Guidance

OISC Privacy Notice for Applicants, Advisers and Complainants

This is an explanation of how we process personal data.

From:
Office of the Immigration Services Commissioner
Published
24 May 2018
Last updated
11 October 2024 — See all updates

1. Applications

If you want to submit an application to the OISC, you will need to do this online using the OISC’s Webforms.

In order access these forms, you will first need to create a Government One Log-In Account. This is a system that is administered by the Cabinet Office and acts as a gateway to the OISC Webforms.

Creating a Government One Log-In Account is a separate process. Details of how this process works and how your data is used is in the Cabinet Office’s privacy notice which can be found at Privacy notice - GOV.UK One Login (account.gov.uk).

When logging in to access the OISC Webforms, we will verify your identity using your name. If you are not able to log in after that then we will ask for your date of birth. If this also fails, we will ask you for your National Insurance Number.

All of this information would have already been provided when you initially signed up for a Government One Log-In Account.

Once you have logged in and selected the correct OISC Webform for your purposes, please complete the form.

You will need to make an online payment of the OISC application fee(s) as part of completing your OISC Webform. This will be done using a service known as GOV.UK Pay. This is a separate process from the OISC Webforms. For further detail as how this works, please click here.

For further information on how GOV.UK Pay use your data, please go to Privacy notice – GOV.UK Pay (payments.service.gov.uk).

What personal data do we process?

When applying for registration you must provide us with:

  • data relating to the organisation

  • data relating to the individual advisers

To find out more about what data we process about organisations please click here.

To find out more about what data we process about advisers please click here.

To find out more about what data we process about owners and trustees please click here.

Why do we process your personal data?

Under section 83(5)(a) of the Immigration and Asylum Act 1999 (as amended), we have a statutory duty to ensure that those who provide immigration advice and/or services are fit and competent to do so.

Therefore, if you are applying for initial registration, adding a new adviser, applying to change your level of registration, we must assess your fitness and competence at the level you have applied for.

Under Schedule 6, paragraph 2 of the Immigration and Asylum Act 1999 (as amended), you must be registered if we consider you are fit and competent to provide immigration advice and/or services.

Also, under Schedule 6, paragraph 3 of the Immigration and Asylum Act 1999 (as amended), we determine intervals where a person must submit an application for their registration to be continued. You must apply every year for us to continue your registration. You will be reminded at the time as to when you must submit a continuing registration application.

We will continue your registration only if you are fit and competent to provide immigration advice and/or services.

We must therefore process your data in the following ways to determine and ensure that you are fit and competent to provide immigration advice and/or services.

Therefore, as a public body, it is necessary for us to process your data in the following ways for the exercise of official authority vested in us (Article 6 GDPR).

As part of your application, we will process special category data (Article 9 GDPR). The processing of this data is necessary for reasons of substantial public interest, as the Immigration and Asylum Act 1999 (as amended) imposes a statutory duty on us to ensure that those who provide immigration advice and/or services are fit and competent to do so.

Processing this data forms part of our assessment as to whether you are fit and competent to provide immigration advice and/or services.

Some declarations in the application form relate to criminal convictions. As such, we are effectively processing personal data relating to criminal convictions and offences (Article 10 GDPR).

Some applications also require a DBS check for every applicant as part of the application process. As such, this is also considered processing personal data relating to criminal convictions and offences (Article 10 GDPR).

The processing of this data is necessary for reasons of substantial public interest, as the Immigration and Asylum Act 1999 (as amended) imposes a statutory duty on us to ensure that those who provide immigration advice and/or services are fit and competent to do so.

Processing this data forms part of our assessment as to whether you are fit to provide immigration advice and/or services.

How do we process your personal data?

Your data is provided to us when you submit your completed application form. Once you submit the completed form to us, our case management system is updated accordingly.

To find out more about how we retain data please click here.

Sharing your data outside the OISC:

HJT Training Limited

If you are applying for initial registration, applicant names, dates of birth and email addresses are shared with HJT Training Limited who facilitate the OISC competence assessments.

Your data will be shared with them so that they can enter you into the relevant OISC competence assessment, issue you with your candidate number and issue you with your assessment results.

