1. Introduction
1.1. This is a notice to inform you of our policy covering all information that we record about you through our website or when you contact or contract with us. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“Personal Data”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website or who use our products and services are entitled to know that their Personal Data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party. We undertake to preserve the confidentiality of all information you provide to us, and ask you to reciprocate in respect of our confidential information. Our policy complies with EU data protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (“GDPR”), with The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (“UK Privacy Laws”) and with Statutory Instrument 336 of 2011 – European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (together, “Data Protection Laws”). .
By using our website and/or our services and products, you consent to this Privacy Policy and the processing of your Personal Data as described below.
The law requires us to tell you about your rights and our obligations to you with regard to the processing and control of your Personal Data. We do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org. Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
The law requires us to determine under which of six defined bases we process different categories of your Personal Data, and to notify you of the basis for each category. If a basis on which we process your Personal Data is no longer relevant then we shall immediately stop processing your data. If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
This Privacy Policy applies in respect of all applications for the supply of products and services and employment contracts with GCR where you have contracted directly with GCR; GCR is the Data Controller in respect of your Personal Data in these circumstances.
We do not collect any information from anyone under 18 years of age. Our website, products and services are all directed to people who are at least 18 years old or older.
2. Information / Contractual Obligations
2.1. Data Controller/DPO
The Data Controller in respect of your Personal Data is:
GCR German Citizen Restoration Limited (“GCR”)
E: info@germanpassport.co.uk
UK: 020 8066 9900
Int’l: +44-20-8066 9900
By post:
GCR
Broadley House – 2nd Floor
48 Broadley Terrace
London
NW1 6LG
England
Our Data Protection Officer (“DPO”) can be contacted as follows:
sara@germanpassport.co.uk
2.2 Information we process because we have contact or a contract with you.If you use our website or contact us by email, telephone or post, we obtain very limited contact Personal Data which you provide to us voluntarily; you consent to this Privacy Policy and our website Terms and Conditions of Use. When you agree to our terms and conditions for the provision of our products and services, a contract is formed between you and us. In order to carry out our obligations under that contract we must process the information you give to us. Some of this information may be Personal Data, including your name, address, email, telephone number. We shall also obtain details of your ancestors; the data of deceased persons is not Personal Data under the Data Protection Laws, but may constitute Personal Data if it can be used to identify you.
We may use your Personal Data in order to:
Verify your identity for security purposes
Sell products to you. Provide you with our services
Provide you with suggestions and advice on products, services and how to obtain the most from using our website.
Other direct marketing.
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract. We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract. Additionally, we may anonymise and aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, you as an individual will not be personally identifiable and Data Protection Laws are not relevant.
2.3 When you apply to or join the GCR team, GCR shall be Data Controller in respect of your Personal Data and this Privacy Policy shall apply. Where you provide your Personal Data to us as a prospective or current member of the GCR team, this enables us to fulfil our contractual obligations to you and/or is necessary for legitimate purposes. You will receive GDPR training and this Privacy Policy is an important part of that training.
2.4 When you contact or contract with GCR as a professional, with a few exceptions, we require Personal Data limited to the kinds of information that can be found on a business card: first name, last name, job title, employer name, work address, work email, and work phone number.
2.5 Special Category Data. With your express consent and to fulfil our contract with you, we may be required by German regulatory authorities in the citizenship petition to collect and process data of your religion which is special category data. Pursuant to Article 9 of the UK GDPR, we only process this Personal Data with your express consent. Religious beliefs is a category of Personal Data recognised by Data Protection Laws as special category data. The presumption is that this type of Personal Data needs to be treated with greater care because collecting and using it is more likely to interfere with your fundamental rights or open you up to discrimination. Therefore all such Personal Data is only processed by us when you complete a Contact Form or otherwise contract with us and expressly consent to such processing. it is necessary so that we can provide GCR’s services to you as agreed.
