Complying with all applicable data protection laws is placed at the upmost importance within our company. Coates Global Limited acts on all data protection laws and policies when new data protection laws are in force from time to time, including but limited to the General Data Protection Regulation; the most recent which became effective on 25^thMay 2018.

Coates Global Limited shall process personal data (including sensitive or special categories of personal data) relating to you in manual and automated filing systems. Please note that your personal data collected from these filing systems that are mentioned above are not stored on to our database. However, we do store data through other means, such as, email correspondence and archiving copies of your supporting documents on behalf of your Golden Visa or Citizenship by Investment application. Without this data, we would not be able to provide our services to you to take your application further and cater to the requirements needed to apply for either a Golden Visa or Second citizenship programme. Details about how and why Coates Global Limited generally processes your personal data are outlined in the Coates Global Limited’s Privacy Notice, the latest version (May 2018) of which is available on our website. All Coates Global Limited’s Partners, both in the UK and abroad, have entered into this agreement and confirm that all Employees have read and understood the Coates Global Limited’s Privacy Notice.

It is just as important for us that all Coates Global Limited Partners and Employees take appropriate steps to protect client’s personal data and use it lawfully. All personal data must be treated as confidential information of the Company. We have an IT manager who is trained on cybersecurity who verifies all the systems and checksto ensure that our service is safe, and that your data will not be compromised.If the terms and conditions of any data protection law have been breached, a Garden Leave will be initiated, and the incident will be reported to the local authorities.

We confirm that the above is in compliance with the GDPR and all of Coates Global Limited’s policies relating to client data protection, the security and use of personal data.

Client confidentiality is the foundation on what our company, Coates Global Limited, is built. Privacy is the bond that unites us with our clients as we believe that privacy equates trust. For us to be credible representatives for you, our clients, we understand the importance of your privacy and respect it, therefore, processing your data accordingly to the GDPR requirements and our privacy notice is imperative.

We take our clients privacy seriously. Our privacy notice is set in place to offer you a clear and concise summary of what we do with the data we collect from you. Our pledge is to only use your data for our business use and in matters where it benefits you i.e. contacting our overseas solicitors and authorised agents in legal matters in both Golden Visa’s and Citizenship by Investment programmes. In addition, in countries where it is necessary, we will send your details to our abroad partners who will overlook your case and support you throughout the duration on your application.

Please note, the data we collect is limited and we never store or record data through most of our media channels including, phone and skype meetings as well as event submissions, unless authorised to do so with your permission. The only data that we do store is through our email communications, processed invoices, supporting documents as well as contracts and agreements. The invoices and contracts and agreements are stored as hard copies and electronic versions. The hard copies do not leave the premises and are kept in our locked cabinet’s complying with the GDPR regulations. Regarding all our client invoices, they are shared with our legal financial cashier who places the invoices when paid into a designated invoice folder. In relation to your supporting documents, we share copies of these with our overseas solicitors and authorised agents as stated above. Please refer to the Coates Global Privacy Notice if you would like more in depth information about how we collect, protect, store and share data within our Company.

To conclude, the services our privacy notice applies to are the above email communications, processed invoices, supporting documents as well as all contracts and agreements.

Please read our Privacy Notice policy carefully and if you have any questions or concerns about how our policy works, please do not hesitate to contact us either by phone on 02077991606 or via email at info@coatesglobal.com.

Client confidentiality is the foundation on what our company, Coates Global Limited, is built. Privacy is the bond that unites us with our clients as we believe that privacy equates trust. For us to be credible representatives for you, our clients, we understand the importance of your privacy and respect it, therefore, processing your data accordingly to the GDPR requirements, the Data Protection Act 2018 and our Privacy Notice.

We take your privacy seriously. Our Privacy Notice is set in place to offer you a clear and concise summary of what we do with the data we collect from you. Our pledge is to only use your data for your personal use and in matters where it benefits you i.e. contacting our overseas solicitors or authorised agents in legal matters for both Golden Visa and Citizenship by Investment programmes. Additionally, in countries where it is necessary, we will send your details to our abroad partners who will review your case and support you throughout the duration of your application including the best next steps for you to take.

