Privacy policy

Privacy policy of Inheritec Limited

 

Scope of this Privacy Policy

This Privacy Policy applies between you, the users of this website and our services, and Inheritec Limited, the owner and provider of the services including the website. Inheritec Limited takes the privacy of your information very seriously. This Privacy Policy applies to our use of any and all Personal Data collected by us or provided by you in relation to your use of the Website.

For purposes of the applicable Data Protection Laws, Inheritec Limited is the "data controller". This means that Inheritec Limited determines the purposes for which, and the manner in which, your Data is processed.

Definitions and Interpretation

In this Privacy Policy, the following definitions are used:

Personal Data means any personal information that you submit or that we acquire either through the website, contact forms, emails, phone calls or other channels.

Data Protection Laws means any applicable law relating to the processing of personal Data, including but not limited to the UK GDPR, and any national implementing and supplementary laws, regulations and secondary legislation;

UK GDPR means the UK General Data Protection Regulation as more particularly described and defined in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018;

Inheritec or the Company means Inheritec Limited, a company incorporated in England and Wales with registered number 15594782 whose registered office is at Appointment House, Philip Ford Way, Wymondham,  Norfolk, NR18 9AQ; 

User means anyone other than (i) employees or workers within Inheritec (including those in the wider group and our affiliated companies) who are acting in the course of their employed roles and (ii) consultants who are engaged to provide services to Inheritec.

Data Collected

Being intrinsically involved in the business of inheritance recovery which involves at its core the activities of tracing, locational services, investigating legacy intentions and wills, transfer and repatriation of assets, we naturally have to collect a wide variety of data sets.  We may collect the following Personal Data as part of that work (from a range of sources):

Relating to Individuals

·         name;

·         contact Information such as email addresses and telephone numbers;

·         executor status (lay or professional), name of deceased estate responsible for.

·         cookie tracking data

·         website usage data including your IP address, browser type, and location data.

Relating to Corporations / Trusts

·         Employer name, trust name and contact channels, company website, address, business telephone number.

Note - billing and payment information contained in invoices and communications with our billing and payment partner (chiefly collected through a 3^rd party payments company) e.g., bank account details, credit card numbers, invoice data).

How We Collect Data

We collect data in the following ways:

• Personal Data which is given to us by you; and
• Personal Data which is collected automatically.

Data That is Given to Us by You

·         data is given to us by you or on your behalf by the executors, estate personal representative, lawyers or other probate professionals;

• when you contact us through the website, by telephone, post, e-mail or through any other means;
• when you use our services;

Data That is Collected Automatically or from 3^rd Parties

·         data is collected automatically such as cookie data or IP address from your computer or website metrics;

·         data is sourced from third parties (e.g., public records, death notices, financial institutions, or tracing agents).

 

Our Use of Personal Data

Any or all of the above Personal Data is required by us in order to provide you with the best possible service and experience when using our inheritance recovery services including our website. Analysing this need in further detail, Personal Data may be used by us for the following specific and granular reasons:

• internal record keeping (including audit);
• To provide you with the services you have purchased;
• To process and manage invoices, fees, and charges in conjunction with our banking partner Natwest;
• To manage our customer/client relationship with you, including notifying you about changes to our terms or Privacy Policy;
• To administer and protect our business and the website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data);
• To deliver relevant updates, notices and potentially advertisements to you and measure or understand the effectiveness of the notices we send to you.

Legal Basis for Processing

We rely on the following legal bases under the Data Protection Laws to process your personal Data:

Purpose of Processing	Legal Basis
Providing and delivering inheritance recovery and tracing services (which include repatriation, asset transfers, and share sales)	Performance of a Contract with the client (Estate Representative, Charity, or Individual)
Locating assets and tracing beneficiaries to reunite them with their rightful inheritance	Legitimate Interests (to perform our core business services of investigation, recovery and repatriation, which benefits the data subject and/or the estate)
Communicating with Financial Institutions and corporations (including listed companies where shares are held) and providing supporting documentation for asset release	Compliance with a Legal Obligation or Legitimate Interests (to fulfill our contractual duty to the client)
Internal record keeping, risk management, and administrative purposes	Legitimate Interests (running our business, service development, and preventing fraud)

 

Who We Share Personal Data With

1.      We may share your Personal Data with the following groups of people for the following reasons:

2.      our employees, agents and/or professional advisors - to provide further information or answer questions;

3.      IT service providers, cloud hosting partners, customer relationship management (CRM) tools and web hosting services, comprising the following:

a.       data quality management providers who ensure high quality data sets – such Data8  https://www.data-8.co.uk/ based in Chester and whose own privacy policy is here https://www.data-8.co.uk/privacy-policy/

b.      up to date mortality data – purchased by Inheritec from MIexact,  https://miexact.com/privacy-cookies/

c.       Identity verification and fraud prevention tools – such as those provided by GBG Group PLC (an LSE listed company) https://www.gbg.com/en/privacy-policy/

d.      Customer identification services – courtesy of SQR Group Limited, operating out of the Isle of Man   https://sqr.id/privacy-policy/

