Who is the data controller?
The data controller is Christopher Desira. The data controller can be contacted at Seraphus, Work.Life, 13 Hawley Crescent, London, NW1 8NP. He can be contacted by telephone on 0208 811 1532 and by email at data@seraphus.co.uk. All employees of Seraphus are trained in GDPR compliance. Seraphus works in partnership with the Free Movement website, which is GDPR compliant. Seraphus is contracted by the European Commission.
Who regulates Seraphus’ data control?
The data controller is Christopher Desira. The data controller can be contacted at Seraphus, Work.Life, 13 Hawley Crescent, London, NW1 8NP. He can be contacted by telephone on 0208 811 1532 and by email at data@seraphus.co.uk. All employees of Seraphus are trained in GDPR compliance. Seraphus works in partnership with the Free Movement website, which is GDPR compliant. Seraphus is contracted by the European Commission.
If you have any questions in relation to this privacy policy or the use of your personal data please contact the data controller in the first instance. If your query or concern cannot be resolved by the data controller you have the right to contact the Information Commissioner’s Office, the UK supervisory authority for data protection issues.
Who are our data processors?
We use a number of services to handle and process user data:
- Google (Calendar, Analytics and Drive), Calendar is used to support our online booking system on Free Movement. Analytics is used to assess how users interact with our website to improve it. Drive is used to store our business documentation.
- iZettle, a payment gateway. We see no payment or credit card information from iZettle. We use it to process payments for legal services.
- Paypal, a payment gateway. We see no payment or credit card information from Paypal. We use it to process payments for legal services.
- Stripe, a payment gateway. We see no payment or credit card information from Paypal. We use it to process payments for legal services.
- Xero, accounting software used for billing and also for collating financial information for accounting purposes. Seraphus’ accountant has access to the information stored in Xero in order to prepare accounts.
- Apple computers and systems, used to run and manage legal cases. All computers are encrypted and password protected to prevent data theft if the computers themselves are stolen. Our services are secure and data is sent to us securely via SSL encryption.
- Youcanbook.me, an online booking system used for our Video Link service on the Free Movement website. This service is GDPR compliant.
- Clio manage and Clio grow, online case management systems to store your immigration file.
- Dropbox, storage software used to store your immigration and archive your immigration file.
- The eurights.uk platform, we collect the information submitted in the enquiry form on this website to manage and process bookings of our lawyers. This project is funded by the European Commission, who require us to provide monitoring information on this project. The information shared with the European Commission will be limited to the data collected on the enquiry form.
How do we collect personal data?
We collect or use data in the following ways:
- When we enter a contract with you
- When we need to comply with a legal or regulatory obligation
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We do not collect personal data for direct marketing communications. Therefore we do not generally rely on consent as a legal basis for collecting or processing your data. You have the right of the data subject to withdraw your consent at any time by emailing data@seraphus.co.uk.
What data do we collect about you?
We collect collect personal data or information for the purposes performing our contract with you. This data will include your identity, contact information, immigration information and financial information. If you need details about what personal data we have collected from you or the lawful basis for the collection of this data please contact the data controller.
Disclosure of your data
We may have to share your personal data with third parties. In most cases this would occur for the purposes of performing our contract with you. For example, when we need to contact the Home Office to request a copy of your immigration records. However, solicitors may be required by statute to make a disclosure to the National Crime Agency where they know or suspect that a transaction may involve money laundering or terrorist financing. If we make a disclosure in relation to your matter, we may not be able to tell you that a disclosure has been made. We may have to stop working on your matter for a period of time and may not be able to tell you why.
External firms or organisations may conduct audit or quality checks on our practice from time to time. They may wish to audit/quality check your file and related papers for this purpose. It is a specific requirement imposed by us that these external firms or organisations fully maintain confidentiality in relation to any files and papers which are audited/quality checked by them. If you do not wish your file to be used in this way, please let us know as soon as possible.
We rarely transfer personal information outside the UK when delivering our services but some of our systems that process personal data may be located outside the UK including in Europe.
Data Security
We have put in place appropriate security measures to ensure your data is not accidentally lost, used or accessed, altered or disclosed in an unauthorised way. All access to data is limited to employees or to the data processors above. We have procedures to deal with any suspected personal data breach and will notify you and the ICO of a breach if required.
Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will securely store the work relating to the performance of your contract with us for 7 years, after which we will consider destroying this data. If you are a paying customer we cannot delete all of your personal data for a period of seven years because we are obliged by law to retain payment information for that period for tax and VAT purposes.
Copies of your data
You can email the data controller for a copy of your data at data@seraphus.co.uk. Your data will be sent to you without delay and within one month of your emailed request. You will not have to pay a fee to access your personal data unless it is unfounded, repetitive or excessive. When doing so we may need specific information from you to confirm your identity and ensure your right to access your personal data. This is a security measure to ensure your data is not disclosed to another person who has no right to receive it. Your data may be redacted to protect the personal data of other people referred to in your records.
Deletion of your data
You can email us at data@seraphus.co.uk to request status deletion. We will delete as much of your data as we are permitted to based on our data retention requirements above.
Complaints
You can complain to the Information Commissioner’s Office about the way we have handled personal information. In most cases, before you complain to us you need to have:
- complained directly to us, our complaints policy can be viewed here;
- asked for clarification from us if you have had a response you don’t understand; and
- followed up with us if you have not received a response after 30 days.
If you have followed all these steps or have not received a response from us, you can submit your complaint. You should do this within three months of your last contact with us.