The purpose for sharing this data is to enter you into our competence assessments process. Sitting the competence assessments are a way in which we assess your competence to provide immigration advice and/or services at the level you have applied for.

Disclosure and Barring Service

Your personal data will be shared with DBS so that they can do the necessary checks on you to verify whether you have any unspent convictions, cautions, reprimands, warnings, etc.

The purpose of this is to verify that what you have declared in your application form is true and to ensure that you are fit to provide immigration advice and/or services.

Home Office

The OISC will conduct vetting checks on you and your organisation to ensure you are fit and competent to provide immigration advice and/or services.

As part of this your name, organisation’s name and address, adviser’s name, date of birth, Home Office reference number(s) and the information from the declarations in the application form will be shared with the Home Office.

This will also include the Home Office checking whether you are permitted to stay and work in the UK.

To find out more about how we handle data within the OISC please click here.

Other organisations

If you are declaring to be a solicitor, barrister and/or member of CILEx, your personal data will be shared with the SRA, BSB and CILEx to verify this.

Declarations

If you have answered ‘Yes’ to any of the declarations, your data will be shared with external organisations to verify your answer.

An example of this is if you declare you have been involved in the running of any other business or are employed at another organisation, we will contact this organisation to verify your answer.

Section 93 Immigration and Asylum Act 1999 (as amended)

There is nothing preventing a person from giving us information that is necessary for the discharge of our functions (i.e. to determine whether you are fit and competent).

Therefore, when we request information from other organisations to determine whether you are fit and competent, they can give us any information that is necessary for us to do so.

2. Complaints

When you send us a compliant about an adviser and/or organisation you should use our complaints form.

What personal data do we process?

To find out more about what data we process about complaints please click here.

Why do we process your personal data?

Under Schedule 5, paragraph 5(1) of the Immigration and Asylum Act 1999 (as amended), we must have a complaints scheme to investigate complaints. We must investigate complaints regarding:

  • an adviser’s/organisation’s fitness or competence

  • an alleged breach of the Code of Standards

Members of the public can also make a complaint about unregistered people/organisations providing or advertising the provision of immigration advice and/or services unlawfully. These complaints will be passed on to the relevant OISC team who will process the data for the prevention, investigation, detection or prosecution of criminal offences.

As part of our complaint investigation, we will consider all the evidence available to us to reach an informed decision as to whether the complaint has been substantiated.

Therefore, as part of our investigation, we must process your personal data and the personal data of third parties.

Therefore, as a public body, it is necessary for us to process your data in the following ways for the exercise of official authority vested in us (Article 6 GDPR).

As part of the complaint investigation, we will process special category data (Article 9 GDPR). The processing of this data is necessary for reasons of substantial public interest, as the Immigration and Asylum Act 1999 (as amended) imposes a statutory duty on us to investigate relevant complaints, such as those listed above.

Processing your data forms part of our assessment as to whether the complaint is substantiated.

We will also process data relating to criminal convictions, but only if the complaint case file states that a party involved in the case has a criminal conviction(s), warning(s), reprimand(s), etc. This would be considered as processing personal data relating to criminal convictions and offences (Article 10 GDPR).

The processing of this data is necessary for reasons of substantial public interest, as the Immigration and Asylum Act 1999 (as amended) imposes a statutory duty on us to investigate relevant complaints, such as those listed above.

How do we process your personal data and third-party personal data?

Your data and third-party data is provided to us whenever you provide us with information about your complaint or when evidence is provided to us.

Your complaint form and any evidence in relation to the complaint will be stored on our case management system.

To find out more about how we retain data please click here.

Data will also be collected and processed from the complainant’s file. This is the file that the adviser has on the complainant.

To find out more about what data we process from the complainant’s case file please click here.

Sharing your data outside the OISC:

Home Office

  • Your name, date of birth and Home Office reference number will be shared with the Home Office if part of the complaint requests us to check the status of your immigration application.

  • The Home Office provides us with information regarding whether an adviser/organisation is regulated to provide immigration advice and/or services.

3. Audits

We conduct audits to regularly assess whether the work being done by the adviser/organisation is fit and competent.

What personal data do we process?

