Who is the data controller?
The data controller is Christopher Desira, Director at Seraphus. The data controller can be contacted at Seraphus, Work.Life, 13 Hawley Crescent, London, NW1 8NP. He can be contacted by telephone on 0208 811 1532 and by email at data@seraphus.co.uk. All employees of Seraphus are trained in GDPR compliance. Seraphus works in partnership with the following websites which are GDPR compliant: Free Movement, Eu Citizens UK, Scotland’s Migration Service and Greater London Authority Migrant Londoners Hub.
Who regulates Seraphus’ data control?
Seraphus’ data storage complies with the Solicitors Regulation Authority and GDPR requirements.
If you have any questions in relation to this privacy policy or the use of your personal data please contact the data controller in the first instance. If your query or concern cannot be resolved by the data controller you have the right to contact the Information Commissioner’s Office, the UK supervisory authority for data protection issues.
Who are our data processors?
We use a number of services to handle and process user data:
- Google (Calendar and Analytics ), Calendar is used to support our online booking system for appointments. Analytics is used to assess how users interact with our website to improve it.
- Stripe, a payment gateway. We see no payment or credit card information from Stripe. We use it to process payments for legal services.
- Xero, accounting software used for billing and for collating financial information for accounting purposes. Seraphus’ accountant has access to the information stored in Xero to prepare accounts.
- Apple computers and systems, used to run and manage legal cases. All computers are encrypted and password protected to prevent data theft if the computers themselves are stolen.
- Youcanbook.me, an online booking system used for our appointment services. This service is GDPR compliant. With consent, personal data may be used to make onward referrals to advice and support organisations.
- Clio manage and Clio grow, online case management systems to store your immigration file and our projects data.
- Dropbox, storage software used to store your immigration and archive your immigration file and to store and archive our projects data.
- Microsoft Teams and forms for registration, delivery and evaluation of online events, as well as for meetings.
- Facebook, for registration, delivery and evaluation of online community information sessions.
- Zoom, for registration, delivery and evaluation of online events and meetings.
- The eucitizens.uk website, we collect the information submitted in the enquiry form on this website to manage and process bookings of events. This project is funded by the European Union, with whom booking information will be shared for monitoring purposes.
How do we collect personal data?
We collect or use data in the following ways:
- When we enter a contract with you
- When we need to comply with a legal or regulatory obligation
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We collect data from Scotland’s Migration Service. This includes Seraphus appointment booking data and webinar booking data. We have a legitimate interest to monitor the effectiveness of these activities and satisfaction as part of our continuous improvement.
You have the right of the data subject to withdraw your consent at any time by emailing data@seraphus.co.uk.
What data do we collect about you?
We collect collect personal data or information for the purposes performing our contract with individual clients or with organisations. This data will include your identity, contact information, immigration information and financial information. If you need details about what personal data we have collected from you or the lawful basis for the collection of this data please contact the data controller.
Disclosure of your data
We may have to share your personal data with third parties. In most cases this would occur for the purposes of performing our contract with individual clients or an organisation. For example, when we need to contact the Home Office to request a copy of your immigration records.
Solicitors may be required by statute to make a disclosure to the National Crime Agency where they know or suspect that a transaction may involve money laundering or terrorist financing. If we make a disclosure in relation to your matter, we may not be able to tell you that a disclosure has been made. We may have to stop working on your matter for a period of time and may not be able to tell you why.
External regulatory bodies may conduct audit or quality checks on our practice from time to time. They may wish to audit/quality check your file and related papers for this purpose. It is a specific requirement imposed by us that these external firms or organisations fully maintain confidentiality in relation to any files and papers which are audited/quality checked by them. If you do not wish your file to be used in this way, please let us know as soon as possible.
We rarely transfer personal information outside the UK when delivering our services but some of our systems that process personal data may be located in Europe.
Data Security
We have put in place appropriate security measures to ensure your data is not accidentally lost, used or accessed, altered or disclosed in an unauthorised way. All access to data is limited to employees or to the data processors above. We have procedures to deal with any suspected personal data breach and will notify you and the Information Commissioner’s Office of a breach if required.
Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will securely store the work relating to the performance of your contract with us for 7 years, after which we will destroy this data. We cannot delete your personal data for a period of 7 years because we are obliged by law to retain payment information for that period for tax and VAT purposes, and for regulatory purposes.
Copies of your data
You can email the data controller for a copy of your data at data@seraphus.co.uk. Your data will be sent to you within one month of your emailed request. You will not have to pay a fee to access your personal data unless it is unfounded, repetitive or excessive. When doing so we may need specific information from you to confirm your identity and ensure your right to access your personal data. This is a security measure to ensure your data is not disclosed to another person who has no right to receive it. Your data may be redacted to protect the personal data of other people referred to in your records.
Deletion of your data
You can email us at data@seraphus.co.uk to request status deletion. We will delete as much of your data as we are permitted to and based on our data retention requirements above.
Complaints
You can complain to the Information Commissioner’s Office (ICO) about the way we have handled personal information. In most cases, before you complain to the ICO you need to have:
- Complained directly to us, our complaints policy can be viewed here;
- Asked for clarification from us if you have had a response you don’t understand; and
- Followed up with us if you have not received a response after 30 days.
If you have followed all these steps or have not received a response from us, you can submit your complaint. You should do this within three months of your last contact with us.