1.1 At Kabing Ltd (KL), we are committed to protecting your privacy and this Privacy Policy tells you how we collect, use and disclose your personal data. This Privacy Policy has been drafted to comply with the legal standards that currently exist in the United Kingdom and will be modified as KL determines is necessary to satisfy or exceed legal requirements. We reserve the right to modify this Privacy Policy at any time by notifying our customers, via the main KL website (www.YouCanDoProbate.co.uk), of a new or revised Privacy Policy.
1.2 If you would like further information on this Privacy Policy or about KL’s use of your personal data, we encourage you to contact info@ycdprobate.com. For details concerning your rights under the General Data Protection Regulation (GDPR), Data Protection Act 2018 (DPA18) and other applicable legislation, contact the Information Commissioner’s Office (ICO) (https://ico.org.uk).
1.3 Please note that this Privacy Policy covers data management where KL qualifies as the Data Controller under the GDPR and the DPA18
(https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definiti ons/), except where otherwise noted.
1.4 Where lawful bases of processing are noted (for example, contract, legal obligation or consent), KL in all ways manages individual rights in relation to these lawful bases in line with the ICO’s guidance on the GDPR and the DPA18
1.5 Where a lawful basis of consent is noted in this Privacy Policy, You have the right to withdraw that consent.
1.6 You have the right to lodge a complaint with the ICO as the supervisory authority if you have an issue in relation to our treatment of Your data.
1.7 KL may use certain third-party service providers to help us fulfil your requests and maintain our business practices. In these instances, these third-party service providers are under a contractual duty to restrict their use of personal data to the limited purpose(s) specified by KL, which at all times shall be consistent with this Privacy Policy.
2.1 ”Personal data” (as defined by the GDPR and the DPA18) means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
2.2 Personal data that can be used to identify you as an individual includes your:
Examples of non-personal data include:
2.3 No sensitive personal data (as defined by the GDPR and the DPA18) is collected by KL. However, sensitive personal data of subjects of an AML search may be processed by YouCanDoProbate’s systems when You use the AML service – in any such usage KL is purely the Data Processor and does not use or retain any data processed.
2.4 We collect your personal data through a number of sources, including:
2.4.1 visits to and use of the YouCanDoProbate website (e.g. browser type and version, operating system, referral source, length of visit, page views and website navigation paths, etc.) – see Section 3 for details
2.4.2 YouCanDoProbate website registration & purchasing – see Section 4 for details
2.4.3 telephone calls, emails and other communications with our Sales or Support teams – see Section 5 for details
2.4.4 YouCanDoProbate web application usage – see Section 6 for details.
2.5 personal data gathered directly from customers during purchase ordering, website registration or enquiries are centrally managed in a bespoke Customer Relationship Management System (CRMS). These actions in regard to personal data are performed on the lawful basis of contract as described in the GDPR and the DPA18 and may be used by KL in the interests of ongoing staff training, incident investigations and product or process development. This personal data is kept for the duration of any ongoing business or web application usage, and for six years thereafter. Typical uses include:
2.6 Unless otherwise specified in this Privacy Policy, your personal data will not be transferred to a third party for their independent use without your express consent. KL does not give trade references and does not ‘sell on’ or share your personal details beyond the limited circumstances described within this policy.
2.7 You should be aware that there are very limited instances under law in which we may be required to disclose the personal data of our customers. If such an instance arises, we shall only release that personal data as required by law. These actions in regard to personal data are performed on the lawful basis of legal obligation as described in the GDPR and the DPA18.
2.8 KL only acquire personal data in accordance with a lawful basis, as defined in the GDPR and the DPA18. Any data received via a third party will be rigorously assessed to ensure GDPR and DPA18 adherence and handled as per this Privacy Policy, though please be aware that third parties will have their own privacy and data collation terms.
This Section covers the personal data collection and usage that occurs when using the YouCanDoProbate website.
3.1 Our website uses cookies to improve your user experience. Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device, enabling online shopping carts, remembering choices you have made and so on. You can find more information about cookies at: www.allaboutcookies.org and www.youronlinechoices.eu. For a video about cookies visit https://www.google.com/policies/technologies/cookies/.
