Privacy Policy

Last updated : 31 December 2019


Thank you for using POA (the “Website”) to make your Power of Attorney.

We value your privacy and we are committed to protecting your personal data.  This Privacy Notice describes how POA Scotland collects and uses the personal information which you provide to us on the Website.

For the purposes of the General Data Protection Regulations 2016 (“GDPR”) POA Scotland Limited is the controller of your personal data and we are registered with the Information Commissioner’s Office.  POA Scotland will be referred to in this Privacy Notice as “POA Scotland”, “we” or “us”.

Where you have a query about this Privacy Notice or wish to exercise any of your rights set out in this Privacy Notice or the GDPR you should contact us by email at or by post to Data Protection Officer, POA Scotland, Clyde Offices, 2nd Floor, 48 West George Street, Glasgow, G2 1BP.

What personal data we collect

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

You are required to enter your personal data including your full name, address and date of birth in order to complete your power of attorney.  You are also required to enter the full name(s) and addresses of your attorney(s).  Prior to completing the personal data of your attorney(s) you must obtain their consent to do so and make your attorney(s) aware of this Privacy Notice.

If you fail to provide personal data for you or your attorney(s) when requested, we will not be able to perform the contract we have or are trying to enter into with you.  In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

In general terms we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data – this includes your first name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data – this includes billing address, email address, telephone numbers and your contact with us.
  • Financial Data – this includes payment card details.
  • Transaction Data – this includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data – this includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website.
  • Profile Data – this includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data – this includes information about how you use the Website, products and services.
  • Marketing and Communications Data – includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose.  Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature or to identify issues with accessing the Website.

We do not collect any Special Categories of Personal Data about you such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

How we collect your personal data

We use different methods to collect data on the Website

Information provided by you : you provide us with your personal data such as your name, address, and date of birth by filling in forms on the Website.  You will also provide us with your payment information.

Information collected automatically : we may automatically collect Technical Data about your computer equipment and Usage Data about how you use the Website.  We collect this data by using cookies, please see our Cookie Policy for more information.

Third parties :when you use the POA Service you will be redirected to who host our the application which allows you to Make Your POA.

How we use your personal data

We will only use your personal data to perform the contract we have entered into (or are about to enter into) with you, to comply with our legal obligations or for our legitimate business interests.

The table below represents our intended use of your personal data, the legal ground(s) for processing this data and / or our legitimate interest in doing so, the length of time permitted by law or which we consider appropriate based upon the reasons for retention:

Type of dataPurpose of use of dataLegal ground for processing and/or legitimate interest
Identity data; Contact dataTo create your power of attorney and associated documentsPerformance of our contract with you
Contact data; Financial data; Transaction dataTo receive and / or manage payments from or to youPerformance of our contract with you
Identity data; Contact data; Transaction dataTo make statutory returns and to comply with legal and regulatory matters. To respond to complaints, and claims. To recover any debt due to us.Necessary to comply with our legal obligations.  Necessary for legitimate business interests by protecting our business. Necessary for legitimate business interests
Identity data; Contact data; Transaction data; Usage data; Profile data; Marketing and communications dataTo send marketing communications to you. To ensure we do not send marketing communications to youConsent granted by you. Necessary to comply with legal obligation
Identity data; Contact data; Transaction data; Profile data; Usage data; Profile data; Technical dataTo identify and resolve technical issues with the Website or the POA Service.  System maintenance, support, reporting and hosting of the Website, Identify and develop improvements to the Website, the POA Service or other products and services that may be of interest to you or other customersNecessary for legitimate business interests by the running of the business, administration of the IT services and systems, network security and fraud prevention. Necessary for legitimate business interests by studying how customers use the services and to improve and develop the products and services.
Technical dataTo identify and differentiate between human users and automated usersNecessary for legitimate business interests to protect the Website from spam and abuse including brute force attacks.

How we store your personal data

We take reasonable and appropriate steps to protect your personal data from misuse, loss or unauthorised access.  We have put in place security measures to prevent your personal data from being accidentally lost or used or accessed in an unauthorised way.

Where we have identified a suspected breach of our security measures as a result of which your personal data has been breached, we will notify you and the Information Commissioner within 72 hours of first having become aware of the breach.

Disclosure of your personal data

We will never share your personal data with any outside individual, company or organisation for marketing purposes.

We will share your personal data in the following circumstances:

  • to our service providers who provide application, IT, systems administration and hosting services;
  • to HM Revenue & Customs, regulators and other authorities where disclosure is required by law or where we know or suspect a transaction may involve illegal activity;
  • to third parties to whom we may decide to sell or transfer all or part of our business or assets;

Transfers out-with the European Economic Area

The Make Your POA Service is provided by means of an application hosted by  Community Lawyer is based in the United States and when you complete the questionnaire by entering your Identity data and Contact data this data will be processed on their server to produce your Power of Attorney.  You can view Community Lawyer’s privacy policy here.

We have made arrangements with Community Lawyer to ensure your personal data is not stored on their servers or processed in any way by Community Lawyer.  When you have completed the questionnaire you will receive an email with your documents and we will receive a copy of this email to ensure we can answer any queries you may have in relation to your documents.  This will be the only record we hold of your personal information and it will be deleted one year following receipt or earlier upon your request.

Your payment information will be be processed by Stripe which is also located in the United States.  Stripe is a member of the EU-US Privacy Shield Framework which confers upon you the same rights as you receive in the United Kingdom.  You can view Stripe’s Privacy Policy here.  POA Scotland do not store your credit or debit card information.

Your rights in relation to your personal data

You have the following rights in relation to your personal data:

  • Access to your information – you have the right to request a copy of the personal data we hold.
  • Correcting your information – you may ask us to correct any personal information about you that you believe is inaccurate or incomplete.
  • Erase your information – you have the right to ask us to delete all or some of your personal data if:
  • you think that we no longer need to hold the data for the purposes for which it was originally obtained
  • we are using your personal data with your consent and you have withdrawn your consent
  • our use of your personal information is contrary to law or our other legal obligations.
  • Objecting to how we may use your information – you have the right to object to the processing of your personal data on grounds personal to you and you may contact us at any time to tell us to stop using your personal data for direct marketing purposes.
  • Request the transfer of your personal data – you may request your personal data to be returned to you or where technically possible, transferred to a third party
  • Withdrawing consent to use your information – Where we use your personal information with your consent, you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Exercising your rights in relation to your personal data

Should you wish to exercise any of your rights in relation to your personal data please email us at  We may request further information from you
to confirm your identity and / or your rights.  This is to ensure that personal data is not disclosed to a person who has no right to receive the data.

We will not normally charge a fee to you to access your personal data or exercise any other rights.  However, we may charge a reasonable fee or refuse to comply with your request if your request is clearly unfounded, unreasonable, repetitive or excessive.

We will try to respond within one calendar month of receipt of your request.  It may take longer than one month to complete your request if it is complex or you have made a number of requests.  In these circumstances we will notify you of the progress of your request within one calendar month and will update you as to progress.

Complaints about our use of your personal data

We hope you will be satisfied with the terms of this Privacy Policy and our use of your personal data.  However, in the event that you have a complaint please email us at .

If you believe we have not complied with this Privacy Policy or your data protection rights, you may lodge a complaint with the UK Information Commissioner’s Office.