DATA PROTECTION

Let us assist you in safeguarding your personal information with our comprehensive data protection solutions. We prioritize your privacy, ensuring that your data remains secure and fully compliant with all relevant regulations.

INTRODUCTION

[This Policy (“Policy”) sets out the Data Protection Principles which [WHARF NOTARIES with registered business number 14151425] (“Business”) commits to comply with when processing personal data in the course of its business of providing notarial services.]

  • The Appendix contains a Glossary of defined terms.

COMPLIANCE WITH THIS POLICY

  • The Business ensures personal data protection in accordance with this Policy by all Notaries, Personnel, and Suppliers.
  • Breaches of data protection laws by any Notary, Personnel, or Supplier can lead to penalties, including monetary fines and reputational damage.

THE DATA PROTECTION PRINCIPLES

The Business commits to the following principles:

PrincipleDescription
1. Fairness and TransparencyThe Business must process personal data fairly and inform individuals about the processing purpose and legal basis through a privacy notice provided in engagement letters, service agreements, or on the website. Notices should also indicate data recipients, retention period, rights to access and rectify data, and the presence of Automated Decisions.
2. Lawful ProcessingPersonal data, including special categories, must be processed lawfully. Common bases include contract performance, legitimate interests, legal obligations, consent, and protection of vital interests.
3. Purpose LimitationPersonal data should be collected for specific, explicit, and legitimate purposes related to client services, Personnel management, or compliance with legal obligations. Any further use must align with the original purpose or be legally permitted.
4. Data MinimisationOnly data that is adequate, relevant, and necessary for processing purposes should be collected. The Business may return data to the client if it is deemed excessive.
5. Data AccuracyThe Business takes reasonable steps to ensure the accuracy, completeness, and timeliness of personal data. Contracts with clients may include clauses to ensure accuracy in provided data.
6. Individual RightsIndividuals have rights regarding their personal data, including access, erasure, rectification, and objection. The Business will respond to Individual Rights Requests appropriately.
7. Storage LimitationData should only be retained as long as necessary for the original purpose, except for records subject to legal obligations, such as the Notaries Practice Rules. Personnel records, for example, are retained for a maximum of 12 months post-employment unless longer retention is legally required.
8. Data SecurityPhysical, organisational, and technical security measures (e.g., locked offices, access restrictions, antivirus software) are implemented to protect data, including data processed by third parties.
9. AccountabilityGovernance processes are implemented to ensure compliance with Data Protection Principles, including documentation of policies, assurance through training, and compliance checks.

GOVERNANCE PROCESSES

ProcessDescription
Documented PoliciesThe Business will comply with this Policy and adopt other data protection policies as necessary to ensure compliance with data protection laws.
AssurancePersonnel and Suppliers will receive access to this Policy and are obligated to follow it. Data protection obligations are included in Supplier service agreements, where applicable.
AdviceWhen necessary, the Business will seek advice to ensure compliance with data protection laws.
Third PartiesThe Business follows the Policy: Appointing Suppliers when selecting third parties who may process personal data on behalf of the Business.
Data Protection Impact AssessmentsDPIAs are conducted for processing likely to result in high risks to individuals’ rights. These assessments identify potential risks and establish safeguards. DPIAs are documented and stored.
Record-KeepingA record of processing activities, including processing purposes, data categories, retention periods, and security measures, is maintained in a notary register or similar document. This record is updated as needed.
Privacy by DesignNew processing activities or tools that process personal data are designed to comply with Data Protection Principles.
Complaint HandlingA process is implemented to handle enquiries and complaints from individuals and supervisory authorities. Complaints are addressed promptly and in accordance with statutory deadlines.

APPENDIX: GLOSSARY

TermDefinition
Anonymous DataData that cannot be linked to an identifiable individual, or data that has been permanently anonymised.
Automated DecisionA decision with legal or significant effects, based solely on automated processing, including profiling.
ControllerA party that determines the purpose and means of data processing.
Data SubjectThe individual whose personal data is being processed.
Individual Rights RequestA request by a data subject concerning their personal data, such as requests for access, erasure, or rectification.
Personal DataInformation relating to an identified or identifiable natural person (e.g., name, address, job title, email, and more).
PersonnelAll employees and affiliates of the Business, including agency workers, contractors, and consultants.
ProcessingOperations performed on personal data, such as collection, storage, use, or disclosure.
ProcessorA party that processes personal data on behalf of a Controller.
Pseudonymised DataPersonal data that can only be attributed to a specific individual with additional information kept separately to protect the individual’s identity.
Special Categories of Personal DataData revealing racial or ethnic origin, political opinions, religious beliefs, or trade union membership, as well as biometric, genetic, health, or sexual orientation data.
SupplierAny third party providing services to the Business.