Privacy and confidentiality policy

This Privacy Policy (“Policy”) describes how and why Open Trustees collects, stores and uses Personal Information and provides information about individual’s rights.

This Policy applies to both Personal Data supplied to Open Trustees either by an individual or by others and to Confidential Information supplied by clients or prospective clients. We may use Personal Data and Confidential Information supplied to us for any of the purposes as set out in this Policy, or as otherwise disclosed at the point of collection.

In this Policy, we use the terms:

“Confidential Information” refers to information supplied  by a client or prospective client, which is identified as being confidential at the time of disclosure or would be regarded as confidential by a reasonable person or is protected by a regulatory obligation of confidentiality;

“Engagement Letter” refers to a written document which sets out the terms and conditions of the engagement of Open Trustees and which describes the services to be provided to you by Open Trustees. Such engagement terms should be relied upon in determining liability for the services provided. Unless explicit written agreement is given by each OC Member Firm involved, no OC Member Firm is responsible for the acts or omissions of, nor has any authority to obligate or otherwise bind, any other OC Member Firm;

“Network Firm” includes Osborne Clarke Services (company number: 3049484), Osborne Clarke Trustees Limited (SRA reference: 199769), Open Trustees Limited (SRA reference: 80586), Oval Nominees Limited (company number: 1865795), Ovalsec Limited (company number: 1379423) and Osborne Clarke International Services Ltd (company number: 8096377) – the registered office of each of the above companies is 5th Floor, Halo, Counterslip, Bristol, BS1 6AJ;

“OC Member Firm” to refer to any entity, including Osborne Clarke Verein, which is a member of international Osborne Clarke network (“Network Firm”) or which is a member firm of Osborne Clarke Verein, a Swiss Verein (“Osborne Clarke Verein Member Firm”);

“Osborne Clarke Verein Member Firm” includes (but is not limited to) those listed here. Each of the Osborne Clarke Verein Member Firm is a separately constituted and regulated legal entity or partnership which provides legal and other client services in accordance with the laws of the jurisdictions in which it operates. For the avoidance of doubt Osborne Clarke Verein is a Swiss verein which does not itself provide legal or other client services;

“Personal Data” means any information (in any format, including in electronic or hard copy) relating to a data subject who is directly or indirectly identifiable from that information.

“we”, “us”, and “our” (and other similar terms) to refer to – as the relevant context dictates –  Open Trustees (SRA reference: 80586) as owner of this website and who will be the data controller as prescribed in the entity’s local law (the “Data Controller”).

“You” and “your” (and other similar terms) to refer to – as the relevant context dictates – our clients, individuals associated with our clients, contacts, suppliers, staff and visitors to the Open Trustees website,

Your rights in relation to Personal Data and how to exercise them

Under certain circumstances you have the following rights:

  • the right to ask us to provide you, or a third party, with copies of the Personal Data we hold about you at any time and to be informed of the contents and origin, verify its accuracy, or else request that such data be supplemented, updated or rectified according to the provisions of local law;
  • the right to request erasure, anonymisation or blocking of you Personal Data that is processed in breach of the law;
  • the right to object on legitimate grounds, to processing of your Personal Data. In certain circumstances we may not be able to stop using your Personal Data. If that is the case, we’ll let you know and explain why; and
  • withdrawal of consent – when Personal Data are processed on the basis of consent an individual may withdraw consent at any time (this may apply to processing of special categories of Personal Data where you have instructed us to act on your behalf and includes the following: racial/ethnic origin, political opinions, religious or philosophical beliefs and trade union membership). In the event that you no longer want to receive any marketing material from us, please use the unsubscribe option (which is in all of our marketing emails to you), or contact the relevant Data Controller as set out below.

To exercise such rights and if you have any questions about how we collect, store and use Personal Data, then please contact us using the details provided below:

Write to us:

  • The Privacy Officer, Osborne Clarke LLP, 5th Floor, Halo, Counterslip, Bristol, BS1 6AJ

E-mail us at:

What basis do we have for processing your Personal Information?

We will only process Personal Data where we have a lawful reason for doing so. The lawful basis for processing Personal Data by us will be one of the following:

  • the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
  • the processing is necessary in order for us to comply with our legal or regulatory obligations (such as compliance with anti-money laundering legislation and for conflict checking purposes);
  • the processing is necessary for the pursuit of our legitimate business interests (including that of the delivery and the promotion of our services);
  • processing is necessary for the establishment, exercise or defence of legal claims; or
  • the data subject has given consent to the processing of his or her Personal Data for one or more specific purposes

What Personal Information do we collect?

We aim to be transparent about why and how we collect and process Personal Data.  For further information on our processing activities please review the relevant section below:

Business contacts

Open Trustees may process Personal Data about contacts using client relationship management tools (we currently use “InterAction” and “Introhive”). Personal Data that is collected, added to and processed by InterAction and / or Introhive includes: name, email address, job title, telephone number, area of business, job role, jurisdiction, language, seniority, other business contact information, and information relating to the strength of your business relationship with our people.

