Info@oak-wills.com
+44 7380 460773Privacy Policy for Clients and Potential Clients
December 2024
Oak Wills Limited is committed to protecting the individual privacy rights and choices of all our clients, visitors to our site and the personal information you share with us.
Our Privacy Notice contains important information about the types of personal information we collect and process; what we do with it; who we may share it with and why; and your rights when it comes to the personal information you provide us with. We may need to make changes to our Privacy Notice in line with regulatory requirements; so please check our website for updates from time to time. If there are significant changes such as where your personal data will be processed; we will contact you to let you know.
1. Who we are
When we say we, us or our in this privacy notice, we mean Oak Wills Limited, a company incorporated and registered in England and Wales with company number 15892785 and whose registered office is at Alpha House, 296 Kenton Road, Harrow, Middlesex, United Kingdom HA3 8DD.
For the purposes of the Data Protection Legislation, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal information about you. If you have any questions about this policy or the personal data we hold about you, please contact us at Info@oak-wills.com.
2. Types of data that we process and our legal basis
Depending on how you choose to interact with us, the personal data about you that we collect and process is shown in the table below.
By law, we must have a legal basis for processing personal data. We take your privacy seriously and we will only ever collect and use personal data where it is necessary, fair and lawful to do so. Our legal bases are shown on the table and may be different for clients and prospective clients.
| Data that we process | Clients | Legal basis for clients | Prospective clients | Legal basis for prospective clients |
|---|---|---|---|---|
| How to contact you – your title, name, home or correspondence address, telephone numbers and email addresses. |  |
We will process this data under our contract with you. | |
We will process this data with your consent, when you contact us. |
| Your contact with us – audio-visual recordings of meetings, video or phone calls, emails or letters. | |
We will process under our legitimate interest in keeping a record of our meetings and correspondence. | |
We will process under our legitimate interest in keeping a record of our meetings and correspondence. |
| Information that is automatically collected via essential cookies when you visit one of our websites (please see our cookie popup for more information) | |
We use legitimate interest for essential cookies and consent for all non-essential cookies. | |
We use legitimate interest for essential cookies and consent for all non-essential cookies. |
| Marketing and communication preferences – this includes marketing emails, client feedback, responses to surveys and complaints. | |
We can send you marketing material once you are a client or you have made an inquiry as a prospective client. If you would just like to receive our newsletter and are not a client or a prospective client, we will need your consent. |
|
We can send you marketing material once you are a client or you have made an inquiry as a prospective client. If you would just like to receive our newsletter and are not a client or a prospective client, we will need your consent. |
| Images captured by CCTV when you visit one of our offices. | |
Legitimate interest | |
Legitimate interest |
| Who you are – your date of birth, marital status, relationships with other people (where you have a joint or mixed finances or equity), country of residence and citizenship. | |
We require this information under our contract to provide you with our products or services. |  |
We will process this data with your consent, when you contact us. |
| Financial information - your bank account details, details of income, tax bands and liabilities, assets and other liabilities, asset planning, and other policies and schemes, where relevant. | |
We require this information under our contract to provide you with our products or services. | |
We will process this data with your consent, when you contact us. |
| Information to uniquely identify you – government issued identification documents and numbers such as your passport, driving license and National Insurance Number. | |
We have legal obligations to properly identity you. | |
We will process this data with your consent, when you contact us. |
| Criminal offence, fraud and sanctions data – as part of our regulatory obligations for combatting financial crime we may perform checks against fraud databases, sanctions lists (for politically exposed persons or their immediate family / close associations), or from other publicly available sources such as media outlets or social networking sites. | |
Legal obligation to combat money laundering, financial crime and terrorist funding. | |
Legal obligation to combat money laundering, financial crime and terrorist funding. |
| Information classified as special category personal information relating to your health, biometric information (fingerprints, voice or facial images used to uniquely identify or authenticate you), marital or civil partnership status. This information will only be collected and used where it is needed to provide the products or services you have requested or to comply with our legal or regulatory obligations. |
|
We will process this information only with your explicit consent. | |
We will process this data with your consent, when you contact us. |
| Information relating to vulnerabilities – health, life events, resilience, and capability when this has been provided by you as part of a discussion about your overall financial circumstances. | |
We will process this information only with your explicit consent. | |
We process this data with your consent. |
| Information you may provide to us about other people, such as a spouse or relative. If the other person is a child, we will collect and use only the information required to identify the child (such as their name, age, gender). | |
Please ensure that you have the consent of other people to provide us with their personal data. For children, please have the consent of the parent or guardian. | |
Please ensure that you have the consent of other people to provide us with their personal data. For children, please have the consent of the parent or guardian. |
| Information from other organisations such as banking services, investment / pension / insurance / mortgage providers, where you have provided authority for them to share information relating to your existing plans. | |
We process this data with your consent. | |
We process this data with your consent. |
| Information from your professional advisers, where you have provided authority for them to share information. | |
We process this data with your consent. | |
We process this data with your consent. |
3. Where we collect your information
We may collect your personal information directly from you, or from a variety of sources, including:
- • application forms for products or services
- • electronic ID verification services - we use this data to verify and authenticate client identities for anti-money laundering and fraud detection / prevention
- • recorded video or telephone conversations with us
- • emails or letters you send to us
- • meetings with us
- • registering for one of our events or webinars
- • participating in research surveys or feedback forms to help us understand you better and improve our products and services
- • our online services such as websites, newsletters, social media and mobile device applications (‘Apps’)
- • from other organisations such as banking services, investment / pension / insurance / mortgage providers, where you have provided authority for them to share information relating to your existing plans.
