PRIVACY NOTICE

Sections in this notice:

1. Your personal information

2. Purpose of our Privacy Notice

3. Types of personal information

4. Legal basis for processing

5. Where we collect information from

6. Who we share your personal information with

7. Marketing

8. Retention

9. Your rights

10. International transfers

11. Security

12. How to complain

​

1. Your personal information

We will keep personal information of our clients (you, yourself and your). Your information will be held by MSL Legacy Limited (we, us and our) and this privacy notice confirms how we will hold and use or process your data (our Privacy Notice). 

2. Purpose of our Privacy Notice

Our Privacy Notice has been drafted to comply with the new General Data Protection Regulation and sets out your rights under the new laws. Your privacy is protected by law and our Privacy Policy explains how that works.

​

3. Type of personal information

The personal information we keep can be varied. We expect to keep the following type of personal information for you (although not all these categories will necessarily apply to you in which case we will not request or hold such information):

​

• Personal – including your full name, marital status and date of birth.

• Contact – details of where you live and other property addresses which are in your name or for which you are principal contact for. We will also keep details about how to contact you including telephone numbers and email addresses.

• Financial – your current financial position and source of wealth including financial information for accounts which we hold for you. We will also keep details about some of your assets, primarily your UK assets, including values, property addresses and any associated information.

• Socio-Demographic - this includes details about your work or profession, nationality, tax status, education and where you fit into general social or income groupings.

• Accounts – details about transactions on your accounts with us.

• Contractual – details about the services we provide to you.

• Communications – details which are recorded in communications between us.

• Relationships – details about your family, friends and other relationships.

• Public Records data – details about you that are in public records, such as the Electoral Register, and information about you that is openly available on the internet.

• Documentary data – details about you which is contained in any document

• Criminal convictions and offences – if you have a criminal conviction we will only use this type of personal information with your consent and if the law allows us to do so.

• Consents – this includes any permissions, consents or preferences that you give us. 

• Tax Identification Number (TIN) – this includes TIN’s such as your UK National Insurance number or UK Unique Taxpayer Reference.

​

4. Legal basis for processing

Unless we inform you otherwise, the legal basis on which we will process your personal information is ‘legitimate interests’ Broadly speaking legitimate interests means that we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests. 

​

If you agree to our terms and conditions as a client then we will use your personal information to perform your contract with us and manage our relationship with you. We will also use your personal information to develop new ways to meet your needs or identify services which you may require based on the information which we hold for you. We will normally request your consent to use your personal information in any new way unless we need to fulfil our legitimate interests (such as good governance, accounting and managing your matter) or our legal duty (such as when we are obliged to detect, investigate, report, and seek to prevent financial crime). We aim to keep our records up to date through annual checks on your personal information where appropriate which will enable us to manage risk for us and our clients.

When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

​

Examples of our legitimate interests to process your information are:

​

i) Purpose: 

To Register you as a new client.

​

Data Used:

(a) Identity

(b) Contacts

(c) TIN'S

​

Legal Basis:

Performance of a contract

ii) Purpose:

To inform you of changes which may affect you. 

​

Data used:

(a) Identity

(b) Contacts

(c) Social-demograhic

(d) Public Data

(e) TIN's

​

Legal bases: 

To provide you with the most relevant information as long as this does no harm any of your rights and interests. 

​

iii) Purpose:

Your best interests

​

Data used:

(a) Identity

(b) Contact

(c) Financial

(d) Account

​

Legal basis:

Processing your information to protect you against fraud, for example, when making payments to you, and to ensure our systems are secure.

​

4. Purpose:

Due diligence

​

Data used:

(a) Identity

(b) Contact

​

Legal basis:

For the purposes of money laundering regulations. 

​

5. Where we collect personal information from

We will collect personal information about you from you or other companies or advisers which are involved in any matter for which we act for you. We will collect this data from all forms of communications or documents in the matter in which we are engaged. If you decide that you do not want to provide us with your personal data, we may not be able to perform a contract.

