This privacy policy should be read alongside, and in addition to: a) our Terms and Conditions for use of the Website, which can be found at: https://www.kinherit.co.uk/terms; and b) our Terms and Conditions of Business.

If you are an advisor via our partner program using Kinvault, there may also be data protection
terms in our contract that apply to our processing of Personal Data.

Please read this privacy policy carefully.

Definitions and interpretation

• In this privacy policy, the following definitions are used:

Cookies	a small text file placed on your computer by our Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website are set out in the clause below (Cookies);
Data Protection Laws	any applicable law relating to the processing of Personal Data, including but not limited to the GDPR, and any national implementing laws or related laws, regulations and secondary legislation;
GDPR	the General Data Protection Regulation (EU) 2016/679 and any UK equivalent following the UK’s exit from the European Union;
Kinherit LTD, we or us	Kinherit LTD, a company incorporated in England and Wales with registered number 11500962 whose registered office is at Equinox South Great Park Road, Bradley Stoke, Bristol, England, BS32 4QL;
Personal Data	any information that enables us to identify an individual, either directly or indirectly;
UK and EU Cookie Law	the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 and any legislation that supersedes, amends or replaces all or part of such Regulations in the UK;
User or you	any individual that accesses the Website, takes products or services from Kinherit LTD or otherwise engages with Kinherit LTD and is not either (i) employed by Kinherit LTD and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to Kinherit LTD and engaging with Kinherit LTD in connection with the provision of such services.

• In this privacy policy, unless the context requires a different interpretation:
  • the singular includes the plural and vice versa;
  • references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this privacy policy;
  • a reference to a person includes firms, companies, government entities, trusts and partnerships;
  • “including” is understood to mean “including without limitation”;
  • reference to any statutory provision includes any modification or amendment of it;
  • the headings and sub-headings do not form part of this privacy policy.

Scope of this privacy policy

• This privacy policy applies only to the actions of Kinherit LTD and Users with respect to our Websites or our provision of services to Users. It does not extend to any third party websites that can be accessed from a Website including, but not limited to, any links we may provide to social media websites.
• For purposes of the applicable Data Protection Laws:

1. Where you use the Kinvault platform provided to you by your advisor, with your advisor’s branding, Kinherit LTD is the “data processor” and your advisor is the “data controller”. This means that your advisor determines how and why your Personal Data is processed and is ultimately responsible for ensuring compliance with applicable Data Protection Laws. We
   have data processing terms in place with your advisor that comply with applicable Data Protection Laws and we comply with our own obligations as a data processor. Your advisor’s own privacy policy will apply to this processing and we are not responsible for your advisor’s processing of your Personal Data.
2. In all other circumstances where Kinherit LTD processes your Personal Data, Kinherit LTD is the “data controller” and this privacy policy applies.

Data collected

• We collect the following Personal Data, which you give us when you use a Website, contact us, register with us, set up an account, use our services or otherwise when we engage with you to provide products and services:
  1. name;
  2. date of birth;
  3. gender;
  4. marital or relationship status;
  5. next of kin details;
  6. contact Information such as email addresses and telephone numbers;
  7. demographic information such as postcode, preferences and interests;
  8. financial information such as details of assets and relevant policies; and
  9. other information that you provide in your Customer Summary Document or otherwise when you communicate or engage with us.

2. The following Personal Data is automatically collected from you when you use our Websites, by using Cookies (further information can be found in the section headed “Cookies” below):

• 1. IP address;
  2. web browser type and version;
  3. operating system;
  4. a list of URLs starting with a referring site, your activity on this Website, and the site you exit to;

3. You will also provide us with Personal Data about other individuals, such as executors and beneficiaries, and we will use this data to deliver the services that we provide to you. Where we may deal with such other individuals, we will identify your arrangements as the basis for us storing the data.
4. Kinherit does not seek to collect special category data (as defined on the ICO website) other than in relation to unstructured specific items which customers may choose to incorporate in their end-of-life planning. Where customers choose to upload their own information, it is stored in compliance with Kinherit’s data security protocols which include restrictions on access to areas necessary to deliver Kinherit’s service.

