Privacy Policy

Data Protection Policy

Ensuring the Security and Confidentiality of Personal Data

1. Introduction

Data protection is a fundamental component of responsible business operations. The purpose of this policy is to ensure that all personal data collected, stored, processed, and disposed of by S W Estate Planning is handled securely, lawfully, and in a manner that upholds the rights of data subjects. This policy applies to all employees, contractors, temporary staff, and third-party service providers engaged by the organisation.

2. Scope

This policy covers all personal data processed by S W Estate Planning regardless of format (electronic, paper, or other). It applies to:

  • Employees
  • Clients and customers
  • Suppliers and partners
  • Any other individuals whose personal data the organisation processes

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, whether automated or manual, such as collection, recording, organising, storing, adapting, altering, retrieving, consulting, using, disclosing, erasing, or destroying.
  • Data Subject: The individual to whom the personal data relates.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: Any natural or legal person who processes data on behalf of the data controller.

4. Legal Framework

S W Estate Planning is committed to compliance with all applicable data protection legislation, including but not limited to:

  • General Data Protection Regulation (GDPR) 2016/679
  • The Data Protection Act 2018
  • Any other local or sector-specific regulations

5. Principles of Data Protection

All processing of personal data by S W Estate Planningwill be conducted in accordance with the following principles:

  • Lawfulness, Fairness, and Transparency: Data will be processed lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: Data will be collected for specified, explicit, and legitimate purposes and not processed further in a manner incompatible with those purposes.
  • Data Minimisation: Only data that is adequate, relevant, and limited to what is necessary will be collected and processed.
  • Accuracy: Personal data will be accurate and, where necessary, kept up to date.
  • Storage Limitation: Data will not be kept for longer than necessary for the purposes for which it was processed.
  • Integrity and Confidentiality: Data will be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage, using appropriate technical and organisational measures.
  • Accountability: The organisation will be responsible for and able to demonstrate compliance with these principles.

6. Roles and Responsibilities

  • Data Protection Officer (DPO): The DPO is responsible for overseeing the implementation of this policy, providing guidance, monitoring compliance, and serving as a point of contact for data subjects and supervisory authorities.
  • Management: Senior management is responsible for ensuring resources and support are provided for the effective implementation of this policy.
  • Employees and Contractors: All staff must adhere to this policy, complete relevant training, and report any concerns or breaches to the DPO.

7. Data Collection and Processing

  • Personal data will be collected only for specified, explicit, and legitimate purposes.
  • Data subjects will be informed of the purposes of data processing and their rights via privacy notices.
  • Consent will be obtained where required by law, and data subjects will be able to withdraw consent at any time.
  • Data will not be used for purposes incompatible with the original intent without further consent from the data subject.

8. Data Security

S W Estate Planningwill implement appropriate technical and organisational measures to ensure the security of personal data, including but not limited to:

  • Access controls and authentication
  • Encryption of data at rest and in transit
  • Regular security audits and vulnerability assessments
  • Secure data storage and disposal methods
  • Employee training on data security best practices

9. Data Sharing and Transfers

  • Personal data will only be shared with third parties where necessary, and subject to appropriate safeguards.
  • Data will not be transferred outside the European Economic Area (EEA) unless adequate protection measures are in place, in compliance with applicable law.
  • Data sharing agreements will be established with all third-party processors or controllers.

10. Data Subject Rights

Data subjects have the following rights regarding their personal data:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure ("the right to be forgotten")
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision-making and profiling

Requests regarding these rights will be handled promptly and in accordance with legal requirements.

11. Data Breach Notification

In the event of a personal data breach, S W Estate Planningwill:

  • Assess the risk to individuals and take appropriate action to mitigate harm
  • Notify the supervisory authority within 72 hours, if required by law
  • Communicate with affected individuals where there is a high risk to their rights and freedoms
  • Document all breaches, actions taken, and outcomes

12. Training and Awareness

All staff must complete data protection training relevant to their role and regularly update their knowledge to reflect changes in law, technology, and best practice.

13. Policy Review and Updates

This policy will be reviewed annually or whenever there are significant changes to legislation, organisational structure, or processing activities.

14. Consequences of Non-Compliance

Failure to comply with this policy may result in disciplinary action, civil or criminal penalties, or termination of contract, depending on the severity of the breach.

15. Contact

For questions regarding this policy or data protection matters, please contact the Data Protection Officer at S W Estate Planning

16. Approval and Implementation

This policy is approved by S W Estate Planning senior management and is effective from AUGUST 2025.

 

©Copyright. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.