The purpose of this notice

We are committed to protecting your privacy and safeguarding your personal data. Our use of your personal data is subject to the UK General Data Protection Regulation, Data Protection Act 2018, and other UK privacy laws (together Data Protection Legislation).

In this privacy notice we explain how we will process your personal information obtained through your use of our website https://octopuslegacy.com, our website services, and through direct interactions with you.

It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data, and what data protection rights you have.

What does this notice cover?

You can either scroll down to read this notice in its entirety (which we recommend), or click on one of the links below to go straight to the section you are interested in.

  1. Who we are
  2. Personal data we collect
  3. How we collect personal data
  4. How and why we use personal data
  5. Marketing
  6. Who we share personal data with
  7. How long we keep personal data
  8. Your rights
  9. Keeping personal data secure
  10. Complaints
  11. How to contact us
  12. Changes to this privacy policy

1. Who we are

When we say we, us or our in this privacy notice, we mean Octopus Legacy Limited, a company incorporated and registered in England and Wales with company number 11111047 and whose registered office is at Work.Life, 20 Red Lion Street, London, England, WC1R 4PS.

For the purposes of the Data Protection Legislation, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal information about you.

If you have any questions about this policy or the personal data we hold about you, please contact our Data Protection Lead at [email protected].

2. Personal data we collect

Personal data means information which relates to an identified or an identifiable individual.

Types of personal data we may collect Examples
Identity data Title; first name; last name; username.
Contact data Address; email; telephone number.
Profile data Interests; preferences; feedback and survey responses; posts and materials uploaded onto your website.
Professional data Job title; name of business or organisation; professional credentials; professional contact details.
Usage data Services you signed up to; details of free materials downloaded from our website; services purchased and prices paid.
Communication data Details of enquiries submitted via our website or emailed to us, details of our communication with you.
Contract data Details of our contracts with you.
Bow Service data Your answers to our Bow questionnaire, your Bow score and our recommendations.
Will Service data Information which you provide us with in connection with our will writing service, including your title, name, date of birth, address, contact details, your marital status, details of your partner, details of your children, details of your pets, details of your chosen guardians, details of your chosen executors, details of your beneficiaries, details of your estate (including financial assets and properties), and details of your funeral and estate wishes. We also hold copies of the will documentation we generate for you.
LPA Service data Information which you provide us with in connection with our Lasting Power of Attorney writing service, including your title, name, date of birth, address, contact details, details of your chosen attorneys, and details of your wishes in respect of decisions to be made by your attorneys. We also hold copies of the Lasting Power of Attorney documentation we generate for you.
Technical data Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

We do not provide services directly to children below 16 or proactively collect their personal data. We do however collect the personal data of children indirectly through their parents using our services (for example, if a parent uses our Will Writing Service). Our website can be used by anyone who is 16 years old or older. Our Will Writing and LPA Services can only be used by individuals who are at least 18 years old.

Before you disclose to us the personal information of another person you must ensure that you have a lawful basis to do so. For information on when and how you can lawfully disclose personal data, please see the Information Commissioner’s Office Guide to the General Data Protection Regulation.

We may also collect, use and share anonymised, aggregated data such as statistical or demographic data for any purpose. Anonymised data may be derived from your personal data but is not considered personal information by law, as this information does not directly or indirectly reveal your identity. For example, we may aggregate information on how you use our website to calculate the percentage of users accessing a specific website feature.

3. How we collect personal data

We collect most of this information from you directly. However, we may also collect information from other sources.

Type of source Examples
Your use of our website and services when you sign up to or use our services; sign up to our mailing list; submit an online enquiry; subscribe to our blogs, complete a contact form; complete a survey; submit feedback.
Direct interactions with you when you first contact us (e.g., by phone or email); when you register interest in our services; when you give us your business card.
From your partner when your partner shares your name and email address with us because you wish to use our services;
From publicly accessible sources your website; your profiles on social media platforms (e.g., LinkedIn, Facebook, Twitter); professional networking groups and databases.
Automated technologies or interactions as you interact with our website, app and advertisements, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. For further details, please see our Cookies Notice.

4. How and why we use personal data

Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so.

4.1. Consent. Generally, we do not rely on consent as a legal basis for processing your personal data other than to:

  • place cookies and similar tracking technologies on your device;

  • send you our blogs, newsletters or other electronic marketing communication, if you requested or expressly agreed to receive such communication and are not our existing customer;

  • respond to your enquiries; and

  • to share your name and email address with a charity which you included in your will, to allow the charity to communicate with you.