When dealing with you concerns, the data we collect is limited. We use cookies on our website to help its operation, analyse our optimisation as well as helping record your information that is tailored to your chief interests. There is a contact form on our website that if filled out, you give us your consent to access you on the details provided. In your best interest, there is always the option to remove these cookies, however, there is a possibility that this will influence the way in which our website functions and how you can view it. Please read our Cookie Policy if you are keen to know more about this.

As mentioned, the data we collect is minimum. We do not store data through phone and skype meetings as well as event submissions. However, the data we do store, besides cookies, comes from email communications, contracts and agreements, and processed invoices.

Bearing in mind that all email communications between you and a member of our Coates Global Group (including employees, partners, associates, solicitors and authorised agents) are confidential, these email communications are stored on our Coates Global Group outlook servers. If requested by you to clear all data off these outlook servers, we would dispose of them accordingly. However, by law there are some cases where we would not be able to remove them, especially if the information within the emails were needed to help provide our services regarding your application. To find out more, please check with our Data Compliance Officer, Hannah Hutcheon, to understand when we can delete your data of our outlook servers as well as your rights. Additionally, please refer to sections “When do we share personal data?” as well as “Your rights in relation to personal data”.

All contracts and agreements are not shared outside of those who enter the agreement i.e. Coates Global Group and client, as well as invoices. Both are stored in electronic versions as well as hard copies. The hard copies for both invoices, contracts and agreements do not leave the premises and are stored in our locked cabinet’s that comply with the GDPR requirements. Regarding all invoices, they are shared with our legal financial cashier who stores the paid invoices into a designated invoice folder, which is then stored in a GDPR locked cabinet. Additionally, with your consent and agreement in handling your application under our services, there are essential documents needed to process in order to support your case. The supporting documents vary depending on the type of programme you wish to apply for. More information about which relevant supporting documents you will need to provide will be spoken in depth with you during your application process. These documents provided are merely scanned and notarized documents of your original documents that are kept on Coates Global Google Drive database. These documents are only stored there until the end of your application. The Google Drive is password encrypted for all our employees who will deal with your case. In your best interest and in compliance with the programmes Government regulations (primarily with Caribbean programmes), we have authorised agents situated in these countries and with your consent would need to transfer the supporting documents over to them via DropBox. Please be assured that your personal information is kept safe and protected as we have data security on our DropBox, only authorising those parties involved with your application. Apart from our London office, we have offices in Malta and Lisbon that comply with the same GDPR requirements. Our abroad offices deal with your application once an agreement has been officialised by all-party members. To find out more, please contact us on the email provided below.

To conclude, the services our Privacy Notice applies to are the above cookies, email communications, all contracts and agreements as well as invoices.

The Privacy Notice may be modified at any time in accordance with the Data Protection Act 2018.

Please read our policy carefully and if you have any questions or concerns about how our Privacy Notice works, please do not hesitate to contact us either by phone on 020 7799 1606 or via email at info@coatesglobal.com

We are Coates Global Ltd; a British immigration consultancy firm that deals with Golden Visa and Citizenship by Investment programmes. Our data is controlled by us, the data controller, Coates Global Limited, 9 Dacre Street, London, SW1H0DJ, and more specifically managed by our data compliance manager, Hannah Hutcheon. If you are seeking any advice regarding your data, please address all your queries to her at hannah@coatesglobal.com. Alternatively, you can call her during our office hours, which are from 09:00 – 18:00 on 020 7779 1606.

The information from the data we collect varies depending on the platform you reach us on. If you decide to give us a call, one of our employees will usually ask for name, the subject matter you would like to discuss and transfer you over to the relevant person who can deal with your query. If, however, our expert is not available at that time, one of our employees will ask you for your contact details that will be sent over via email to the expert most suited to deal with your request – whether this will be by phone or email, or perhaps both. Alternatively, we have had clients who wish for us to call back at a more convenient time rather than one of our employees noting down their details. We respect any decision you choose to make relating to your personal information and will not do anything without your consent. Please be aware that when you call our lines, your number will be shown on to our phone system and stored, temporarily, on this system. If you would like us to clear your information off our phone system, please let us know and this will be acted on immediately.

