Last updated : 31 December 2019
Thank you for using POA Scotland.co.uk (the “Website”) to make your Power of Attorney.
We value your privacy and we are committed to protecting your personal data. This Privacy Notice describes how POA Scotland collects and uses the personal information which you provide to us on the Website.
For the purposes of the General Data Protection Regulations 2016 (“GDPR”) POA Scotland Limited is the controller of your personal data and we are registered with the Information Commissioner’s Office. POA Scotland will be referred to in this Privacy Notice as “POA Scotland”, “we” or “us”.
Where you have a query about this Privacy Notice or wish to exercise any of your rights set out in this Privacy Notice or the GDPR you should contact us by email at email@example.com or by post to Data Protection Officer, POA Scotland, Clyde Offices, 2nd Floor, 48 West George Street, Glasgow, G2 1BP.
What personal data we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
You are required to enter your personal data including your full name, address and date of birth in order to complete your power of attorney. You are also required to enter the full name(s) and addresses of your attorney(s). Prior to completing the personal data of your attorney(s) you must obtain their consent to do so and make your attorney(s) aware of this Privacy Notice.
If you fail to provide personal data for you or your attorney(s) when requested, we will not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
In general terms we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data – this includes your first name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data – this includes billing address, email address, telephone numbers and your contact with us.
- Financial Data – this includes payment card details.
- Transaction Data – this includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data – this includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website.
- Profile Data – this includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data – this includes information about how you use the Website, products and services.
- Marketing and Communications Data – includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature or to identify issues with accessing the Website.
We do not collect any Special Categories of Personal Data about you such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
How we collect your personal data
We use different methods to collect data on the Website
Information provided by you : you provide us with your personal data such as your name, address, and date of birth by filling in forms on the Website. You will also provide us with your payment information.
Third parties :when you use the POA Service you will be redirected to community.lawyer who host our the application which allows you to Make Your POA.
How we use your personal data
We will only use your personal data to perform the contract we have entered into (or are about to enter into) with you, to comply with our legal obligations or for our legitimate business interests.
The table below represents our intended use of your personal data, the legal ground(s) for processing this data and / or our legitimate interest in doing so, the length of time permitted by law or which we consider appropriate based upon the reasons for retention:
|Type of data||Purpose of use of data||Legal ground for processing and/or legitimate interest|
|Identity data; Contact data||To create your power of attorney and associated documents||Performance of our contract with you|
|Contact data; Financial data; Transaction data||To receive and / or manage payments from or to you||Performance of our contract with you|
|Identity data; Contact data; Transaction data||To make statutory returns and to comply with legal and regulatory matters. To respond to complaints, and claims. To recover any debt due to us.||Necessary to comply with our legal obligations. Necessary for legitimate business interests by protecting our business. Necessary for legitimate business interests|
|Identity data; Contact data; Transaction data; Usage data; Profile data; Marketing and communications data||To send marketing communications to you. To ensure we do not send marketing communications to you||Consent granted by you. Necessary to comply with legal obligation|
|Identity data; Contact data; Transaction data; Profile data; Usage data; Profile data; Technical data||To identify and resolve technical issues with the Website or the POA Service. System maintenance, support, reporting and hosting of the Website, Identify and develop improvements to the Website, the POA Service or other products and services that may be of interest to you or other customers||Necessary for legitimate business interests by the running of the business, administration of the IT services and systems, network security and fraud prevention. Necessary for legitimate business interests by studying how customers use the services and to improve and develop the products and services.|
|Technical data||To identify and differentiate between human users and automated users||Necessary for legitimate business interests to protect the Website from spam and abuse including brute force attacks.|
How we store your personal data
We take reasonable and appropriate steps to protect your personal data from misuse, loss or unauthorised access. We have put in place security measures to prevent your personal data from being accidentally lost or used or accessed in an unauthorised way.
Where we have identified a suspected breach of our security measures as a result of which your personal data has been breached, we will notify you and the Information Commissioner within 72 hours of first having become aware of the breach.
Disclosure of your personal data
We will never share your personal data with any outside individual, company or organisation for marketing purposes.
We will share your personal data in the following circumstances:
- to our service providers who provide application, IT, systems administration and hosting services;
- to HM Revenue & Customs, regulators and other authorities where disclosure is required by law or where we know or suspect a transaction may involve illegal activity;
- to third parties to whom we may decide to sell or transfer all or part of our business or assets;
Transfers out-with the European Economic Area
We have made arrangements with Community Lawyer to ensure your personal data is not stored on their servers or processed in any way by Community Lawyer. When you have completed the questionnaire you will receive an email with your documents and we will receive a copy of this email to ensure we can answer any queries you may have in relation to your documents. This will be the only record we hold of your personal information and it will be deleted one year following receipt or earlier upon your request.
Your rights in relation to your personal data
You have the following rights in relation to your personal data:
- Access to your information – you have the right to request a copy of the personal data we hold.
- Correcting your information – you may ask us to correct any personal information about you that you believe is inaccurate or incomplete.
- Erase your information – you have the right to ask us to delete all or some of your personal data if:
- you think that we no longer need to hold the data for the purposes for which it was originally obtained
- we are using your personal data with your consent and you have withdrawn your consent
- our use of your personal information is contrary to law or our other legal obligations.
- Objecting to how we may use your information – you have the right to object to the processing of your personal data on grounds personal to you and you may contact us at any time to tell us to stop using your personal data for direct marketing purposes.
- Request the transfer of your personal data – you may request your personal data to be returned to you or where technically possible, transferred to a third party
- Withdrawing consent to use your information – Where we use your personal information with your consent, you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Exercising your rights in relation to your personal data
Should you wish to exercise any of your rights in relation to your personal data please email us at firstname.lastname@example.org. We may request further information from you
to confirm your identity and / or your rights. This is to ensure that personal data is not disclosed to a person who has no right to receive the data.
We will not normally charge a fee to you to access your personal data or exercise any other rights. However, we may charge a reasonable fee or refuse to comply with your request if your request is clearly unfounded, unreasonable, repetitive or excessive.
We will try to respond within one calendar month of receipt of your request. It may take longer than one month to complete your request if it is complex or you have made a number of requests. In these circumstances we will notify you of the progress of your request within one calendar month and will update you as to progress.
Complaints about our use of your personal data