The Personal Data may also be collected via OC Member Firm staff, via your communications with us, or by virtue of us providing our services to you or at a networking event. In addition Personal Data may also be collected via the Open Trustees website, We may cross-reference our marketing records against publicly available information, including LinkedIn and professional profiles published on your organisation’s website, to ensure that the records we hold remain accurate and up to date.

We may make your contact details available to OC Member Firm staff, including information relating to the strength of our professional relationships between us and you or your organisation. This information will be established using automated means (this is a form of profiling).

We may perform analytics – such as trends, sales intelligence, marketing effectiveness (such as click and open rates) uptake and progress.

We may utilise artificial intelligence to research news feeds, sites, posts etc and performing analytics to assist us in contacting you with relevant information.

Personal Data is retained on InterAction and / or Introhive for as long as it is necessary for the purposes set out above (being the length of the business relationship). If a business contact requests to be forgotten their contact details will be deleted from InterAction and Introhive.

Clients and individuals associated with clients

We request that our clients only provide Personal Data which is necessary for us to carry out our services.

In the majority of circumstances we will collect Personal Data from our clients or from third parties acting on behalf of our clients.

  • Providing trustee services: we will use and disclose Personal Data in such a manner as we believe is reasonably necessary to provide our services, to comply with any applicable laws and regulations and to establish, exercise or defend our legal rights and to liaise with other professional advisers providers for the purposes of advising us on the management and performance of our functions. Personal Data will be shared with any other OC Member Firm(s), where they are supporting the relevant instruction(s).
  • Managing client relationships: providing clients with information on our services that we consider may be relevant to them; arranging and hosting events; and identifying where we may make improvements in service delivery.
  • Client engagement: as part of our client onboarding process we carry out certain background searches to verify whether or not there are any potential issues that may mean we cannot work with a particular person (for instance to identify criminal convictions, politically exposed persons, sanctions or other potential reputational issues).
  • Compliance with relevant regulations: this may include use of your Personal Data (e.g. evidence of your identity) in order to fulfil our obligations to check the identity of our clients in compliance with anti-money laundering law and regulations; it may also include sharing Personal Data with other OC Member Firm(s), for the purposes of completing conflict checks, or where another OC Member Firm is being instructed on a new matter and information held on a previous or current matter is required (or useful) for the purposes of complying with regulatory obligations. Personal Data provided for the purposes of compliance with our anti-money laundering obligations will only be used for the purposes of preventing money laundering and terrorist financing or as permitted by or under law unless you have consented to its use for any other purpose.
  • Our third-party business partners, including RELX (UK) Limited, trading as LexisNexis (“LexisNexis”), may provide us with your Personal Data in order to enable us to conduct background checks and screening activities, comply with our legal obligations and for other purposes as described in this Policy. LexisNexis is responsible for any Personal Data which they may collect and hold about you until it is received by us. To learn more about how LexisNexis collects and uses your Personal Data please see their privacy policy at: .

Our general retention period for documentation created for the purpose of providing trustee services is 99 years. In some instances there are legal and regulatory exceptions which may require documentation to be held for shorter periods. If you require further information please contact us using the details as set out in the “Data Controller contact information” section below.


Personal Data in relation to staff will be held on various internal systems and applications. A privacy notice which sets out the purposes for which Personal Data will be processed and contains information on data subject rights is provided to staff at the commencement of employment. If further information is required please contact the Human Resources team.

Visitors to the Open Trustees website

We may collect, store and use Personal Data and Confidential Information in respect of website visitors who contact us through ‘contact-us’ web form at

We do not routinely monitor IP addresses for visitors to our website.

We may collect, store and use certain, limited information relating to your use of our website, if you have accepted the relevant cookies, for the purposes of better understanding the types of visitors who browse our website and improving our website offering. Other than information you choose to submit voluntarily to receive communications from us, the information we collect about website visitors does not enable any visitor to be individually identified, is processed only in anonymised, aggregated form, and will only be used for website analytics purposes as described in the section entitled “Website cookies” below.

We may collect your Personal Data and Confidential Information through various means, including via our website, through e-mail correspondence, through direct contact (for example at marketing events and pension industry events).

Who else may have access to your Personal Data and Confidential Information?

On occasion we may need to share your Personal Data and Confidential Information with third parties. We will only share Personal Data where we are legally permitted to do so.

Where you supply us with Personal Data as a client, we will assume, unless you instruct us otherwise in writing, that we can disclose your Personal Data in such manner as we believe is reasonably necessary to provide our services (including as described in this Policy), or as is required under applicable law. This might be because, for example, we may pass your Personal Data to third parties such as:

OC Member firms: Subject to compliance with local law, we also share your Personal Data and Confidential Information with OC Member Firms:

  • To provide services to you and also:
  • Through the joint use of centralised IT, finance and business support functions;
  • To respond to your requests concerning access, rectification, objection and cancellation as regards the processing of your personal data.

