GDPR – Thy Will Be Done (Spain) Ltd’s implementation prior to May 25th 2018

Below is a list of the information we must supply to our clients as we obtain their personal data directly from them.


The identity and contact details of the controller ✓
Data Controller: Paul Blackmoore 46 Goring Road Worthing BN12 4AD


Purpose of the processing and the lawful basis for the processing ✓
We process and use the data our clients provide us to produce the documents that they have engaged us to provide.

After this point if the client has elected to have us store their documents we will hold these for them.

We will share information with our clients and prospects on a variety of topics that could be relevant to them and these could be shared by twitter or facebook or email or telephone or post.

We also provide a 5 year review for each of our clients’ documents and will use all stored information given for this purpose.

We will update all clients on changes in law and legislation that could affect them and will use stored data to provide this information either by letter, e-mail or telephone call.

We will introduce all clients to new products and services that could benefit them and will use stored data to provide this information either by letter, e-mail or telephone call.

Please note that we are legally obliged to keep a record of a Will we have drafted for up to 6 years after the death of the Testator.


The legitimate interests of the controller or third party, where applicable ✓
Our legitimate interest in holding data and contacting you is for the provision of services that you have requested and the ongoing supply of information to you to ensure your cover is up to date and relevant.


Categories of personal data ✓
The data that we hold will be your name, date of birth, address and any information that you have supplied us for the creation of your documents or for the ascertainment of any inheritance tax liability.


Any recipient or categories of recipients of the personal data ✓
We will not and do not share your data with anyone without your consent. Consent may be requested from you to share your information with our Solicitors at Countrywide Tax and Trust Corporation, The Land registry, HMRC (if requested to do so, The Office of the Public Guardian, Fidducia IFAs or another named IFA.


Details of transfers to third country and safeguards ✓
We never transfer you details to a third country.

Retention period or criteria used to determine the retention period ✓
We keep all data securely for up to 6 years after a Client’s death


The source the personal data originates from and whether it came from publicly accessible sources ✓
The only data that we hold on you will be that which have freely and readily given to us.

Whether the provision of personal data is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data ✓
We need your data to produce your documents and we are obliged to keep this data for up to 6 years after your death.

The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences ✓
We do not use your data for any profiling purpose, no decisions are made based on the data you have provided us.


When should information be provided? ✓
From May 2018 we are providing clients with this information on the day they first give us any personal information face to face

If the data is used to communicate with the individual, at the latest, when can they the first communication to take place? ✓
We will use the data that you provide us to communicate with you immediately 

Individuals also have the right to:
1. Object to the processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
2. Object to direct marketing (including profiling); and
3. Object to processing for purposes of scientific/historical research and statistics.
4. Access their personal data and supplementary information. The right of access allows individuals to be aware of
and verify the lawfulness of the processing.
5. Withdraw consent at any time, where relevant and the right to erasure which is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
6. Have personal data rectified. Personal data can be rectified if it is inaccurate or incomplete.
7. Data portability which allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to an other in a safe and secure way, without hindrance to usability. It enables consumers to take advantage of applications and services which can use this data to find them a better deal, or help them understand their spending habits.
8. Lodge a complaint with a supervisory authority.