FOR ISSUE TO OUR CLIENTS AND PARTNERS
Our firm is Data Controller in some cases (own clients for example) and a Data Processor in other cases (when acting as agent for other firms for example).
We take the two roles seriously and our compliance plans and policy are set out in this office manual.
The Firm is committed to best standard compliance with all relevant aspects of data protection law and best practice.
Our Data Protection Officer (DPO) is:
Mr Obinna Baranta
What is expected of our DPO
Our DPO must conduct research and attend training or produce a self-training manual that considers all aspects of GDPR that apply to our firm.
Our DPO must then cascade the training received or generated by self-study and research to all senior staff.
Our DPO and all senior staff must share this knowledge and awareness with all other staff.
The required training and awareness must reflect the policies, procedures, internal governance and technology systems used by our firm which has been set out below.
It should explain the law and how it applies to the work staff undertake at our firm on a daily basis.
The required training must also emphasize the risks of fines and regulatory action to our firm, and criminal sanction for individuals within our firm.
As well as considering the training needs of staff in relation to their roles and responsibilities for processing personal data, our firm’s DPO will also want to consider the specialist training needs of our members of staff work in areas including marketing, database management, or human resources.
A particular focus of training should be the identification of data subject access requests, and the handling of data breaches.
What Sensitive Personal Data Do We Hold?
The Firm believes that the vast majority of the information which it holds is considered (under the terms of the Act) to be sensitive personal data and therefore Data Protection is a serious aspect of managing the firm.
The Firm believes that relevant data include:
- all client information supplied to the firm for applications for Visas.
- racial or ethnic origin - which we hold for the purposes of equal opportunity monitoring;
- pre-employment health questionnaire and other information relating to your health and sickness absence - which the Firm holds so it we can monitor and control sickness absence and ensure that it can pay you sick pay; and
- any disciplinary or other records to the extent that they relate to criminal offences. For example, this would include criminal offences which you disclosed when you applied for a job with the Firm (and which are not exempt from disclosure under the Rehabilitation of Offenders Act) and data created in the thankfully infrequent event of allegations being made against employees that involve or could involve a criminal offence, such as theft.
- Criminal Conviction information of some clients
- Banking details of some clients
- Legal Privilege information such as advice given to some clients
- Documents in clients’ case files and documents disclosed by third parties in litigation or other matters
How do we record the Data we hold?
All Data Received will be documented in the incoming correspondence log and will be stored in relevant client files.
How will we review our record keeping obligations?
We will regularly check our file opening procedures and our compliance with our incoming correspondence logging operations on a quarterly basis to ensure that all incoming data is captured.
Who will receive disclosures?
Clients are entitled under Subject Access Requests
Clients may give us authority to issue data to a third party.
Our client care letter must make clear that work may be outsourced outside the Nigeria and instructions are accepted subject to client permission we may outsource some aspects of our work for them to Agents and legal support service providers in the UK or the Republic of Ireland.
Agents and Consultants may access data from us with client consent as given in terms of business agreement.
The police and law enforcement may access data by warrant and without warrant in some circumstances.
We will continue to review how can access data from our system.
Subject to some exceptions, the Data Protection Act requires the Firm to obtain client and staff explicit consent to hold and process sensitive personal data.
Without this consent the Firm will not be able to process this data which would for example potentially produce the result that the Firm could not perform a required task for the person without consent.
How do we comply with transparency and responsibility and liability?
Our records of data must be organized and ready for delivery to the relevant authorities.
We are a micro organization in GDPR terms, however our aim is to comply as far as we can above minimum requirements.
Why do we process data?
To provide our advertised services
To comply with regulation
To employ staff and agents
To conduct client satisfaction surveys
Whose data do we hold?
Clients, staff and agents.
Persons related to clients and client matters e.g. family members who will benefit from the clients application or service.
Who do we transfer data to?
Persons Nominated by Clients
What Kinds of Personal Data Do We Hold?
In general terms, the Act entitles our clients, on making a written request and paying the required fee, to obtain access to the data that the Firm holds and processes about them. Precise details of what data the Firm holds will vary from person to person. Broadly, however, the types of data that the Firm will hold and process about you will include:
Title, Name, Address - for contact purposes;
Home and mobile phone numbers (if supplied) - for contact purposes;
National Insurance number - for payroll processing and tax purposes;
Date of birth and age - in order to address benefit related queries where age is a relevant factor and for the purpose of applying our retirement policy;
Emergency contact (possibly next of kin) details - for emergency contact purposes and for administration of flexible benefits; and
Marital status - in order to address benefit related queries where marital status may be a factor and for tax purposes.
Employment record data we hold about our staff and applicants
Start date and length of service - for processing and informational purposes and so as to determine employment rights and eligibility for some benefits;
Employment history - in order to monitor career development;
Holiday entitlement - for payroll processing and informational purposes;
Pension scheme member - in order to respond to enquiries;
Health and safety roles - if applicable;
Accidents at work - if applicable for health and safety reasons; and any current disciplinary warnings.
- Marketing Data –We generally do not hold any data that arising from our marketing activities as we simply advertise our website and all information arising from client enquiries are not held on our data base unless the enquiry results in any immediate instruction. However, we may change our marketing practices in future and we will review our data obligations in this regard to ensure our full and whole compliance with the GDPR and Domestic Data Protection Laws.
- Database management – Our Database is managed by Mr Obinna Baranta. Electronic access to data granted to all staff and agents is protected by password systems. Our data processors if outside the country must have some insurance cover even though this may not be as high as the above-mentioned limit. We do not at this time employ any external database managers but if we decide to do so in future this document will be reviewed to ensure our continued compliance is achieved.
- Human Resources – Please see above at employment records which also apply to Agent’s and Consultant’s data in the same manner as employee data.
More Types of Data We May Hold