Last updated: September 2023
As a global professional services business with law at its core, we are committed to safeguarding the privacy and security of the personal information in our care. This policy explains how we collect your personal information, what we do with it and your rights in respect of it. We have a separate policy which sets out similar information relating to the cookies that we use, which can be found under our cookie notice.
Access Citizens Services Limited UK which is a subsidiary of Access Group provides Visa and Passport front end services in United Kingdom and Ireland .
For country specific information about Access Group business, including a list of our offices and the jurisdictions in which we operate, please check www.visavisonline.net
Our global reach means that we are subject to the differing data protection regimes of the jurisdictions in which we operate. We strive to achieve uniformity of data protection practices across the group, whilst also complying with all data protection laws. This policy reflects the UK GDPR standard of protection of personal information and references the relevant Articles of the UK GDPR where appropriate. In those jurisdictions where data protection regimes differ significantly to the UK GDPR, elements of this policy may not apply, for example individuals' rights in relation to their personal information, and this policy does not establish rights or obligations which are additional to those prescribed in the applicable local data protection law.
We are the data controller of the personal information that we process in our system, i.e. the organisation which determines how your personal information is processed and for what purposes.
Most of Access Citizens Services Limited UK' main IT systems are located in the UK or EU and controlled by Access Citizens Services Limited UK. Where we transfer your personal data to third parties, in certain circumstances those third parties may also be data controllers.
We want to offer you a means of contacting the right people in our organisation as swiftly and easily as possible. We therefore have in place dedicated email address, which is managed by our team of Privacy specialists, who support our global network on Privacy matters.
You may contact our Privacy specialists with any questions about this policy, or our Privacy practices more generally at PrivacyTeam@visavisonline.net You have rights in respect of the personal information of yours in our care. More information about these rights is set out in section 7 of this policy.
Our global presence means that your personal information may be transferred across the business worldwide due, for example, to our shared IT systems and datacentres, and cross-border working practices. Personal data transfers are facilitated across the Access group by way of an intra group agreement which applies contractual protections and other appropriate safeguards required under applicable data protection law to all such transfers of personal data within the group.
We also use a number of suppliers and service providers in connection with the operation of our business who may have access to the personal information that we process, e.g. IT suppliers when providing us with software support or cloud services. In all cases, your personal information is handled and protected in accordance with applicable data protection law. Where we use cloud services, our data will generally be hosted within the UK or EU, those being the locations which offer the highest level of data protection regulation of all the regions in which we operate. We ensure that personal data is adequately protected in accordance with applicable data protection law, and in particular Article 46 of the UK GDPR and the EU GDPR, by ensuring information security and other appropriate safeguards are in place, and using approved model contract clauses to cover the transfer or by ensuring that the supplier has Binding Corporate Rules in place.
We collect and process the personal information:
We may collect the following information and documentation:
Your personal information is retained by us in accordance with applicable law and regulation. Our data retention periods vary depending on the period taken to process your application by the embassy and the time taken for you to collect back your documents .
This means that, in general, we delete personal information when: the purpose for its processing has been fulfilled that is the relationship with our client has ended.
More information about your rights in respect of the personal information of yours in our care, including how to contact us to exercise these or with questions around our retention practices in respect of your personal information, is set out in section 7 of this Policy.
The following rights are provided for under the UK and EU data protection regimes:
Not all of these rights are absolute, which means that they may only apply in certain situations and may be subject to legal exceptions and exemptions. To exercise your rights, please email us at PrivacyTeam@visavisonline.net
Our Privacy Team oversees our compliance with data protection laws and this policy, and provides guidance and advice to the firm and our people. Our Compliance Officer for Legal Practice ('COLP') oversees compliance with our professional responsibilities and the reporting of any failures to comply with legislative requirements, including data protection.
Please direct any complaint relating to how the firm has processed your personal information to PrivacyTeam@visavisonline.net We hope that we can resolve any query or concern you raise about our processing of your personal information.