

Privacy Policy
This privacy notice sets out how Oakmount and Partners Limited of Abacus House, 14-18 Forest Road,
Loughton, Essex, United Kingdom, IG10 1DX (O&P), also referred to in this privacy notice as “we”, “our” or “us”, collect and use your personal information. We are committed to being transparent and protecting your data; therefore, this notice includes how we store and protect your data, who we share your data with and how long we hold your data. This notice also outlines your rights and the actions you should take if you are
concerned with the way O&P is handling your personal data. Should we ask you to provide certain
information by which you can be identified when using this website, you can be assured that it will only be
used in accordance with this privacy notice.
O&P is the data controller and is responsible for the processing of client data. Our Data Protection Officer
who is responsible for O&P and its employees to comply with the GDPR and is the first point of contact for
individuals whose data is processed can be contacted at, admin@oakmountpartners.com
References in this notice to “your information” are personal data that you provide or that is provided to us.
How we collect your personal data:
• From you directly,
• From a third party (for example, a solicitor, beneficiary) or others who are a part of providing your
services.
What type of personal data may be collected by O&P?
• Full name (may include marital status)
• Photographic Identification
• Personal business email address
• Telephone Number
• Nationality
• Date of birth
• Passport number
• Proof of address
• Bank account details such as sort code and account number
• Tax or National Insurance Number
• Name/s of the executor
• Name/s of the beneficiary
• Employment contract (if we are acting as Facility Agent)
How we use your personal data and our lawful basis for processing this
• Personal business email address: We need this information to contact you in regard to a transaction/
agreement. The lawful basis for processing this personal data is the pursuit of our legitimate interests.
• Photo ID (Including but not limited to, Passport, National ID and Driving License): We use
photographic identification to verify the identity of a potential client. This is in line with our ‘Know
Your Customer’ (KYC) procedures and a requirement by law to fulfil our Anti-Money Laundering &
Counter Terrorist Financing obligations.
• Proof of address: We use proof of address to verify the identity of a potential client. This is in line with
our KYC procedures and a requirement by law to fulfil our Anti-Money Laundering & Counter
Terrorist Financing obligations.
• Name, email address and telephone number provided via our website: We will also use your
personal information to contact you using the details you provided to offer our services and for
operational and business purposes. Our lawful basis for processing this information is the pursuit of
our legitimate interests.
• Bank Account Details: We need bank account details to make interest payments or to distribute trust
or escrow funds (if applicable). The basis of this processing is due to having a contract with the
individual and is the pursuit of our legitimate interest.
• Confirmation of an individual’s Tax number or National Insurance number: We need a client’s tax or
national insurance number to verify the identity of a potential client. This is in line with our KYC
procedures and a requirement by law.
• Original sealed Grant of Probate (this may include names of the executor and/or beneficiary): We
need this data for the maintenance of the register, for example, to update. We also need the Grant of
Probate to make payments if the beneficiary is deceased. It is in the pursuit of our legitimate interest
to process this data.
• Employment Contract: We may be given this data under the agreement relating to our role as a
Facility Agent to check the employment status of an individual. We have a legal obligation to receive
this data.
Who do we share your personal data with
If the personal data that you provide to our transaction managers is for KYC purposes, then your personal
data will be securely emailed to our compliance team to process.
Your name and personal email address will be shared with our third-party marketing platform, MailChimp in
order to send you marketing communications. The same data will also be shared with our third-party
Customer Relationship Management system (CRM).
Your information may be disclosed when we believe in good faith that the disclosure is:
• required by law;
• to protect the safety of our employees, the public or O&P property;
• required to comply with a judicial proceeding, court order or legal process; or
• for the prevention or detection of crime (including fraud).
Storage, Security and Transfers
O&P take the security and protection of your personal data very seriously. We have technical and
organisational security measures to ensure that your personal data is secure against both external and
internal threats and access to personal data is restricted to those who need to process it. In order to prevent
unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial
procedures to safeguard and secure the information we collect online. O&P have also established backup
and recovery procedures in the unlikely event that your personal data is lost or accidentally destroyed.
Once your personal data has been processed, it will be securely stored in a private portal on Microsoft Office
365 which has restricted access.
Your name and personal business email address will be stored on our third-party CRM system which has
access restricted to only those who have a business need to see this information.
