Who We Are And About This Policy

This is the privacy policy of Bequeathed Limited (company number 10960116), whose registered office is at Acre House, 11/15 William Road, London NW1 3ER, telephone 020 3936 2630, and e-mail [email protected] In this policy we refer to ourselves as we and to users of this website as you (and related expressions must be interpreted accordingly).

Our business consists of the operation of a will-writing scheme for the benefit of charities and selected law firms to which we provide services. We set out below important information about our processing of personal data by reference to the purposes for which we do so in the context of that business.

We have published this policy with the view of engendering your trust in our processes, so that you understand what we do and why, and in order that, if you wish to challenge them, you have information about your rights and how you can contact us.

The purposes are as follows:

  • Conduct our will-writing scheme and maintaining a database of wills
  • Keeping records and accounts
  • Recording of in-coming and out-going telephone calls
  • Operating our business
  • Our website and use of cookies and tracking technologies

We have included sections dedicated to describing your rights, our contact information generally, and how you can make a complaint.

This policy does not relate to our storage of personal data you upload to Bequeathed in the course of using our drafting tool, keeping a copy of the will you draft, and keeping a record of your questions and answers, so that you can access that information for your own purposes. We perform those tasks on your behalf as a processor under the Processor Terms.

We have adopted our Processor Terms and made them binding upon us for the benefit of certain of our users in the form of a deed. A reproduction of the terms of the deed can be found here. If you would like to see a copy of the deed itself, please contact us at [email protected]. We make a charge of £50 to provide a copy. Although you are not a party to the deed, if you are a registered consumer or professional end user who uses the will-drafting tool via the Website to draft a will we are liable to you if we breach the terms set out in the deed.

The Legal Basis On Which We Process Personal Data

We believe that helping people to draft a good will is a worthwhile thing to do. The systems required to do so are complex and in order to make them available to you free of charge we rely on fees from other sources. Therefore, we have a legitimate interest in processing personal data in accordance with our scheme.

We also have a legitimate interest to keep all records relating to our business for our internal purposes and to deal with queries or complaints which may arise.

The legal basis on which we deal with people other than you depends on the circumstances. In all cases we make sure that we have a legitimate reason to do so in connection with our business.

When We Collect Information From You

We will not obtain personal information about you before you register with us to use our will-drafting services. However, see our cookie policy in relation to cookies and tracking technologies.

We communicate and deal with all manner of people in the ordinary course of our business, whether suppliers, competent authorities, and others incidentally in connection with our business. In the course of doing so, having regard to the nature and purpose of those dealings, we will obtain and process personal data.

Using And Disclosing The Information You Provide

Unless you have told us otherwise, we will use your information:

  • we will use your contact details to communicate with you during the will-writing process and after, including to help you maintain your will, and, if you opt in, to contact you about our products and services;
  • to identify when your will is affected by a change in the law;
  • in anonymised form, to inform charities as to our user-base and legacy-giving;
  • subject to your express permission, we will inform the relevant charity if you have included a legacy-gift in your will and provide the charity with your contact details;
  • where you have arrived at this website via a link on the website of one of our panel law firms or customer charities, to mark you as contact of that law firm and/or charity so that we may tailor our communications to you accordingly;
  • subject to your express permission, to provide a panel law firm that you have told us you wish to take legal advice from with your contact details;
  • to administer your user account;
  • to provide contextual online support to you during your use of the system or tools;
  • to process any request for advice or information;
  • to customise this website;
  • to ensure that any content you post complies with the terms and conditions of use of the website;
  • to ensure that content from our site is presented in the most effective manner for you and for your computer;
  • to allow you to participate in interactive features of our service, when you choose to do so;
  • to notify you about changes to our service; and
  • to analyse how our website is used and share anonymous information relating to that use with third parties.

We will retain your information for as long as we operate our will-writing scheme, and afterwards for the purposes of our Keeping Records and Accounts (see below).

We do not use or disclose data we obtain from anyone else for any purpose in the course of our business other than for which it was given to us.

