Privacy Notice

To see our privacy notice in word or pdf format, please click one of the links below:

Garth Coates Solicitors



Client confidentiality is the foundation on what our company, Garth Coates Solicitors, is built. Privacy is the bond that unites us with our clients as we believe that privacy equates trust. For us to be credible representatives for you, our clients, we understand the importance of your privacy and respect it, therefore, processing your data accordingly to the GDPR requirements, the Data Protection Act 2018 and our Privacy Notice.

We take your privacy seriously. Our Privacy Notice is set in place to offer you a clear and concise summary of what we do with the data we collect from you. Our pledge is to only use your data for your personal use and in matters where it benefits you i.e. contacting our overseas solicitors or authorised agents in legal matters for both UK IMMIGRATION programmes.

When dealing with you concerns, the data we collect is limited. We use cookies on our website to help its operation, analyse our optimisation as well as helping record your information that is tailored to your chief interests. There is a contact form on our website that if filled out, you give us your consent to access you on the details provided. In your best interest, there is always the option to remove these cookies, however, there is a possibility that this will influence the way in which our website functions and how you can view it. Please read our Cookie Policy if you are keen to know more about this. 

As mentioned, the data we collect is minimum. We do not store data through phone and skype meetings as well as event submissions. However, the data we do store, besides cookies, comes from email communications, contracts and agreements, and processed invoices.

Bearing in mind that all email communications between you and a member of our Garth Coates solicitors (including employees, partners, associates, solicitors and authorised agents) are confidential, these email communications are stored on our Garth Coates Solicitors outlook servers. If requested by you to clear all data off these outlook servers, we would dispose of them accordingly. However, by law there are some cases where we would not be able to remove them, especially if the information within the emails were needed to help provide our services regarding your application. To find out more, please check with our Data Compliance Officer, Hannah Hutcheon, to understand when we can delete your data of our outlook servers as well as your rights. Additionally, please refer to sections "When do we share personal data?" as well as "Your rights in relation to personal data".

All contracts and agreements are not shared outside of those who enter the agreement i.e. Garth Coates Solicitors and client, as well as invoices. Both are stored in electronic versions as well as hard copies. The hard copies for both invoices, contracts and agreements do not leave the premises and are stored in our locked cabinet's that comply with the GDPR requirements. Regarding all invoices, they are shared with our legal financial cashier who stores the paid invoices into a designated invoice folder, which is then stored in a GDPR locked cabinet. Additionally, with your consent and agreement in handling your application under our services, there are essential documents needed to process in order to support your case. The supporting documents vary depending on the type of programme you wish to apply for. More information about which relevant supporting documents you will need to provide will be spoken in depth with you during your application process. These documents provided are merely scanned and notarized documents of your original documents that are kept on Garth Coates Solicitors Google Drive database. These documents are only stored there until the end of your application. The Google Drive is password encrypted for all our employees who will deal with your case. In your best interest and in compliance with the programmes Government regulations (primarily with Caribbean programmes), we have authorised agents situated in these countries and with your consent would need to transfer the supporting documents over to them via DropBox. Please be assured that your personal information is kept safe and protected as we have data security on our DropBox, only authorising those parties involved with your application. Apart from our London office, we have offices in Malta and Lisbon that comply with the same GDPR requirements. Our abroad offices deal with your application once an agreement has been officialised by all-party members. To find out more, please contact us on the email provided below.   

To conclude, the services our Privacy Notice applies to are the above cookies, email communications, all contracts and agreements as well as invoices. 

The Privacy Notice may be modified at any time in accordance with the Data Protection Act 2018.

Please read our policy carefully and if you have any questions or concerns about how our Privacy Notice works, please do not hesitate to contact us either by phone on 020 7799 1600 or via email at info@garthcoates.com

Who we are?

We are Garth Coates Solicitors; a British immigration Law firm. Our data is controlled by us, the data controller, Garth Coates Solicitors, 22 Little Russell Street, London WC1A 2HL, and more specifically managed by our data compliance manager, Hannah Hutcheon. If you are seeking any advice regarding your data, please address all your queries to her hannah@garthcoates.com. Alternatively, you can call her during our office hours, which are from 09:30 - 17:30 on 020 7799 1600.  

What information do we collect?