Where your permission is required, we will clearly ask you for such consent separately from the body of this privacy notice.

You have the right to withdraw consent by:

  • emailing us at [email protected];

  • changing your privacy settings within your account on our website;

  • in case of marketing emails, by using the ‘unsubscribe’ link in such marketing emails; or

  • in case of cookies, by using the cookie preferences settings on our website.

4.2. Contract. We will use your personal data if we need to do it to perform our obligations under a contract with you, or if it is necessary for a contract which we are about to enter with you. For example, if we need to:

  • register you as a new customer or administer your account (e.g., set up your subscription and administer invoicing and payments);

  • provide our services to you;

  • manage our relationship with you (e.g., to respond to your enquires or to notify you about changes to our services and to inform you about updating preferences); and

  • provide after sale care services (e.g., technical support).

4.3. Legitimate interests. We may process your personal data when we (or a third party) have a legitimate reason to use it, so long as this is not overridden by your own rights and interests. For example:

  • to administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);

  • to interact with you professionally (e.g., if you represent our business client, supplier or partner);

  • to manage your account and our relationship with you;

  • to manage payments, fees, charges, and to collect debts which you may owe to us;

  • to deal with enquiries unrelated to a contract which we have with you;

  • to provide you with a free service;

  • to send our updates or other electronic marketing communications if you are our current customer and previously purchased similar services from us, or if you represent our business client, supplier, or partner;

  • to increase our business or promote our brand through delivering relevant website content, advertisements, and marketing communication to you;

  • to share basic information about you with our charity partners to allow them to assess the success of the legacy campaigns they run with us, and to update their supporter databases;

  • to measure or understand the effectiveness of the advertising we provide to you;

  • to improve our website, products, services, marketing, and customer relationships;

  • to conduct web analytics;

  • for the prevention and detection of fraud; or

  • for the establishment, exercise, or defence of legal claims.

4.4. Legal obligation. We may process your personal data to comply with our legal obligations. For example, to:

  • notify you about changes to our terms or privacy policy;

  • address your complaint; and

  • comply with a request from a competent authority.

5. Marketing

Our marketing emails

We may send you emails about our services if you are our existing paying customer (on the basis of our legitimate interests) or, if you are our prospective paying customer, when you expressly agree to that (for example, by signing up to our newsletter).

Profiling

If you are our existing customer, we may use the information we have about you (such as what product you previously bought from us, where you live, how old you are, how you use our website and app) to make predictions on what other products may be of interest to you. We will use that information to make our marketing emails and offers relevant to you. This type of personal data use is called ‘profiling’. We will do that on the basis of our legitimate interests.

Cookies and similar technologies

We may also use cookies and similar tracking technologies (for example tracking pixels in our marketing emails and website/app advertisements) and analytics services (such as Google Analytics) to collect information about your use of our website, app, services and your interactions with our marketing emails and advertisements.

In addition, third party advertising platforms (for example, Facebook and Google) may also use their advertising pixels and other cookies on our website and in our emails with our permission. Their cookies are used to track visitors across websites in order to deliver adverts more relevant to them and their interests. The advertisers may use information about your visit to our website to target advertising to you on other websites.

We will ask for your consent to the use of non-essential cookies, including third party cookies. You can find further information about the cookies used on our website and the purposes they are used for in our Cookies Notice.

Data from other providers

If you click on our advertisement on social media (for example, Facebook) or a website or app or another provider (for example, a charity we partner with), that provider will share with us information about you (the fact that you came to our website/app from their service).

Right to withdraw consent or to object to processing

You can always ask us to stop using your personal information for marketing purposes by:

  • emailing us at [email protected];

  • changing your marketing preferences within your account on our website;

  • in case of marketing emails, by using the ‘unsubscribe’ link in such marketing emails; or

  • in case of cookies, by using the cookie preferences settings on our website.

From time to time, we may ask you to confirm or update your marketing preferences.

6. Who we share personal data with

We may share your information with third parties for the purposes set out in this notice.

Service provision

If you use our Support Hub service, we may use your information with other members of your Support Hub.

If you use any third-party services recommended on our website (for example, choose funeral directors or providers of life insurance recommended on our website) we may share information such as your name, email address and phone number with funeral directors and your name and email address with providers of life insurance.