We collect data, as mentioned, through our contact form via our website, website cookies, email communications, phone calls (if authorised by you), invoices, supporting documents (copies) as well as all contracts and agreements. All this data is collected from us as the first-party and we do not retrieve any data from third-parties. In the future, we intend to curate newsletters for you so that you can keep up to date with all the latest Golden Visa and Citizenship by Investment news as well as invitations to our upcoming events. We will notify you when this feature is put in place and it will only be sent to you if you wish to subscribe to our newsletters. Please see below what information is collected via which method:

Website
Contact form – name, email address, number
If you wish to leave us a subject line and message via our contact form, this is a feature available for you, however, it is not a mandatory option to fill out. 

Cookies
Track users who enter our website, record your visit, including the pages and links you have followed

Email Communications
Email address, content of the email and if applicable, email signature containing company/personal information, such as, telephone number/s, including mobile, website URL, fax number

Phone calls 
Name, contact details i.e. phone or email or both

Invoices
Name, billing address

Contracts and Agreements
Name, date of birth, passport number, travel document number (if required), signature, home address, dependants details (if required)

Personal documents (copies)
Passport, travel documents, residency card (if applicable), drivers licence (if applicable), bank statements, birth certificate, marriage certificate, fingerprint and photograph verification form, medical test results, police certificate, proof of residential address, notarized copies of education certificates (if applicable), letter of employment

Stated above, it is important that you are clear that all data collected is all from the Company and we do not retrieve or scout for any data from third-party entities. If we started implementing services from third-parties, we would inform you immediately to these changes and will update our Privacy Notice for your benefit.

As we are an immigration consultancy firm, we handle and process sensitive personal data as well as financial information. For your awareness, sensitive personal data relates to information concerning your racial or ethnic origin, political opinions, religious belief, trade union activities, physical or mental health, sexual life or details of criminal offences. As mentioned in the paragraph “Introduction” it states that we deal with invoices, supporting documents as well as contracts and agreements, that do contain a number of these sensitive personal data and financial information. However, we handle this category of data with the upmost care and respect therefore, we only share the data with authorised agents and solicitors, if it is a requirement with the Governments regulation for a specific programme. Throughout the procedure of your application, we guarantee to keep you in the loop always and if there is anything that you do not feel comfortable with and have any queries then please do let us know and we promise to inform and support you with this. Please see below the “How do we use personal information?”paragraph for more information.

The Data Protection Act 2018 requires that eight data protection principles are followed in the management of personal data. These are that personal data, sensitive and non-sensitive, must be:

• Fairly, transparently and lawfully processed.
• Obtained and processed for limited purposes and not in any manner incompatible with those purposes.
• Adequate, relevant and limited to only data that is necessary to perform the purpose for which it was obtained.
• Accurate and up to date.
• Not kept for longer than is necessary.
• Processed in accordance with the data subject’s rights.
• Secure.
• Not transferred outside of the EEA or between countries without adequate protection.

Bearing these principles in mind, we are committed to being as transparent and open about our Privacy Notice inclusive of how we protect, collect, share and hold your personal data.

The nature of our business is to provide you with accurate consultancy services helping you acquire official, lawful residency permits and citizenships via the route of investment. The sensitive personal data and information is used by our overseas solicitors and authorised agents who will deal with all legal matters concerning your application (if it is applicable to your chosen programme). How they use this type of data and information is that it will be sent over to the immigration department of these countries who will either authorise or reject your application. All this data and information is protected and safeguarded by Government officials inclusive of the transfer of these supporting documents.

We use data for both service- and business- related purposes. Please see below how we use your personal information in both categories:

Service-related

• Providing consultancy services
• Recommending programmes suitable for your requirements
• Offering subscriptions and events to those interested
• Setting up an account with us
• Assisting with trip/s abroad
• Scanning personal documents
• Availability via email and/or phone communications

Business-related

• Legal obligations, for example, prevention of fraud
• Meeting internal audit requirements
• Internal research and development purposes
• Administrative work
• Producing contracts and agreements tailored to your needs
• Delivering marketing communication

The lists above are tailored according to your needs on how you best would like us to use your personal data; some will not be relatable to you.