The information from the data we collect varies depending on the platform you reach us on. If you decide to give us a call, one of our employees will usually ask for name, the subject matter you would like to discuss and transfer you over to the relevant person who can deal with your query. If, however, our expert is not available at that time, one of our employees will ask you for your contact details that will be sent over via email to the expert most suited to deal with your request - whether this will be by phone or email, or perhaps both. Alternatively, we have had clients who wish for us to call back at a more convenient time rather than one of our employees noting down their details. We respect any decision you choose to make relating to your personal information and will not do anything without your consent. Please be aware that when you call our lines, your number will be shown on to our phone system and stored, temporarily, on this system. If you would like us to clear your information off our phone system, please let us know and this will be acted on immediately.  

We collect data, as mentioned, through our contact form via our website, website cookies, email communications, phone calls (if authorised by you), invoices, supporting documents (copies) as well as all contracts and agreements. All this data is collected from us as the first-party and we do not retrieve any data from third-parties.

Please see below what information is collected via which method:


Contact form - name, email address, number 
If you wish to leave us a subject line and message via our contact form, this is a feature available for you, however, it is not a mandatory option to fill out. 

Track users who enter our website, record your visit, including the pages and links you have followed

Email Communications
Email address, content of the email and if applicable, email signature containing company/personal information, such as, telephone number/s, including mobile, website URL, fax number

Phone calls
Name, contact details i.e. phone or email or both 

Name, billing address

Contracts and Agreements
Name, date of birth, passport number, travel document number (if required), signature, home address, dependants details (if required)

Personal documents (copies)
Passport, travel documents, residency card (if applicable), drivers licence (if applicable), bank statements, birth certificate, marriage certificate, fingerprint and photograph verification form, medical test results, police certificate, proof of residential address, notarized copies of education certificates (if applicable), letter of employment

As stated above, it is important that you are clear that all data collected is all from the Company and we do not retrieve or scout for any data from third-party entities. If we started implementing services from third-parties, we would inform you immediately to these changes and will update our Privacy Notice for your benefit. 

As we are an Immigration Law firm, we handle and process sensitive personal data as well as financial information. For your awareness, sensitive personal data relates to information concerning your racial or ethnic origin, political opinions, religious belief, trade union activities, physical or mental health, sexual life or details of criminal offences. As mentioned in the paragraph "Introduction" it states that we deal with invoices, supporting documents as well as contracts and agreements, that do contain a number of these sensitive personal data and financial information. However, we handle this category of data with the upmost care and respect therefore, we only share the data with authorised agents and solicitors, if it is a requirement with the Governments regulation for a specific programme. Throughout the procedure of your application, we guarantee to keep you in the loop always and if there is anything that you do not feel comfortable with and have any queries then please do let us know and we promise to inform and support you with this. Please see below the "How do we use personal information?" paragraph for more information.

How do we use personal information?

The Data Protection Act 2018 requires that eight data protection principles are followed in the management of personal data. These are that personal data, sensitive and non-sensitive, must be:

Bearing these principles in mind, we are committed to being as transparent and open about our Privacy Notice inclusive of how we protect, collect, share and hold your personal data. 

We use data for both service- and business- related purposes. Please see below how we use your personal information in both categories:


The lists above are tailored according to your needs on how you best would like us to use your personal data; some will not be relatable to you.

What legal basis do we have for processing your personal data?

We will process personal data about you only as far as is needed for managing the Company's business in which you have employed. Unless you specifically authorise its disclosure, your personal data will not be disclosed to anyone else other than authorised employees, other companies within the Group, those who provide relevant products to the Company (such as advisers and payroll administrators), regulatory authorities, potential or future employers, governmental or quasi-governmental organisations and potential clients of the Company or of that part of the business in which you work.  

Due to the nature of Garth Coates Solicitors, our processing conditions stand on six legal grounds:

Consent - permission to handle your application and personal data based on the requirements for Citizenship by Investment. This legal ground is the first stage before abiding by the terms of the contract that all applicants can withdraw from and manage according to their preferences. The consent is a written declaration that accommodates and protects both parties. Please read Article 7 of the GDPR for more information about the conditions for consent.

Contract - complying with Article 6(1)(b) of the GDPR, contracts authorises both parties of all obligations that must be carried throughout the duration of Citizenship application. If the contract has been breached by either Client and/or Company, the contract is immediately terminated.

Legitimate interests - when transferring client's personal data to authorised agents or employees associated to Garth Coates Solicitors, this ground is set in place to ensure that security measures and fraud protection are followed through. This ground is heavily enforced, especially when in association with a child's data as stated in Article 6(1)(f) of the GDPR. In the unlikelihood that documents were to be exposed to a third party outside of those in agreement with the application, a right to a court hearing would be enforced.

