Privacy Policy
Here at Lincoln Brown & Co Probate Services we care about the importance of your personal data and privacy. This Privacy Policy will explain how we collect and process your personal data.
Who we are
Company name: Lincoln Brown & Co Probate Services
Email address: office@lincolnbrown.com
Telephone number: 01992 443703
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. We are therefore responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy statement.
We have appointed Hannah Brown as our Data Protection Officer, responsible for assisting with enquires in relation to this privacy statement or our treatment of your personal data. Should you which to contact them please use the following contact:
Data Protection Officer
Name: Hannah Brown
Email: hannah@lincolnbrown.com
Information we collect and how we use it
Our company collects but is not limited to collecting the following information:
| Type of data | Purpose |
| Personal details such as names, addresses, contact details, age, sex etc | The administration of paperwork |
| Personal details of clients such as names, addresses, contact details, age, sex etc | To provide accountancy and related services to clients, in particular for the administration of their tax and personal financial affairs, and to comply with both their and our legal obligations including in relation to tax and money laundering |
| Financial details of employees and contractors ie matters related to income and payroll, tax details, expenses claimed, court orders, pensions, insurance | Collected and maintained in order to ensure timely and accurate payment of staff, and proper accounting for tax purposes |
| Time recording of work for clients | To provide services to our clients and bill for them, to monitor performance of our employees |
How long will we keep your data?
Your personal information will only be kept for the period of time which is necessary for us to fulfil the above purposes.
When assessing what retention period is appropriate for you personal data, we take into consideration the following:
• the requirements of our business and the services provided;
• any statutory or legal obligations;
• the purposes for which we originally collected the personal data;
• the lawful grounds on which we based our processing;
• the types of personal data we have collected;
• the amount and categories of your personal data; and
• whether the purpose of the processing could reasonably be fulfilled by other means.
Sharing personal information to third parties
In order to meet the purposes, we have described above, we may on some occasion need to share your personal information with other third parties. Those third parties include and are not limited to IT and Cloud Services, Professional Advisory Services, HMRC.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions. We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law. We will only transfer the personal data we collect about you outside of the EEA if it is necessary to complete the work requested by you or our clients. If this happens, we will ensure that anyone to whom we pass your information agrees to treat your information with the same level of protection as if we were dealing with it.
Data subject rights
We would like to make sure that you’re aware of your data rights and how to control your personal information. You have the following data subject rights:
The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request to correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
The right to be forgotten – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to us processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please email hannah@lincolnbrown.com
Keeping your data secure
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This includes ensuring that client personal data that is stored electronically is held in a secure datacentre in the UK.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you, and any applicable regulator, of a suspected breach where we are legally required to do so.
Data security – transferring personal data and communications
We will ensure that we take the following measures with respect to all communications containing personal data:
- When possible, all emails containing personal data are encrypted using passwords.
- All documents containing personal data prepared for clients, will be held in a separate client area, hosted by a reputable IT service provider. Access to the area is controlled.
- All emails containing personal data will be marked ‘confidential’.
- Personal data contained in the body of an email, whether sent or received, should be copied from the body of the email and stored securely, with the email being deleted.
- All temporary files containing any personal data should be deleted without delay.
- Where personal information is being sent by fax, the recipient should be informed of its imminent arrival to allow them to monitor and collect the document immediately.
- All personal data sent in hard-copy form should be delivered to the recipient in person, in a container marked ‘confidential’, or sent by recorded delivery or courier, as appropriate
Data storage and general security
We take the safety and security of your personal data very seriously. The firm has undertaken the National Cyber Security Centre training as well as following the below:
- All electronic copies of personal data should be stored securely using privilege levels and passwords.
- Regular password changes will be enforced and the number of logins will be restricted.
- Passwords should never be written down or shared between any employees, agents, contractors or other persons working on behalf of the Firm, no matter what their level of seniority.
- Computer equipment belonging to the Firm will be sited in a secure location within the office and in a position where they cannot be viewed by members of the public.
- Computer terminals must not be left unattended, and should be logged off at the end of the session.
- All software must be kept up to date and all security-related updates are installed promptly, unless there are valid technical reasons for not doing so.
- No software should be installed on the Firm’s system without the prior approval of Daniel Brown.
- Personal data should not be stored on any mobile device such as laptops, tablets and smartphones without the approval of the DPO and, where it is held, only in accordance with their instructions and limitations.
- Personal data must never be transferred onto an employee’s personal device and we will never transfer such data onto a device owned by a contractor or agent unless they have agreed to comply fully with the letter and spirit of this policy and with the GDPR.
- All manual files must be stored securely in locked cabinets and should not be left unsecured in the office overnight.
- Computer printouts containing personal information should be destroyed without delay and should never be retained for scrap paper.
- Where personal data is to be erased, or otherwise disposed of, this will be done in accordance with the Firm’s data retention policy.
Business Transfers
If the business be sold, merge or go bankrupt then requests will be made to individual and companies about how they would like us to transfer their data. Whether returned to themselves, sent to a new accounting or destroyed (in accordance with retention legislation).
Contact Details
If you have any questions about the Site or this Policy, or you wish to make a Subject Access Request, then please contact us as follows, making your request or query clear:
e-mail: office@lincolnbrown.com
telephone: 01992 443 703
postal address: Grenville House, 4 Grenville Avenue, Broxbourne, Herts, EN10 7DH
Right to Complain
If you wish to file a complaint, please contact the Information Commissioners Office:
Address: Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: https://ico.org.uk/concerns
Telephone: 01625 545 745
Amending the Policy
We regularly review and update this Privacy Policy in order to reflect the best practices and current laws, and will update our policy on this webpage. This privacy policy was published on 2nd September 2024 and last updated on 2nd September 2024.