© Fraser and Fraser 2022. All rights reserved.
Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:
You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other forms electronic retrieval system.
Fraser and Fraser (F&F) takes information security and data protection seriously as personal data is at the heart of the probate research business.
Overall the privacy risks are low – since the core research activity uses mostly publicly available register data or information volunteered from beneficiaries and family members. Because the firm has remained a partnership since 1969, the partners are fully liable and therefore acutely aware of their compliance responsibilities.
F&F have taken data protection seriously in the past, but the General Data Protection Regulation (GDPR) significantly changes the governance and transparency requirements and there has been a need to improve compliance in these areas, and in addressing data retention.
For the main research activity, F&F is processing personal data in its legitimate interests (Article 6, condition f) as a probate research company, matching beneficiaries with estates. This also benefits solicitors and estate administrators in achieving resolutions, and the beneficiaries in enabling them to exercise their claims.
Once a beneficiary has agreed to work with F&F, their data is processed for the fulfilment of a contract (Article 6, condition b).
One area where F&F has opted to retain reliance on consent (Article 6, condition a) is that, having identified a beneficiary the firm will not disclose their contact details to a solicitor or estate administrator to submit a claim to estate without a “form of authority”.
F&F does not process special category (sensitive) data in probate research and therefore need not identify additional processing conditions under Article 9.
Fraser and Fraser is an international probate and genealogical research firm. Our task as probate researchers consists of tracing people who are entitled to a share of an estate. If they are named in a Will but cannot be found, we work to discover their whereabouts. When there is no Will and that person has died intestate, we delve into their family history to enable us to find their next-of-kin.
It is vital to this research to process personal data. We do so in support of our legitimate interests as a probate research company and to fulfil our contractual relationships with beneficiaries.
Fraser and Fraser has been registered as a data controller with the Information Commissioner’s Office since 2002 (reference: Z6407527).
We hold ISO 27001:2013 Information Security Management certification and are regularly audited to ensure compliance.
F&F’s research activities are based on specific data elements drawn from questionnaires completed by potential beneficiaries or relatives (completed in face-to-face interviews, online or manually and remotely) and from publicly available registers and sources. While a range of data sources are used, the focus of the research is fairly narrow – identifying family relationships and current whereabouts. Therefore there is little risk of “scope creep” or the capture of unnecessary data.
In order to process your application/claim we will supply some of your personal information to 3rd party companies*, some of these companies are credit reference agency or tracing firms providing services such as credit risk and affordability checking, fraud prevention, anti-money laundering, identity verification and tracing.
For potential and actual beneficiaries and family members we may hold:
We use the above personal data for the purposes of our legitimate interests as a probate and genealogical research company and in support of the legitimate interests of potential beneficiaries. Where beneficiaries are identified, we will also process data for the fulfilment of our contractual relationship with beneficiaries.
We obtain the data from individuals through questionnaires, from instructing legal firms and other agents, and from publicly available sources such as registers of births, marriages and civil partnerships or from electoral register.
We may share your personal data in order to identify and communicate with beneficiaries with instructing legal firms, executors or other relevant parties.
As genealogical research is of lasting historical value to our business and to the beneficiaries, we retain our records of research cases (such as family trees, copies of certificates and relevant correspondence) as a permanent archival record after weeding out non-essential documents.
F&F applies data minimisation techniques – for example, family provided to beneficiaries are stripped of contact details, names of heirs’ living children and non-inheriting female spouses.
You have statutory rights relating to your own personal data:
For more information on your rights under the GDPR see https://ico.org.uk/your-data-matters/
To exercise any of these rights or for more information, contact Fraser and Fraser on firstname.lastname@example.org or 020 7832 1400.
If you believe that Fraser and Fraser has failed to manage your personal data appropriately, you have the right to complain to the statutory regulator – The Information Commissioner’s Office. You can contact them in the following ways:
Telephone: 0303 123 113
Write to them:
Information Commissioner’s Office
*Links to 3rd party privacy notes:
TransUnion: will use your personal information to provide services to us and its other clients. We use their services in order to trace and distribute unclaimed funds/assets. More information about TransUnion and the ways in which it uses and shares personal information can be found in its privacy notice at https://www.transunion.co.uk/legal/privacy-centre
Lexis Nexis: provides to business customers, the ability to help them check the identities of people applying for or receiving products or services; to assist them in complying with regulations such as anti-money laundering (AML), anti-bribery and corruption or other legal requirements; to help them to prevent and investigate fraud and other potential offences, assist them with the management and accuracy of their own customer records and accounts; and help them to trace individuals for legally necessary purposes such as debt collection, asset reunification and process serving. https://risk.lexisnexis.co.uk/processing-notices/business-services3
GB Group Plc: https://www.gbgplc.com/privacy-policy/