3. Information which we process with your consent
3.1. Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about GCR, you provide your consent to us to process information that may be Personal Data. Wherever possible, we aim to obtain your explicit consent to process this information, for example, by asking you to agree to our use of cookies, and via the disclaimer on our Contact Forms. Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply. Please note that Personal Data supplied by you to us using our website Contact form or by email or email attachment is not encrypted until processed in our system.
Except where you have consented to our use of your Personal Data for a specific purpose or have contracted with us, we do not use your information in any way that would identify you personally. If you have given us explicit permission to do so, we may from time to time pass your Personal Data (name and contact information) to selected associates whom we consider may provide services or products you would find useful.
3.2 We continually strive to improve our services and the website offerings based on the information and feedback we receive from you. Your information helps us to respond more effectively to your requests and support your needs. We continue to process your information on this basis until you withdraw your consent. Note: If at any time you would like to unsubscribe from receiving future communications, we include detailed unsubscribe instructions at the bottom of each communication. You may withdraw your consent at any time by instructing us at sara@germanpassport.co.uk
However, if you do so, you may not be able to use our website or our services further.
4. Information / Legal Obligation
4.1 We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation, as necessary to protect the security and integrity of the website and our services or in response to a request for cooperation from a law enforcement or other government agency. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This information may include your Personal Data. Further, your Personal Data may be used: to permit applications for employment with us and related activities to such applications and contracts for service or services; to establish or exercise legal rights; to bring or defend legal claims; for responsible corporate governance or as otherwise required or permitted by applicable laws and/or regulations; in circumstances in which we believe disclosure is appropriate in connection with fraud prevention and prevention of other illegal, or unlawful activity or any other activity which is or may be contrary to our legal and regulatory compliance obligations and for other legitimate purposes as provided by the Data Protection Laws.
5. Information / Specific Uses
5.1 Personal Data submitted on this website will be used for the purposes specified in this Privacy Policy or in relevant parts of the website.
We may use the Personal Data which you provide to us through the website, contact or contract with us to:
Send to you general and marketing communications;
Send to you e-mail notifications;
Notify you about changes to our service;
Ensure that content from our site is presented in the most effective manner for your and for your computer;
Provide third parties with statistical information about users, this information will not be used to identify any individual user;
Deal with enquiries and complaints made by or about you relating to the website;
Pursuant to our contract with you, to access the german archives by post on your behalf and to progress your application for German citizenship with the appropriate regulatory authorities We may also use the information which we collect to: Administer our site, for internal operations, including troubleshooting, data analysis, testing, research, statistical / review; Improve our site to ensure that content is presented in the most effective manner for you and for your computer; As part of our efforts to keep our site safe and secure; Measure or understand the effectiveness of advertising we serve to you and others, and deliver relevant advertising to you;
Make suggestions and recommendations to you and other users of our site about services that may interest you or them.
Information we receive from other sources:
We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We will not, without your express consent or when you are an existing contact, provide your Personal Data to any third parties for the purpose of direct marketing.
6. Your Rights
6.1 You have various rights in respect of your Personal Data which can be summarised as follows:
6.1.1 The right to be informed. Where GCR intends to collect your Personal Data, where this is not for fulfilling a contractual obligation owed by GCR to you, you have a right to consent or object to such collection for the intended purposes. In respect of each intended purpose where your consent is required because it is not otherwise lawful you will be asked to tick box to indicate your consent to each intended purpose for processing of your Personal Data
6.1.2. The right of access. You may request to receive a copy of any Personal Data held by us, which personally identifies you. We may ask you to verify your identity and for more information about your request.
6.1.3. The right to rectification. We will correct or erase inaccuracies in the information we hold about you when we learn of the inaccuracy.
6.1.4. The right to erasure. Personal Data may be erased if we do not have a contractual or legitimate reason for retaining the information. The provision of your Personal Data is voluntary. You can request that we delete it at any time. If you wish us to remove Personal Data from our systems, you may contact us at sara@germanpassport.co.uk This may limit the service we can provide to you.
