This policy explains how we collect and process your data on this website or when you purchase a legal service from us. Who is the data controller?
The data controller is Christopher Desira. The data controller can be contacted at Seraphus, 140 Tabernacle Street, London, EC2A 4SD. He can be contacted by telephone on 0208 811 1532 and by email at firstname.lastname@example.org.
All employees of Seraphus is trained in GDPR compliance. Seraphus works in partnership with the Free Movement website, which is GDPR compliant. Seraphus is contracted by the European Commission. Who regulates Seraphus’ data control?
), the UK supervisory authority for data protection issues.Who are our data processors?
We use a number of services to handle and process user data:
- Google (Calendar, Analytics and Drive), Calendar is used to support our online booking system on Free Movement. Analytics is used to assess how users interact with our website to improve it. Drive is used to store our business documentation.
- iZettle, a payment gateway. We see no payment or credit card information from iZettle. We use it to process payments for legal services.
- Paypal, a payment gateway. We see no payment or credit card information from Paypal. We use it to process payments for legal services.
- Xero, accounting software used for billing and also for collating financial information for accounting purposes. Seraphus’ accountant has access to the information stored in Xero in order to prepare accounts.
- Apple computers and systems, used to run and manage legal cases. All computers are encrypted and password protected to prevent data theft if the computers themselves are stolen. Our services are secure and data is sent to us securely via SSL encryption.
- Youcanbook.me, an online booking system used for our Video Link service on the Free Movement website. This service is GDPR compliant.
- Dropbox, storage software used to store your immigration and archive your immigration file.
- The eurights.uk platform, we collect the information submitted in the enquiry form on this website to manage and process bookings of our lawyers. This project is funded by the European Commission, who require us to provide monitoring information on this project. The information shared with the European Commission will be limited to the data collected on the enquiry form.
We ensure that all third-parties are GDPR compliant before working with them but we do not control these third-parties and are not responsible for their privacy policies. We encourage you to read their privacy notices. How do we collect personal data?
We collect or use data in the following ways:
- When we enter a contract with you
- When we need to comply with a legal or regulatory obligation
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We do not collect personal data for direct marketing communications. Therefore we do not generally rely on consent as a legal basis for collecting or processing your data. What data do we collect about you?
We collect collect personal data or information for the purposes performing our contract with you. This data will include your identity, contact information, immigration information and financial information. If you need details about what personal data we have collected from you or the lawful basis for the collection of this data please contact the data controller. Disclosure of your data
We may have to share your personal data to third parties. In most cases these would occur for the purposes of performing our contract with you. For example, when we need to contact the Home Office to request a copy of your immigration records. We may also be required to share your personal data for the purposes of complying with a legal or regulatory obligation. For example, if the Solicitors’ Regulation Authority requests the audit of your records. We seek prior permission from you before disclosing your data to third-parties. Cookies and Internet Privacy
Cookies are pieces of data created when you visit a site, and contain a unique, anonymous number. They are stored in the cookie directory of your hard drive, and do not expire at the end of your session. Cookies used by Seraphus contain no personal information about the user, nor does our website elicit or store any information from users other than the Internet Protocol address of the computer used to access the site. Cookies on this site may safely be turned off by users without affecting how pages are displayed. Cookies can be deleted from the user's computer.
If you would like to find out more about cookies and their use click here
. For further information about privacy issues, visit The Information Commissioner's Office here
No personal information is gathered unless you contact us directly through our website. Where disclosure of information to a third party is likely we will, where possible, endeavour to ensure that this is clearly indicated.
If you would like to contact us about cookies please email us at email@example.com.Data Security
We have put in place appropriate security measures to ensure your data is not accidentally lost, used or accessed, altered or disclosed in an unauthorised way. All access to data is limited to employees or to the data processors above. We have procedures to deal with any suspected personal data breach and will notify you and any the ICO of a breach if required. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We will securely store the work relating to the performance of your contract with us for 7 years, after which we will consider destroying this data.
If you are a paying customer we cannot delete all of your personal data for a period of seven years because we are obliged by law to retain payment information for that period for tax and VAT purposes. Copies of your data
You can email the data controller for a copy of your data at firstname.lastname@example.org. Your data will be sent to you within one month of your emailed request.
You will not have to pay a fee to access your personal data unless it is unfounded, repetitive or excessive. When doing so we may need specific information from you to confirm your identity and ensure your right to access your personal data. This is a security measure to ensure your data is not disclosed to another person who has no right to receive it.
Your data may be redacted to protect the personal data of other people referred to in your records. Deletion of your data
You can email us at email@example.com to request status deletion. We will delete as much of your data as we are permitted to based on our data retention requirements above.