Vital interests - we use the grounds of vital interests for the welfare for all our clients when having a medical assessment as a requirement for their application. This, however, is done by a third party qualified doctor of the country of application in question as well as having the third-party doctor associated to the Company. As the requirements states, if the candidate for a programme is not in good health, we have no liability over the client and the application will not be submitted on this ground. Please refer to Article 6(1)(d) and recital 46 for further guidance.

Legal obligation - Article 6(3) requires that the legal obligation must be laid down by UK or EU law as well as abiding Recital 41. The legal obligation Garth Coates Solicitors and its Group has over your legal documents is during the application process whereby authorised agents will have access to all the required documents as per the programmes checklist.

When do we share personal data?

We never share personal data with anyone outside of Garth Coates Solicitors, including authorised agents, unless we have been authorised to do so by you. As mentioned, we treat personal data with confidentially and safeguard personal data at all costs.

When data is to be shared within the Company as a means of providing our services to you and conducting our business operations, we treat it with confidentially and protect it in such manners:

How will we share your data?

What safeguards do we have in place?

What parties we may share the data with and why?

Please note that you have the right to withdrew and ask us to delete all personal data for your security at any given time, except if the documents are required by law. To read more about your rights and exemptions, please refer to paragraph "Your rights in relation to personal data" in the Garth Coates Solicitors Privacy Notice

Where do we store and process personal data?

The personal data we store is either on our Company's computers hard drives, employee's outlook email addresses and through our password secured Garth Coates Solicitors OneDrive account. We archive, share information with third-parties (related to Garth Coates Solicitors as mentioned below) and securely dispose data.

Please be aware that the no documents are sent via post to secure and protect your personal. Unless the application requires original versions of documents due a change in domestic and abroad policy and laws, we will only use trusted delivery/courier companies, such as, DHL and FedEx.

How do we secure personal data?

Article 5(1)(f) of the GDPR concerns the 'integrity and confidentiality' of personal data and can also be referred to as the GDPR's 'security principle'.

This principle states that:

'Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures'

Our approach to your data security is via the technologies and the procedures we use to protect personal information. We have an IT manager who secures and monitors our cyber security, acting on any unorthodox activity on all our devices and technologies, including, phones, computers, online email, IP addresses and our website.

Our IT manager covers all measures:

This is then recorded and stored as an assessment in our Garth Coates Solicitors OneDrive, secured with a password.

How long do we keep your personal data for?

At Garth Coates Solicitors, we cannot specify a length of time on how long we keep personal data for as our data is categorised into different sections. Please see below these sections as well as information about how we securely dispose of your personal data:


We use cookies to help analyse, improve and develop our website. If you opt out to not accept our cookies, personal data about you will not be stored. However, this may affect how our website functions. If you accepted our cookies and have submitted any information via our contact form, your personal data i.e. name, phone and email address will be kept from the point of contact until the query has been answered. We have clients who are with us for years and are happy for us to store their contact details. You have the right to withdrew and manage your personal data. When this happens, our IT manager clears cookie threads that have relevance to you and your personal information

Phone calls 

As our phone calls are not recorded, no data is stored. However, if you have consented and left your contact details with us for an expert to contact you again, the details will be sent over to them and stored via email communications. Please see below on how long we keep this and then dispose safely of the information.

Email Communications

Due to the nature of our work, we heavily rely on email communications as our main means of communication. All emails are protected by our password policy and we store data for as long as we have contact with you. If, for any instance, you would prefer for us to withdrew and dispose of your information, our IT manager will do this immediately. Our IT manager, also, securely disposes of all inactive email communications per 3 years to protect your data. If you have subscribed to our upcoming newsletter and wish to unsubscribe, please do so and we will immediately take you off our emailing list.


Invoices are kept for the financial year and will not be disposed of, only securely archived for the company's financial history. The invoices are kept both as an electronical version as well as a hard copy. All invoices that have been made void or are not transactions will be destroyed of via our shredding procedure. Please see more information about this in section "Personal document (copies) of paragraph "How long do we keep your personal data for?". If there are any concerns about keeping your personal data on the invoices then please contact the data compliance manager, Hannah Hutcheon, to discuss this in more detail.

Contracts and Agreements

Once all terms and conditions have been filled out by either party, we archive the contract digitally as well as store a hard copy in one of our safety cabinets. If, for any reason, you would like us to withdrew and dispose of the contract, please contact the data compliance manager, Hannah Hutcheon, to discuss this in more detail.

