Global Privacy Policy
INTRODUCTION
Estatesearch Limited (We, Us, Our) known as Estatesearch take data privacy very seriously. Please read this privacy policy carefully with any terms and conditions supplied to you. This policy contains important information on who we are, how and why we collect, store, use and share personal data.
We predominantly use the UK/EU GDPR (General Data Protection Regulation) as a benchmark for data protection compliance while also accounting for local law nuances where it applies to our business to ensure full adherence to jurisdiction-specific requirements. The policy also explains rights in relation to personal data and how to contact us or supervisory authorities in the event you have a complaint.
OUR ENTITIES
UK: Estatesearch Limited is a limited company registered in England & Wales company number 09417760, whose registered address is Delmon House, 36-38 Church Road, Burgess Hill, RH15 9AE.
Our use of personal data is regulated by the Data Protection Act 2018 which includes the UK GDPR (GDPR). We are registered with the Information Commissioner’s Office (ICO) registration number ZB733954.
Canada: Estatesearch Services Canada Limited is a limited company registered in Ontario Canada company number 1001135762, whose registered address is 181 Bay Street, Suite 1800, Toronto, ON, M5J 2T9.
SERVICES
Collectively Estatesearch and its affiliate companies provide data, technology and insurance services direct to consumers and to professionals in the legal and financial services industries. Our Services include the purchase and provision of reports further details of which can be found on our Sites and further information can be found in our websites which can be found at the end of this document*.
In the UK, Estatesearch Limited is also an Appointed Representative (AR) of Estatesure Limited which is authorised and regulated by the Financial Conduct Authority (986407). An AR is a firm who runs regulated activities and acts as an agent for a principal firm directly authorised by the FCA.
Subject: refers to the individual in respect of whom our Services are prepared. This person is the primary party about whom data is collected and presented based on the request made who may be a) a deceased individual for whose estate the Client is acting, or b) a living individual lacking mental capacity for whose estate the Client is acting, or c) a living individual with mental capacity who has given consent to the Client to procure the Service, or d) a living individual in relation to whom the Client has instructed us to complete an identity or insolvency search.
Clients: who may be a) the Personal Representative or next of kin of the Subject for probate and estate administration, or b) the Attorney or Deputy authorised by the Court of Protection under oversight of the Office of the Public Guardian for the Subject, or c) the Subject themselves, or d) an otherwise appointed representative with a legal obligation or legitimate interest.
Consumers: who are Clients acting in a personal capacity.
Professional Representatives: who are Clients acting in a professional capacity either as the Client themselves or as the agent of a Consumer in the procurement of the Services.
Suppliers: who provide us with data, technology or services necessary for the provision of our Services.
Website Visitors: where you are a visitor on one of our Sites.
TYPES OF PERSONAL DATA
Personal data or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed. This is known as anonymised data. Anonymised data falls outside the scope of data protection laws.
WHAT IF INFORMATION DO WE COLLECT?
We will need to collect information relating to an identified or identifiable living individual (Personal Data) and other information including in relation to a deceased individual (Non-Personal Data) to provide our services.
INFORMATION ABOUT THE SUBJECT
We will collect information enabling us to provide our Service including their full name, previous or alias names, address history, date of birth, national insurance number or its equivalent, passport details, date of death, date of appointment of attorney or deputy, employer and previous employers.
We collect information relating to financial records including assets, benefits, pension, bankruptcies, independent voluntary arrangements, and county court judgements.
We also collect information relating to the Clients legitimate interest in the Subject including the death certificate, coroner’s certificates, wills, Grants of Representation, letters of engagement, Court of Protection Orders, Lasting Powers of Attorney and genealogy (family history including spouse/partner, dependants, parents, siblings, other family members, other third parties with financial connections).
INFORMATION ABOUT CLIENTS
We may collect, use, store and transfer different kinds of personal data about Clients which we have grouped together:
– Identity Data includes first name, last name, username or similar identifier and title.
– Contact Data includes postal address, email address and telephone numbers.
– Company Data includes company name and billing address.
– Financial Data includes details about payments to and from you and other transaction details for the provision of services, bank account and payment card details for collecting payment or making refunds.
– Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
– Profile Data includes your username, password, employer, role, qualifications, Service transactions, comments, correspondence, preferences, feedback and survey responses.
– Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website or platform.
