Privacy Notice
In accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, this Privacy Notice explains, in detail, the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how our firm uses your data. We hope the following sections will answer any questions you have but if not, please do get in touch with us.
ZenWills is a trading name of 3DM Legal Ltd which is registered as a data controller with the Information Commissioner’s Office under number ZA189649.
Conditions for Processing Data
We are only entitled to hold and process your data where the law allows us to. The current law on data protection sets out a number of different reasons for which a law firm may collect and process your personal data.
These include:
Contractual obligations
The main purpose for our holding your data is subject to an agreement we have with you to provide our free Will drafting service, to determine whether you may benefit or require additional legal and/or financial services in relation to the administration of your estate or tax affairs and, where instructed, to provide you with any subsequent legal or financial services. This agreement is a contract between us and the law allows us to process your data for the purposes of performing a contract (or for the steps necessary to enter in to a contract).
Where you commit to using our Will writing services and/or any additional legal or financial services, we will process your personal data to provide these services to you. Where you use our website to generate your Will, our use of your personal data in this way will include passing your personal data through our will drafting software which will generate your Will. Where our legal team provide direct services to you, our use of your personal data will be for the purposes of providing those services to you.
Legitimate Interests
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
We may process your personal data to satisfy our external quality auditors or our Regulators.
We may also process your personal data in order to improve our website and Will drafting software with the primary aim of providing you with a more personal and interactive experience. In particular, we may use your personal data to tailor our website so as to ensure it is displayed in the most effective way for the device you are using. We may also process your personal data for the purposes of making our software more secure, to administer our website and for internal technical operations such as for testing, statistical and other administrative or compliance purposes. We also use various third party cookies to help us improve our website (for further details on Cookies, please see below).
If our business is subsequently sold or we merge with another entity, to ensure our business can be continued and in order that services can continue to be provided to you, we will transfer your personal data to a third party or that data will be one of the assets transferred to a purchasing entity.
Legal compliance
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity.
Consent
In some situations, we may collect and process your data with your consent. For instance, where you have opted in to receive marketing communications from us or from third parties we select (such as providers of financial services), we will process your personal data in such a way as to provide you with marketing communications and effect any transfer of your personal data to third parties in line with the preferences you have provided.
When do we collect your data?
We collect your data when you provide it to us. You may give us your data through the completion of our online wills software; over the telephone; face to face; or by post.
We also collect data automatically with regard to each of your visits to our website including technical information.
What sort of data do we collect?
We collect your name, date of birth and address details together with other personal details about your assets. We may gather details of your age and gender etc. We also collect and hold information about any associated legal matter we assist you with such as where we assist you with the drafting of associated trusts or provides services in relation to the storage or administration of any Will or trust document.
We also collect and hold information about beneficiaries named in your Will or associated trusts, including their names, dates of birth and address(es) and details of bequests to them. Please see below about our obligations to beneficiaries.
We also collect technical information including, but not limited to, traffic data, location data, logs (including, where available, the IP address and location of the device connecting to the online services and other technical information and identifiers about the device and the nature of the visit such as clickstream to, through and from our website) and other communication data, and the resources that you use.
How do we use your personal data?
We only use your data for the purposes of providing you with a free Will and for any subsequent legal advice and assistance and for reasons directly associated with those services.
We may use your data to notify you of our other services or services provided by selected third parties but only where we have your express consent to do so.
How do we protect your personal data?
We take protecting your data very seriously. The data you give us may be subject to Legal Professional Privilege and is often extremely sensitive and confidential.
With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. We have clear data protection and information security policies and procedures in place (along with Regulatory and other legal obligations to keep your data safe) and these are regularly assessed as part of our compliance processes.
We protect our IT systems from Cyber Attack. All information you provide to us is stored on secure servers. Access to your personal data is password-protected. Where we have given you (or where you have chosen) a password which enables you to access parts of our website and having access to personal data, you are responsible for keeping this password confidential. You must not share your password with anyone.
We regularly monitor our system for possible vulnerabilities and attacks and we carry out penetration testing to identify ways to further strengthen security.
How long will we keep your personal data?
We only keep your data for as long as is necessary for the purpose(s) for which it was provided.