We examine case files selected by us to assess the quality of work being done. We determine whether the work that has been done is to a fit and competent standard. We also make any suggestions for improvement.

To find out more about data we process from audits please click here.

Why do we process your personal data?

Under section 83(5)(a) of the Immigration and Asylum Act 1999 (as amended), we have a statutory duty to ensure that those who provide immigration advice and/or services are fit and competent to do so.

Our audits procedure allows us to inspect the work being done by advisers/organisations and make an informed decision as to whether an adviser/organisation is fit and competent to provide immigration advice and/or services.

We must process your data in the following ways to determine and ensure that you are fit and competent to provide immigration advice and/or services to the necessary standard.

Therefore, as a public body, it is necessary for us to process your data in the following ways for the exercise of official authority vested in us (Article 6 GDPR).

As part of the audit, we will process special category data by conducting the case file reviews (Article 9 GDPR).

The processing of this data is necessary for reasons of substantial public interest, as the Immigration and Asylum Act 1999 (as amended) imposes a statutory duty on us to ensure that those who provide immigration advice or immigration services are fit and competent.

Processing your data forms part of our assessment as to whether you are fit and competent to provide immigration advice and/or services.

We will also process data relating to criminal convictions when we audit case files, but only if the audit case file states that a party involved in the case has a criminal conviction(s), warning(s), reprimand(s), etc. This would be considered as processing personal data relating to criminal convictions and offences (Article 10 GDPR).

The processing of this data is necessary for reasons of substantial public interest, as the Immigration and Asylum Act 1999 (as amended) imposes a statutory duty on us to ensure that those who provide immigration advice or immigration services are fit and competent.

How do we process your personal data and third-party personal data?

When we arrange an audit we use the personal data we store about you to schedule an audit. For example, we contact you using the email address and contact number you have provided to us and schedule the audit to take place either remotely or at your business address.

Personal data is also collected when auditing case files. We process personal data contained in those case files. This is the data you have on your client.

In some cases, this will also include the personal data of third parties, such as your client’s family members.

The facts of every case will be different, so the personal data that will be on the file will be different. As such, the personal data we process will be different for every case file we audit.

For further detail on what data we process from a case file please click here.

Our findings from an audit will be consolidated into an Identified Issues Report. This will be stored on our case management system.

To find out more about how we retain data please click here.

4. Data Inside the OISC

Knowledge & Intelligence:

Your personal data will be shared with the relevant team inside the OISC so that they can do any necessary checks to verify whether there are any concerns with your fitness to provide immigration advice, namely your character.

The relevant team will record, task and disseminate any data gathered to select teams and individuals within the OISC. Information shared internally will be used to help identify any issue(s) or potential issue(s) with the adviser’s/organisation’s fitness and competence.

The relevant team will request an applications list from the Home Office. This is a complete list of all the applications you/your organisation has submitted to the Home Office.

The relevant team will process your data, including sharing your data with other law enforcement agencies, such as the police, for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties.

Data that will be shared with other law enforcement agencies include your name, your organisation’s name, your address and post code, your organisation’s address and post code, your date of birth, any Home Office reference numbers and any information given to us from the declarations in your past application forms.

Under section 93 of the Immigration and Asylum Act 1999 (as amended), there is nothing preventing a person from giving us information that is necessary for the discharge of our functions (i.e. to determine whether you are fit and competent).

Therefore, when we request intelligence from other organisations to determine whether you are fit and competent, they can give us any information that is necessary for us to do so.

Investigations:

The relevant team will process personal data for the purposes of the prevention, investigation, detection or prosecution of criminal offences.

The relevant team will have regular access to your personal data on the case management system and will process your personal data for the purpose and in connection with any legal proceedings or prospective legal proceedings.

Under section 93 of the Immigration and Asylum Act 1999 (as amended), there is nothing preventing a person from giving the First-tier Tribunal information which is necessary for the discharge of its functions (i.e. making decisions of any appeals lodged).

As such, if you decide to appeal a decision made against you, the relevant team will disclose your personal data to the Tribunal over the course of the legal proceedings.

The relevant team will only process personal data that is relevant to the proceedings, such as the data regarding an application, audit and/or complaint.