– Usage Data includes information about how you use our website and services.
We may also collect information to enable us and third parties for example banks or building societies, pension administrators and other organisations to check and verify the Subject’s and Client’s identity including date of birth, address, passport details, national insurance number, driving licence number, and copies of identity documents or address verification documents.
HOW DO WE COLLECT DATA?
Directly: We collect information directly from you through any forms completed on any our Sites and details of any interaction with our Sites, along with any telephone, email or other such correspondence to request services in our fulfilment of the Services.
Indirectly: We may also collect information from accessible sources such as Companies House, Office of the Public Guardian, or HM Land Registry, as well as commercial sources and other third parties including:
– Banks or building societies, pension administrators other similar organisations.
– Credit Reference Agencies** (CRAs).
– Consultants and other professionals we may engage in relation to the provision of services to you.
– Identity, sanctions and document validation screening providers.
HOW WE USE YOUR PERSONAL DATA
Lawful Bases: How we use your personal data
We will only use your personal data when the law allows us to. We will use your personal data in the following circumstances:
–Performance of a contract: Where we need to perform the contract, we are about to enter into or have entered into with you. For example, when you sign up to our services.
– Legal obligation: Where we need to comply with a legal obligation. For example, for accounting or legal purposes.
– Legitimate interests: Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests.
– Consent: With your permission as a legal basis for processing your personal data. Where we do rely on consent you have the right to withdraw consent at any time. Please contact us to withdraw consent. Please also see Marketing communications.
– Vital interests: Where is it necessary to protect your vital interests in case of emergencies.
– Public obligation: Where we need to comply with a public obligation, for example in the matters of public health or public interests.
FURTHER INFORMATION: Minors and Vulnerable Persons
Estatesearch will not knowingly obtain consent from individuals who are minors under eighteen (18) years of age, individuals who are deemed incapacitated or individuals who are unable to provide consent due to serious illness or mental incapacity.
In such cases, consent will be obtained from a parent, legal guardian or an individual authorised to act on behalf of the person, such as through a court order or power of attorney, in accordance with law. If you are an individual under the age of eighteen (18) you may access or use the Sites only with the permission and active involvement of your parent or legal guardian.
Service Offering Table
The table below explains what personal data we process as part of the services we offer. You can also go into the Processing Tables per specific categories of personal data that can apply to you depending on your relationship with us.
|
What we use personal data for |
Our reasons |
|---|---|
|
To provide our Service to you in relation to a Subject |
Legitimate interest for the performance of our Service or to take steps at your request before entering into a contract |
|
Conducting checks to verify Client’s identity including screening for financial and other sanctions or embargoes, other processing necessary to comply with professional, legal and regulatory obligations that apply to our business. |
To comply with our legal and regulatory obligations |
|
Providing contact details of the Subject and of the Client who is legally authorised to act on behalf of the Subject including: Certified ID of the Subject and Client (to verify identity and address); and Copy of Death Certificate or Court of Protection Order (to verify the Subject’s capacity) |
To enable third-parties to comply with their legal and regulatory obligations. To prevent and detect criminal activity that could be damaging for third-parties, us, you and or the Subject |
|
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies |
To comply with our legal and regulatory obligations |
|
Ensuring business policies are adhered to, e.g., policies covering security and internet use |
For our legitimate interests or those of a third party, i.e., to make sure we are following our own internal procedures, so we can deliver the best service to you |
|
Operational reasons, such as improving efficiency, training and quality control |
For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price |
|
Ensuring the confidentiality of commercially sensitive information |
To comply with our legal and regulatory obligations for our legitimate interests or those of a third party, i.e., to protect our intellectual property and other commercially valuable information |
|
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, client/consumer base, work type or other efficiency measures |
For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price |
|
Preventing unauthorised access and modifications to systems |
To comply with our legal and regulatory obligations for our legitimate interests or those of a third party, i.e., to prevent and detect criminal activity that could be damaging for us and for you |
|
Updating and enhancing client /consumer records |
To comply with our legal and regulatory obligations for the performance of our Service or to take steps at your request before entering into a contract, or for our legitimate interests or those of a third party, e.g., making sure that we can keep in touch with our clients about existing and new services |
|
Statutory returns |
To comply with our legal and regulatory obligations |
|
Ensuring safe working practices, staff administration and assessments |
To comply with our legal and regulatory obligations for our legitimate interests or those of a third party, i.e., to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you |
|
Marketing our services and those of selected third parties to existing and former clients/consumers. |
For our legitimate interests or those of a third party, i.e., to promote our business to existing and former clients |
|
External audits and quality checks, e.g. Credit Reference Agencies, Insurers, Office of Public Guardian, Financial audits of our company accounts |
For our legitimate interests or those of a third party, i.e. to comply with our legal and regulatory obligations |
Client’s: Processing Information
This is where we directly transact with you to provide you with our services/products where you are a either a Professional Representative or Consumer for example but not limited to Estatesearch Direct Services.