The cookies used on this website have been categorised in accordance with the ICO UK Cookie guide. Lists of all the cookies used on this website are set out here.
3.2 Category 1: Strictly Necessary Cookies
PHPSESSID – used as an index to record session data on our server (e.g. current order number); expires 20 (twenty) minutes following the end of the session or when the browser is closed, whichever is sooner
PHPKBSESSID – used as an index to record session data on our server when using the Knowledge Base area of the website; expires 20 (twenty) minutes following the end of the session or when the browser is closed, whichever is sooner
OldBrowserWarning – used to advise if the user’s browser is so old it will be functionally
impaired in viewing the website; expires 20 (twenty) minutes following the end of the session or when the browser is closed, whichever is sooner
Category 1 cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services like the shopping basket cannot be provided. Category 1 cookies are implemented on the lawful basis of legitimate interest as described in the GDPR and the DPA18, as we genuinely cannot run the website effectively without them. Nevertheless, you can contact info@ycdprobate.co.uk to object to this processing.
If you do not wish to accept these cookies and would like to purchase a KL product or service, you may complete most transactions by calling us on 0345 5190 882.
3.3 Category 2: Performance Cookies
utma, __utmb, __utmc, and __utmz – required by Google Analytics; expires 26 (twenty-six) months after last visit to website.
fs_uid – required by FullStory.
Category 2 cookies collect information about how you use the website, for instance which pages you go to most often and if you get error messages from web pages. These cookies don’t collect information that identifies you and all information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the website works. Category 2 cookies are implemented on the lawful basis of legitimate interest as described in the GDPR and the DPA18, as we wish to maintain the performance integrity of our website. You can directly control the collection of Performance Cookies via the Cookie Settings option in our the YouCanDoProbate website’s footer area.
A summary of Google’s scope of data and usage parameters for data collected can be found here: https://policies.google.com/privacy#infocollect.
3.4 Category 3: Functionality Cookies
email – holds customer’s email address (which is used as the login/account name); expires 2 (two) years after last visit to website.
OptanonAlertBoxClosed – remembers if you have closed the Cookie Preferences Alert Box.
OptanonConsent – records a user’s consent and preferences for cookie settings.
_dc_gtm_UA-40403013-1 – this cookie is associated with Google Tag Manager and remembers your decisions in regard to targeting and analytics (as described in Category 4).
Category 3 cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. Category 3 cookies are implemented on the lawful basis of legitimate interest as described in the GDPR and the DPA18, as we wish to maintain the functionality and easy usability of our website. You can directly control the collection of Functionality Cookies via the Cookie Settings option in the YouCanDoProbate website’s footer area.
3.5 Category 4: Targeting or Advertising Cookies
Google cookies – gac, gads, DSID, FLC, AID, TAID and exchange_uid; expires 2 (two) years after last visit to website.
LinkedIn cookies – bizo_bzid, _bizo_cksm, _bizo_np_stats; expires 6 (six) months after last visit to website.
Facebook cookies – Pixel; expires 180 (one hundred and eighty) days after last visit to website.
Twitter cookies – Universal Website Tag; expires 90 (ninety) days after last visit to website. AdRoll cookies – __utmb; expires 26 (twenty-six) months after last visit to website.
Category 4 cookies are implemented on the lawful basis of legitimate interest as described in the GDPR and the DPA18. You can directly control the collection of Targeting or Advertising Cookies via the Cookie Settings option in the YouCanDoProbate website’s footer area.
When you visit our website we use these cookies to collect information about your activities that may personally directly or indirectly identify you. This information may include the content you view, the date and time that you view this content, the products you purchase, or your location information associated with your IP address. We may use the information we collect to serve you more relevant advertisements (referred to as ‘Retargeting’) or to measure ‘Conversions’ on our site. This information can include where you saw the ads we serve you and what ads you clicked on.
3.5.1 We use Google’s third party audience data, such as interests and commonly visited websites, to better understanding the behaviour of our customers. For example, you may see our ads on other websites because we contract with Google and other similar companies to target our ads based on information we or they have collected, including information that was collected through automated means (such as cookies and web beacons). These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts.
