This privacy notice is provided by BESTrustees Limited (‘BESTrustees‘, ‘we‘ or ‘us‘). We are a ‘controller’ for the purposes of the UK General Data Protection regulation incorporated by the UK’s Data Protection Act 2018 (collectively referred to as the data protection laws).

This privacy notice applies when you visit or interact with our website at and when we interact with you as our client. We take your privacy very seriously. We ask that you read this privacy notice carefully as it contains important information about our processing and your rights.

If you are a member of a scheme to which we have been appointed as trustee, then your scheme-specific privacy notice will apply to our processing of your data, and not this privacy notice.

How to contact us

If you have any questions about this privacy notice, how we handle your personal data or would like to exercise any of your rights, please contact:

BESTrustees Limited
1 Cornhill

020 7332 4100

Which personal data do we collect and what do we use it for?

Personal data broadly means information that identifies (or which could, with other information that could be held, identify) a living individual. This includes any information provided to us by an individual or another party.  BESTrustees will collect, store and use the following categories of personal data about you:

  • Direct interactions: for client contacts, advisers to clients and third-party contacts, the personal data held and processed is limited to the name, contact details, email addresses, job title, organisation name, billing information, business address and marketing communications preferences.
  • Information automatically collected when you use our website: as you interact with our website, we may automatically collect information about your device, browsing actions and patterns, IP address, time zone and some of the cookies that are installed on your device. We collect this personal data by using cookies, server logs, web beacons, tags, pixels and other similar technologies. Please see our Cookie Policy for further details.

Why do we process your personal data?

BESTrustees will only use the information held in connection with the legitimate purposes of BESTrustees and in the furtherance of its objectives.

Why do we do it? Lawful basis for processing
To manage and fulfil our contract with our clients Legitimate interests
So we can enhance, modify, personalise or otherwise improve our website, services or communications for the benefit of our clients Legitimate interests
To enhance the security of our systems Legitimate interests
To better understand how people interact with our website and systems Consent
To contact you where you have agreed to take part in a survey or research Legitimate interests
Other purposes that you might consent to from time to time Consent

Why is it lawful to process your personal data?

We are allowed to process your personal data on the following legal bases for the purposes explained in this privacy notice:

  • Legitimate interests – We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e., we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table in the previous section ‘Why do we process your personal data’ explains the personal data processed on this basis.

You can object to processing that we carry out on the grounds of legitimate interests. See the section headed ‘Your rights’ to find out how.

  • Consent – Sometimes we want to use your personal data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.

Retention and deletion of your personal data

We only retain your personal data for as long as we need it by law. The following categories of personal data will be kept for the following periods and will be securely deleted/destroyed after the expiry of the retention period:

Data we process  How long this will be held for
Client name, contact information and related information For a period of up to 12 years after termination of the contract for BESTrustees’ services
Device information (cookies/analytics data) See our Cookie Policy

Your rights

You have the following legal rights under the data protection laws in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see ‘How to contact us’). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the data protection laws.

Your Data Protection Rights

  • Right of access to a copy of personal data we hold about you.
  • Right to contact us and have the information we hold about you corrected if it is inaccurate or incomplete.
  • Right to request the deletion or removal of information we hold about you.
  • Right to restrict processing to suppress further use of information we hold about you.
  • Right to object to certain types of processing including processing based on our legitimate interests and processing for direct marketing.
  • Right to withdraw consent at any time for anything we do with the personal data we hold about you.

You may be entitled to compensation for damage caused by contravention of the data protection laws.

Processing and sharing of your personal data

BESTrustees will not process data obtained for one purpose for any unconnected purpose unless the individual concerned has either agreed or would otherwise reasonably expect this.  Personal data will, therefore, only be disclosed to third parties if there is either a legal requirement to do so or it is necessary to comply with contractual requirements to our stakeholders.

All the personal data held by BESTrustees for the management of its own business is processed in the UK. However, for the purposes of IT hosting and maintenance this information may be located on servers within the EEA.

Like any business, we use service providers to deliver standard corporate services to us, such as website hosting and customer relationship management systems. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure. For more information about which service providers we use, please contact us.

International transfers

BESTrustees may also make use of third-party providers with servers located outside the EEA. Any transfer or processing of your personal data outside of the UK and the EEA will be carried out in accordance with the data protection laws to safeguard your privacy and to provide you with remedies in the unlikely event of a security breach.

Data security

The security of your personal data is important to us. We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.


Any complaints about how an individual’s personal data has been handled may be made by contacting the Head of Operations (or equivalent) as set out in the ‘How to contact us’ section above. Individuals also have the right to complain about data protection matters to the Information Commissioner’s Office (ICO). The ICO is the UK’s independent body set up to uphold information rights.  More details about the ICO can be found on its website. The ICO can be contacted by calling 0303 123 1113.

Changes to this privacy notice

This privacy notice is current as of December 2023.

This privacy notice is kept under regular review and may change at any time.

BESTrustees may periodically update this policy. We will notify you about significant changes in the way we treat personal data by sending a notice to you by email or by placing a prominent notice on our site.