Our CRM is SOC 2 compliant and maintains reasonable security measures to protect your information from
loss, destruction, misuse, unauthorised access or disclosure. Our CRM complies with the EU-U.S. Privacy
Shield Framework and the Swiss–U.S. Privacy Shield Framework as set forth by the U.S.
MailChimp’s servers are located in the United States so information may be transferred to, stored, or
processed in the United States. However, MailChimp participates in and has certified its compliance with the
EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
O&P may transfer your personal data outside the European Economic Area (EEA) and your data may be
transferred to the UK from outside the EEA. If this happens, we will make sure that suitable safeguards are in
place and that your personal data is protected at the same level that it is in the UK.
Email Marketing
We rely on the following legal basis to send email marketing:
• Where it is in our pursuit of legitimate interest to do so
• With your consent
By ‘legitimate interests’ we mean that we have a business reason to use this data, and it does not conflict
unfairly with your interests.
If you have provided us with your business card, we will add you to our marketing list. We would like to keep
you updated with information about O&P in regard to products or services that you may be interested in,
updates briefings and invitations to our events. You can unsubscribe at any time.
If you have given consent to receive our marketing emails via our website, we may use your personal
corporate email address to email you with the information above.
You can unsubscribe at any time by clicking on the ‘unsubscribe’ link at the bottom of any email from us or by
clicking here
How long does O&P keep your data?
The above personal data will stay on file for as long as we have reasonable business needs and will retain
the personal data in line with legal and regulatory requirements or guidance. Our Anti-Money Laundering
(AML) Policy confirms that to ensure compliance with our Customer Due Diligence policy, records of
identification are to be retained for 5 years after the account is terminated or a transaction matures. During
these 5 years, your personal data will be archived securely in Microsoft Office 365 Sharepoint.
After this date, we will securely delete your personal data and will take steps to ensure that the personal data
is erased and cannot be recovered.
Many records may legitimately need to be stored for more than five years after receipt. If O&P still has a
relationship with an individual directly, or indirectly through a corporate structure, then we need to maintain
the data and refresh it where necessary.
How we use cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor
behaviour information. This information is used to track visitor use of the website and to compile statistical
reports on website activity.
For further information visit www.aboutcookies.org or www.allaboutcookies.org
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from
your browsers. However, in a few cases, some of our website features may not function as a result.
Links to other websites
Our website may contain links to other websites of interest. This privacy notice only applies to this website so
when you link to other websites you should read their own privacy policies.
Controlling your personal information
You can choose to restrict the use of your personal information. After completing our form on the website,
you can tick or leave blank the box that asks if you are happy to receive future marketing communications
from O&P.
We will not sell, distribute or lease your personal information to third parties unless we have your permission
or are required by law to do so.
Access to your information and correction
Under the new regulations, you have the right to access a copy of your own personal data that we hold. This
is called a Subject Access Request (SAR) and any requests must be made in writing to the Data Protection
Officer. Information will be provided within one month of receipt. If the request is manifestly unfounded or
excessive O&P can extend this period by a further two months. If this is the case, you will be informed, and
we will provide you with an explanation as to why the extension is necessary.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email
us as soon as possible. We will promptly correct any information found to be incorrect.
Your rights
The new regulations provide individuals with more rights in regard to their personal data. There are certain
circumstances that your rights apply to and if you wish to exercise any of the below we can let you know
whether these apply or not.
Your rights include:
1. 2. 3. 4. 5. 6. 7. The right to be informed about the processing of your data and how it is collected and used
The right to rectify your data if it is found to be incorrect or incomplete
The right to have your personal data deleted (the ‘right to be forgotten’)
The right to restrict the processing of your personal data
The right to data portability (to move, copy or transfer your personal information)
The right to object to the processing of your personal data
Rights in relation to automated decision-making and profiling which has a legal effect or will
significantly affect you
If the processing of your personal data has been based on consent you have the right to withdraw this at any
point. In order to do this, please contact the Data Protection Officer.
If you are concerned with the way O&P is handling your personal data, then please contact our Data
Protection Officer in the first instance. However, should you feel that adequate action is not being taken, you
have the right to inform a supervisory authority, such as the Information Commissioner’s Office (ICO) 0303
123 1113, https://ico.org.uk/
O&P may revise the Privacy Notice from time to time. You should regularly check this Privacy Notice for
updates.