One Immigration Solutions
Suite 289, 93 Hope Street, Glasgow, G2 6LD
Valid from 25th May 2018
Privacy Statement
One Immigration Solutions understands that clients care about the use and storage of their personal information and data and we value your trust in allowing us to do this in a careful and sensible manner.
This Privacy Statement explains how we treat your data, what to do if you have any queries relating to data processing, and how to exercise any data protection rights in accordance with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) & PECR (Privacy and Electronic Communications Regulations).
Data Controller and Data Processors
The Data Controller is One Immigration Solutions. The Data Processors are the Company officials of the Data Controller, or its appointed agents who may process data in accordance with the instructions of the Data Controller and in accordance with the duty of confidentiality applicable to them.
If you would like any further information concerning the specific Data Processors who have or will be handling your data, please contact the Data Protection Officer.
Your Rights
You may exercise any of the rights provided for under the EU General Data Protection Regulation (GDPR) as follows;
You have the right to access your data held by the Company in order inter alia to rectify any inaccuracies. You have the right to require the cancellation of any data, unless and insofar as the retention of that data is mandatory under the law applicable to the Company.
Should you wish to change your solicitor, you have the right to request / receive any data processed during the course, of our business with you, that has not yet been deleted or anonymised.
You have the right to ask us what data we hold in relation to you. You have the right to receive a prompt response to any access request and will not be charged for any such request. If any such request is refused, you will be informed of the reasons and have the right to complain to a supervisory authority.
For the purposes of the General Data Protection Regulation & the Data Protection Act (1998), the controller of all information collected on this website is: One Immigration Solutions, Suite 289, 93 Hope Street, Glasgow, G2 6LD.
If you wish to view, delete or amend any of the information we hold on you, this can be done by contacting us in writing at the address provided above.
We will not disclose your data to anybody other than for the purpose of providing our services to you and will not even confirm or deny the existence of a business relationship with you, unless you consent or unless we are required to do so by law or by law enforcement authorities.
We shall provide you with any data we hold concerning you in the manner requested by you, provided that the request is reasonable.
Your Data
The Company is unable to provide services without receiving your personal data. We will therefore process your data in order to fulfil our contractual obligations towards you, or as part of any pre-contractual acts carried out with a view to entering into a business relationship.
As the processing of personal data is an inherent aspect of the firms services, the act of transmitting any data to the firm will be construed as consent to the processing of that data in the manner in accordance with this Privacy Statement. This will involve processing on the firm’s premises by Company officials, although may also entail its transmission to other potential external agencies. Such external agencies are subject to a duty of confidentiality regarding any such data provided to them and are obliged to report to the firm any breaches of data security or integrity.
Any person under the age of 16 must ask a parent or guardian to submit data on their behalf.
All data will be treated in the strictest confidence and will not be disclosed to third parties other than to other legal service agents for, the purpose, of providing the service commissioned from the firm, or as part of pre-contractual controls or negotiations.
Your data will not under any circumstances be used for marketing purposes. We will not contact you by newsletter or circular email. We will not under any circumstances sell, transfer or otherwise make available your data to any external organisation other than for the purposes of providing the services commissioned by you.
Financial data concerning the business relationship between us may be disclosed to the firm’s accountants for strictly accounting purposes and, if required by law, to the tax authorities.
You have the right to withdraw your consent to data processing at any time. If you do so, you may obtain the deletion of all data concerning you held by the Company, subject to the payment of any services you have already commissioned from the Company.
Types of data we collect
We collect only data that is necessary in order to establish, manage and conclude an actual or potential contractual relationship between us. As a matter of principle, we shall retain and use only data that is expressly provided to us by you at the time of your initial enquiry (such as your email address, telephone number, postal address). If we require any additional data we shall ask you for it, for instance your sponsor, employer, passport/visa, or any other supporting documents required to proceed with your application
Any data submitted through our online contact form will be retained for a reasonable period of time, until it is clear that you do not intend to acquire services from us (in which case the data will be deleted), or until deletion in the ordinary manner following the establishment of a business relationship.
Your data may be used in order to carry out basic checks into the solvency, good standing and financial health of your business. If applicable we may pass your data on to the legal aid board to assess your eligibility of legal aid. If you are a private individual, we shall not use your data to carry out any credit checks.
Merchant Services
We accept Stripe and SumUp online payment services. Stripe (SPUKL) is authorised as an electronic money institution by the U.K. Financial Conduct Authority. SumUp offer secure payment services and are PCi Regulated.
Data Retention
We shall retain your data for a reasonable period after the service has been completed as guided by the Law Society of Scotland. We are also required to retain basic information relating to the transaction between us for tax purposes (e.g. bank statements, invoices, credit card slips etc.) for the statutory retention periods.
If you would like your data to be deleted, whether in full or in part, please let us know. Unless we are under a statutory obligation to retain any of your personal data, your request will be acted upon as quickly as possible, and we shall provide confirmation once it has been done.
Unless you specify otherwise, your data will only be retained for as long as is legally necessary or in accordance with the purpose for which they were processed, after which they will either be deleted or destroyed. Due to the nature of the work we undertake for our clients it is necessary for us to archive application information critical to past, present and ongoing applications.
If there is no evident service-related reason to retain your data, your data will be removed once the retention is no longer necessary for the purposes for which the personal data were processed. The Company will carry out periodical checks in order to ensure that this principle is complied with. The Company will also carry out periodical assessments of the arrangements in place to protect against data loss, and its planning will ensure the ability to restore all data even in the event of large-scale data corruption.
Data Storage
Current digital Data and working files are stored on computers and backup devices in secure locations to which access is controlled. Non digital Documentation is stored in a filing cabinet on site at our offices. Concluded files and data are stored at the same place. The Company uses 2 factor authentication cloud computing to store its data. If any physical data carrier containing such data leaves a secure location, it will be carried on the person of a Company official. Physical mobile and In-Situ data storage devices are protected by industry standard encryption tools & anti-virus software.
Please be aware that any data transferred by email will also be stored on the servers of the relevant email provider and may continue to be stored there until deleted and purged at an appropriate time.
Data Transfer
We shall send data to you primarily using SSL & TSL secure email services or on occasion if necessary by recorded post.
Data Breaches
You will be informed as soon as possible in the event that the firm suffers a data breach that is liable to result in loss or harm to you of any type, or in the loss of confidentiality. This will include information that is as precise as possible concerning the data that has actually or potentially been compromised. Any breaches will also be reported to the data protection authority with jurisdiction over the firm.
Cookies
Our Website
The Company website uses basic session cookies to facilitate your usage of the website and to ensure that it works as it is supposed to. We also use cookies for statistical purposes (e.g. How many visitors we have had) through google analytics.
Cookies are small text files which are saved on your device when you access the website. We do not use Cookies directly under any circumstance to collect any personally identifiable or sensitive information or for the purposes of advertising.
Any data associated with cookies will not be disclosed by us to any third party for advertising or commercial purposes. By clicking the cookie acceptance on the website, you acknowledge & permit the use of the cookies outlined above. If you do not wish cookies to be used, please deactivate cookies by adjusting your browser settings accordingly.
Data Protection Officer
The Data Protection Officer is responsible for ensuring compliance with the law, monitoring and ensuring data security and reporting any data breaches. The Data Protection Officer of the Company is Jacqueline Ma.
Some useful links:
- Overview of the General Data Protection Regulation (GDPR)
- Data Protection Act (DPA) 1998
- Privacy and Electronic Communications Regulations (PECR) 2003
- The Guide to the PECR 2003
- Google Privacy Policy
- SumUp Privacy Policy
- Stripe security & privacy