6.1.5. The right to restrict processing.
6.1.6. The right to data portability.
6.1.7. The right to object.
6.1.8. Rights in relation to automated decision making and profiling. GCR does not carry out any automated decision making.
6.2 Verification of your Personal Data. When we receive any request to access, edit or delete Personal Data we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
6.3 Retention Period for Personal Data. We retain all Personal Data of clients and personnel resources for six years from your last contact or order for our products or services or from last communication from the German regulatory authorities, whichever is later. After this time it is anonymised and ceases to be Personal Data; we may anonymise or pseudonymise the data earlier if you so request in writing. We also retain data as necessary on our practice management software which complies with appropriate technical and organisational measures to maintain its security for as long as required by us:
To provide you with the services you have requested;
To comply with other law;
To support a claim or defence in court;
For legitimate purposes.
7. Complaints regarding content on our website or Processing of Personal Data
7.1 If you have a reason to complain about how your Personal Data has been controlled and processed by us, please in the first instance contact us and we shall endeavour to resolve your queries promptly. If we feel that the complaint is justified or if we believe the law requires us to do so, we shall remove the content while we investigate. If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.
7.2 When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint. If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.
7.3 How you can complain
If you are not happy with our Privacy Policy or have any complaint then you should tell us by email. Our address is sara@germanpassport.co.uk
If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
If you are in any way dissatisfied about how we process your Personal Data, please contact us in the first instance, so that we can try and resolve the issue. However, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at https://ico.org.uk/concerns/. Please copy any such communication to us so that we can work to resolve any outstanding issues promptly.
8. Contacting Us
8.1 When you contact us, whether by telephone, through our website or by e-mail, we collect the Personal Data you have given to us securely in order to reply with the information you need. We record your request and our reply as well as the Personal Data associated with your message, such as your name and email address and other contact details so as to be able to track our communications with you to provide a high quality service. This data will be stored securely for as our retention policy provides and legitimate purposes permit.
9. Cookies
9.1 This website uses Google Analytics to help analyse how users use the site. The tool uses “cookies,” which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity.
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personal Data of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personal Data from any source, unless you explicitly submit that information via a fill-in form on our website.
9.2 We may aggregate information in a general way and use it to provide class information; by using the website or emailing us, you consent to this anonymization of your information. We may collect and anonymise information about your visit to and use of the website, including sales data, traffic data and related site information, for example to monitor the performance of a particular page on our website. We may also collect anonymised information during the course of products and services which we provide. This information helps us to evaluate and improve our website and services and may also be used for investment analysis purposes. As Non-Personal Data does not personally identify you, we may use it for any purpose.
9.3 Please check our Cookies policy for further cookies.
10. Personal identifiers from your browsing activity
10.1 Requests by your web browser to our servers for web pages and other content on our website are recorded. We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution. This information is recorded by Google Analytics as well as via certain 3rd party plugins installed on our website. We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you. If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.
11. Our use of re-marketing
11.1 Re-marketing involves placing a cookie on your computer when you browse our website in order to be able to serve to you an advert for our products or services when you visit some other website. We may use a third party to provide us with re-marketing services from time to time. If so, then if you have consented to our use of cookies, you may see advertisements for our products and services on other websites.
12. Our use of Call Tracking
12.1 We may have call tracking installed on our website. This tracking will automatically record certain information about the visitor by using various types of technology including cookies, clear gifs or web beacons. This automatically collected information may include the phone number, IP address or other device address or ID, geographic location of the visitor, web browser and/or device type, the web pages or sites visited just before or just after visiting the site, the pages or other content the visitor views or interacts with, and the dates and times of the visit. Calls may also be recorded.
13. Access to your Personal Data
13.1 At any time you may review or update Personal Data that we hold about you by contacting us. To obtain a copy of any information that is not provided on our website you may send us a request at sara@germanpassport.co.uk
After receiving the request, we will verify that you are who you claim to be and then we shall provide to you the information within 30 days. In usual circumstances, no fee is payable.
