Laura Devine Immigration, and our business in the United States, Laura Devine Attorneys are committed to compliance with relevant data protection laws and will responsibly protect the information you provide to us and the information we collect in the course of operating our business. This Client Privacy Policy (Privacy Policy) describes how the businesses, as data controllers, may collect, use, and share information about you and your rights in relation to that information.

Your provision of information to us constitutes your acceptance of the terms of this Privacy Policy. Please do not send us any information about you which you do not want to be used in the ways described in this Privacy Policy.

Scope of this Privacy Policy
This Privacy Policy applies to your use of our services, including when you request information from us; when you engage our legal services; and as a result of your relationship with one of our clients.

Privacy information about your use of our online services and how we market to you can be found in our Digital Privacy Policy.

This Privacy Policy describes:

• The types of information we process
• How we use the information
• How long we retain information
• How we share the information
• Protection and storage of the information
• You and your rights
• How to contact us
• Data controller
• Changes to this Privacy Policy

When we use personal information about you or others in connection with providing our legal services to clients we do so as a data controller.

The types of information we process
We will process personal information we receive directly from you, on your behalf, other organisations with whom you have dealings, government agencies, publicly available records and the third parties described in ‘How we share the information’ below.

We may collect current and historical personal information including/relating to: your name, contact details, identification, any information included in correspondence between us and you (e.g. about an enquiry), your payment/billing data, transactional data, and your matter data (i.e. any personal data connected with your instructions to us, correspondence with us, notes of calls and meetings and third party information about your matter).

Due to the nature of our services, your matter data may include ethnic origin, marital status, employment/business, finances, academic history and criminal offences/convictions (this is non-exhaustive which depends on the circumstances).

How we use the information
We may use your personal information if:

• it is necessary for the performance of a contract with you or for pre-contractual steps at your request (e.g. when we are providing our services to you as envisaged by our engagement letter);
• it is necessary in connection with a legal obligation (eg when we are providing you with a quote or carrying out anti-money laundering and conflict checks);
• you have provided your consent to such use (eg you have approved the use of a specific third party to assist on your matter);
• we consider such use of your information as not detrimental to you, within your reasonable expectations, having a minimal impact on your privacy, and necessary to fulfil our legitimate interests, or those of a third party (eg to manage and attend at Home Office or consular appointments on your behalf, to manage fees and invoicing, to recover money owed to us, to manage our relationship with our client where you are the client representative or to undertake direct marketing to promote our business and services); or
• we are otherwise required or authorised by law.

Special categories of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using it.

Depending on the nature of our instructions, we may collect, store and use any of the following special categories of information about clients, prospective clients and/or about related parties to a matter:

• physical or mental health, including any medical condition or disability
• race or ethnicity
• political opinions
• religious or philosophical beliefs
• trade union membership
• sexual orientation or sex life
• genetic information and biometric data

Depending on the nature of our instructions from you, we process this type of information where it is necessary to establish, exercise or defend legal claims (such as your immigration status), where you have made the information public, or by asking for your explicit consent. If we seek your consent, you may withdraw consent at any time as described in ‘Your choices and rights’ below.

We use your information to:

• register you as a new client and respond to your enquiries;
• provide and improve our services to you;
• maintain and develop our relationship with you (including notifying you of changes to our terms and privacy policy);
• facilitate our internal business operations;
• fulfil our legal requirements (including in relation to anti-money laundering) and professional obligations;
• unless you have opted-out, send you marketing communications, including legal updates and information on relevant events;
• monitor and analyse our business.

We may not be able to do these things without your personal information.

How long we retain information
We recognise that it is important to only retain your personal information for as long as is required by law or we consider reasonably necessary to fulfil the purpose for which we collected it, after which we will destroy it. Due to the nature of immigration services, a full record of information obtained from you, third parties and advice provided by us shall not be retained longer than 15 years unless you request that it be erased. This is because we consider that it is in your best interests that we retain a full history of data which may be relevant to future matters you instruct us to deal with. Such data can also be relevant to your immigration position should there be any dispute with the authorities or for us to be able to provide you with a record should you misplace important immigration documents/information. If you would like us to rectify or erase your data please refer to the section on ‘Your choices and rights’ below.