Our use of Personal Data

• We use your Personal Data for the following purposes:

1. to provide you with our services;
2. to allow you to use, and store Personal Data in, our Websites;
3. to communicate with you and respond to any queries, comments or issues that you raise;
4. to allow you to register for, and to run and manage, accounts that you set up on our Websites;
5. for internal record-keeping purposes;
6. to improve our products and services; and
7. where you have consented to receiving electronic direct marketing
   (or where you are an existing customer and have not opted out), to market our products and services to you.

• Where we use your Personal Data to provide you with our services, to allow you to use our Websites and to allow you to register for, and to run and manage, your accounts, the legal basis for this processing is the performance of a contract between you and us and/or taking steps
  to enter into such a contract.
• In all other circumstances, we process your Personal Data on the basis that the processing is necessary for the purposes of our legitimate interests. We have a legitimate interest in ensuring that we provide the best service possible to our customers and respond to customer
  queries, as well as in promoting our business. We also have a legitimate interest in keeping accurate records of services we provide, for example for tax and accounting purposes. You have a right to object to us processing your Personal Data for these purposes, but we may not always need to comply with any such request. Please see the section headed “Your rights” below for more information.

Who we share Personal Data with

• We share your Personal Data with the following groups of people for the following reasons:

• 1. anyone else who instructs us jointly with you, for example your partner;
  2. your advisor, if you authorise us to do so (for example, by granting your IFA access to your Kinvault);
  3. your executors, trustees, relatives, family and other named persons by you at the time of decease as part of our core service;
  4. professional advisors – to obtain legal or non-legal advice;
  5. relevant authorities – to facilitate the detection of crime and where required at the time of decease; and
  6. third party service providers that we engage in connection with the provision of our services, such as website developers, IT support providers and our hosting provider (Amazon Web Services) and online payments & identity verification provider (Stripe).

     g. identity document verification. Stripe collects identity document images, facial images, ID numbers and addresses as well as advanced fraud signals and information about the devices that connect to its services. Stripe shares this information with us and also uses this information to operate and improve the services it provides, including for fraud detection. You may also choose to allow Stripe to use your data to improve Stripe’s biometric verification technology. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy.

Keeping Data secure

• We will use technical and organisational measures to safeguard your Personal Data, for example:
  1. access to your account is controlled by a password and an email/username that is unique to you;
  2. we store your Personal Data on secure servers in the UK and we do not transfer your personal data outside the UK/EEA;
  3. data is encrypted in transit and “at rest” (i.e, backups);
  4. all traffic is encrypted using SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology.
• Our payments provider Stripe is fully PCI compliant, and no credit card details are stored on our servers.
• Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Personal Data, please let us know immediately by contacting us via this email address: systems@kinherit.co.uk.
• If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Data retention

• Unless a longer retention period is required or permitted by law, we will only hold your Personal Data on our systems for the period necessary to fulfil the purposes outlined in this privacy policy or until you request that the Personal Data be deleted (although please note that we are not always legally required to comply with such a request – for more information, see the section headed “Your rights” below). Normally, this will be the period for which we provide services to you.
• Even if we delete your Personal Data, it may persist on backup or archival media for legal, tax or regulatory purposes. If this is the case, we will ensure that the Personal Data can only be accessed by authorised individuals in exceptional circumstances.