If you use our will writing service and tell us that your partner also wishes to use our services, we will disclose this information to your partner in our introductory email to them.

If you use our will writing service and give a charitable legacy in your will, with your permission, we will share your name and email address with that charity.

We use Stripe, a payment gateway, to process payments through our website. If you pay for our services through our website, you will be providing your personal data (for example, details of your payment card and billing address) to Stripe. Please see their privacy policy.

Social media

We may share your name and email with Facebook or Google when you sign up or log into our website using your accounts on such social media platforms. We may also share your name and email with Facebook or Google when you use the social media buttons embedded in our website. Please also see the ‘Marketing’ section of this notice for further details of sharing information with social media platforms.

IT and technology

We also share data with providers of cloud-based tools and services, which we use to operate our business:

  • business e-mail providers;

  • providers of software systems;

  • e-commerce software providers;

  • customer Relationship Management software providers; and

  • advertising software providers.

We impose contractual obligations on the above providers to ensure that your personal data is protected.

International data transfers

Transfers of personal data outside the United Kingdom are subject to special rules under the Data Protection Legislation.

If you are based outside the United Kingdom, we may receive and transfer your personal data directly to you to the country where you are based.

We may also transfer your personal data to providers based in the European Economic Area (EEA). The UK Government has recognised the EEA as providing an appropriate level of protection to the data protection rights of individuals.

We may also transfer your personal data to technology providers based in the USA. To protect your information, we have entered into the standard contractual data protection provisions (Standard Contractual Clauses) with the third parties in those territories with whom we share your data. The Standard Contractual Clauses are one of the appropriate data transfer safeguards specified in the UK Data Protection Legislation.

Other sharing

We may also:

  • share your personal data with members of our staff, contractors, freelancers and consultants;

  • disclose your personal data to professional advisers (e.g. lawyers, accountants, auditors or insurers) who provide professional services to us;

  • disclose your personal data to certain third parties if specifically requested or agreed with you (e.g. if you ask us to introduce you to a third party);

  • disclose and exchange certain information with law enforcement agencies and regulatory bodies to comply with our legal obligations; and

  • share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. The recipient of the information will be bound by confidentiality obligations.

7. How long we keep personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

For example:

  • if you have a contract with us, we will keep your data for up to seven years after the end of that contract; or

  • if you subscribe to our updates, we will hold your data for that purpose until you unsubscribe or otherwise tell us that you no longer wish to receive such communications.

We may also anonymise your personal data (so that it can no longer be associated with you) for analytics, research, or statistical purposes, in which case we may use this information indefinitely without further notice to you.

8. Your rights

You have a number of rights in relation to your personal data, which allow you to access and control your information in certain circumstances. You can exercise these rights free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request).

Your right Explanation
Access This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Rectification The right to require us to correct any inaccuracies in your personal data.
Erasure (to be forgotten) The right to require us to delete your personal data in certain situations.
Restriction of processing The right to require us to restrict processing of your personal data in certain circumstances (e.g. if you contest the accuracy of the data we hold).
Data portability The right to receive, in certain situations, the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party.
To object The right to object at any time to your personal data being processed for direct marketing (including profiling) or, in certain other situations, to our continued processing of your personal data (e.g. processing carried out for the purpose of our legitimate interests).
Not to be subject to automated individual decision-making The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you, or similarly significantly affects you.

If you would like to exercise any of those rights, please contact us at [email protected] Please let us know what right you want to exercise and the information to which your request relates.

9. Keeping personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

10. Complaints

We hope that we can resolve any query or concern you may raise about our use of your information. You may contact us by using the contact methods set out in the How to contact us section of this policy.

The Data Protection Legislation also gives you a right to lodge a complaint with a supervisory authority, in the country where you work, normally live or where any alleged infringement of data protection laws has occurred. The supervisory authority in the United Kingdom is the Information Commissioner, who may be contacted at https://ico.org.uk/make-a-complaint/, telephone on 0303 123 1113, or by post to: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office, so please contact us in the first instance.

11. How to contact us

If you have any questions about this privacy notice, (including any requests to exercise your legal rights) please contact by email at [email protected].

12. Changes to this privacy policy

This privacy policy was last updated on 1 November 2024.

We may change this privacy notice from time to time, when we do, we will publish the new version of the policy on our website. We may also inform you via email or post.