BLUECOAT WILLS AND TRUST DATA PROTECTION AND GDPR POLICY
This document will cover the different policies and regulation of GDPR in Bluecoat Wills and Trusts Ltd in accordance with the International Commissions Office. The document will provide the relevant areas of GDPR that apply to Bluecoat and how Bluecoat meets regulation standards and maintains standards.
Personnel Data Policy Statement:
You may be assured that we and any company associated with us will treat all personal data and sensitive personal data as confidential and will not process it other than for legitimate purposes, such as; drafting Wills, funeral plan providers, and Trust arrangements, for fraud prevention and for statistical analysis. Bluecoat is required to hold your personal data to administer services and contact you with updates to services.
We may share your information with other professional companies, such as Solicitors or Accountants, in order to deliver the services, we have recommended and providing advice, administration and management.
Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary. Personnel data is to be held for along as you are a client or for up to fifteen years after the service was provided in order to protect against complaints. Measures will also be taken to safeguard against unauthorised or unlawful processing and accidental loss or destruction or damage to the data.
You can request a ‘subject assess request' and expect a reply within one month unless the request is complex, then it may take longer. You also have the right to complain straight to the ICO, however, Bluecoat requests any complaints are firstly raised directly with our service department.
Under the Data Protection Act and General Data Protection Regulation individuals have a Right to Erasure (‘right to be forgotten’) which can be applied to personal data, in specific circumstances, and is a right that you may be able to exercise for the data that we hold for you. However, we can refuse to comply with a request for erasure where the personal data is being processed to comply with a legal obligation. Under FCA regulation we have a mandatory requirement to retain your data for specified periods (and for some products, such as occupational pension transfers, we are required to retain this data indefinitely) which may impact your Right to Erasure.
If at any time you wish us or any company associated with us to cease processing your personal data or sensitive personal data, or contacting you for marketing purposes, please contact The Data Protection Officer on (01273 839533) or in writing at Bluecoat Wills & Trusts Ltd, Basepoint Business Centre, Ropetackle, Shoreham-by-Sea, West Sussex, BN43 5EG. Subject to certain exceptions, you are entitled to have access to your personal and sensitive personal data held by us.
The personnel data policy statement is to be review annual to ensure it complies with the ICO standard.
* where a client is under the age of 16 consent must be given by either the parent or legal guardian for this data to be processed.
Client Data Holding
Clients' personal data is held only in dropbox(intellectual), locked cabinets (paper) and by the National Will Safe (Paper). Dropbox is a computer cloud-based filing system used to hold all of the companies documents. Locked Cabinets are used to should client applications whilst they are being completed. The National Will Safe is the document storage facility used by us to store client documents. Client personal data will be held for the entirety of their lifetime and 12 years after death, allowing for any complaints to be upheld and dealt with efficiently.
Data Shared with 3rd Party Companies
All third party companies that are currently being used by Bluecoat are compliant with the new GDPR or will be by the 25 May 2018. If a member of staff wishes to use a new provider or company to service a clients request or for company purposes they must ensure they comply with GDPR. If you cannot find the companies GDPR policy or it does not meet the required regulations, no personal data is to be sent to the company including staff members, company or clients.
If the client agrees to our terms and conditions they are consenting to Bluecoat Wills and Trusts sharing their personal data with third party companies. Third-party companies are sometimes used by Bluecoat Wills and Trusts to provide products to the client. If the client does not agree then we cannot provide the service.
If you are unsure of what to do due to the third party company not complying with GDPR, contact your Line Manager and follow the instructions above.
Client personal data is taken in the first two stages of a client journey, the initial meeting and the instruction meeting. The data is then uploaded and stored on Dropbox under the client file, it is also held in the paper instructions filled out for the purpose of completing the service with a third party provider. Once the product and or service has been complete the clients data will held on Dropbox by Bluecoat Wills and Trusts. Personal data is held electronically and written by the service provider and electronically and written by the National Will Safe (if the client uses our document storage facility).
Prospect Personal Data
A prospective clients personal data must only be held by the company for a one year time period, if the client doesn’t require our services their data is to be deleted. If after this time the client requests a service or product the initial meeting stage must be started again if required.
All emails containing personal data must have personal data in a password-protected attachment.
To create a password-protected attachment:
Use Word to create the document containing personal data;
Select Protect Document;
Enter the client's Password from the Client Password List;
The Password will be the first four letters of their surname and the complete year of their birth. Eg. lang1988;
Once the document is complete save it under the client file;
Create the email informing the client that the attachment is password protected;
Attach the document;
If the client request that the password is sent to them, send it as a text message to their Mobile phone.
Staff Personal Data
Staff personal Data will be deleted three years after leaving the company. It is the responsibility of the line manager of that department to deleted the staff members personal data, irrespective of whether they were a member of staff while the current Line Manager was in post. Prospective staff members personal data should only be held for twelve weeks. Human Resources or the hiring team has the responsibility of deleted the prospectives personal data.
Clients have the right to ask for eraser, however, Bluecoat Wills and Trusts has the right to hold on to clients data to defend again any complaints in the future. Therefore, the client can be given all of the data we hold on them but Bluecoat Wills and Trusts will not delete their data.
Erasing Client Files
Client files can only be erased 12 years after the date of death. The files must be removed from the Dropbox and profession software must be used to permanently deleted files.
Paperwork should be shredded.