Privacy Policy

Set out below is our Privacy Policy which sets out information about our Information Security and Data Protection.

Publication Date: 23.5.2018

Responsible Officer: Aidan Adams (Director)

IPC Data Controller: Aidan Adams (Director)

1. Introduction

Companies engaged in estate planning are increasingly vulnerable to the risk of the loss, damage or destruction of important data – through theft, malicious intent or accident. Apart from the well understood issues associated with traditional paper formats, the risk is growing as computers and the internet are increasingly used to process and transmit confidential client and business information.

In addition, there is a heightened sensitivity around the management, storage and use of personal data, with express permission being required for its retention and its use for marketing purposes.

The Inheritance Planning Company (IPC) considers the management and storage of personal data to be of the highest priority.

2. Objectives

The objectives of this policy are:

2.1 To ensure that all information and information systems maintained by IPC are adequately protected against failures and loss.

2.2 To ensure that our people using data can maintain the confidentiality, integrity and availability of information used within IPC.

2.3 To ensure that IPC implement the appropriate measures to ensure regulatory, legal and contractual compliance and comply to industry good practice.

3. Scope

This policy applies to all IPC staff, contractors and associates. It includes data held electronically, on fixed or mobile devices, held at external sites (i.e. cloud) and heritage paper format.

4. Data Retention & Marketing

4.1 Wills, LPA’s and Estate Planning Data

With their express permission*, our client’s data relating to wills, LPA’s and associated documents will be retained for:

* 90 years or until such time as the data is judged to be obsolete to the client or IPC.

4.2 Estate Administration

With their express permission*, our client’s data, relating to probate will be retained for:

* 50 years or until such time as the data is judged to be obsolete to the client or IPC.

IPC staff and contractors must be aware that when the company accepts the role of personal representative for an estate, the company is also accepting the responsibility for the client’s data, including social media accounts and cloud-based storage.

4.3 Privacy Notices

IPC will generally seek the consent of individuals in writing*, when IPC intends to process and store their data. A ‘privacy notice’ will explain in clear and unambiguous language, what data will be collected and how it will be used (legal compliance, marketing, etc).

4.4 Subject Access Rights (SAR’s)

Individuals or their nominated representatives may request the following in relation to data held by IPC:

a) Confirmation that data is held about the individual.

b) Provision of a copy of the data.

c) Provision of supplementary information (e.g. who uses the data and for what purpose).

IPC’s data controller will meet the request for information, when they have satisfied themselves of the authenticity of the individual and their request, within 40 days or two months for complex cases.

4.5 Marketing

IPC will not contact clients (or potential clients) for marketing purposes, unless they have given their express permission* to be contacted for this purpose. Marketing will include ‘keeping in touch/keeping you up to date’ information.

Note*: All express permissions will be held on the IPC Asset Data Register.

5. General Awareness

All staff, associates, referrers and contractors will be made aware of their duties and responsibilities under IPC’s information security policy. This includes understanding how different types of information may need to be managed.

This will be achieved by:

* Publication of the policy to staff, associates, referrers and contractors.

* Training – annual refresher and during induction of new staff, associates, referrers and contractors.

* IPC Information Security factsheet circulated to all relevant people.

6. Systems

IPC will identify and invest in suitable organisational and technical systems to manage and protect the confidentiality, integrity and availability of the various types of information IPC holds.

7. Audit, Risk Assessment and Compliance

IPC directors will periodically audit and risk assess internal systems to protect the confidentiality, integrity and availability of the various types of information IPC hold. It will periodically audit data retained concerning individuals to review its relevance to IPC and the individual and seek consent to process and store information if this consent has not previously been given.

IPC will periodically contract an independent third party to complete compliance checks on its information security and data retention systems.

8. Reporting

Any breach of this policy, or suspected breach, should be reported to a director of IPC at the earliest possible opportunity. The IPC data controller is under an obligation to report breaches in data security to those significantly affected by the breach and to the Information Commissioner’s Office (within 72 hours).

Copyright © 2018 / The Inheritance Planning Company    Website development by: Indigo Tree