How we share the information
We may share your information with third parties where:

• you have consented for us to do so;
• we are under a legal, regulatory or professional obligation to do so (for example, in order to comply with anti-money laundering requirements);
• it is necessary for the purpose of, or in connection with, legal proceedings, or to exercise or defend legal rights;
• it is required or will assist us in providing our services, which includes: UK and overseas government and related independent organisations, representatives for submission of applications to the immigration authorities, reference/qualification checking, translators, UK and international couriers, research, archiving, professional advisory (including legal, accounting, financial and business consulting), banking, payment, debt collection, insurance, marketing and information security services; or
• if, in the future, we re-organise or transfer all or part of our business, we may need to transfer your information to new entities from which our business will be carried out.

In connection with any proposed incorporation, purchase, merger or acquisition of any part of our business; we inform the potential buyer (and its agents and advisers) that it must use your personal information only for the purposes disclosed in this Privacy Policy.

We will ensure a similar degree of protection is afforded to it by using one of the lawful mechanisms available to us. These may include:

• Transfer to EEA or other countries or organisations that have officially been deemed to provide an adequate level of protection for personal data by the Information Commissioner’s Office
• Using specific contracts approved by the Information Commissioner’s Office (which is currently the International Data Transfer Agreement or the International Data Transfer Addendum (IDTA)).
• Where the EU GDPR applies to the data, using specific contracts approved by the European Commission (which is currently the EU standard contractual clauses (EU SCCs) adopted in June 2021)

Please be aware that your personal information may be processed by Laura Devine Immigration in the UK or Laura Devine Attorneys in the United States.

Personal information shared between our offices will be subject to the contractual obligations imposed by the IDTA and/or EU SCCs (as applicable).

If you have any questions in relation to the transfer of your personal information please contact us.

Protection and storage of the information
We take steps to hold information securely in electronic or physical form and to prevent unauthorised access, modification or disclosure. Our information security practices are supported by a number of security safeguards, processes and procedures. We store information in access controlled premises or in password protected electronic form. We require our third party IT providers to comply with appropriate information security obligations. All staff and third party providers with access to confidential information are subject to confidentiality obligations. However, the transmission of information via the internet is at your own risk as it is not completely secure. We cannot guarantee the security of your data transmitted to us but can offer a secure portal for the exchange of electronic information. We are regularly reviewing ways to improve our security offering as technology develops.

You and your rights
Subject to applicable laws, you may have certain rights regarding information that we have collected and that is related to you. We encourage you to contact us to update or correct your information if it changes or if you believe that any information that we have collected about you is inaccurate. You can also ask us to see what personal information we hold about you, to erase your personal information and you may tell us if you object to our use of your personal information. If you would like to discuss or exercise the rights you may have, please contact us. In the UK, you have a right to complain to the Information Commissioner’s Office (ICO), but we would prefer you to contact us first. We should be able to resolve any matter quickly and to your satisfaction.

How to contact us
If you would like to contact us with questions about our privacy practices, please send us an email via our Contact page or contact our Data Protection Manager, Natasha Chell at natasha.chell@lauradevine.com.

If you are a data controller or a data processor
If you are a data controller or a data processor in your own right, and you provide personal data to us, you confirm to us that you have a lawful basis for doing so under data protection law and all necessary consents, where required.

Changes to this privacy policy
We may update this Privacy Policy from time to time. The effective date of the current Privacy Policy is 21 June 2023. We encourage you to periodically review this policy. If we make any material changes in the way we collect, use, and/or share the personal information that you have provided, we will notify you by posting notice of the changes in a clear and conspicuous manner on the company website.