If we sell or buy any business or assets we may disclose your information to the buyer or seller of the business or the assets.  If we or substantially all of our business or assets are acquired by a third party, your information is likely to be included in the transfer.

We have implemented the Google Analytics Demographics and Interest Reporting feature which provides us with aggregated information about the age and gender of our users, along with the interests they express through their online activities. Details of how we use Google Analytics cookies are contained in our cookie policy. You can opt out of the Google Analytics Demographics and Interest Reporting feature by changing your Google Ads settings by visiting https://myaccount.google.com/privacy?pli=1#ads. Alternatively, Google Analytics provides an opt-out add-on for certain internet browsers at https://tools.google.com/dlpage/gaoptout/.

Collection Of Your Information

The information about how you that we use and disclose is collected through your use of this website and information we learn from your use of the website, or through your use of our other services.

The information we collect (excluding the information you upload to Bequeathed in the course or using our drafting tool which is addressed in the Processor Terms) is:

  • how you arrived at our site
  • your name, email address, postcode
  • the pages you have visited on our website
  • any information you choose to provide us with in online chat

We will never collect information about you concerning your religion, beliefs, criminal record, health or sexuality without your explicit consent.

Cookies And Tracking Technologies

Our website sets cookies on your device, and may read cookies already on your device, regarding your use of our website and services. Please see our cookies policy for further details regarding the collection and use of this information.

We also place Facebook Pixels from some of our charity customers on our site so they may track the actions of users who visit our site having responded to the charity's advertising.

Keeping Records And Accounts

We keep personal data only where and for so long as it is necessary to provide our products and services and afterwards for so long as necessary to meet our legal or regulatory obligations or, if longer, in relation to claims which could be made against us. Our normal practice is to keep information for at least 6 years.

Operating Our Business

This section is concerned with the systems we use to process personal data and our processing of personal data for internal purposes (other than personal data you upload in your use of our drafting tool which is addressed in the Processer Terms). It is not concerned with the nature of the data, the classes of individual on whom we process data, the classes of the data, the sources and disclosures of the data, nor the period of time which we hold data. For information on those topics, please consult the other sections of this policy.

We process personal data using five principal systems: Rackspace, Intercom, Coview, Hotjar and Slack which we make work together using Zapier.

AWS

Our web application and data (i.e. data from the will-writing process) are hosted within AWS, in UK datacentres. So AWS policies and processes are our policies and processes for our physical and network security standards. 

Intercom

We use a third party application called Intercom as the means by which we communicate with you and provide you with support via email and online chat. All your information sent from our website to Intercom is encrypted in transit. The API and application endpoints are TLS/SSL only and score an "A+" rating on SSL Labs' tests - meaning that Intercom only uses strong cipher suites and has features such as HSTS and Perfect Forward Secrecy fully enabled.

Our use of Intercom in this way means your information will be transferred through Intercom out of the EEA, primarily to Amazon Web Services facilities in the USA. Further details about the measures Amazon take in securing its facilities and services can be found here: https://aws.amazon.com/compliance/

Intercom adheres to the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal data from European Union member countries and Switzerland. Intercom, Inc. has certified adherence to and commits to apply the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.

Further details about the measures Intercom takes in relation to privacy can be found here: https://www.intercom.com/terms-and-policies#eu-us

Coview

We use a third party application called Coview in order to be able to provide you with Support. Through Intercom, it enables us to request that you share your screen with us so that we can see what you do. Coview is based in Germany and is compliant iwth EU GDPR policy. For further details about the measures Coview takes in relation to privacy, visit https://docs.coview.com/docs/security-and-data-protection.

Hotjar

We use a third party application called Hotjar. It is a website heatmap tool that helps us see what people do on our website pages: where they click, how far they scroll, what they look at or ignore.

Hotjar Heatmaps collect anonymized user behavior data, so we get an overview of our visitor behavior while always protecting end-user privacy.