Due to the nature of the services that we are providing to you and pursuant to Article 17(3) of the GDPR, when you complete a will using our services, we will securely store your data and keep this indefinitely. This is because we need to protect against legal claims, as well as to provide supporting information should your will ever be contested.
In cases where you register on our website and enter personal data but do not complete the process and create your Will, we will retain your data for a period of six years. This is because we are required to keep client files for that period by our Insurer and by the Solicitors Regulation Authority. This also protects you should you be unhappy with our services and want to complain. For some cases we may decide that it is proper and appropriate to keep data for longer than six years, but we will notify you if we believe that your data falls into this category.
Where we have processed your personal data to provide you with marketing communications with your consent, we may contact you periodically to ensure you are happy to continue receiving such communications. Where you inform us that you no longer wish to receive such communications, your personal data will be deleted.
Who do we share your personal data with?
We sometimes share your personal data with trusted third parties. We only do this where it is necessary for providing you legal services or for the effective operation of our legal practice.
For example, we may share your data with experts; translators; mail processing and document scanning; database cleaning; secure file storage and destruction companies; and auditors.
We apply a strict policy to those recipients or data processors to keep your data safe and protect your privacy:
- we provide only the information they need to perform their specific services
- they may only use your data for the exact purposes we specify in our contract with them
- we work closely with them to ensure that your privacy is respected and protected at all time.
- if we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Where is your data processed?
Your data is stored within the Economic European Area (EEA) and cannot be stored or downloaded on any device or server outside of that area. The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.
In relation to the provision of our free Will drafting service, we may outsource some essential functions of that service such as database cleaning to partners who have staff members based in offices outside of the EEA (specifically, to staff based in India and Colombia). This has the result that people working for us outside the EEA may view and process data through our EEA based servers. This may technically be considered a transfer of personal data about you outside the EEA. The data cannot be stored or downloaded to any servers outside the EEA and we take extra steps to ensure comprehensive due diligence through the use of regular audits, both onsite and remote, of the data processing activities of this entity. Due to the enhanced security measures we have in place to retain control of that data, we do not believe that this will affect your right to exercise your rights to access, correct and secure the deletion of the data under the GDPR.
Cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
By law, we may not place cookies on your computer without your consent, unless they are strictly necessary to the operation of the service that we provide on the Website.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Trust Pilot
We utilise the Trust Pilot platform as a means for our clients to review and leave reviews about our services. This helps us to improve and innovate by engaging and collaborating with our clients. After we have provided services to a client, Trust Pilot, may contact you in relation to leaving a review. If you create a profile on the Trust Pilot website, Trust Pilot will necessarily collect certain data from you including any username, password and email address together with any information you state in the review. 3DM Legal cannot take any responsibility for the data obtained directly and held by Trust Pilot. Trust Pilot does maintain its own Privacy Policy in relation to its platform.
What are your rights?
You have rights under the GDPR and these include the right to be informed what information we hold about you. In particular, you have the right to request:
- access to the personal data we hold about you, free of charge in most cases
- the correction of your personal data when incorrect, out of date or incomplete
- for example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end that we stop any consent-based processing of your personal data after you withdraw that consent
You have the right to request a copy of any information about you that we hold at any time, and also to have that information corrected if it is inaccurate.
To ask for your information or to discuss any aspect of our Privacy Notice, please contact us by email at dpo@3dmlegal.co.uk
If we choose not to action your request, we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
The Regulator?
For further details about your rights as a data subject, we would invite you to visit the Information Commissioner’s Office website: www.ico.org.uk
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns
Rights of beneficiaries
When we store a Will on a testator’s behalf, the Information Commissioner’s Office has confirmed that we do not have to contact any of the named beneficiaries when the Will is written, but only when it comes into effect on the death of the testator and the estate begins to be administered. Under Article 14(5)(d) of the GDPR, as a data controller, we need not comply with a request by a beneficiary for information where the personal data concerned must remain confidential and subject to our professional obligations to the testator (who is our client). We will therefore not release confidential information without our clients’ consent, or otherwise if required to do so by law. We will not inform any beneficiaries named in a Will of their bequest whilst the testator is still alive, unless they expressly instruct us to do so.
Should we continue to store a Will which has come into effect because of a testator’s death, including where we are instructed to obtain probate and/or oversee the administration of the estate, we will follow the ICO’s guidance at the time with regard to our obligations to any beneficiaries named in the Will.