Privacy Policy

Our Privacy Policy

All UK Written Wills
No Win No Fee*

Blume Group Ltd Privacy Policy

This Privacy Policy explains how Blume Group Ltd (trading as The Inheritance Experts) collects and processes personal data in relation to claimants and prospective claimants.

Blume Group Ltd is the Controller of personal data. Blume Group Ltd is registered in England and Wales under the company registration number: 07424784. Any reference to ‘the Controller’ within this Privacy Policy shall mean Blume Group Ltd.

As a Controller of personal data, Blume Group Ltd is also registered with the Information Commissioner’s Office (ICO), registration details: ZA733653.

This Privacy Policy was last updated on 06/02/2024.

Our contact details

Name: Blume Group Ltd

Address: 33 Ballbrook Avenue, Didsbury, Manchester, M20 3JG.

Phone Number: 0161 452 03 11

Email: compliance@blumegroup.co.uk

Personal data we collect from you

The Controller may collect personal data directly from claimants and prospective claimants for various purposes for processing.

Examples of the categories of personal data that the Controller may obtain directly from claimants/prospective claimants may include but are not necessarily limited to: identity information, family/relative information, contact information, location information, claims information, special category information (health data), and financial information.

The Controller may obtain personal data directly from claimants and prospective claimants prior to and throughout the provision of claims management services, through the following means:

  • Direct interactions
    • Email correspondence
    • Telephone calls
    • Verbal interactions

Personal data we collect from other sources

From time to time, the Controller may obtain personal data about employees from external sources. This includes:

Lawful bases for processing personal data

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases that the Controller relies upon to process personal data are described as follows:

  1. Consent
  2. Legal obligation
  3. Legitimate interest

The Controller may rely on further conditions for processing that are set out within Article 9 UK GDPR such as Explicit Consent or Legal Claims and Schedule 1 Part 1 of the Data Protection Act 2018.

Purposes and lawful bases for processing personal data

As the Controller of claimants’ and prospective claimants’ personal data, there are a variety of purposes for which the Controller processes personal data. The Controller has set out the purposes for processing personal data about any claimants and prospective claimants and the lawful bases for doing so.

Disclosure of your personal data

Throughout the provision of claims management services, the Controller may disclose claimants’ and prospective claimants’ personal data to other Controllers and Processors for the purposes described within this Privacy Policy.

Additional information regarding the disclosure of your personal data

  1. Claimants’ and prospective claimants’ personal data may be shared between any subsidiary, holding company, or any other member of the Controller’s group.
  2. If the Controller is under a duty to disclose or share personal data to comply with any legal obligation, or to enforce or apply the Controller’s terms of use and other agreements; or to protect the rights, property, or safety of the Controller, the Controller’s clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
  3. If the Controller sells or buys any business or assets, in which case the Controller may disclose personal data to the prospective seller or buyer of any such business or assets.
  4. Personal data may be disclosed where it is necessary to protect the Controller’s rights, property, or personal safety, or to respond to requests by public, regulatory, or law enforcement authorities, including to meet national security or law enforcement requirements.

Data retention

To determine the appropriate retention period for personal data, the Controller considers the amount, nature and sensitivity of the personal data, the potential risk, of harm from unauthorised use or disclosure of personal data, and the purposes for which the Controller processes personal data and whether the Controller can achieve those purposes through other means, including applicable legal requirements.

Details of retention periods for different aspects of personal data are available upon request.

International transfers of personal data

The Controller may transfer your personal data outside the UK/EEA to third countries when using Processors who may also use Sub-processors. In these circumstances, any transfers shall be made where there is an adequacy decision. Where no adequacy decision applies, the Controller’s Processors have Binding Corporate Rules (BCRs) and Standard Contractual Clauses (SCCs) to ensure that international transfers are lawful and subject to appropriate safeguards.

Your data protection rights

Under data protection law, any individuals acting for and on behalf of potential or existing clients have rights including:

Your right of access – You have the right to ask the Controller for copies of your personal information.

Your right to rectification – You have the right to ask the Controller to rectify personal information you think is inaccurate. You also have the right to ask the Controller to complete information you think is incomplete.

Your right to erasure – You have the right to ask the Controller to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask the Controller to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that the Controller transfers the personal information you gave the Controller to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, the Controller has one month to respond to you.

Your right to withdraw consent – If you have provided the Controller with consent for the processing of your personal data as may be the case for direct marketing, you have the right to withdraw that consent.

If you wish to make a request and/or would like to withdraw consent to the processing of any personal data, please contact the Controller by using the following contact information:

Address: 33 Ballbrook Avenue, Didsbury, Manchester, M20 3JG.

Phone Number: 0161 452 03 11

Email: compliance@blumegroup.co.uk

How to complain

If you have any concerns about the Controller’s use of your personal information, you can make a complaint to the Controller by using the contact information provided within this Privacy Policy.

You can also complain to the ICO if you are unhappy with how the Controller has used your personal data. The Controller would, however, appreciate the opportunity to resolve any complaints directly with you.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Changes to this Privacy Policy

The Controller is entitled to change this Privacy Policy at any time whether or not required by law. The Controller will inform claimants/prospective claimants about changes to this Privacy Policy where the Controller makes a substantial change. This Privacy Policy was last updated on 06/02/2024.

0161 413 8763

7 days a week from 8am - 9pm