The relevant team also provide overall support to caseworkers and advise them whenever their advice is sought on whether an adviser is fit and competent to provide immigration advice and/or services. To do this, the relevant team will process your data (examine the data) to help them form their advice.

Finance:

When you make payment on our Webforms using GOV.UK Pay, all transactions will be facilitated by GOV.UK Pay. This is a separate process from the OISC. The only data stored on our case management system from the transaction is the card type and card brand that was used. The relevant team will have access to the information thy need in order to issue you with a refund if necessary.

For further information on how GOV.UK Pay use your data, please go to Privacy notice – GOV.UK Pay (payments.service.gov.uk).

HR:

If you make a complaint against a member of OISC staff, it will be investigated by the HR department.

HR have regular access to our case management system. If you are an adviser or an applicant adviser and make a complaint against a member of OISC staff, HR will have access to your personal file on our case management system.

IT:

OISC data, including data on our case management system is backed up for the purposes of disaster resilience.

5. Retention

We hold personal data for a period of six years. After this the personal data is securely destroyed.

We only store data for longer than this:

  • for the prevention, investigation, detection or prosecution of criminal offences

  • for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings)

  • for the purpose of obtaining legal advice or otherwise establishing, exercising or defending legal rights

When deciding whether to retain the data for the above purposes, we consider all the circumstances and evidence before us.

This includes the history between the OISC and an adviser/organisation.

6. Your Rights

As a data subject, you have the following rights:

  • to be informed of how we process your personal data

  • subject access

  • rectification

  • erasure

  • restriction

  • portability

  • objection

Under GDPR there are also rights attached to the automated individual decision-making (i.e. profiling). However, we do not process your data using automated decision-making means.

Exercise Your Rights

If you choose to exercise your rights, please contact the OISC Information Officers who will take the necessary steps. They can be contacted on foi.dpa@oisc.gov.uk.

Rights You Cannot Exercise

The reason we process personal data, as explained in this notice, is because it is necessary for the exercise of official authority vested in us. This is our lawful basis.

Our lawful basis affects certain rights that you can exercise. If you want to restrict or object to how we process your data, we will not be able to consider your application, as all of our processing activities are done to ensure you are fit and competent to provide immigration advice and/or services.

How do I complain about information security?

In the first instance, you can email the Data Protection Officers to submit a complaint. The DPOs will investigate the matter and respond to you by email.

If you are not satisfied with the response, you can submit a complaint to the ICO on their website.

7. Who is the Data Controller?

The Data Controller is the OISC:

Office of the Immigration Services Commissioner


Office of the Immigration Services Commissioner (OISC)

PO Box 567

Dartford

Kent

DA1 9XW

Email: info@oisc.gov.uk

Telephone: 0345 000 0046

8. Who are the Data Protection Officers?

Information relating to the OISC Data Protection Officers is available upon request at info@oisc.gov.uk

9. Publishing

Under section 83(6)(a) of the Immigration and Asylum Act 1999 (as amended), we must arrange for the publication, in such form and manner and to such extent as we consider appropriate, of information about our functions and about the matters falling within the scope of our functions. 

Under sections 91 and 92 of the Immigration and Asylum Act 1999 (as amended), it is a criminal offence to offer, advertise and/or provide unregulated immigration advice and/or services. 

As part of our functions, we investigate and prosecute these offences. Therefore, as a public body, it is necessary for us to process your data in the following ways for the exercise of official authority vested in us (Article 6 GDPR). 

We will publish details of ongoing criminal prosecutions and warrants on our website, including information relating to:

  • The defendant’s name, age and regional location

  • An update on the criminal proceedings

The purpose for publishing this data are for statutory purposes, to safeguard vulnerable advice-seekers and to prevent any further provision of unregulated immigration advice and/or services.

Under section 85 of the Immigration and Asylum Act 1999 (as amended), the OISC is required to prepare and maintain a register of registered OISC immigration advisers. Pursuant to paragraph 6 of Schedule 6 to the Immigration and Asylum Act 1999 (as amended), this register must be available for inspection by members of the public. This register will contain names of registered advisers, organisations, OISC reference numbers, level of registration, the organisation’s website and whether it is a fee charging or non-fee charging organisation. As this register is required by statute, it is necessary for us, as a public authority to process your data in the following ways for the exercise of official authority vested in us (Article 6 GDPR).