We will process personal data about you only as far as is needed for managing the Company’s business in which you have employed. Unless you specifically authorise its disclosure, your personal data will not be disclosed to anyone else other than authorised employees, other companies within the Group, those who provide relevant products to the Company (such as advisers and payroll administrators), regulatory authorities, potential or future employers, governmental or quasi-governmental organisations and potential clients of the Company or of that part of the business in which you work.

Due to the nature of Coates Global Ltd, our processing conditions stand on six legal grounds:

• Consent – permission to handle your application and personal data based on the requirements for either the Golden Visa or Citizenship by Investment. This legal ground is the first stage before abiding by the terms of the contract that all applicants can withdraw from and manage according to their preferences. The consent is a written declaration that accommodates and protects both parties. Please read Article 7 of the GDPR for more information about the conditions for consent.

• Contract – complying with Article 6(1)(b) of the GDPR, contracts authorises both parties of all obligations that must be carried throughout the duration of either Golden Visa or Citizenship by Investment application. If the contract has been breached by either Client and/or Company, the contract is immediately terminated.

• Legitimate interests – when transferring client’s personal data to authorised agents or employees associated to Coates Global Ltd, this ground is set in place to ensure that security measures and fraud protection are followed through. This ground is heavily enforced, especially when in association with a child’s data as stated in Article 6(1)(f) of the GDPR. In the unlikelihood that documents were to be exposed to a third party outside of those in agreement with the application, a right to a court hearing would be enforced. 

• Vital interests – we use the grounds of vital interests for the welfare for all our clients when having a medical assessment as a requirement for their application. This, however, is done by a third party qualified doctor of the country of application in question as well as having the third-party doctor associated to the Company. As the requirements states, if the candidate for a programme is not in good health, we have no liability over the client and the application will not be submitted on this ground. Please refer to Article 6(1)(d) and recital 46 for further guidance.

• Public task – as exercised by our third-parties, the official authority governing the country, for example, Identity Malta, have permission to access your documents, which are laid down by domestic and EU laws. If such laws are breached, persecution will be enforced on these third-parties in accordance with Article 6(1)(e).   

• Legal obligation – Article 6(3) requires that the legal obligation must be laid down by UK or EU law as well as abiding Recital 41. The legal obligation Coates Global Ltd and its Group has over your legal documents is during the application process whereby authorised agents will have access to all the required documents as per the programmes checklist.

We never share personal data with anyone outside of Coates Global Ltd, including authorised agents, unless we have been authorised to do so by you. As mentioned, we treat personal data with confidentially and safeguard personal data at all costs.

When data is to be shared within the Company as a means of providing our services to you and conducting our business operations, we treat it with confidentially and protect it in such manners:

How will we share your data?

• Private access via OneDrive of your legal and supporting documents
• Copying and forwarding emails to authorised agents and official third-parties. Failing this, this could prevent us from continuing with your application as this will impact the performance of the contract on the lawful ground of legal obligations. Please see section “What legal basis do we have for processing your personal data?” for more information about the legal obligations
• Scanning documents that are then archived on the Coates Global OneDrive account for employees overseeing your application to review

What safeguards do we have in place?

• Email passwords for all Coates Global Group of employees, partners, authorised agents, solicitors and welcomed associates
• IT manager who regularly checks our cyber security is running on the latest and most up-to-date software version
• Official locked cabinets recognised and certified by the GDPR

What parties we may share the data with and why?

• Authorised agents – programmes must act in accordance to the law as it stands in the countries they represent so that a citizenship/residency permit is authorised and granted
• Government bodies – reviews made by Government bodies to grant a citizenship or residency permit
• Marketing team – already established in Coates Global Ltd. For those of you who wish to subscribe to our upcoming newsletter, our marketing team will only have access to limited personal data, such as, email addresses; unless another mode of communication is specified by you.

Please note that you have the right to withdrew and ask us to delete all personal data for your security at any given time, except if the documents are required by law. To read more about your rights and exemptions, pleas refer to paragraph “Your rights in relation to personal data” in the Coates Global Privacy Notice.

The personal data we store is either on our Company’s computers hard drives, employee’s outlook email addresses and through our password secured Coates Global OneDrive account. We archive, share information with third-parties (related to Coates Global Ltd as mentioned below) and securely dispose data.