4.    Analytics and search engine providers (to assist us in the improvement and optimisation of the website);

5.    Payment and banking partners – such as Natwest to handle payment data securely and process transactions

6.    Financial institutions, pensions providers, equity release companies, banks, building societies, share registrars, and pension providers - To verify asset ownership, manage historic shares, and facilitate the transfer and release of assets;

7.    Government bodies and regulators (e.g. Probate registries and courts, HMRC, NEST for pensions and the Disclosure and Barring Service for DBS checks)- often all of these are used for legal compliance reasons and to obtain official documentation necessary for asset recovery;

8.    Tracing agents, forensic services and data suppliers to locate lost beneficiaries and verify genealogical information;

9.    Members of our corporate group and affiliated companies – such as our sister company, Perane and affiliate Inheritec Pty Limited in Australia.  For example, there may be occasions where Uk shares are held by an Australian and Inheritec Pty may need to contact the holder or the executor.

Looking to the future, Inheritec is continually looking for ways to improve and enhance our service offering.  Part of this has involved international expansion in the past, and this may include future partners, agents or subsidiaries in future.  Where this is the case, we shall endeavour to be efficient in our operation and host the data from the UK if that is the prudent and optimal thing to do.

International Data Transfers

Inheritec Limited is based in the UK and we primarily store your data within the UK. However, some of the external third parties we use (e.g., cloud hosting providers or email services) may be based or at least have operations outside the UK and the European Economic Area (EEA) - such as GBG Group PLC and SQR.

In such cases, we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data, or where we have put in place appropriate safeguards.  These safeguards include having contracts with our partners which endorse the use of UK International Data Transfer Agreements (IDTA) or the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses, to ensure that your Data is treated securely and in accordance with this Privacy Policy and the Data Protection Laws.

Keeping Data Secure

We will use technical and organisational measures to safeguard your Personal Data.  These include the use of secure servers, an up to date encryption policy, IT security standards throughout the business, a password protection policy, physical security measures and an overall culture of vigilance around digital and physical risks to the business and its digital and physical perimeters.

We are Cyber Essentials Plus certified. This benchmark is a high standard we have attained and it helps us manage your Personal Data and keep it secure.

If you suspect any misuse or loss or unauthorised access to your Personal Data, please let us know immediately by contacting us via this e-mail address: [email protected].

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Data Retention

Inheritec has a data retention policy approved by the Board.  It relates to both digital data sources and physical documents.   That policy sets out the retention period for various data categories which are held in the business.  

Inheritec’s approach closely follows the ICO principles of data minimisation and storage limitation – we also have internal rules for maximum retention periods, archiving and safe data destruction.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

Even if we delete your Personal Data, it may persist on backup or archival media for legal, tax or regulatory purposes. Typically, records relating to completed estate administration or financial transactions will be retained for 6-7 years following completion, to satisfy our legal and financial audit obligations.

Your Rights

You have the following rights in relation to your Personal Data:

• Right to access - the right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is "manifestly unfounded or excessive." Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.
• Right to correct - the right to have your Data rectified if it is inaccurate or incomplete.
• Right to erase - the right to request that we delete or remove your Data from our systems.
• Right to restrict our use of your Data - the right to "block" us from using your Data or limit the way in which we can use it.
• Right to data portability - the right to request that we move, copy or transfer your Data.
• Right to object - the right to object to our use of your Data including where we use it for our legitimate interests.

To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), please contact us via this e-mail address: [email protected].

If you are not satisfied with the way a complaint you make in relation to your Data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner's Office (ICO). The ICO's contact details can be found on their website at https://ico.org.uk/.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during the period for which we hold it.

Links to Other Websites

This website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This Privacy Policy does not extend to your use of such websites. You are advised to read the Privacy Policy or statement of other websites prior to using them.

Changes of Business Ownership and Control – continued right to use data

Inheritec Limited may in future acquire businesses or sell some or all of our businesses.  All information on our systems (including your Personal Data) would likely be relevant to any new owner or controller.  We hereby reserve the right on behalf of any new owner (our successors and assignees) to use the data we have acquired and retained for the purposes for which it was originally supplied to us, using the contract we have with you and/or the consent you provide to us and/or our legitimate interests in providing a continual and seamless service without breaks or disruptions.  For the avoidance of doubt, we may also disclose our data and records to a prospective purchaser of our business or any part of it.

General

You may not transfer any of your rights under this Privacy Policy to any other person. We may transfer our rights under this Privacy Policy where we reasonably believe your rights will not be affected.

If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

Changes to This Privacy Policy

Inheritec Limited reserves the right to change this Privacy Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the Privacy Policy on your first use of the Website following the alterations. You may contact Inheritec Limited by email at [email protected].

This Privacy Policy was updated and approved by the Board in December 2025.