3.5.2 We use social network cookies from LinkedIn, Twitter and Facebook. These cookies may store anonymous demographic data from the relevant social network. For example, LinkedIn data can include company size, industry, job function and seniority level but does not include any personally identifiable information.
3.5.3 We use AdRoll to place cookies on your browser for targeted advertising purposes. These cookies track device and browser information, as well as activity on the YouCanDoProbate website, to help target our ads based on information AdRoll have collected.
3.6 There are general options (unrelated to KL) available for opting out of various web services’ automated collection of information. Examples on how to do this can be found at http://www.youronlinechoices.com/uk/.
3.7 The YouCanDoProbate website’s essential operating system processes functional data in order to operate, which may include data determined to be personal data (for example, IP addresses). These functions are not based on cookies. Any personal data collected in this manner by the fundamental website logging are performed on the lawful basis of legitimate interest as described in the GDPR and the DPA18, as such logging is required for the website’s continued operation. It will also be automatically deleted within four weeks. Nevertheless, you can contact info@ycdprobate.co.uk to object to this processing.
3.8 Any personal data or other information that is collected by, or which you choose to provide any third party website will be subject to the privacy policy of the operators of the third party website. KL is not responsible for the use or protection of personal data you disclose to a third party website operator, even if reached from an YouCanDoProbate website.
3.9 Any site that is an KL co-branded website will clearly identify both KL and the third party, and any personal data or other information collected through these co-branded sites may be collected and used by both KL and the third party unless otherwise stated on that co-branded site.
This Section covers the personal data collection and usage that occurs when registering on the YouCanDoProbate website and purchasing YouCanDoProbate products and/or services.
4.1 Certain personal data, such as names, contact details and online identifiers, are required for us to supply products and services that you have requested, carry out an agreement with you or take any steps that you have requested. These actions in regard to personal data are performed on the lawful basis of contract as described in the GDPR and the DPA18.
4.2 We may also use your personal data for the following direct marketing purposes. These actions in regard to personal data are performed on the lawful basis of consent as described in the GDPR and the DPA18.
Examples include where you have given us appropriate permission to:
advise you about new KL products and services, as well as special discounts on KL products and services provide business, sector and market-relevant news updates
Additionally, the following contact methods have been separated out for the purposes of direct marketing onsent: via email (KL’s default contact method) via telephone via mail
4.3 The permissions described in Section 4.3 regarding use of your personal data can be managed in the Your YouCanDoProbate Account area of the YouCanDoProbate website. If you want to give or withdraw your consent to receiving marketing materials in any medium, simply notify KL (see Privacy Policy Questions, Updating Your Personal Data and Preference Notifications, below). If you advise KL that you do not want to receive any Marketing materials at all, KL shall not be able to provide you with information concerning special discounts and offers for which you may be eligible, advisories regarding new products or services that may be of interest to you or warnings regarding impending government deadlines.
4.4 By default, data is retained for as long as you are an KL customer and for a further seven years thereafter. However, your account will be marked as dormant following four years’ inactivity and you will not be contacted following this time for Additional Purposes.
4.5 KL uses Stripe and Paypal to handle card payments, who are audited by the Payment Card Industry Security Standards Council (PCI-SSC). Your full card details are only held with Stripe or Paypal.
This Section covers the personal data collection and usage that occurs when:
contacting or being contacted by KL to support YouCanDoProbate products and/or services contacting or being contacted by KL to sell or market YouCanDoProbate products and/or services.
5.1 During the course of investigating a technical issue or answering a query, pertinent notes will be kept on your CRMS file to record the process and resolution. These notes will be treated as per Section 1.5.
5.2 In order to provide you with support on any technical issues that you may encounter, we may carry out the following to help diagnose and remedy the issue:
Ask to initiate a debug log. This collects ‘debugging’ information from your computer and YouCanDoProbate, including login strings and configuration data. This is used to help locate, diagnose and troubleshoot operating problems.
Ask for you to send a health check. This gathers information about your computer itself, such as its name, OS version details, installed programs and the like. This is also used to help locate, diagnose and troubleshoot operating problems.
Ask for you to send an anonymised tax return directly from the YouCanDoProbate web application. You also have the option to send us the tax return without anonymising the data, should you wish. This is normally used to help deal with specific tax return issues.