The data stored is processed in agreement with the Governing bodies and authorised agents who require your sensitive-data so that you can benefit from our services and receive either a citizenship or residency permit.

As we do transfer data outside the European Economic Area, the measures we put in place to provide an appropriate level of data privacy protection are through our contractual clauses with you. If you would be more confident in us to receive a contract as well as a data transfer agreement, we will happily comply to your wishes and produce one at your request. This can be in relation to those applicants who wish to apply for a citizenship in one of the Caribbean islands as their data will be sent to our solicitors or authorised agents in those countries via Google Drive or DropBox. The shared access points will only be with those parties who have access to them and who will process the files for submission.

Please be aware that the no documents are sent via post to secure and protect your personal. Unless the application requires original versions of documents due a change in domestic and abroad policy and laws, we will only use trusted delivery/courier companies, such as, DHL and FedEx.

Article 5(1)(f) of the GDPR concerns the ‘integrity and confidentiality’ of personal data and can also be referred to as the GDPR’s ‘security principle’.

This principle states that:

‘Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures’

Our approach to your data security is via the technologies and the procedures we use to protect personal information. We have an IT manager who secures and monitors our cyber security, acting on any unorthodox activity on all our devices and technologies, including, phones, computers, online email, IP addresses and our website.

Our IT manager covers all measures:

• To protect data against accidental loss
• To prevent unauthorised access, use, destruction or disclosure
• To ensure business continuity and disaster recovery
• To restrict access to personal information
• To conduct privacy impact assessments in accordance with the law and your business policies
• To train staff and contractors on data security
• To manage third-party risks, through use of contracts and security reviews

This is then recorded and stored as an assessment in our Coates Global OneDrive, secured with a password.

At Coates Global, we cannot specify a length of time on how long we keep personal data for as our data is categorised into different sections. Please see below these sections as well as information about how we securely dispose of your personal data:

Cookies
We use cookies to help analyse, improve and develop our website. If you opt out to not accept our cookies, personal data about you will not be stored. However, this may affect how our website functions. If you accepted our cookies and have submitted any information via our contact form, your personal data i.e. name, phone and email address will be kept from the point of contact until the query has been answered. We have clients who are with us for years and are happy for us to store their contact details. You have the right to withdrew and manage your personal data. When this happens, our IT manager clears cookie threads that have relevance to you and your personal information

Phone calls 
As our phone calls are not recorded, no data is stored. However, if you have consented and left your contact details with us for an expert to contact you again, the details will be sent over to them and stored via email communications. Please see below on how long we keep this and then dispose safely of the information.

Email Communications
Due to the nature of our work, we heavily rely on email communications as our main means of communication. All emails are protected by our password policy and we store data for as long as we have contact with you. If, for any instance, you would prefer for us to withdrew and dispose of your information, our IT manager will do this immediately. Our IT manager, also, securely disposes of all inactive email communications per 3 years to protect your data. If you have subscribed to our upcoming newsletter and wish to unsubscribe, please do so and we will immediately take you off our emailing list.

Invoices
Invoices are kept for the financial year and will not be disposed of, only securely archived for the company’s financial history. The invoices are kept both as an electronical version as well as a hard copy. All invoices that have been made void or are not transactions will be destroyed of via our shredding procedure. Please see more information about this in section “Personal document (copies) of paragraph “How long do we keep your personal data for?”. If there are any concerns about keeping your personal data on the invoices then please contact the data compliance manager, Hannah Hutcheon, to discuss this in more detail.

Contracts and Agreements
Once all terms and conditions have been filled out by either party, we archive the contract digitally as well as store a hard copy in one of our safety cabinets. If, for any reason, you would like us to withdrew and dispose of the contract, please contact the data compliance manager, Hannah Hutcheon, to discuss this in more detail.

Personal documents (copies)
Depending on the type of programme you opt for, depends on how long we will store copies of your personal documents. Please refer to section “What information do we collect?” to see the types of personal documents we collect. Once your application is completed and your personal documents are no longer needed for your application, our IT manager disposes of all digital information, adequately, as well as all hard copies of your information is shredded on-site and a data destruction specialist and vetted staff will dispose of your shredded documents with the upmost highest security.