Your rights

• You have the following rights in relation to your Personal Data:
  • Right to access – the principal Personal Data that we hold about you will be available to you at any time via your kinvault. If you request a copy of the detailed notes underpinning your advisor discussions, we will provide this subject to an administration charge. Should we be called on to support a court case involving a disputed Will, there may be extra charges in order to extract individual call recordings and otherwise provide support, and this will depend on the situation. If you request information that we are bound to provide under GDPR regulations, this will be provided in accordance with appropriate laws. Where we are legally permitted to do so, we may refuse your request, in which case we will tell you the reasons why.
  • Right to correct – the right to have your Personal Data rectified if it is inaccurate or incomplete. If you think that we are holding inaccurate Personal Data about you, or
    if any of your details change, you must inform us immediately by emailing info@kinherit.co.uk.
  • Right to erase – the right to request that we delete or remove your Personal Data from our systems in certain circumstances. We do not always need to comply with such a request, but if we do not, we will tell you the reasons why. 
  • Right to restrict our use of your Data – the right to “block” us from using your Personal Data or limit the way in which we can use it. This right only applies in certain circumstances and we may not be legally obliged to comply with your request; if this is the case, we will tell you the reasons why.
  • Right to data portability – the right to request that we move, copy or transfer your Personal Data, in a common electronic format, to you or another provider where possible. This right only applies to the Personal Data that we process for the purposes of providing our services, our Websites or running and managing your account.
  • Right to object – the right to object to our use of your Personal Data where we use it for our legitimate interests. If we have compelling legitimate grounds to continue to process your Personal Data, we will be able to continue to do so.
  • Right to opt out of electronic marketing –
    the right to let us know that you do not want to receive further electronic direct marketing from us. You can do this by clicking “unsubscribe” in any marketing emails that we send.
• To make enquiries or exercise any of your rights set out above, please contact us via this email address: info@kinherit.co.uk.
• If you are not satisfied with the way a complaint you make in relation to your Data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO). The ICO’s contact details can be found on their website at https://ico.org.uk/.
• It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.

Links to other websites

• Our Websites may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or
  statement of other websites prior to using them.

Changes of business ownership and control

• Kinherit LTD may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of Kinherit LTD. Personal Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the Personal Data for the purposes for which it was originally supplied to us.
• We may also disclose Personal Data to a prospective purchaser of our business or any part of it.
• In the above instances, we will take steps with the aim of ensuring your privacy is protected.

Cookies

• Our Websites may place and access certain Cookies on your computer. Kinherit LTD uses Cookies to improve your experience of using the Websites and to improve our range of services. Kinherit LTD has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.
• All Cookies used by our Websites are used in accordance with current UK and EU Cookie Law.
• You may, if you wish, prevent your browser placing Cookies; however certain features of the Website may not function fully or as intended
• Our Websites may place the following types of Cookies:

Type of Cookie	Purpose
Strictly necessary cookies	These are cookies that are required for the operation of the Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies	They allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.
3rd Party Cookies	These are set by 3rd parties in order to provide specific services such as embedded video.

• You can find a list of Cookies that we use in the Cookies Schedule below.
• You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.
• You can choose to delete Cookies at any time; however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings. Not accepting cookies will limit any authenticated session on our website(s) to a maximum 15 minutes.
• It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
• For more information generally on cookies, including how to disable them, please refer to aboutcookies.org. You will also find details on how to delete cookies from your computer.

Changes to this privacy policy

• Kinherit LTD reserves the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on our Websites and, if you are a Kinherit customer, you will be provided with an updated copy of the
  privacy policy. You may contact Kinherit LTD by email at info@kinherit.co.uk.

Cookies Schedule

Below is a list of the cookies that we use. We have tried to ensure this is complete and up to date, but if you think that we have missed a cookie or there is any discrepancy, please let us know.

Strictly necessary

We use the following strictly necessary cookies:

Description of Cookie	Purpose
Kinherit	We use this session cookie to remember you and maintain your  session whilst you are using our Website. This is not set until you login and are a registered user.

Analytical/performance

We use the following analytical/performance cookies:

Description of Cookie	Purpose
Google Analytics, Facebook	We use this cookie to help us analyse how users use the Website.

3rd Party Cookies

When viewing a video on our website, we make use of various cookies

Description of Cookie	Purpose
Vimeo (Various)	(Various)