14. Disclosure of Personal Data
14.1 Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the product or service requested.
14.2 We may disclose your Personal Data within the GCR group, to German archives when researching for your petition and other professional advisers, and to such other third parties as may reasonably be required in connection with the purposes referred to in this Privacy Policy, such as operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. The German regulatory authorities shall have direct access to your Personal Data and the service shall be provided to you at your instruction. We reserve the right to disclose any and all pertinent information to law enforcement or other governmental officials as we, in our sole discretion, believe necessary or appropriate.
14.3 In usual circumstances, all disclosures of Personal Data and its processing are within the European Economic Area (EEA), UK and Israel; the UK and Israel each are deemed by the EEA to be GDPR compliant with an adequate level of protection for compliance with Data Protection Laws under Article 45 of GDPR. The disclosures and processing of your Personal Data described in this Privacy Policy may in some circumstances be outside of the EEA, UK and Israel, for example if you yourself are based outside the European Economic Area (EEA); in such circumstances your contact or contract may involve the transfer, storage or processing of your Personal Data to such country, where the level of data protection is not as high as in the EEA. By providing us with your Personal Data in such circumstances you agree to such transfers of your Personal Data. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.
14.4 We may also disclose Personal Data in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our deployment Terms of Service, or may be causing injury to or interference with any of our rights or property, other users, or anyone else. We may disclose or access account information when we believe in good faith that the law requires it and for administrative and other purposes that we deem necessary to maintain, service, and improve our products and services.
15. Transfers of Personal Data outside of UK/EEA
15.1 The Personal Data which we collect from you is stored in one or more encrypted databases hosted by third parties located in the United Kingdom or EEA. These third parties do not use or have access to your Personal Data for any purpose other than cloud storage and retrieval.
15.2 GCR usually only collects and transfers to your Personal Data only to or within EEA, UK and Israel: in usual circumstances where processing to other countries is necessary it shall only process and transfer to or from such countries with your consent; to perform a contract with you; or to fulfil a compelling legitimate interest of GCR in a manner that does not outweigh your rights and freedoms. We endeavour to apply suitable safeguards to protect the privacy and security of your Personal Data and to use it only consistent with your relationship with us and the practices described in this Privacy Policy. For transfers of Personal Data to countries without an adequacy determination by the EU (“Inadequate Protection Countries”), we shall with the relevant professional where you have not provided consent adopt and agree without modification or amendment the EU Standard Contractual Clauses (“Standard Clauses”) for transfers of Personal Data from EU/UK to USA and such other countries. To the extent of any conflict of such Standard Clauses and this Privacy Policy, the terms of the Standard Clauses shall prevail without limitation to such transfers from EU/UK to Inadequate Protection Countries. You consent to this approach where applicable.
16. Compliance with Data Protection Laws
16.1 Our Privacy Policy has been compiled so as to comply with the law of every country or legal jurisdiction in which we aim to do business. If you think it fails to satisfy the law of your jurisdiction, we would like to hear from you. However, ultimately it is your choice as to whether you wish to use our website, products and services or otherwise contract with us. GCR complies with the principles of EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. GCR is not a registered US company and therefore cannot certify that it adheres to the Privacy Shield principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield principles, GDPR as implemented in the UK shall govern. To learn more about the Privacy Shield program please visit https://www.privacyshield.gov/.
16.2 To help protect the privacy of Personal Data processed by us, we maintain appropriate physical, technical, organisational and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your Personal Data to those GCR personnel who need to know that information to provide benefits or services to you. In addition, we train our personnel about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
17. Review of this Privacy Policy
17.1 We reserve the right, in our sole discretion, to modify, alter or update our Privacy Policy at any time. Such modifications, alterations, and updates shall be effective immediately upon posting. Your continued use of this website following the posting of a modified, altered, or updated Privacy Policy will mean you accept those modifications, alterations or updates. We advise you to print a copy for your records. If you have any question regarding our Privacy Policy, please contact us.