- • from your professional advisers, where you have provided authority for them to share information.
- • from places such as business directories and other commercially or publicly available sources e.g. to verify your identity, to comply with our anti-money laundering and financial crime obligations, check or improve the information we hold (like your address) or to give better contact information if we are unable to contact you directly.
If you do not wish us to collect and use your personal information in these ways, it may mean that we will be unable to provide you with our products or services. We will only use your personal data when the law allows us to.
Where we rely on consent as a legal basis for processing your personal data, you have the right to withdraw that consent to at any time by contacting us.
Our business requirements – legitimate interests
| Action | Reason for processing – legitimate interests |
|---|---|
| Managing our business and marketing strategies (including recording and reporting on our business development activities) | We need to have business development and marketing strategies |
| Purchasing, maintaining and claiming against our insurance policies | We need to protect our business. |
| Continuously reviewing and improving our services and developing new ones | We use your feedback to improve our services. |
| Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any legal proceedings or prospective proceedings. | We need to understand our obligations and establish and defend our legal rights. |
| Monitoring and producing statistical information regarding the use of our platforms, and analysing and improving their functionality. | We need to ensure that our website and other platforms are working properly. |
| Maintaining the security of our systems, platforms, premises and communications, including detecting and preventing threats | We need to ensure that our premises and our platforms are secure. |
| Managing the proposed sale, restructuring, transfer or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation | We need to be able to manage or sell parts of our business, if we choose to do so. |
We have a legitimate interest in using your personal data for the above purposes. We have balanced your rights and freedoms against our business needs. Please inform us if you object to our processing.
4. Whom we may share your information with
We may share your information with the third parties in this chart:
| Entity | Legal basis for sharing |
|---|---|
| Our professional advisers such as lawyers and accountants | Legitimate interest |
| Government or regulatory authorities or law enforcement | Legal obligation |
| Professional indemnity or other relevant insurers | Legitimate interest |
| Regulators/tax authorities/corporate registries | Legal obligation |
| Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT support service providers, document and information storage providers | Legitimate interest |
| Third parties engaged in the course of the services we provide to clients such as expert advisors. | Legitimate interest or a contractual requirement to provide our services |
| Third party service providers to assist us with client insight analytics, such as Google Analytics | Consent |
Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide our services as effectively as we can.
We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal data appropriately and according to our legal and regulatory obligations.
Further, we may appoint external data controllers where necessary to deliver the services (for example, subject matter experts). When doing so we will comply with our legal and regulatory obligations in relation to the personal data and put appropriate safeguards in place.
5. Where your information is processed
Your information is processed in the United Kingdom.
Our security controls are aligned to industry standards and good practice; providing a controlled environment that effectively manages risks to the confidentiality, integrity and availability of your information.
6. How we protect your information
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal data which is collected, recorded, or processed in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection responsibilities.
Your data is protected by controls designed to minimise loss or damage through accident, negligence, or deliberate actions. Our employees and consultants are trained to protect sensitive or confidential information when storing or transmitting data in any medium including electronically and must undertake annual refresher exercises on this.
7. How long we keep your information for
We will keep your personal information where it is necessary to provide you with our products or services while you are a customer with us. We are also subject to regulatory requirements to retain your data for specified minimum periods.
We may also keep your data after this period but only where it is required to meet our legal, regulatory, tax or accounting obligations. For example, we are required to retain accurate records of your dealings with us to respond to any complaints, challenges, litigation or queries that you or others may raise in the future. Therefore, length of time we keep your information for these purposes will vary depending on the obligations we need to meet and can be viewed in our data retention policy.
8. How to access your information and your other rights
You have the following rights in relation to the personal data we hold about you:
Your right of access
If you ask us, we'll confirm whether we're processing your personal data and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
Your right to rectification
If the personal data we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we've shared your personal data with others, we'll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we'll also tell you who we've shared your personal data with so that you can contact them directly.
Your right to erasure
You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we've shared your personal data with others, we'll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal data with so that you can contact them directly.
Your right to restrict processing
You can ask us to 'block' or suppress the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or you object to us. If you are entitled to restriction and if we've shared your personal data with others, we'll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal data with so that you can contact them directly.
Your right to data portability
You have the right, in certain circumstances, to obtain personal data you've provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Your right to object
You can ask us to stop processing your personal data, and we will do so, if we are:
- o relying on our own or someone else's legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
- o processing your personal data for direct marketing purposes.
Your right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.
Your right to lodge a complaint with the Supervisory Authority
If you have a concern about any aspect of our privacy practices, including the way we've handled your personal data, you can report it to the Supervisory Authority in your country. We would, however, appreciate the chance to deal with your concerns before you approach the Supervisory Authority so please contact us in the first instance.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.
Changes to This Privacy Notice
We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any updates. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose. We may process your personal data without your knowledge or consent where required by applicable law or regulation.