Privacy Notice

General Data Protection Regulations (GDPR) Privacy Notice


Our GDPR Privacy Notice explains how 121 Visa Consulting Limited, trading as 121 Visas (referred to as ‘we’ or ‘us’ in this Notice) protect and process personal data on behalf of clients and others using other our services and website.


Please read this Privacy Notice carefully to understand why data is collected and what we do with that data once it is in our possession.


Clients of the firm should also refer to our Terms of Engagement which provide further information on confidentiality, data privacy and disclosure.


The website covered by this Notice is ‘’. The Notice does not apply to any websites that may have a link to ours.




Data is collected, processed and stored by 121 Visa Consulting Limited (trading as 121 Visas) who is the data controller. 121 Visa Consulting Limited (trading as 121 Visas) is a private limited company registered in England & Wales under company number 07996468.


We are authorised and regulated by the Office of the Immigration Services Commissioner (OISC). Our Data Protection Officer is the Director, Stephen Atkinson. He can be contacted by email at




Our website and services are not aimed specifically at children because in our work children are generally represented by their parents or guardians. If you are a child and need further advice or explanation about how we would or do use your data, please contact our Data Protection Officer, who may be able to assist.


Personal data


The exact information we will request from you will depend on what you have asked us to do or what we are contracted to do for you. This Privacy Notice is intended for clients and prospective clients only.


Typically we will need your full name, address, date of birth, e-mail and telephone numbers and if a transaction is involved, your banking details may be needed too. In other cases we may need to ask you about medical or other information of a sensitive nature if this is required to carry out your work.


To comply with our legal obligations to verify your identity we are likely to require you to provide copies of certain documents and to respond to any queries we may have. If a transaction is involved we will be asking about the source of funds and requesting supporting documents. Once your matter has been concluded the file will be archived for at least six years.


Use of your personal data


The primary reason for asking you to provide personal data is to allow us to carry out your requests, for example, to provide a quote or to carry out your legal work.


Your information may be used for:


  • Verifying your identity and to establish the funding of any transaction you have asked us to carry out on your behalf. In a limited number of cases, where funding is being provided by a family member or third party, we may need to ask you to obtain information from them and personal information provided us will also be subject to the terms of this Privacy Notice;
  • The detection of fraud;
  • Communicating with you during the matter;
  • Providing you with advice, to carry out work on your behalf or on behalf of any organisation you represent, prepare documents or to complete transactions on yours or your organisation’s behalf;
  • Keeping financial records of your transaction and the transactions we make on your behalf. We do not store payment card information.
  • Seeking advice from third parties in connection with your matter;
  • Responding to any complaint or allegation of negligence against us;
  • Internal management and planning, which includes:
    • Resource management;
    • Planning of tasks or meetings;
    • Keeping records of sources of work and new enquiries; and
    • Storage and archiving or files and documents.


Use of cookies


A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.


We use traffic cookies to identify which pages are being used. In particular, portions of this website use Google Analytics, a web analytics service provided by Google, Inc (“Google”). Google uses cookies to help the website analyse how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. This helps us analyse data about web page traffic and improve our website in order to tailor it to client needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate setting on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.


Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.


You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you may modify your browser setting to decline cookies if you prefer. This may, however, prevent you from taking full advantage of the website.


Disclosure of data


During the course of carrying out your legal work we are likely to need to disclose some information to parties outside 121 Visas, but these disclosures are only made when required by your work. Examples might include, but are not limited to, providing your information to:


  • The Home Office (UK Visas and Immigration);
  • The Office of the Immigration Services Commissioner (OISC);
  • Family, associates or representatives of the person whose personal data we are processing;
  • Business associates;
  • Accountants and other financial bodies;
  • Translation companies


How long we keep your information for


Information may be held in computers or manual files. We only retain the information for as long as is necessary to:


  • Carry out your work;
  • As is required to be kept by law;
  • Until the period that you could make a claim against us has elapsed, which is usually seven years after the matter is concluded or, if we acted for a child under 18, when they reach their 25th birthday;
  • If we have acted in a matter in which you had suffered mental impairment or a provisional award has been made, then the file can be kept for up to 100 years from the date of birth;
  • For the duration of the length of your visa (if applicable) and until any relevant immigration timescales have concluded;
  • Comply with any client instructions to extend the retention period in relation to their documents.


Information obtained from prospective clients is kept for up to twelve (12) months for the purpose of providing quotations and any subsequent follow up.


Sharing of data


We do not share personal information with third parties unless we need to do so. Data may be shared to complete client’s work and as required by law. As your information will be stored on computer, it could be shared with our system maintainers for fault diagnostics but we will take steps to protect your data should third party access be required.


We will never sell your personal information to third parties.


Data protection and security


We have technological and operational security policies and procedures in place to protect your data from loss, misuse, alteration or unintentional destruction. Our personnel who have access to the information have been trained to respect your confidentiality and to look after the data in our possession.


Inaccurate information


If you think any information we hold about you is incorrect or incomplete or has been changed since you first told us, please let us know as soon as possible so that we can update our records. We do not routinely carry out a data retention review.


Access to your personal information


The General Data Protection Regulations replaced the Data Protection Act 1998 on 25th May 2018. Under both sets of regulations you are entitled to request a copy of your personal data. If you wish to make a subject access request, then please contact our Data Protection Officer, Stephen Atkinson.


A subject access request entitles you to a copy of the personal data we hold on you. The focus of the information we have to provide is you and will include such things as records of your name, address, contact details, date of birth etc. This means that a subject access request will not normally result in you getting a copy of a file because the focus of the documents it contains are likely to be the transaction or immigration matter rather than your personal information.


What happens if I don’t want you to use my personal data?


The General Data Protection Regulations provide you with three rights, the right to object to specific types of processing, the rights to be forgotten and the right to restrict processing.


Depending on the nature of the request, we will comply with it to the fullest extent possible, but in some cases, this could mean that we are unable to continue with your matter, in which case work would cease at the earliest opportunity, but you would remain liable for the fees and disbursements incurred to date.


In certain situations you may be able to ask for restrictions to be placed on the processing of your data of to exercise your right to be forgotten.


A restriction has the effect of freezing data so we would continue to store your personal information but could not do anything with it. This might be relevant to you if you had any query or concern over the way your data was handled. A right to be forgotten would usually apply if data is processed unlawfully or otherwise fails to satisfy the requirement of the General Data Protection Regulations.


Complaints about the use of your personal data


Please contact our Data Protection Officer if you have any complaint or concern over how your data will be used. They will acknowledge your complaint and reply to your concerns. If you are not satisfied with the response, the UK regulator on data protection issues is the Information Commissioner’s Office. Their telephone number is 0303 123 1113 and website which is


Changes to this notice


The current data privacy notice will always be available on our website.


Jurisdiction and applicable law


The English courts will have exclusive jurisdiction over any claim arising from or related to a visit to our website or a data breach.