Ask to access your system via a remote login service. This service will be provided by a third party under license with and operated by KL. The third party will also abide by their own Privacy Policy. KL may record these sessions for up to 12 (twelve) weeks. This kind of service is used to remotely navigate your computer in order to troubleshoot complex issues, as well as to securely transfer files between YouCanDoProbate and yourself.
In any of these situations, YouCanDoProbate remains the Data Processor maintaining the service or product on the instruction of the Data Controller.
5.3 In the event that you contact us by telephone, calls may be recorded and/or live monitored to:
5.4 Certain personal data, such as names and contact details, may inevitably be recorded as a matter of course during telephone calls. These actions in regard to personal data are performed on the lawful basis of legitimate interest as described in the GDPR and the DPA18.
This Section covers the personal data collection and usage that occurs when using the YouCanDoProbate products and/or services.
6.1 Personal data can be included within data gathered about your systems once you have purchased a product, along with data on your type of operating system and its version, the size of your database and your operating environment. These actions in regard to personal data are performed on the lawful basis of contract as described in the GDPR and the DPA18.
6.2 When licensing web application products via the internet, any information collected in this process will be transmitted over a secure connection to our servers. The anti-piracy routine generates a unique key that is transmitted to our server during the activation process and is used to identify the computer upon which you run your YouCanDoProbate web application. All data contained within the key is encrypted.
6.3 At no stage will KL hold for posterity any information that you enter into the YouCanDoProbate web application (such as the contents of a tax return, filing credentials, accounting information and so on),
6.4 To help us improve our products and services and develop new ones, we may also create aggregate data that may use your personal data but in a manner that does not identify you as an individual. Some of this information will be collected by a third party processor as detailed in Section 7.7. For example, we may collect:
6.5 You are responsible for keeping appropriate copies of your own data.
Assessment). The audit data requested consists of machine data from the workstation used to make the submission. Some of this data may be classified as Personally Identifiable Information as per the GDPR definitions. Examples of the data sent are listed below:
KL act as Data Controller for this information as per the GDPR and the DPA18 and it is performed under the lawful basis of legal obligation. The data is generated at the point of submission on your workstation and is then discarded; none of the information gathered in this manner is retained by KL.
This Section covers the personal data collection and usage that occurs in other circumstances.
7.1 Surveys: KL may ask you to participate in a survey or provide additional personal data that will enable us to better understand and serve your needs.
7.1.1 Any information request marked as optional gives you the freedom to decide whether to respond and you will also be given the option to either supply information anonymously (to be used as aggregate data only) or not (in which case it is supplied on the lawful basis of consent). Please keep in mind that all information you choose to provide may be used to personalise and improve our customer service operations. Whether aggregate or not, the data will only be kept for three years.
7.2 In the case of visitors identified by our website analytics as using business IP addresses, we may also use publicly available information on those businesses to contact them and offer further aid in reviewing and purchasing YouCanDoProbate products. This does not apply to personal customers or consumers, only businesses and practices registered with Companies House.
8.1 All personal data is collected and stored in a secure manner and is used strictly in relation to this policy, any other applicable KL policies (such as Terms & Conditions of Sale, EULA and/or CSA) and your stated privacy preferences.
9.1 We encourage you to provide feedback on, and to ask questions about, this Privacy Policy, as well as to review and update your personal data as maintained by KL.
9.2 Our ICO registration reference is ZB312227. The registered address is Kabing Ltd, Summit House 13 High Street London E11 2AA. Tel: 08006891447 Email: info@ycdprobate.co.uk
9.3 At any time you may change your preferences as to the use of your personal data or receipt of Marketing Materials. You may also as an individual request copies of the personal data held by KL, though some types of information may not be disclosed to individuals where exemptions under law apply (e.g. information relating to third parties in particular circumstances).
All such communications and inquiries should be sent to info@ycdprobate.co.uk or mailed to the
Compliance Team, Kabing Limited, Summit House 13 High Street London E11 2AA. Please be sure to include sufficient information for us to verify your identity, locate your file (if applicable) and respond to your inquiry. You should also include your mailing address if you would like us to send you any written materials.
9.4 KL reserves the right to take reasonable steps to verify any requests for personal data it receives.