All data Hotjar collects is stored electronically in Ireland, Europe on the Amazon Web Services infrastructure, eu-west-1 datacenter. Its application servers and database servers run inside an Amazon VPC, Virtual Private Cloud. The database containing visitor and usage data is only accessible from the application servers and no outside sources are allowed to connect to the database. The data retention times are no longer than 365 days. For further details visit: https://help.hotjar.com/hc/en-us/sections/115003180467-Privacy-Security-and-Operations

Slack

We use a third party application called Slack to communicate within our business, not externally. We integrate Slack with Zendesk, Intercom and Fullstory so that we can discuss issues that are raised by users on our website amongst our team. Information collected by each of those applications may therefore also be collected by Slack and processed by Slack outside of the EEA. 

Slack Technologies, Inc. has certified with the EU-U.S. and Swiss-U.S. Privacy Shield with respect to the personal data it receives and process on behalf of its customers through its online workplace productivity tools and platform (the “Services”). Slack certifies that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data submitted by its customers in participating European countries through the Services, and its Privacy Shield certification is available at https://www.privacyshield.gov/list. It may also process personal data its customers submit relating to individuals in the EU via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

Further details about the measures that Slack takes in relation to privacy can be found here: https://slack.com/gdpr

Zapier

We use Zapier to help make the other third-party systems work together. Zapier is EU-U.S. & Swiss-U.S. Privacy Shield compliant and details may be found at https://zapier.com/privacy/.

Computers and mobile devices

Our staff and representatives use computer and communications equipment to access these systems to perform their duties, and in particular work stations, laptop computers, other mobile computing devices and mobile phones. Personal data is stored on these devices appropriate to the use for the time being.

We use personal data for the following internal purposes:

  • Training
  • Corporate governance and management

External service providers

In addition to the third party applications listed above, we have engaged external service providers to provide the following services:

  • Tier 2 Consulting Limited, for developing and maintaining our technology platform

Storage

All information you provide to us is stored on secure servers or encrypted devices. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

The transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.

Recording Of In-Coming And Out-Going Telephone Calls

Please see our policy on this subject entitled Call Recording Policy.

Where Information Is Processed

Information processed via Intercom, Slack, FullStory and Zendesk is processed outside of the EEA. Data held at AWS is in the UK. 

Your Rights

Individuals have several rights under data protection law in relation to how we process personal data. These are identified below. More information can be obtained from the Information Commissioner’s website at www.ico.org.uk.

We cannot charge for providing information where individuals exercise their rights, except that we may charge a reasonable fee based on our administrative costs to provide additional copies where requested in connection with a request to access data, or where we can demonstrate that requests are manifestly unfounded or excessive. In the latter case we may alternatively refuse to act on a request.

If someone wishes to exercise any of their rights, please contact us at [email protected]

  • Right to be given clear and easy to understand information on what personal information we have, why and who we share it with.
  • Right to access information that we hold as personal data, subject to protecting the interests of others as appropriate.
  • Where any information we hold is inaccurate or incomplete, we can be required to rectify it.
  • Right for information to be deleted or removed if there is not a compelling reason for us to retain it.
  • Right to restrict processing of personal data for certain reasons.
  • Right for a copy of personal data to be provided for personal purposes to use across different services, including to transfer the personal information we hold to another company.
  • Where we are subject to a breach of security which is likely to result in a high risk to individuals about whom we hold data we must communicate the breach to the individuals concerned without undue delay. In some cases, this may be done by public communications. This right is subject to certain exceptions where measures have been taken to protect the information.
  • Right to object to processing of personal data.
    • You can object to us processing your personal data where it is based on our legitimate interests, in which case we can no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
    • You can object at any time to our use of personal data relating to you in connection with our direct marketing. Where you do so, the personal data shall not afterwards be processed for such purposes.
    • Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing.
    • Where we are processing personal data about you with your consent you can withdraw it at any time.

Contact

If you have any questions about this Privacy Policy or the personal data we will obtain and process about you, please contact us at [email protected].

If somone has a complaint about our handling of personal data, we ask that they contact us at [email protected].

If we are unable to resolve a complaint, the matter can be referred to the Information Commissioner's Office. Here are the contact details: www.ico.org.uk/concerns/. A claim may also lie in the courts.