|
Processing activities |
Categories of personal data |
Lawful basis |
|---|---|---|
|
To sign you up to our products/services. To facilitate account creation and login process |
Identity Data, Contact Data, Company Data |
Performance of a contract Consent (with your consent where the jurisdiction requires it) |
|
To respond to any enquiries |
Identity Data, Contact Data, Profile Data |
Performance of a contract with you Necessary for our legitimate interests |
|
To process and deliver our products/services to you including managing payments, fees and charges and collecting and recovering money owed to us |
Identity Data, Contact Data, Company Data, Financial Data, Profile Data |
Performance of a contract with you Necessary for our legitimate interests (e.g., to recover debts due to us) |
|
Register you for our newsletters and marketing communications |
Identity Data, Contact Data, Marketing and Communications Data |
Consent (Opt‑in) or Soft Opt‑in (depending on your country) |
|
To post testimonials on our website that may contain personal information |
Identity Data, Company Data, Profile Data |
Consent — we obtain your approval before posting your name and testimonial To update or delete a testimonial, contact us with your details |
|
To administer and protect our business and our platform/login portal and dashboard, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data |
Identity Data, Contact Data, Company Data, Profile Data, Technical Data |
Necessary for our legitimate interests (running our business, IT services, network security, fraud prevention, group restructuring) Necessary to comply with a legal obligation |
Supplier: Processing Information
This is where you are a supplier of products and services to us for example hosting services and suppliers required to run our services.
|
Processing activities |
Categories of personal data |
Lawful basis |
|---|---|---|
|
For you to provide services and products to us |
Identity Data, Contact Data, Company Data |
Performance of a contract Consent (with your consent where the jurisdiction requires it) |
|
Manage payments, fees and charges we owe you |
Identity Data, Contact Data, Company Data, Financial Data, Profile Data |
Performance of a contract with you |
|
To engage with you as a customer for product/service support |
Identity Data, Contact Data |
Performance of a contract Necessary for our legitimate interests so that we are able to get in touch with queries, issues and concerns |
Website Visitor: Processing Information
This is where you are a website visitor on our website regardless as to whether you will be taking up our products or services.
|
Processing activities |
Categories of personal data |
Lawful basis |
|---|---|---|
|
When you contact us via our website, forms and other links on our website including AI-chat features. |
Identity Data, Contact Data, Profile Data. |
Necessary for our legitimate interests where we need to be able to respond to you. |
|
To manage our relationship with you which will include notifying you about changes to our terms or privacy notice. |
Identity Data, Contact Data (where you have provided that data to us), Profile Data. |
Necessary for our legitimate interests i.e., to keep our records updated and to study how visitors use our products/services. |
|
To administer and protect our business and our website including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data. |
Identity Data, Contact Data, Profile Data, Technical Data. |
Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise. Necessary to comply with a legal obligation. |
|
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. |
Identity Data, Contact Data, Company Data, Marketing and Communications Data, Profile Data, Technical Data, Usage Data. |
Necessary for our legitimate interests i.e., to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy. |
|
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences. |
Technical Data, Usage Data. |
Necessary for our legitimate interests to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy. Note: Where applicable consent will be used for data analytics obtained through cookies or similar technologies. See our cookies notice. |
|
Use of non-essential cookies (where the jurisdiction applies, and consent is required). |
Technical Data. |
Consent |
Cookies and similar technologies
We may gather information and statistics collectively about visitors to our website. Analysis of this information demonstrates the most frequently used sections of the website and assists us in continually improving the online service. Please refer to our cookies policy for more information on how we set cookies.
