This website and its content is copyright of Fraser & Fraser – © Fraser & Fraser 2019. All rights reserved.

Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:

You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

 

Fraser and Fraser (F&F) takes information security and data protection seriously as personal data is at the heart of the probate research business.

Overall the privacy risks are low – since the core research activity uses mostly publicly available register data or information volunteered from beneficiaries and family members. Because the firm has remained a partnership since 1969, the partners are fully liable and therefore acutely aware of their compliance responsibilities.

F&F have taken data protection seriously in the past, but the General Data Protection Regulation (GDPR) significantly changes the governance and transparency requirements and there has been a need to improve compliance in these areas, and in addressing data retention.

For the main research activity, F&F is processing personal data in its legitimate interests (Art 6, condition f) as a probate research company, matching beneficiaries with estates. This also benefits solicitors and estate administrators in achieving resolutions, and the beneficiaries in enabling them to exercise their claims.

Once a beneficiary has agreed to work with F&F, their data is processed for the fulfilment of a contract (Art 6, condition b).

One area where F&F has opted to retain reliance on consent (Article 6, condition a) is that, having identified a beneficiary the firm will not disclose their contact details to a solicitor or estate administrator to submit a claim to estate without a “form of authority”.

F&F does not process special category (sensitive) data in probate research and therefore need not identify additional processing conditions under Article 9.

How we use your data

Fraser and Fraser is an international probate and genealogical research firm. Our task as probate researchers consists of tracing people who are entitled to a share of an estate. If they are named in a Will but cannot be found, we work to discover their whereabouts. When there is no Will and that person has died intestate, we delve into their family history to enable us to find their next-of-kin.

It is vital to this research to process personal data. We do so in support of our legitimate interests as a probate research company and to fulfil our contractual relationships with beneficiaries.

Fraser and Fraser has been registered as a data controller with the Information Commissioner’s Office since 2002 (reference: Z6407527).

We hold ISO 27001:2013 Information Security Management certification and are regularly audited to ensure compliance.

F&F’s research activities are based on specific data elements drawn from questionnaires completed by potential beneficiaries or relatives (completed in face-to-face interviews, online or manually and remotely) and from publicly available registers and sources. While a range of data sources are used, the focus of the research is fairly narrow – identifying family relationships and current whereabouts. Therefore there is little risk of “scope creep” or the capture of unnecessary data.

In order to process your application/claim we will supply some of your personal information to 3rd party companies*, some of these companies are credit reference agency or tracing firms providing services such as credit risk and affordability checking, fraud prevention, anti-money laundering, identity verification and tracing.

 

The data we hold

For potential and actual beneficiaries and family members we may hold:

We use these personal data for the purposes of our legitimate interests as a probate and genealogical research company and in support of the legitimate interests of potential beneficiaries. Where beneficiaries are identified, we will also process data for the fulfilment of our contractual relationship with beneficiaries.

We obtain the data from individuals through questionnaires, from instructing legal firms and other agents, and from publicly available sources such as registers of births, marriages and civil partnerships or from the electoral register.

We may share your personal data in order to identify and communicate with beneficiaries with instructing legal firms, executors or other relevant parties.

Because genealogical research is of lasting historical value to our business and to the beneficiaries, we retain our records of research cases (such as family trees, copies of certificates and relevant correspondence) as a permanent archival record after weeding out non-essential documents.

F&F applies data minimisation techniques – for example, family trees provided to beneficiaries are stripped of contact details, names of heirs’ living children and non-inheriting female spouses.

Your data rights

You have statutory rights relating to your own personal data:

For more information on your rights under the GDPR see https://ico.org.uk/for-the-public/

To exercise any of these rights or for more information, contact Fraser and Fraser on info@fraserandfraser.co.uk or 02078321400.

If you believe that Fraser and Fraser has failed to manage your personal data appropriately, you have the right to complain to the statutory regulator – The Information Commissioner’s Office

You can telephone them on 0303 123 113

Or you can use their online tool for reporting concerns: https://ico.org.uk/concerns/

Or you can write to them at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

* links to 3rd party privacy notices

TransUnion: will use your personal information to provide services to us and its other clients. We use their services in order to trace and distribute unclaimed funds/assets. More information about TransUnion and the ways in which it uses and shares personal information can be found in its privacy notice at www.transunion.co.uk/legal-information/bureau-privacy-notice.

Experian: www.experian.co.uk/bdr-privacy-policy.pdf

Lexis Nexis:  provides to business customers, the ability to help them check the identities of people applying for or receiving products or services; to assist them in complying with regulations such as anti-money laundering (AML), anti-bribery and corruption or other legal requirements; to help them to prevent and investigate fraud and other potential offences, assist them with the management and accuracy of their own customer records and accounts; and help them to trace individuals for legally necessary purposes such as debt collection, asset reunification and process servinghttps://risk.lexisnexis.co.uk/processing-notices/business-services3

Equifax: https://assets.equifax.com/assets/unitedkingdom/equifax_data_sharing_policy.pdf

GB Group Plc: https://www.gbgplc.com/privacy-policy/

FindMyPast: www.findmypast.co.uk/content/privacy-policy

Ancestry: www.ancestry.co.uk/cs/legal/privacystatement