Waris Limited ([COMPANY NUMBER]) is a company registered in England and Wales. Our registered office is at [REGISTERED ADDRESS].
We are the data controller for personal information collected through waris.co.uk and in connection with our will drafting service.
We are registered with the Information Commissioner's Office (ICO) under registration number [ICO REGISTRATION NUMBER].
Contact us at any time: hello@waris.co.uk
We collect the following categories of personal information when you use our service:
We do not collect National Insurance numbers, passport or driving licence numbers, or other government identifiers. We do not collect precise asset valuations — only approximate range information sufficient to draft your will.
Under UK GDPR Article 6, we process your personal data on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Providing the will drafting service | Contract performance — Article 6(1)(b) |
| Reviewing your questionnaire responses and producing your will | Contract performance — Article 6(1)(b) |
| Processing payment | Contract performance — Article 6(1)(b) |
| Communicating with you about your order | Contract performance — Article 6(1)(b) |
| Fraud prevention and security | Legitimate interests — Article 6(1)(f) |
| Financial record-keeping | Legal obligation — Article 6(1)(c) |
| Sending you the free Islamic wills guide (if requested) | Consent — Article 6(1)(a) |
| Annual review subscription management | Contract performance — Article 6(1)(b) |
For religious data (special category under Article 9), we rely on explicit consent — see Section 4.
Your madhab (school of Islamic jurisprudence) and your confirmation of Muslim faith are special category personal data under Article 9 of UK GDPR because they reveal religious belief. This category of data carries stricter obligations.
We process this data on the basis of your explicit consent, given when you tick the confirmation checkbox in our questionnaire. Providing this information is voluntary, but without it we cannot produce a Shariah-compliant will.
This data is used solely to:
It is not used for any other purpose, is not shared with third parties except as strictly necessary to deliver the service, and is not used for profiling or automated decision-making.
Withdrawing consent: You may withdraw your consent to the processing of your religious data at any time by contacting hello@waris.co.uk. Withdrawal will prevent us from completing or maintaining your Shariah-compliant will and will trigger deletion of your religious data. It will not affect the lawfulness of any processing carried out before withdrawal.
We use your information to:
We do not use your personal data for marketing beyond the guide you explicitly request. We do not use automated decision-making or profiling in connection with your will.
We share your information only as follows:
Our reviewing team: legal professionals who review your questionnaire responses and produce your will. They access your data solely for this purpose and are bound by confidentiality obligations.
Data processors: we use the following third-party platforms, each acting on our written instructions under a data processing agreement:
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Stripe, Inc. | Payment processing | USA | UK–US Data Bridge |
| Zapier Inc. | Workflow automation | USA | UK–US Data Bridge |
| Airtable, Inc. | Order management and data storage | USA | Standard Contractual Clauses (SCCs) |
| Docupilot | Will document generation | USA | Standard Contractual Clauses (SCCs) |
| Twilio SendGrid | Transactional email delivery | USA | UK–US Data Bridge |
| [HOSTING PROVIDER] | Website hosting | [USA / EU] | [UK–US Data Bridge / EU adequacy decision] |
Each processor is contractually prohibited from using your data for any purpose other than providing services to us.
We do not sell your personal data. We do not share your data with third parties for their own marketing purposes. We will disclose data to law enforcement or regulators only where required by law.
Some of our data processors are based in the United States. Transfers to the USA are made on the basis of the UK–US Data Bridge (in force from 17 October 2023) where the recipient is certified, or on the basis of the ICO's International Data Transfer Agreement (IDTA) incorporating Standard Contractual Clauses where certification is not in place.
We do not transfer personal data to any country that does not benefit from an adequacy decision or an appropriate safeguard under UK GDPR Article 46.
| Data | Retention period | Reason |
|---|---|---|
| Completed will and questionnaire data | 7 years from date of delivery | Limitation period for professional services claims; will-related disputes may arise after death |
| Payment and transaction records | 7 years from transaction date | HMRC financial record-keeping obligation |
| Communications (email, clarification correspondence) | 7 years from date of delivery | Consistent with will data retention |
| Email marketing list (guide subscribers) | Until you unsubscribe or withdraw consent | Consent-based; no legitimate basis to retain after withdrawal |
| Enquiry data (no purchase made) | 12 months from enquiry date | Legitimate interests in responding to follow-up enquiries |
After the applicable retention period expires, personal data is securely and permanently deleted from all systems, including those of our data processors.
Why 7 years for will data? Challenges to a will — including claims of undue influence, lack of testamentary capacity, or professional negligence — can be brought after death, which may be many years after the will was drafted. We retain the data to enable us to respond to any such claim and to establish what instructions were given.
Under UK GDPR you have the following rights:
To exercise any right, please email hello@waris.co.uk with your full name and the nature of your request. We will respond within one calendar month. We may ask you to verify your identity before processing your request.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the opportunity to address your concern directly before you contact the ICO.
This website does not use third-party tracking, advertising, or analytics cookies. We do not use Google Analytics or any similar tracking tool.
We set one session cookie (deleted when you close your browser) that is strictly necessary for the will questionnaire to function. This cookie does not contain personal data and does not persist between sessions.
As we use no non-essential cookies, no cookie consent banner is required by law. If we introduce any non-essential cookies in future, we will update this policy and implement appropriate consent mechanisms.
We may update this policy to reflect changes in our practices, technology, legal requirements, or other factors. We will update the "last updated" date at the top of this page whenever a change is made.
Where a change is material (for example, a new category of data, a new data processor, or a change to our legal basis for processing), we will notify existing customers by email at least 14 days before the change takes effect.
Continued use of our service after the effective date constitutes acceptance of the updated policy.
Data controller: Waris Limited ([COMPANY NUMBER])
Email: hello@waris.co.uk
Registered address: [REGISTERED ADDRESS]
If you have a concern about how we handle your personal data, please contact us in the first instance. If you remain unsatisfied, you may contact the ICO at ico.org.uk.