Skip to main content

updated April 2023

PRIVACY NOTICE

The Nathanson Partnership is located at Office One, 1 Coldbath Square, Farringdon, London. EC1R 5HL
Company registration no. 1213632
ICO Registration: ZA741356
Our Data Protection representative can be contacted by email on [email protected]

 

This privacy notice describes how we collect, use and store personal information about you , in accordance with the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR).

The Nathanson Partnership is a data controller. This means that we are responsible for deciding how we hold and use and store personal information about you. We are required under the DPA 2018 / UK GDPR to notify you of the information contained in this privacy notice.

We may update this notice at any time. If relevant (and feasible), we will notify you. We do recommend that you review this notice from time to time.

It is important that you read this notice, together with any other privacy notices we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using your personal information.

DATA PROTECTION PRINCIPLES

We will comply with all relevant data protection law (including the DPA 2018 / UK GDPR). This requires that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.
  7. We are accountable as a Controller for the principles and individual rights with respect to the processing we undertake.

HOW WE COLLECT INFORMATION

We collect personal data through various different methods and sources including but not limited to:

  • Collecting information directly from you via application forms, questionnaires, correspondence etc.
  • Collecting information from your employer about employment evidence, visas and sponsorship etc.
  • Collecting information from the relevant national immigration body such as the UK Visa and Immigration Government Department.
  • We collect information via our website, you can find further information our cookies notice

THE KIND OF INFORMATION WE collect and HOLD ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified, whether directly or indirectly. It does not include data where an individual cannot be identified (anonymous data).

We collect various personal data and special category data, including but not limited to:

  • Data including your full name, title, date of birth, gender, place of birth, relationship status, family history / dependents, full passport & driving licence details, visa and travel history and GP details.
  • Contact data including your registered current (and previous) addresses, email address and telephone number.
  • Details of work arrangements / employment history and any qualifications held.
  • Financial information such as bank account details and investments and any invoices for medical treatment / inoculations.
  • Information about your race or ethnicity
  • Information about any criminal convictions and offences
  • Information on your medical history
  • Details of any visa concessions
  • Full passport details, which could include biometric data.
  • Details of disability conditions and any reasonable adjustment you require

The majority of the information we collect is in relation to the subject of the immigration or visa application, however we also collect limited personal information such as name and contact details of the employees from the organisations and relatives we deal with.

HOW WE WILL USE INFORMATION ABOUT YOU

We need all the following categories of personal data detailed above to allow us to conduct our business operation.  Some of the grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

  1. Purpose of processing
  2. We primarily collect information for the purposes of delivering a full suite of advisory, guidance and services that allow us to manage private and business immigration needs.
  3. We provide services for all – from individuals to small local businesses and larger organisations with an international footprint – supporting requirements for UK inbound and outbound global transfers.
  4. Do we have a basis in law to use your information?

We will always need to process your data in line with our legal obligations. In some cases, we may process information based on additional lawful bases:

* Administration of a contract we have entered with you and providing our products and services to you.

* Business management and planning, including accounting and auditing. In these instances, we will share your personal data with our accountants and associated reporting platforms.

* Planning for the on-boarding or termination of our contracting relationship.

* Dealing with legal disputes involving you, or any disputes that may arise under the contract that we have with you or the way in which we provide our products and services to you.

*To comply with laws. Such as money laundering regulations, immigration laws and data protection laws etc

*To fulfil our legitimate interests or that of a third party, but don’t worry we balance these interests against your privacy rights before using personal information in this way

*In limited circumstances we may process data in accordance with your explicit consent, this will only apply where we have asked for it

We process some information in accordance with the following laws:

  • Equality Act 2010
  • Data Protection Act 2018
  • UK General Data Protection Regulations
  • Privacy and Electronic Communications Regulations
  • Money Laundering Terrorist Financing & Transfer of Funds (Information on the Payer) Regulations 2017
  • Immigration Act 2016
  • Nationality and Borders Act 2022
  • Immigration and Social Security Co-ordination (EU Withdrawal) Act 2020
  • Immigration Act 2014 Introduced a new criminal offence of illegal working.
  • Borders, Citizenship and Immigration Act 2009
  • Criminal Justice and Immigration Act 2008
  • Tribunals, Courts and enforcement Act 2007
  • UK Borders Act 2007 Introduced biometric visas and established the UK Border Agency.
  • Commonwealth Immigrants Act 1968
  • British Nationality Act 1948

WHO WE SHARE INFORMATION WITH

We only share personal data with third parties where it is necessary under the lawful bases outlined above.