Personal documents (copies)

Please refer to section "What information do we collect?" to see the types of personal documents we collect. Once your application is completed and your personal documents are no longer needed for your application, our IT manager disposes of all digital information, adequately, as well as all hard copies of your information is shredded on-site and a data destruction specialist and vetted staff will dispose of your shredded documents with the upmost highest security.


We have a password policy set in place for all users, employee's, partners, solicitors, associates and authorised agents to access your data, when needed, for us to provide our services. If a third-party is invited, with your consent, who needs access to your personal data, we will digitally share the documents on an independent platform i.e. DropBox, where they can have access to it. Once the application has been submitted and there is no need to process the documents, the DropBox folder shall be disposed of securely. If technological problems occur with any technological equipment of the Company, our IT manager will archive all documents that can be saved if an application is still in process or to be submitted, as well as securely disposing and erasing all data.

Please read the below paragraph "Your rights in relation to personal data" to understand how you can exercise your rights and understand the exemptions of them.  

Your rights in relation to personal data

Under the GDPR, we respect the right of data given to us with your permission to access and control. Considering this, we acknowledge your rights and ensure we strictly follow the regulations in accordance to the GDPR. The GDPR provides the following rights for individuals:

We respect your rights in with the eight above rights as well as:

In correlation to the above, you will always have the right to exercise your rights on how you would like us to manage and/or withdraw your personal data. Our response will be to act in accordance to your wishes. Please refer to https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ whereby your rights are clearly and transparently laid out. Garth Coates Solicitors confirm that we respect and abide to the GDPR Guide and your rights.

However, please note, there are exemptions in terms of archiving data where it is required by law i.e. once an application has been authorised, sent off for submission and a granted, we have no control over the personal data kept by the Government where applied **HOME OFFICE FOR INSTANCE**. Additionally, we have no authority to then withdrew or delete this data.

Use of automated decision-making and profiling

Article 22 of the GDPR has additional rules that protects individuals from companies who carry out automated decision-making, however, our Company does not provide such services. 

How to contact us?

Garth Coates Solicitors prides ourselves in 100% customer satisfaction in all aspects of our business model, including, data protection regulations. If you have a query or concern regarding how your data is stored, your personal information, our Privacy Notice or if you wish to file a complaint, please contact us on either of the following: 

Via Post
22 Little Russell Street

Via Phone
020 7799 1600

Via Email


Use of cookies and other technologies

We are aware that when new features are added to our website, this potentially could increase/decrease the number of cookies we have (both first- and third-party cookies). If our Privacy Notice is still in the May 2018 version during this time, please feel free to use the link below to check the number of cookies we have as well as the types of cookies there are: 


It's up to you to decide whether you want to allow cookies, but if you don't want them, you'll need to block them in your browser settings.

According to PECR, The Privacy and Electronic Communications (EC Directive) Regulations 2003, the EU is in the process of replacing the e-privacy Directive with a new e-privacy Regulation to sit alongside the GDPR. However, the new Regulation is not yet agreed. For now, PECR continues to apply alongside the GDPR. Once the regulations have been set in place, we will notify you of the changes to the e-privacy Directive. To understand more about PECR, cookies and similar technologies, please see the links below:



In addition, you can find a link to the full text of the original PECR - and to the exact changes made in the 2004, 2011, 2015 and 2016 amendment regulations - on the ICO website in their section, "what we do" (https://ico.org.uk/about-the-ico/what-we-do/).

We are transparent with all our policies and notices including our cookie policy, therefore, all information on how to do this and other cookie queries can be found on our Garth Coates Cookie Policy. Please see website to download. 

Linking to other websites / third party content

As our company grows, so do our social media platforms. The media platforms we currently use are Facebook, Twitter, and Linkedin. These external sites are linked to our website and vice versa. The content (both on social media platforms as well as online) is curated by our Garth Coates marketing team who take responsibility of controlling the quality of the content as well as abiding by all copyright regulations. If there are any queries, suggestions or complaints regarding the content posted, please contact us on our above details with your concerns to our data compliance manager, Hannah Hutcheon, will get back to you as soon as possible.

If there is more specific information you would like in relation to how our Garth Coates Privacy Notice works in correspondence to the GDPR, please head over to the ICO website where you can refer to the GDPR Guide.


For definitive legal advice on providing privacy information under the GDPR, see the Information Commissioner's Office guide on privacy notices. Thank you.