Technology
We have a password policy set in place for all users, employee’s, partners, solicitors, associates and authorised agents to access your data, when needed, for us to provide our services. If a third-party is invited, with your consent, who needs access to your personal data, we will digitally share the documents on an independent platform i.e. DropBox, where they can have access to it. Once the application has been submitted and there is no need to process the documents, the DropBox folder shall be disposed of securely. If technological problems occur with any technological equipment of the Company, our IT manager will archive all documents that can be saved if an application is still in process or to be submitted, as well as securely disposing and erasing all data

Please read the below paragraph “Your rights in relation to personal data” to understand how you can exercise your rights and understand the exemptions of them.

Under the GDPR, we respect the right of data given to us with your permission to access and control. Considering this, we acknowledge your rights and ensure we strictly follow the regulations in accordance to the GDPR. The GDPR provides the following rights for individuals:

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling

We respect your rights in with the eight above rights as well as:

• Access to personal information
• Correction and deletion
• Withdrawal of consent (if processing data on condition of consent)
• Data portability
• Restriction of processing and objection
• Lodging a complaint with the information commissioner’s office

In correlation to the above, you will always have the right to exercise your rights on how you would like us to manage and/or withdraw your personal data. Our response will be to act in accordance to your wishes. Please refer to https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/whereby your rights are clearly and transparently laid out. Coates Global Ltd confirm that we respect and abide to the GDPR Guide and your rights.

However, please note, there are exemptions in terms of archiving data where it is required by law i.e. once an application has been authorised, sent off for submission and a granted, we have no control over the personal data kept by the Government where applied. Additionally, we have no authority to then withdrew or delete this data.

Article 22 of the GDPR has additional rules that protects individuals from companies who carry out automated decision-making, however, our Company does not provide such services.

Coates Global Ltd prides ourselves in 100% customer satisfaction in all aspects of our business model, including, data protection regulations. If you have a query or concern regarding how your data is stored, your personal information, our Privacy Notice or if you wish to file a complaint, please contact us on either of the following:

Via Post
9 Dacre Street
Westminster
London
SW1H 0DJ

Via Phone
020 7779 1606

Via Email
info@coatesglobal.com
hannah@coatesglobal.com

Our website collects three first-party cookies and only one third-party cookie.
The first party cookies are hs, svSession and XSRF-TOKEN, and the third-party cookie is Vimeo. Please read paragraph “Introduction” as to why we collect cookies.

We are aware that when new features are added to our website, this potentially could increase/decrease the number of cookies we have (both first- and third-party cookies). If our Privacy Notice is still in the May 2018 version during this time, please feel free to use the link below to check the number of cookies we have as well as the types of cookies there are:

http://www.cookie-checker.com/check-cookies.php?url=coatesglobal.com

It’s up to you to decide whether you want to allow cookies, but if you don’t want them, you’ll need to block them in your browser settings.

According to PECR, The Privacy and Electronic Communications (EC Directive) Regulations 2003, the EU is in the process of replacing the e-privacy Directive with a new e-privacy Regulation to sit alongside the GDPR. However, the new Regulation is not yet agreed. For now, PECR continues to apply alongside the GDPR. Once the regulations have been set in place, we will notify you of the changes to the e-privacy Directive. To understand more about PECR, cookies and similar technologies, please see the links below:

https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/

https://ico.org.uk/for-organisations/guide-to-pecr/what-are-pecr/

 

In addition, you can find a link to the full text of the original PECR – and to the exact changes made in the 2004, 2011, 2015 and 2016 amendment regulations – on the ICO website in their section, “what we do” (https://ico.org.uk/about-the-ico/what-we-do/).

We are transparent with all our policies and notices including our cookie policy, therefore, all information on how to do this and other cookie queries can be found on our Coates Global Cookie Policy. Please see website to download.

If there is more specific information you would in relation how our Coates Global Privacy Notice works in correspondence to the GDPR, please head over to the ICO website where you can refer to the GDPR Guide.

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

For definitive legal advice on providing privacy information under the GDPR, see the Information Commissioner’s Office guide on privacy notices. Thank you.