Skip to content

GDPR Information


Data Protection Certificate

Data Protection principles

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way;
  • Collected only for the purposes explained in this document and not used in any way that is incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited to what is necessary to achieve those purposes;
  • So far as possible, accurate and kept up to date;
  • Kept for no longer that in necessary for the purposes we have told you about and in a manner that ensures appropriate security.

Might my data be transmitted outside the EEA?

Only if one of the following applies:

  • The European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects’ rights and freedoms.
  • Appropriate safeguards are in place such as binding corporate rules, standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism.
  • You have provided explicit consent to the proposed transfer after being informed of any potential risks.
  • The transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us, reasons of public interest, to establish, exercise or defend legal claims or to protect your vital interests where you are physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest.

Security of data

  • We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way.
  • We limit access to your personal information to those agents, and third-party service providers who need it to assist in the administration of the estate. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
  • We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Your rights

You have the following rights:

  • Request access

This is commonly known as a “data subject access request”. It allows you to obtain a copy of a personal data we are holding on you.

  • Request rectification

You can require inaccurate personal data to be corrected and any incomplete personal data to be completed

  • Request erasure

You can require us to delete or remove personal data

  • which are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or
  • where the processing is unlawful; or
  • where you are exercising your right to object (see below).
  • Request restriction

You can require us to stop processing for a period

  • while we verify the accuracy of personal data which you contest, or
  • where the processing is unlawful, or
  • where we no longer need the personal data for the purposes of the administration of an estate but you require the data for the establishment, exercise or defence of legal claims;
  • Right to object

You have the right to object to the storage and use of your personal data in two circumstances:

  • If we base the reason we are holding your data on the ground that it is necessary for our legitimate interests or those of a third party, and there is something relating to your particular situation, which makes you want to object.
  • If we are using your personal data for direct marketing purposes.
  • Right to complain

You can complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (