This policy explains how Toolboxx Ltd (“the Company”) obtains and uses your information. We are committed to keeping your personal data safe and confidential, both online and offline.

The Company promises to keep your data safe and private and not to sell your personal information.

• We will only use it for marketing purposes or profiling where you have consented for us to do so.
• We will prevent any unauthorised access or disclosure and have put in place suitable physical, electronic and managerial procedures to safeguard and keep secure the information we hold.
• We will make it as easy as possible for you to manage and review your contact preferences at any time.
• We will make every effort to keep your personal information up to date.

The regulatory requirements of this policy are set out in the UK GDPR 2021 and the Data Protection Act 2018. The Company has obligations to protect the personal information it processes about its customers. The Information Commissioner’s Office (ICO) is the supervisory body for Data Protection legalisation. Breaches of the Data Protection Act 2018 can result in regulatory censure, including significant fines.

Your privacy is protected by Data Protection laws which allow the use of personal information only if we have a proper reason to do so (this can include sharing it outside Trust Inheritance Group Limited). The law says we must have one or more reasons, known as a legal basis, to do so.

Depending on the purpose, our lawful basis will be one of the following:

• To fulfil a contract with you – to arrange, produce, manage our products and services, or handle any other contractual duties.
• When it is our legal duty or obligation – to meet responsibilities we have to our regulators, tax officials, law enforcement, or other legal responsibilities.
• When it is in our legitimate interest – to operate, manage and improve our products and services and keep people informed about our products and services, their duties and responsibilities, or any other purposes we identify as appropriate to our business needs.
• When you consent to it – where we have obtained appropriate consent to collect or use your personal information for a particular purpose. You are able to remove your consent at any time; see “Accessing your data”.

Where we collect your data from

We may collect personal information about you directly; face to face, via Video Call, telephone, email, letter, through our website, Government and law enforcement agencies, agents working on your behalf or introductions through one or more of our Partners. At the time your data is collected or submitted, we will ask for or make available the option to consent to the use of such information.

The Company will process personal data during the course of business. Personal data is defined as any information relating to a living individual who can be directly or indirectly identified from the data being processed or other information which is in the Company’s possession.

Whenever the Company processes personal data, they must ensure they meet at least one of the following legal bases:

• Consent: The individual has given clear consent for the Company to process trustinheritancepersonal data for a specific purpose.
• Contract: the processing is necessary for a contract the Company has with an individual, or because they have asked for something to be done so they can enter into a contract.
• Legal Obligation: the processing is necessary for the Company to comply with the law.
• Interests: the processing is necessary to protect someone’s life.
• Public Task: the processing is necessary to perform a task in the public interest or for official functions.
• Legitimate interests: the processing is necessary for the Company’s legitimateinterests or the legitimate interests of a third party unless the individual’s rights override the Company’s legitimate interests

How we use your information

In order to register you as a new customer, administer your account, keep our records up to date and provide the products and services you have requested from us, it is necessary for us to record, store and process personal data relating to you on computers or hard copy format. We may collect the following information about you: name, contact information including email address, other demographic information such as postcode; preferences and interests; and any additional information relevant to your account or products and services we provide.

We may wish to contact you periodically about new products, special offers or other information which we think you may find interesting. If you decide you would rather not hear from us at any point, you can change your contact preferences by logging into your account and changing your preferences, by using the unsubscribe instructions in the correspondence, or by contacting us using the contact forms on this site.

On occasion, we may have the need to disclose this data to others, including professional advisors, providers of banking services (such as Visa, Mastercard, and Direct Debit scheme), providers of legal, financial and probate services (our Partners), and other authorities, including Government and law enforcement agencies.

How we store your data

Your information is securely stored, whether it is in the form of physical documents, digital documents or personal data. Physical documents are stored in our dedicated document storage facility, which protects against many potential hazards and is fully insured against loss and damage. For digital storage, we have robust security policies in place and use the latest technology to protect it.

How long do we keep your data for

We keep information for as long as is reasonably needed for the purposes we have set out in this policy. We also keep records, which may include personal information, to meet legal, regulatory, tax or accounting purposes. For example, we are required to retain an accurate record of your dealings with us, so we can respond to any challenges that might arise later. We will also retain files if we reasonably believe there is a prospect of litigation.

The specific retention period for your information will depend on the services you have received from us and the reasons we hold your data. To support us in managing how long we hold your data and our record management, we maintain a data retention policy that includes clear data retention and deletion guidelines. If you would like more information about our data retention policy, see “Accessing your data.”

Accessing your data

You have the right under the UK GDPR to question any information we have about you that you think is wrong or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it as quickly as possible.

You can access the data we hold on you, free of charge, by writing to Sophie Timmins, Head of Group Operations, Trust Inheritance Limited, Crown House, 1 Stafford Place, Weston-super-Mare, BS23 2QZ. We will send a document detailing the data we hold on you no later than 28 days from the date of receipt of your request.

We shall delete, remove, or stop using your personal information if there is no need for us to keep it and where you have instructed us to do so. However, there may be legal, regulatory, or other official reasons we need to keep or use your data. If you withdraw your data, we may not be able to provide certain products or services to you, which will prevent us from meeting our obligations.

This does not affect your rights or our obligations under the UK GDPR.

How to complain

Please let us know if you are unhappy with how we have used your personal information. Click here for our complaints process, this link will take you to our parent company website, www.trustinheritance.com. We value your privacy and will do everything within our power to resolve any issues you have promptly.

However, if we have not been able to achieve this, you have the right to make a complaint with the Information Commissioner's Office (ICO). We do ask that you please attempt to resolve any issues with us before contacting the ICO.

Changes to this Statement

We may occasionally update this Privacy Policy to reflect company and customer feedback. We would encourage you to review this page periodically. You will see when this Privacy Policy was last updated by the date below.

Last updated 30/09/24