevant special category data
Special category personal data

Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership

Genetic and biometric data

Data concerning health, sex life or sexual orientation

 

Personal data we collect about you

In connection with the administration of a trust or estate, we may collect, store, and use the following categories of personal data about the trust/estate persons:

  •  The information set out in the trust deeds or wills;
  • The information provided to us and required for registering with HMRC’s Trust Registration Service;
  • Any information you provide to us during the administration;
  • Information set out in any letter of wishes addressed to us by the settlor or testator.

 

How your personal data is collected

We will process personal information about you from the following sources:

  •  You;
  • The settlor or testator;
  • A bankruptcy search provider;
  • A credit reference agency; and
  • Public sources, such as internet search or identity verification providers;
  • We may, if reasonably necessary in order to carry out our duties from time to time (for example, to obtain information about clients’ identities as required by legislation) collect information from public sources such as the electoral register.

 

How and why we use your personal data

Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:

  • Where we need to comply with a legal obligation; and
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • Where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

 

What we use your personal data for Our reasons

All aspects of administering the Trust or Estate, including:

  • gathering and providing information required by or relating to the preparation of accounts, enquiries, or investigations
  • preparing statutory returns including for tax and reporting purposes

To comply with our legal and regulatory obligations

Conducting checks to identify and verify the identity of individuals, which may include:

  • screening for financial and other sanctions or embargoes
  • other activities necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under rules issued by our professional regulator

To comply with our legal and regulatory obligations

Preventing and detecting fraud against you or us

For our legitimate interests or those of a third party, i.e. to minimise fraud that could be damaging for you and/or us

External audits and quality checks, for example and not limited to:  Lexcel, ISO9001, CQS and the audit of our financial procedures

For our legitimate interests, i.e. to ensure we are following our internal procedures in order to maintain our quality accreditations to demonstrate that we are operating at at the highest standards when delivering legal services to you.

To comply with our legal and regulatory obligations

 

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

 

Who we share your personal data with

We will only share your personal information with third parties where it is necessary to do so for the purposes of administering the trust or estate or where we have a legal or regulatory obligation to do so. This is likely to be with government agencies such as HMRC, the Probate Registry, and professionals providing services to the trust or estate such as accountants, actuaries, insurance companies, bankruptcy search providers, identity verification companies, or genealogists.

All third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

Transfers of personal data outside of the UK

    We do not usually transfer data outside the UK and EEA but if it becomes necessary to do so, we will transfer your personal data outside the UK only where:

    • The UK government has decided the recipient country ensures an adequate level of protection of personal data (known as an adequacy decision); or
    • There are appropriate safeguards in place (e.g. standard contractual data protection clauses published or approved by the relevant data protection regulator), together with enforceable rights and effective legal remedies for you; or
    • A specific exception applies under data protection law.

     

    Keeping your data secure

    We have implemented appropriate technical and organisational measures to keep your personal data confidential and secure from unauthorised access, use and disclosure. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality. We regularly test our systems and are Cyber Essentials Plus certified, which means we follow industry standards for information security.

    We require our business partners, suppliers and other third parties to implement appropriate security measures to protect personal data from unauthorised access, use and disclosure.

    We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.

     

    How long your personal data will be kept

    We will retain your personal information for as long as necessary to fulfil our legal obligations in relation to the trust or estate. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have administered the trust or estate correctly. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.

     

    Your legal rights

    You have the following rights, which you can exercise free of charge:

    Access The right to be provided with a copy of your personal data
    Rectification The right to require us to correct any mistakes in your personal data
    Erasure (also known as the right to be forgotten) The right to require us to delete your personal data - in certain situations
    Restriction of processing The right to require us to restrict processing of your personal data - in certain situations, e.g. if you contest the accuracy of the data
    Data portability The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations
    To object

    The right to object to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
    Not to be subject to automated individual decision-making

    The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

    The right to withdraw consents

    If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time.

    Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.

     

    If you would like to exercise any of those rights, please:
    • Email, call or write to us - see below: ‘How to contact us’; and
    • Provide enough information to identify yourself and any additional identity information we may reasonably request from you;
    • Let us know what right you want to exercise and the information to which your request relates.

     

    How to complain

    Please contact us if you have any queries or concerns about our use of your personal data. We hope we will be able to resolve any issues you may have.

    You also have the right to lodge a complaint with the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk).

     

    How to contact us

    Please contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.

    Our contact details are shown below:

     

    Our contact details Our Data Privacy Manager contact details

    FBC Manby Bowdler LLP

    Contact us via contact form

    01902 578000

    Lyn Coughlan

    lyn.coughlan@fbcmb.co.uk

    01902 392451

     

    Do you need extra help?

    If you would like this policy in another format (for example audio, large print, braille) please contact us (see ‘How to contact us’ above).