Types of third parties we share information with include but are not limited to:

  • Government Authorities
  • Visa Application Centres
  • Translators
  • Network Partners and approved Third Party Providers to the extent necessary for the provision of the requested services.
  • Specialist consultants and advisors
  • IT application and system providers
  • Ombudsman’s and regulatory bodies such as the Office of the Immigration Services Commissioner and the UK Information Commissioner
  • Nominated representatives such as a solicitor, relative etc
  • Relatives for example where they are a visa concession

 INTERNATIONAL DATA TRANSFERS

Here at Nathanson Partnership we ensure that we have robust access controls in place, and we only share data where it is appropriate and lawful to do so. As a UK based company, we primarily store and host personal data within the UK or Adequate Area. 

We may need to transfer certain personal and special category data outside the UK or Adequate Area. This will primarily be where partners are based outside these regions, in these cases, where applicable we will ensure that the Appropriate Safeguards under Article 46 of the UK GDPR are in place and Transfer Risk Assessments are conducted where appropriate.

Due to the nature of our work, we may share information with British Embassies and Consulates who reside in countries across the world, one way you can identify the applicable third countries that your data may be shared with is by identifying your country of residency and/or the country which your company operates from. British Embassies and Consulates are subject to the UK GDPR in accordance with Article 3(3).

Further details on these locations and safeguards can be requested from us at any time via [email protected].

Some of the countries we share information with include:

Argentina

Iran

Nigeria

Australia

Ireland

Norway

Austria

Israel

Pakistan

Azerbaijan

Italy

Philippines

Bahrain

Jamaica

Poland

Bangladesh

Japan

Portugal

Barbados

Jordan

Qatar

Belarus

Kazakhstan

Romania

Belgium

Kenya

Russia

Brazil

North Korea

Saudi Arabia

Bulgaria

South Korea

Singapore

Canada

Latvia

Slovakia

Central African Republic

Lebanon

Slovenia

Chile

Liechtenstein

South Africa

China

Lithuania

Spain

Croatia

Luxembourg

Sri Lanka

Cyprus

Malaysia

Sweden

Czech Republic

Malta

Switzerland

Denmark

Mauritius

Taiwan

Egypt

Mexico

Thailand

Finland

Federated States of Micronesia

Turkey

France

Morocco

Uganda

Germany

Mozambique

Ukraine

Greece

Nepal

United Arab Emirates

Haiti

Netherlands

United Kingdom

Honduras

New Zealand

United States

Hungary

New Zealand

Uzbekistan

Iceland

Nigeria

Venezuela

India

Norway

Zimbabwe

DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. As a summary:

  • We will retain details of enquirers for a period of 6 years, after which time it will be deleted. If you ask us to remove your data from this, we will do so immediately.
  • If you are an active client of the business, we will retain your details on file for a period of 6 years after the termination of our working relationship.
  • We will retain information relating to invoicing for a period of 7 years, including the current accounting year to satisfy HMRC requirements.
  • Where we collect information in accordance with The Money Laundering Terrorist Financing & Transfer of Funds (Information on the Payer) Regulations 2017 we shall store that information in accordance with Part 4 of those Regulations. Such data will be stored for:
  • Five years where:
  • we have grounds to believe a transaction is complete for records relating to an occasional transaction; or
  • that the business relationship has come to an end for records relating to any transaction which occurs as part of a business relationship, or
  • customer due diligence measures taken in connection with that relationship.
  • Up to a period of ten years where we are required to retain records containing personal data:
    • by or under any enactment; or
    • for the purposes of any Court proceedings
    • the data subject has given consent to the retention of that data; or
    • we have reasonable grounds for believing that records containing the personal data need to be retained for the purposes of legal proceedings.

RIGHTS OF ACCESS, CORRECTION, ERASURE & RESTRICTION

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your Rights:

Subject Access Request – this enables you to request a copy of the personal information we hold about you.

Request Correction – you can request that any incomplete or inaccurate information we hold about you corrected.

Request Erasure – you can request that your personal data is erased.

Object to Processing – you can object to processing activity

Request the Transfer – you have the right to request the transfer of your personal data to a third party.

Right to Withdraw Consent – where we rely on consent to process your data, you have the right to withdraw this at any time, without giving reason. To withdraw your consent, please contact the data protection officer. Once received, we will not process your data for the reasons you have agreed to, unless we have another legal basis for doing so.

We do not currently reach any decisions by solely using automated means.

To submit a data protections rights request or request further information on your rights, please email the data protection contact: [email protected].

We may require a suitable form of identification in order to process your request.
No fee is usually payable; however, we may apply an appropriate fee if the request is deemed to be excessive, or repetitive.

Right to complain – you have the right to complain at any time to the Information Commissioners’ Office (ICO) regarding data protection issues – https://ico.org.uk

We reserve the right to update this privacy notice at any time. If you have any questions about it, please contact us at [email protected].

Last updated: April 2023.