Updated: February 19, 2019
Under our guidelines, personal data is to be:
• Collected in a transparent way for valid purposes.
• Kept up to date and accurate.
• Used lawfully.
• Kept only as long as necessary.
• Maintained securely.
• Provided, where required by law, for your review and your ‘right to be forgotten.’
Personal Data You Provide
Most of the personal data we process and retain about you has been supplied to G&M by you (face to face, over the telephone, in writing or by email). Some examples: Emails you have sent to us, or information you have provided in connection with applications for US immigration benefits. This data is provided
by you and will be used by us:
• To maintain contact with you to provide our services
• To carry out our contract (if applicable) with you
• To allow us to comply with any legal requirements
• For our legitimate interests in dealing with any enquiry or complaint.
Automatic Data Collection
We do not engage in automatic data collection. We do not harvest internet addresses of visitors to our websites, nor do we obtain email addresses from third parties. We do not place cookies.
Data Processing and Retention
The following is a list of items we collect and retain from you for the legal performance of a contract that we undertake in providing our services.
- Name, title, and contact details, including email address, postal addresses, telephone and fax numbers.
- Personal data, including including special category data, which you give to us in connection with our representation of you. This includes such information as dates of birth, identification documents, records of criminal arrests and convictions, and photographs. We will retain this information and will relay it to various agencies of the US Government as required in connection with your application for a US immigration benefit.
• Terms of Engagement you have signed.
- Records of your communications and instructions to and from us.
We use your data to provide you with the US immigration advice and services as to which you have engaged us.
Retention of Data by G&M
All electronic data is stored on secure servers:
• On a secure server in a separately-keyed secure office within our premises.
• On secure servers provided by our information backup provider Microsoft Azure Backup.
• On a secure server maintained by our immigration software provider INSZoom.
Personal data, including special category data, held may be transferred to or stored in third countries outside the boundaries of the European Union. All paper data is stored either on our premises in London or in secure off-site premises in the United Kingdom provided by our storage provider Iron Mountain.
Access to Data at G&M
Information is used internally by G&M to conduct business and provide services to our clients.
Information is not sold or transmitted outside of G&M with the following exceptions:
• Information provided to credit card processors for payments.
• Information provided to courier services for delivery or collection of documents and property such as passports.
• Information provided to our bookkeepers, accountants and other professional service providers.
Information is provided on the understanding that it is confidential and is to be used only for the purpose provided.
We may need to provide your data to certain government agencies who conduct investigations regarding money laundering, fraud, crime prevention and trade restrictions. No government entity has direct access to your information. We will only provide information that has been directly requested by appropriate legal means and which has been reviewed and approved for release by our legal representatives.
Length of Data Retention by G&M
We will retain information for as long as is needed to provide our services and maintain business records to satisfy all tax, legal and regulatory requirements. Specific lengths of time may be set out in our Terms of Engagement signed on a case-by-case basis.
Security of Data at G&M
We take all reasonable steps to secure your information provided by means outlined above. We employ a variety of security measures and internal rules to protect your personal information from unauthorized physical and electronic access.
We have put in place procedures to deal with any suspected data security breach. We will notify you in a timely matter if we suspect a breach.
As effective as modern security practices are, we cannot guarantee that all information provided is safe from unauthorized access or manipulation. The transmission of any information is at your own risk. We will not be liable for any resulting misuse of your data.
Access to Data at G&M
We are open and transparent about the information we strive to compile about you. If you have questions about the data we hold about you, please request this information.
Data protection laws give you a number or rights when it comes to personal information we hold about you.
European Economic Area Residents
European Economic Area (EEA) residents have a legal right to make a ‘data subject access request.’ If you exercise this right to find what personal data we hold, we will (subject to verification of your identity) provide it to you in an electronic format within the time required by law.
If you have provided us with data, you have the legal right to request that we stop collecting data and that your contact information be withdrawn from any future communications. You are welcome to review, clarify, correct or request erasure of your personal information, object to the processing of your information, withdraw your consent to the processing of your personal information or request that we transfer your personal information to another party, subject to our legitimate needs to maintain data in order to carry out our obligations and preserve our rights.
If you wish to stop receiving communications from G&M contact us at firstname.lastname@example.org or by phone or in writing.
Gudeon & McFadden
26/28 Great Portland Street
London W1W 8QT
+44 (0)20 7323 9454