Providing personal data
Where we need to collect personal data by law or under the terms of a contract and you do not provide that information when requested we may not be able to perform the contract we have or are trying to enter into with you, for example to provide you with our Services. In this case we may have to cancel our Service, but we will notify you if this is the case at the time.
PROMOTIONAL COMMUNICATIONS
We will always treat personal data with the utmost respect and never sell it to other organisations outside Estatesearch Limited and its affiliate companies for marketing purposes. We may use personal data to send you updates by email, text message, telephone or post about legal developments that might be of interest to you and/or information about our services including exclusive offers, promotions or new services.
You have the right to opt out of receiving promotional communications at any time by contacting us, see below: ‘How to contact us’ or using the ‘unsubscribe’ link in any emails or ‘STOP’ number in texts. We may ask you to confirm or update your marketing preferences, if there are changes in the law, regulation or the structure of our business.
WHERE DATA IS HELD
Information may be held at our offices and those of our affiliate companies, third party agencies, service providers, representatives and agents as described above (see ‘Who we share personal data with’).
Some of these third parties may be based in a country where international transfer rules apply. For more information, including on how we safeguard your personal data when this occurs see below: ‘Transferring personal data’.
KEEPING PERSONAL DATA SECURE
We maintain security policies and protocols to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to personal data to those who have a genuine business need to access it. Those processing personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
Our data is held securely by DigitalOcean LLC, Amazon Web Services and Google Cloud Platform exclusively on servers in the UK, who all meet a broad range of international and industry specific standards including SOC 2 Type II and SOC 3 Type II. All data is encrypted while at rest and in transit and all websites/API endpoints are secured by SSL.
All Estatesearch staff are Disclosure and Barring Service (DBS) checked. Our system architecture means all staff have limited access to databases containing personal data. User access is only granted to companies and individuals who are first vetted and approved by dual authentication.
We also have procedures in place to deal with any suspected data security breach. We will notify the data owner and any applicable regulator of a suspected data security breach where we are
TRANSFERRING PERSONAL DATA
To deliver our Services to you it may be necessary to transfer and process your personal data outside of a particular jurisdiction, such cross-border transfers may be subject to certain requirements. We will risk assess cross-border transfers and implement mitigation measures to ensure any transfer complies with data protection law and that personal data remains secure.
1. We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information; or
2. We will use specific contracts approved for such transfers. For example, where the UK or EU applies we will use Article 46 UK and EU GDPR safeguard mechanisms to transfer personal data endorsed by the UK Government or European Commission.
For other countries we will use local law guidance to ensure personal data is transferred securely where there is a requirement in law to do so.
If you would like further information please contact our Data Protection Officer (see ‘How to contact us’ below).
WHO WE SHARE PERSONAL DATA WITH
– Internally: Your personal data will be used by our employees and contractors who are working on providing your services to you on a need-to-know basis.
– Within our Group: Your personal data can be shared within our Group of companies so that we can carry out our services to you.
– Suppliers: This would include service providers who support our business including IT and communication suppliers and outsourced business support to ensure our service runs smoothly.
– Professional Advisers: This would include lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
– Payment Service Intermediaries: These providers help facilitate payment to us.
– Law enforcement bodies, regulators and other authorities: This is to comply with our legal requirements or adhere to good practices.
– Advertising networks and analytics service providers: This is to support and display ads on our website/app and other social media tools.
– Third parties: This is in the context of the acquisition or transfer of any part of our business or in connection with the business reorganisation. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
– Credit Reference Agencies**: Credit Reference Agency (CRA) collects and provides financial data on individuals or businesses to lenders for creditworthiness assessment and risk management.
– Banks or building societies, pension administrators and other similar organisations.
– Office of Public Guardian: The Office of the Public Guardian safeguards vulnerable individuals by overseeing deputies, guardians and powers of attorney in legal matters.
– Event of a sale: We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
We only allow our service providers to handle your personal data if we are satisfied that they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
HOW LONG PERSONAL DATA WILL BE KEPT
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Different retention periods apply for different types of data. For example, some insurance policies we might provide can be claimed against in perpetuity. We will retain records of these for longer than twelve years based on the likelihood of any claim, complaint or dispute arising. When it is no longer necessary to retain personal data, we will delete or anonymise it where required to ensure systems and services remain operational.
