Compass Immigration Law Ltd Privacy Policy

Compass Immigration Law Ltd (CILL) is a Data Controller who processes personal data and special categories of data, which we will refer to as personal information.

At CILL, we understand the importance of data protection compliance, we know that excellent data protection practice is not only necessary to meet our legal obligations but it’s also essential to meet our obligations to the individuals whose personal information we process and the clients we serve.

CILL always respects privacy of the individuals whose personal information we process, we will always ensure that it is only used for specified and lawful purposes as provided for under the General Data Protection Regulation (GDPR) and any other UK legislation subsequently enacted that may relate to, replace or supersede the GDPR.

Key Terms

  • We, us, our – Compass Immigration Law Ltd
  • Personal data – Any information relating to an identified or identifiable individual
  • Special categories – Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, genetic and biometric data, data concerning health and sexual orientation
  • Processing – Any action or operation including collecting, recording, viewing, accessing, analysing, assessing, sharing, disclosing, retaining and disposing of personal data
  • Data Controller – The person or organisation who determines the purpose and means of processing personal data
  • Data Processor – The person or organisation who processes personal data on behalf of a Data Controller
  • Data Subject – The person to whom the personal data relates


Legal Services

CILL is a specialist immigration, asylum, EEA and nationality legal practice. We work with clients based in the UK and overseas. The legal services we provide help our clients with their personal or corporate immigration affairs in both contentious and non-contentious matters.

The legal services we provide to our customers require that we process a variety of personal information where necessary for:

  • the purpose of obtaining legal advice;
  • the purpose of, or in connection with, any legal proceedings (including prospective proceedings); or
  • the purposes of establishing, exercising or defending legal rights.

CILL only process the minimum personal information necessary in a responsible and proportionate manner in order to preserve the rights of data subjects and achieve the best outcome for our clients.

Compliance with legal obligations

CILL may need to process personal information where necessary to comply with professional, legal and regulatory obligations that apply to our business, for example, rules and procedures issued by:

  • The Office of the Immigrations Services Commissioner (OISC);
  • The Information Commissioners Office (ICO);
  • The Law Society;
  • Specialist Quality Mark (SQM); and
  • Legal Aid Agency.

That processing may include gathering and providing personal information as required by or relating to audits, enquiries or investigations by regulatory bodies.

Marketing and promotion

We may process personal information to carry out a range of marketing and promotional activities about the services we offer to current, former and prospective clients, to provide legal updates and to send invitations to events we are holding or involved in.

Our marketing activities may include sending promotional materials by SMS, email and post regarding the legal services CILL offer and about news, articles and other publications that relate to the work we do.

We will always ensure any personal information we hold for marketing purposes is stored securely and is not shared with any other person without the individuals’ awareness and permission.

We will only hold personal information for marketing purposes for as long the individual wishes to receive marketing from us. We offer individuals the opportunity to unsubscribe and opt out from marketing at any point and will remove their details from our marketing lists where they wish for us to do so.

If you are currently receiving marketing from CILL and no longer wish to do so you can let us know by contacting:

Data Protection Officer
Compass Immigration Law Ltd
2 Myrtle Street

Other business functions

We also process personal information in order to effectively manage our business activities including statistical analysis to support our practices in relation to financial performance, client base, work type or other efficiency measures and to maintain our accounts and records. As an employer we also process personal information about our partners and staff to help us support, develop and manage them.

What Personal Information We Collect

We always aim to use the minimum personal information necessary to support the business activities and functions we carry out. Where those activities and functions require the processing of personal information it may include:

Individual details – Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and in some instances family details, including their relationship to you.

Identification details – Identification numbers issued by government bodies or agencies, including, but not limited to, your Home Office reference number, Biometric Residence Permit number, Appeal reference number, National Insurance number, passport number and driving licence number.

Financial information – Bank account (including bank statements) or payment card details, income, expenditure, tax records and other financial information.