6. Who we share your personal information with

We may share your personal information with, but not limited to, banks, agents, advisers, insurers and lenders who are either instructed by us or you. We will seek your consent before we release your personal information. We shall of course share your personal information with any company which you ask us to share your data with. We may also be required to share your personal information with HM Revenue & Customs, regulators and other authorities such as fraud prevention agencies. Both we and fraud prevention agencies can only use your personal information if we have a proper reason to do so. It must be needed either for us to obey the law, or for a ‘legitimate interest’. We will use the information to help prevent fraud and money-laundering.

​

7. Marketing

We do not carry out marketing but we will contact you to inform you of changes which may affect you based on the services we have previously provided to you. This falls within our legitimate interests. You can ask us to stop contacting you in this way at any time.

​

Whatever you choose, you'll still receive statements, and other important information such as changes to your existing services.

​

8. Retention

We will keep your personal information for as long as you are a client of MSL Legacy Limited. We will also retain your data after our contractual relationship has ended for a minimum period of 6 years. We will inform you if we will hold your personal data for longer, for example, in case of any legal claims brought by you against us. This will help us to deal with any questions or complaints which may arise after our contractual relationship has ended.

9. Your rights

You have the following rights:

a. Right to be informed

By providing you with a copy of our Privacy Notice, we have informed you of how we will process your personal data.

b. Right to access

You have the right to access your personal data so that you are aware of and can verify the lawfulness of the processing. Information will be provided without delay and at the latest within one month of receipt (unless your request is complex in which case your data will be provided within three months). You can access your personal information we hold by writing to us at MSL Legacy Limited, 334-354 Gray’s Inn Road, London WC1X 8BP. 

​

c. Right to rectification

You have the right to have inaccurate personal data rectified, or completed if it is incomplete.

​

d. Right to erasure

You have the right to have your personal data erased, for example, if your personal data is no longer necessary for the purpose which we originally collected or processed it for. If you withdraw your consent, we may not be able to provide certain services to you. If this is so, we will tell you.

​

The right to erasure does not apply if processing is necessary for one of the following reasons:

​

• to exercise the right of freedom of expression and information;

• to comply with a legal obligation;

• for the performance of a task carried out in the public interest or in the exercise of official authority;

• for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or

• for the establishment, exercise or defence of legal claims.

​

e. Right to restrict processing

You have the right to request the restriction or suppression of your personal data.  If you decide to restrict, we are permitted to store your personal data, but not use it. The period of restriction will generally be limited in time and not indefinite. We can refuse to comply with a request for restriction if your request is manifestly unfounded or excessive.

f. Right to data portability

You have the right to obtain and reuse your personal data for your own purposes across different services.

g. Right to object

You have the right to object to the processing of your personal data and direct marketing. We will stop processing your personal data unless there are compelling legitimate grounds for the processing, which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.

​

h. Rights to automated decision making including profiling

We will not process your data by automated decision making or automated profiling.

10. International transfers

The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations. These restrictions are in place to ensure that the level of protection of individuals afforded by the GDPR is not undermined.

We will not transfer your personal information outside the European Union unless:

​

• we have received your full consent to do so; or

• it is necessary for the performance of our contract with you; or

• it is necessary for important reasons of public interest; or

• it is necessary for the establishment, exercise or defence of legal claims.

​

11. Security

We have put in place technical controls such as those specified by established frameworks like Cyber Essentials to ensure that your personal information is safe. We use encryption and/or pseudonymisation where it is appropriate to do so. We understand the requirements of confidentiality, integrity and availability for the personal data we process. We make sure that we can restore access to personal data in the event of any incidents.

12. How to complain

Please let us know if you are unhappy with how we have used your personal information. You have the right to complain to the Information Commissioner’s Office if you think there is a problem with the way you are handling the data. You can find further details on their website about how to report a concern (https://ico.org.uk).

​

If you have any questions, or want more details about how we use your personal information, you can contact our data protection officer: Nicholas Sawle at MSL Legacy Limited, 334-354 Gray’s Inn Road, London WC1X 8BP or by telephone on 00 44 (0) 7846 739 793.