YOUR DATA SUBJECT RIGHTS
We will provide everyone the ability to exercise any rights afforded to them under data protection laws. Generally, we will endeavour to afford all individuals the rights outlined by in the UK Data Protection Act 2018, UK GDPR and EU GDPR with an initial timeline to respond of 1 month. If there is a shorter time period under local laws to process your rights we shall revert to local laws e.g. if less than a month.
Not all rights are absolute and depending on where you are located, not all rights are given to you. If you wish to understand your data rights please get in touch with us stating your location.
|
Access |
The right to be provided with a copy of your personal data |
|
Rectification |
The right to require us to correct any mistakes in your personal data |
|
To be forgotten (Erasure) |
The right to require us to delete your personal data — in certain situations |
|
Restriction of processing |
The right to require us to restrict processing of your personal data — in certain circumstances, e.g. if you contest the accuracy of the data |
|
Data portability |
The right to receive the personal data you provided to us in a structured, commonly used and machine‑readable format and/or transmit that data to a third party — in certain situations |
|
To object |
The right to object: • at any time to your personal data being processed for direct marketing (including profiling) • in certain other situations to our continued processing of your personal data, e.g., processing carried out for the purpose of our legitimate interests |
|
Not to be subject to automated individual decision‑making |
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. |
Carrying out your data subject rights
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information or to exercise any of your other rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Occasionally it may take us longer to respond to your request where it is particularly complex or you have made a number of requests. If we require an extension as permitted by law to carry out your rights we will let you know.
If you wish to exercise any of the rights set out above, please contact us.
KEEPING PERSONAL INFORMATION ACCURATE AND CURRENT
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. Please contact us if you wish to update your personal data.
HOW TO COMPLAIN
We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your information. You have the right to lodge a complaint with the data protection authority in your location if you believe your data protection rights have been violated.
CHANGES TO THIS PRIVACY POLICY
This privacy policy may be changed from time to time in response to legal, technical or business developments. We will take appropriate measures to inform you when we update our privacy policy. We will obtain your consent to any material privacy notice changes if and where this is required by applicable data protection laws.
HOW TO CONTACT US
Please contact us by email or telephone if you have any questions about this privacy policy or personal data we hold about you or a Subject you are legally authorised to represent.
Our contact details are shown below:
United Kingdom
A: Estatesearch Limited, Delmon House, 36-38 Church Road, Burgess Hill, RH15 9AE
T: +44 (0)330 900 1700
E: dpo@estatesearch.co.uk
Canada
A: Estatesearch Services Canada Limited, 181 Bay Street, Suite 1800, Toronto, ON, M5J 2T9
T: +1 416-640-7129
E: [email protected]
*Our Sites
www.estatesearch.co.uk
www.app.estatesearch.co.uk
www.direct.estatesearch.co.uk
www.pro.estatesearch.co.uk
www.uat.estatesearch.co.uk
www.estatesearch.ca
www.app.estatesearch.ca
www.direct.estatesearch.ca
www.pro.estatesearch.ca
www.uat.estatesearch.ca
www.estatesearch.com
www.app.estatesearch.com
www.direct.estatesearch.com
www.pro.estatesearch.com
www.uat.estatesearch.com
**Information about Credit Reference Agencies in the UK
There are three main Credit Reference Agencies in the UK that deal with personal data. Each is regulated by the FCA and authorised to conduct business as a credit reference agency.
Credit Reference Agency Information Notice (CRAIN) describes how the three main CRAs each use and share personal data (also called ‘bureau data’) that is part of or derived from or used in credit activity https://www.experian.co.uk/crain/index.html
Experian Limited
Post: Experian, PO BOX 9000, Nottingham, NG80 7WF
Web Address: https://www.experian.co.uk/consumer/contact-us/index.html
Phone: 0344 481 0800 or 0800 013 8888
Equifax Limited
Post: Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS.
Web Address: https://www.equifax.co.uk/Contact-us/Contact_Us_Personal_Solutions.html
Phone: 0333 321 4043 or 0800 014 2955
TransUnion International UK Ltd (formerly Callcredit Information Group)
Post: Callcredit, One Park Lane, Leeds, West Yorkshire LS3 1EP.
Web Address: https://www.transunion.co.uk/consumer/consumer-enquiries
Phone: 0330 024 7574
VERSION CONTROL
This privacy policy was published on 19/02/26. Previous iterations can be found below.
https://www.estatesearch.co.uk/privacy-policy-previous/