Previous and current claims – Information about previous and current applications, which may include data relating to your immigration status, health, criminal convictions, or other special categories of personal data.

Special categories of personal data – Certain categories of personal data which have additional protection under the GDPR including data relating to health, racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric, or data concerning sexual orientation.

Who We Process Personal Information About

The categories of individuals we process personal information about include:

  • Clients, their family and close associates;
  • other solicitors and lawyers;
  • witnesses;
  • interpreters and agencies;
  • advisers, consultants, professional experts;
  • suppliers and service providers;
  • our employees;
  • enquirers; and
  • charitable support organisations.

Who We Might Share Personal Information With

We sometimes need to share the personal information we process with third parties outside of CILL. Below is a description of the types of third party organisations we may need to share the personal information we process with for one or more purposes:

  • Clients and their family, associates, representatives;
  • Legal counsel;
  • Home Office;
  • Immigration and Asylum Tribunal/Courts;
  • Interpreting and translation agencies;
  • Local authority;
  • Current, past or prospective employers;
  • Healthcare professionals;
  • Business associates;
  • Professional bodies;
  • Suppliers and service providers;
  • Social and welfare organisations;
  • Employment and recruitment agencies; and
  • Ombudsman and regulatory organisation.

Whenever we share personal information we take great care to ensure it is done through the most secure and appropriate means possible to prevent it from accidental loss or unauthorised access.

How Long We Will Keep Your Information

We implement a proactive approach to retention and disposal of personal information whereby it is retained for the minimum period necessary and only where there is a legitimate reason or lawful basis to do so. We have policies that set out the processes we follow to manage retention and disposal of personal information and define the periods for which personal information is retained. The retention periods we apply have been determined based on a combination of legal obligations and legitimate business activities and the criteria we use to determine retention periods include:

  • For as long as is necessary to support our legitimate business activities.
  • For as long as is necessary to deal with enquiries you may make to us.
  • For as long as is necessary to defend legal claims that may be brought against CILL or our clients.
  • For as long as is necessary to ensure we meet our legal and regulatory obligations.

Lawful Basis for Processing

We will only ever process personal information where we have a genuine need and lawful basis to do so. The lawful processing conditions we generally rely on to process personal information are set out below:

Personal Data

  • The data subject has given explicit consent to the processing of his or her personal data for one or more specific purposes.
  • The processing is necessary for the performance of a claim, application or appeal to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a claim, application or appeal.
  • The processing is necessary for compliance with a legal obligation.
  • The processing is necessary for the purposes of CILL’s legitimate interests or those of our clients, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Special Categories of Data:

  • The data subject has given explicit consent to the processing of his or her personal data for one or more specific purposes.
  • The processing relates to personal data which are manifestly made public by the data subject.
  • Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

There may be circumstances where we rely on different lawful processing conditions to those set out above, where this is the case and where required to do so we will inform you of this.

How We Protect Personal Information

We will take care to ensure your important and sensitive personal information is handled responsibly with the necessary safeguards whilst it is in our possession. To achieve this, we have implemented organisational and technical measures to protect and safeguard personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to make sure we meet our obligations under the information security principle of Article 5(1)(f) and the requirements of Article 32 of the regulation.

Organisational Measures

We implement, include, but are not limited to: Data Protection; Information Security; Access Control; Acceptable Use; Information Classification and Data Handling; Information Exchange and Clear Desk and Clear Screen policies and procedures.

These set the requirements and standard to be adhered to and implemented by all partners and staff with regards to access, use, handling and exchange of personal data. We also provide information security and data protection training and awareness for all our partners and staff and undertake system monitoring, audits, risk assessments and inspections.

Technical Measures

We implement to ensure the security of personal data. These include but are not limited to; secure data exchange methods; user access controls; secure electronic data storage facilities; secure document storage and disposal; firewalls; antivirus software.

