This notice describes how we collect and use personal data about you, in accordance with the Data Protection Act 1998 and the General Data Protection Regulation 2018; together with any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time in the UK. Such regulations are subsequently referred to as Data Protection Legislation in this policy.
Please read the following carefully to understand our practices regarding your personal data and how it is treated.
Who We Are
Wayne Fleming Will Writing & Estate Planning Limited is a limited company in England & Wales. Our company number is 11423788 and our registered office is Hill Farm Dairy, Beeston Road, Mileham, Kings Lynn, Norfolk, PE32 2PZ.
For the purpose of the Data Protection Legislation and this policy, the Data Controller is Wayne Fleming Will Writing & Estate Planning Limited. This means we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this policy.
We have appointed a Data Protection Officer, who is our Data Protection Point of Contact and is responsible for assisting with enquiries in relation to this policy and our treatment of your personal data.
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
We are committed to only providing information to you that we believe you might be interested in receiving.
We use personal data to communicate with our clients and professional network regarding changes in legislation, tax planning opportunities and related information.
We obtain personal data from you, when:
- you request a proposal from us in respect of the services we provide;
- you, your employer or our clients engages us to provide services and also during the provision of those services;
- you contact us by post, telephone, email or SMS text;
- from third parties and/or publicly available resources; or
- through networking events and/or social media.
The information we hold about you may include the following:
- Information about who you are – such as name and contact details;
- Information connected to our services – such as bank account details;
- Information about your contact with us – such as letters, emails and meeting notes;
- Information required to provide our services – such as details of assets owned;
- Information classified as sensitive personal information – such as marital status;
- Information you provide about other people – such as spouse and children;
- Information received from other sources – such as by another professional adviser;
- Information about any complaints and enquires you make to us;
- Information from any marketing activities undertaken by us in whatever form;
- Details of the services we have provided you with.
Information will only be collected and used where it is needed to provide our services or to comply with our legal obligations.
We may process your personal data for the purposes necessary for the performance of the services provided to you, your employer or our clients and to comply with our legal requirements.
This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.
We may process your personal data for our own legitimate interests provided that these do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.
We may process your personal data for certain purposes with your consent and in circumstances where your consent is required, you have the right to withdraw this.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
We may use your personal date in order to:
- carry out our obligations arising from any agreements between you, your employer or our clients and us;
- carry out our obligations arising from any agreements between our clients and us, where you may be a subcontractor, supplier or customer of our client;
- provide you with information about our services, events and activities that you request from us or which we feel may interest you;
- seek your thoughts and opinion on the services we provide; or
- notify you about any changes to our services.
In some circumstances, we may anonymise or pseudonyms the personal data so that it can no longer be associated with you. In which case, we may use it without further notice to you.
If you refuse to provide certain information to us when requested, it may affect our ability to perform the services you require from us. Alternatively, we may be unable to comply with our legal or other regulatory obligations.
We may also process your personal data without your knowledge or consent, in accordance with this policy, where we are legally required or permitted to do so.
Under certain laws, there are a number of lawful reasons that allow us to process and use your personal information. One of these lawful reasons is known as “legitimate interest” and allows us to process such personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests.
We will process the personal information you have provided to us securely to enable us to give you the most appropriate information and service. We will consider and balance any potential impact on you and your rights under Data Protection Legislation and other relevant laws.
We will only retain your personal data for as long as it is necessary to fulfil the purposes for which it is collected. With regards to client data and data which we obtain whilst acting as a Data Processor on behalf of a Data Controller, we will retain your personal information for a minimum of 7 years.
When assessing the appropriateness of the retention period, we will consider:
- the requirements of our business and the services provided;
- any statutory or legal obligations;
- the purposes for which we originally collected the personal data;
- the lawful grounds on which we based our processing;
- the types of personal data we have collected;
- the amount and categories of your personal data; and
- whether the purpose of the processing could reasonably be fulfilled by other means.
Change Of Purpose
Where we need to use your personal data for another reason; other than that for which it was provided for, we will only use your personal data where that reason is compatible with the original purpose.
Should it be necessary to use your personal date for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
We will only share your personal data with third parties when we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so. Third parties include service providers external to us, such as subcontractors, regulatory bodies and insurers.
Such third parties are required to take commercially reasonable and appropriate security measures to protect your personal data. We will permit relevant third parties to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal data with other third parties, such as on a potential sale or restructuring of the business.
We reserve the right to mention you as a client for the purpose of promotional activity, training or similar business purpose; however, we would not disclose any confidential information about you.
We have in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, agents, contractors and other third parties who have a business right to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and when we are legally required to so, we will notify you and any applicable regulator of a suspected breach.
We operate a paperless environment meaning that all your data will be stored electronically. We will not retain your information for any longer than is considered necessary and we will regularly review what information we hold and delete such information that is no longer required. We are permitted by law to retain your data if it is in our legitimate interest.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have suitable physical, electronic and managerial procedures in place to safeguard your personal information.
Our website may contain links to other websites of interest. However, once you have used these links to leave our website, you should note that we cannot be responsible for the protection and privacy of any information which you provide whilst on these other websites and such website are not governed by this policy.
All sensitive data is sent using encryption software.
It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us immediately of these changes.
Under certain circumstances, you have the right to:
- request access to your personal data, subject to a maximum fee of £10.00;
- request correction of your personal data;
- request removal of your personal data;
- object to the processing of your personal data in certain circumstances;
- request the restriction of processing of your personal data;
- request the transfer of your data to another Data Controller.
If you wish to exercise any of the above rights, please write to us at our registered office.
If you wish to exercise any of the above rights, please write to us at our registered office.
Where you have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw this for that purpose alone. To withdraw your consent, please write to us at our registered office. Once received, we will no longer process your personal data for that purpose, unless we have another legitimate basis for doing so by law.
Changes To This Policy
Reporting A Data Protection Breach
Please report any suspected breach to us in writing sent to our registered office address. We will ensure that any breach is recorded and investigated internally immediately. Where appropriate, the breach will be reported to Information Commissioner’s Office within 72 hours of it being detected.