Privacy Policy

James McKenzie (Wills) Ltd - Privacy Policy

James McKenzie (Wills) Ltd (hereinafter referred to as “James McKenzie”) is a specialist Will Writing company, focusing primarily on providing Wills and related products to employees of large multinational companies.

Our privacy policy sets out how James McKenzie uses and protects any information that we obtain about you. James McKenzie is committed to ensuring that your privacy is protected.

By providing us with your personal details by any means you give explicit consent, you agree to accept and be bound by the terms of our Privacy Policy.

This Privacy Policy ensures James McKenzie:

  • Complies with data protection law and follow good practice
  • Protects the rights of staff, customers and partners
  • Is open about how it stores and processes individuals’ data
  • Protects itself from the risks of a data breach

Process of obtaining information

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

  1. a) processing will be fair, lawful and transparent
  2. b) data be collected for specific, explicit, and legitimate purposes
  3. c) data collected will be adequate, relevant and limited to what is necessary for the purposes of processing
  4. d) data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
  5. e) data is not kept for longer than is necessary for its given purpose
  6. f) data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
  7. g) we will comply with the relevant GDPR procedures for international transferring of personal data

Access to Data

As stated above, James McKenzie clients have a right to access the personal data that we hold on them. To exercise this right, clients should make a Subject Access Request. We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required. Those who make a request will be kept fully informed of any decision to extend the time limit.

No charge will be made for complying with a request unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to be provided to parties other than the employee making the request. In these circumstances, a reasonable charge will be applied.

Further information on making a subject access request is contained in our Subject Access Request policy.

Data Retention Period

James McKenzie Adheres to principle 5 of the GDPR act - Information should be retained only for as long as necessary.

We keep your information for the purposes of providing your Documents, handling any follow-up enquiries, and for the purpose of gaining probate (where required).  Due to the nature in which it is intended, personal data will be kept indefinitely, unless:

  • The law decides that it is no longer required.
  • You no longer require our services and request in writing for it to be returned to you or destroyed safely.

Third Parties

Where necessary we will use your personal information to pass to third parties, should the process of your service require us to do so.

Where we engage third parties to process data on our behalf, we will ensure, via a data processing agreement with the third party, that the third party takes such measures to maintain the Company’s commitment to protecting data.

Any personal information supplied to us will not be shared for any outside marketing purposes and will not be sold.

We will not transfer your personal information outside of the European Economic Area (EEA).

Disclosing data for other reasons

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances, James McKenzie will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the company’s legal advisers where necessary.

 

Your rights

As our client you have the following rights:

  • The right to be informed - about the data we hold on you and what we do with it;
  • The right of access - More information on this can be found in the section headed “Access to Data”;
  • The right to rectification - any inaccurate data will be corrected;
  • The right to erasure – have data deleted in certain circumstances;
  • The right to restrict processing – of the data;
  • The right to data portability – transfer the data we hold on you to another party;
  • The right to object - to the inclusion of any information;
  • Rights in relation to automated decision making and profiling.

Data protection risks

This policy helps to protect James McKenzie from some very real data security risks, including:

  • Breaches of confidentiality. For instance, information being given out inappropriately.
  • Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
  • Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.

Data Security

James McKenzie employees are aware of their roles and responsibilities when their role involves the processing of data.  Regular training is provided to all employees. 

Where data is computerised, it is encrypted or password protected (or both) on a cloud storage drive within the EEA that is regularly backed up. If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.

James McKenzie employees must always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them.

Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.

Requirement to notify breaches

All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach.

More information on breach notification is available in our Breach Notification policy.

Direct Marketing

James McKenzie only send direct newsletters reminding our clients to keep their personal information up to date and notify of any legislation changes. If you would like to opt out of any newsletters being sent to you, please email This email address is being protected from spambots. You need JavaScript enabled to view it.

Changes

Our Privacy policy may be subject to change over time. This will not reduce your rights without your explicit consent.

Policy Last Updated 11/09/2018