Security Policy


THE FOLLOWING DESCRIBES THE WHERESTHEWILL.COM (FROM NOW ON CALLED “WTW’) SECURITY POLICY. PLEASE READ THIS POLICY IN DETAIL BEFORE USING THIS WEBSITE. USE OF THIS WEBSITE INDICATES YOUR ACCEPTANCE OF THE FOLLOWING POLICY.

WTW processes, stores and transmits personal information.
We are dedicated to protecting the personal information we process, store and transmit from misuse and loss and from unauthorised access, modification or disclosure.
Our services are provided in accordance with the Applicable Ordinance under HK law)
WTW treats all personal information as confidential and sensitive information.
WTW data practices are aimed at ensuring that all personal information is only used for permissible purposes.
WTW has an organisational company culture that respects privacy.
WTW Security Policy is monitored and periodically reviewed. All staff are made aware of their responsibilities in protecting personal information from misuse, loss, corruption or disclosure.
WTW complies with the legal requirements of Hong Kong Law relating to Privacy and Data Protection and has introduced, or is in the process of introducing, all relevant security measures for the nature of its business.
WTW treats any breach of its Security Policy seriously and will report such breaches to the police.

Computer and Network Security
WTW uses information technology systems to process, store and transmit data.
WTW recognises the inherent risk that information technology systems increase the possibility of unauthorised disclosure of personal information.
WTW has introduced the following measures to protect the integrity of its information systems and networks:

  • Access controls for authorised users, such as user passwords;
  • Limiting access to shared network drives to authorised staff;
  • Virus protection, redundant power supply, data back up and integrity checks.

Communications Security
WTW uses telecommunications networks to transmit data.
WTW recognises the inherent risk that telecommunications systems increase the possibility of interception of transmissions and unauthorised intrusion into networks.
WTW has introduced the following measures to protect the integrity of its telecommunications networks:

  • Firewalls, routers, network intrusion detection systems, host intrusion detection systems and monitoring;
  • Access control for telephone users, such as user passwords;
  • Checking identity before giving out personal information over the telephone; and
  • Encrypting data so that in the event our computer system is intruded or communication intercepted there is less chance of decrypting the data.

WTW uses Secure Sockets Layer technology (SSL) to protect data communication between WTW and each user. Each user will know when the transmitted data is encrypted by the appearance of a security notice when entering a secure page or a secure icon on the user’s browser. If the data is intercepted the interceptor will only be able to see the data in an encrypted form and will only be able to decrypt the information with WTW SSL digital certificates.

WTW logs each user who attempts to access any personal information. Each user who attempts to search and retrieve any Will Document information is required to provide personal information.

WTW warns users that they will be in breach of the Terms of Use of this website if they use any information for unlawful purposes

Personnel Security
WTW limits the access to personal information to authorised staff only.
WTW recognizes the inherent risk that unauthorised personnel increase the possibility of misuse, loss, corruption or disclosure of personal information.
We have introduced the following measures to protect the integrity of our personnel:

  • Providing access to authorising personnel who ‘need-to-know’ in order to carry out their duties
  • Training staff and management in security awareness, practices and procedures.
  • Developing policies on who can access and use particular categories of information.
  • Specifying and reviewing access privileges for shared computer drives containing personal information.

Destruction and De-identification
Subject to any legal requirement to retain a user's personal information, WTW will take reasonable steps to destroy or permanently de-identify the personal information of a user that is in hard copy format after one year and before two years from the date of his or her death; normal use of this service has no requirement for any hard copies of information and so it is unlikely to apply.

  • Document destruction will occur by shredding, pulping or disintegration of paper files.
  • Electronic records may be disposed of by overwriting records before they are deleted or demagnetising the storage medium.
  • Deletion of back-up files.
  • De-identification will occur by removing from the record any information by which an individual may reasonably be identified.

Annual Reviews
WTW will conduct annual reviews of our Security Policy to see how it is implemented and, where necessary, make changes to improve the security of user’s personal information. Any amendments to our Security Policy will be made on this page.

Changes in Policy
This is the current Security Policy of WTW . It replaces any other Security Policy published on this website to date. WTW may at any time vary the Security Policy by publishing the varied Security Policy on this website.
WTW is under no obligation to notify Users of any variation to the Security Policy. By using this website each User accepts any variation.

Other Policies
This Security Policy is to be read in conjunction with other policies, disclaimers and notices on this website.