Disclosures required by law or regulation: In certain circumstances, please note that we may be required to disclose Personal and Confidential Information under applicable law or regulation, including to law enforcement agencies or in connection with proposed or actual legal proceedings.

Professional advisers and other third parties to enable us to provide our trustee services.

International transfers of Personal Information (including to outsourced service providers)

From time to time, we may need to transfer your Personal Data to other OC Member Firms or external service providers and business partners, who may have offices that are located in territories outside of the European Economic Area (“EEA”), and / or UK, including in the USA, in order to provide you with the services required.

Where necessary, we have entered into standard European Commission (for transfers from the EEA) or UK (for transfers from the UK) approved form model data protection clauses (“Standard Contractual Clauses”) with other OC Member Firms who have offices that are located in territories outside of the EEA or UK, to provide you with the service required and with our external service providers and business partners in relation to services that they may provide that involve processing data from locations outside of the EEA for which we are Data Controller.

Please note that the legal regimes of some territories outside of the EEA and / or UK do not always offer the same standard of data protection as those inside the EEA and / or UK, although we will ensure that your Personal Data is only ever treated in accordance with this Policy. For example, we will only ever transfer your data to countries outside the EEA and / or UK using the Standard Contractual Clauses together with the supplementary measures necessary to protect your data, or to countries outside the EEA in relation to which an adequacy decision has been made by the European Commission, such as the UK or Canada.

How we look after your Personal Data and Confidential Information

We have in place appropriate technical and organisational security measures to protect your Personal Information against unauthorised or unlawful use, and against accidental loss, damage or destruction.

We put in place strict confidentiality agreements (including data protection obligations) with our third party service providers.

Website cookies

The Open Trustees website uses Google Analytics for website analytics purposes – meaning that we use them to see how many visitors come to our website, the pages that generate interest and the links that visitors most often click on (amongst other things). This means we also share information about your use of our site with our social media, advertising and analytics partners: for more information see here. Google Analytics uses cookies – small text files that are placed on your computer that store certain limited information about you. The cookies we use do not enable any website visitor to be individually identified and will only be used for website analytics purposes.

In addition, the coding language the Open Trustees website is written in uses session cookies. These are deleted each time you close your browser. These cookies do not store any information about the visitor once the browser is closed. For more information about cookies, we recommend that you visit

You were given the opportunity to consent to our using cookies as you entered our site (to get this far, you have already either consented or opted out of their use). If you have opted out, we only store one permanent ‘compliance’ cookie which tells us that you want to opt out of use of any other cookies.

If you opted out then we have switched off all of them except our functional cookies which are needed to make the site run correctly. However, if you wish to do so, you can change your browser settings to reject cookies. As the means by which you can do this varies from browser to browser, please visit your web browser’s “Help” menu for further details. Please note that, should you choose to refuse cookies, this might impair some of the functionality of the Open Trustees website.

The cookies that we use on the site are:

Analytics Cookies

“_ga” is a Google Analytics cookie – It’s used to collect information about how visitors use the site. The information is collected anonymously, and used to report on the number of visitors to the site, where they have come from, and the pages they have visited. You can find out more info on Universal Analytics here.

“is_returning” – This cookie is used to anonymously visually interpret user behaviour on the site by building “Heat Maps”. This provides a graphical representation of where visitors click page links. You can find out more info on this cookie here.

“nmstat” is a cookie – This cookie help record the visitor’s use of the website. This information is then used to improve the user experience on the website. This Siteimprove Analytics cookie contains a randomly generated ID used to recognise the browser when a visitor reads a page. The cookie contains no personal information and is used only for web analytics. You can find out more info on cookies here.

Functional Cookies

ASPXAUTH – This cookie is used to make sure that your web experience, whilst on our site, is seamless as you move from page to page.

ASP.NET_SessionId – This cookie is installed automatically when a user connects to an ASP.NET application, and expires when the browser window closes. This provides a mechanism for persisting information between page requests in ASP.NET. You can find out more info on this cookie here and here.

Preference Cookies

“site-font-size” – This cookie remembers the font size selection for the session.

“site-css” – This cookie remembers the colour scheme for the session.

Compliance Cookies

“cb” and “szcookiechoice” – These cookies allows us to know whether or not you have given consent to the use of cookies and therefore do not need to be presented with this message again. This is a permanent cookie.

Updates to this Policy

This Policy was last updated in May 2023. Please note that for legal, business or operational reasons we may from time to time update this Policy. We will highlight any material changes that we make to this Policy on the Open Trustees website.

Links to other websites

The Open Trustees website may link to other, unaffiliated third party websites. Please note that Open Trustees is not, and cannot, control or be responsible for the content or privacy and confidentiality practices of any third party websites. You must always carefully review the privacy and confidentiality policy of any third party website that you may visit in order to understand how the operators of that website may collect, store and use your personal and confidential information.

Data Controller contact information

Open Trustees Limited, 5th Floor, Halo, Counterslip, Bristol, BS1 6AJ


(Reviewed May 2023)