International Transfers

CILL offices are located within the UK and the personal information we process is held in the UK. From time to time however there are instances where transfer of personal information outside of the European Economic Area (EEA) is necessary i.e. for entry clearance/visa applications. Where the need for an international transfer of personal information arises, we ensure it is done so using secure methods that offer sufficient assurances and guarantees that the information is afforded the necessary safeguards to prevent it from accidental or unlawful loss, disclosure, access, alteration or destruction.

We will ensure that where necessary, our clients and the data subjects whose information is to be transferred are notified in advance and informed of the safeguards we will take to ensure the security of their information.

Your Rights and How to Contact Us

Under data protection laws, individuals have a number of rights that enable them to control when and how their personal information is used, and, to allow them to hold an organisation accountable for use of their information.

If you believe CILL processes your personal information and you wish to exercise any of your rights under the GDPR, such as gaining access to the information we hold about you, where you believe the information may be incorrect, inaccurate or incomplete, where you wish to restrict or object to processing, or, if you are dissatisfied with the way in which CILL has used your information in any way you can report the matter to our Data Protection Officer using the following contact details:

Data Protection Officer
Compass Immigration Law Ltd
2 Myrtle Street

You also have the right to refer any concerns you may have regarding CILL’s use of your information to the Information Commissioners Office (ICO) – more information can be found by visiting the ICO’s website at:

Summary of data protection rights:

  • Right to be informed: This provides individuals with the right to be told about when and how their personal data is used now and in the future.
  • Right of access: This enables individuals to gain access to and be given a copy of the personal information that we hold about them. You can request access to information that may be held about you by CILL at any time, there will be no charge for this but we may need to see proof of your identification before we can provide you with access. To make a request for your personal information you can contact us using the details provided above. You may not be entitled to see all the information held about you if an exemption applies. Examples of exemptions include information that: is about another person; may prejudice our regulatory work; is subject to legal privilege.
  • Right to erasure: This enables individuals to request that we erase the personal information we hold about them. We implement a proactive approach to retention and disposal of personal information whereby it is retained for the minimum period necessary and only where there is a lawful basis to do so. However, you may request that we erase any personal information we hold about you at any time, to do so you can contact us using the details provided above.
  • Right to rectification: This enables individuals to have any incorrect, inaccurate or incomplete personal information corrected, or, rectified. We aim to ensure the personal information we hold is as accurate and up to date as possible, however if you believe that any information, we hold about you is incorrect or incomplete then please let us know using the contact details above.
  • Right to restrict: This enables individuals to restrict an organisation from processing their personal information for certain purposes and in certain ways. Should you have any concerns over how CILL may be using your personal information then please let us know using the contact details above.
  • Right to object: This enables individuals to object to their personal information being processed in certain ways and in certain circumstances where the conditions set out in the regulation apply. Where we receive an objection, any processing based on the conditions shall cease unless a relevant exception applies, most relevantly where processing is necessary for the establishment, exercise or defence of legal claims.
  • Right to portability: This gives individuals a right to have their personal information transferred or ‘ported’ to another organisation in a reusable electronic format. We will endeavour to provide personal information in an electronic, structured and commonly used machine-readable format upon request.
  • Rights related to automated decision making: We currently do not operate any practices or processes that constitute automated decision making as defined within the GDPR.

Measuring Website Usage and Cookies

Introductory Cookies Message

You may see a pop-up cookies message when you first visit A cookie is used to log that you have seen this message, so that it doesn’t show again.

Name – Cookie Policy

Purpose – This cookie is used to hide the cookies information banner when you have seen it

Expiration time – No expiry set

Change Cookie Settings for This Website

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit or

Comments or Queries About This Site

If you have any comments about using this site, then please e-mail

Changes to this Privacy Policy

Technology and data privacy best practice are continuously developing. We therefore reserve the right to revise this Privacy Policy at any time. If this Privacy Policy changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it and under what circumstances we may share it with other parties.