The OISC also has a tool known as Adviser Finder. This will contain organisation names, its website, email address and contact number, and whether it is a fee charging or non-fee charging organisation. We will only publish your data on Adviser Finder if you have given us your consent to do so (Article 6 GDPR).

Under section 89(9) of the Immigration and Asylum Act 1999 (as amended), the OISC must keep a public register of individuals who are subject to a direction issued by the Tribunal under section 89(8) of the Immigration and Asylum Act 1999 (as amended).

ANNEX A: Data we process about organisations

We process data relating to the organisation. This includes:

  • the organisation’s name, address and contact details

  • the organisation’s legal status

  • the organisation’s Companies House/charity registration number

  • the organisation’s bank details

  • the organisation’s OISC registration number

  • what OISC Level the organisation are registered at and permitted to work at

  • the OISC categories they are permitted to work at (i.e. Immigration and/or Asylum & Protection)

  • whether the organisation is a fee charging organisation or a non-fee charging organisation

  • the name(s) of the advisers working at the organisation

  • data of advisers working or who have worked at the organisation. For more detail on what data we process relating to adviser please click here.

ANNEX B: Data we process about advisers

We process data relating to the advisers of the organisation. This data includes:

Adviser details:

  • their name, previous name(s), title, gender, date and place of birth, nationality and contact details

  • their employment status at the organisation

  • their NI number

  • their employment history

  • their previous employer’s details which includes:

  • the organisation’s name, address and contact details

  • their job title whilst employed there

  • the organisation’s overseeing regulatory body

  • the dates they were employed by the organisation

  • details of their training and qualifications

  • whether they currently employed or own/work in any other business

  • copies of their identity (such as passports, identity cards, etc.)

Information about an adviser’s ability to work in the UK:

  • whether they are subject to restrictions on their residence in the UK or permission to work in the UK

Information about an adviser’s financial background:

  • whether they have ever been declared bankrupt

  • whether they have been disqualified or banned from being a director of a company

  • whether they have ever been disqualified as acting as a charity trustee

Information about an adviser’s OISC registration:

  • their OISC registration number

  • what OISC Level they are registered at

  • the OISC categories they are permitted to work at (i.e. Immigration and/or Asylum & Protection)

  • whether you work for a fee charging organisation or a non-fee charging organisation

  • the name(s) of the organisation(s) the adviser works for and has worked at

  • address of the organisation(s) the adviser works at or has worked at

Data we already have on you:

If you are or have been in the OISC scheme before and we hold data on you. That data will be used to consider whether you are fit and competent to provide immigration advice and/or services, along with any new data you have provided to us.

This includes data collected from previous audits and any investigated complaints made against you.

To find out more about what data we process from audits please click here.

To find out more about what data we process about complaints please click here.

Information about an adviser’s character:

  • whether they have convictions, cautions, reprimands or final warnings that are not “protected” as defined by the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (as amended in 2013)

  • whether they have been or currently are subject to any criminal proceedings in the UK or abroad

  • information contained on an adviser’s DBS Disclosure Certificate (standard check)

  • whether they have been subject to any adverse finding or settlement in civil proceedings

  • whether they have been dismissed or asked to resign and resigned from employment or from a position of trust, fiduciary appointment or similar position

  • whether they have traded under a different name or been known by a different name in the last 5 years

  • whether they are currently regulated by or have previously been regulated by the OISC

  • whether they have/are a member of a professional body in the UK or abroad

  • whether they have been or are subject to any existing/previous disciplinary proceedings by other regulatory authorities or professional bodies in the UK or abroad

  • whether they or any business with which they have been an owner or manager has been subject to any substantiated complaint relating to regulated activities

  • whether they or any business with which they have been involved have ever been refused the right to carry out a trade, business or profession requiring a licence or other authority

  • whether they or any business with which they have been involved have ever had this authorisation revoked, withdrawn or terminated, or have been expelled by a regulatory or government body

  • whether they or any business that they have been involved has been investigated, disciplined, censured or suspended or criticised by a regulatory or professional body, a Court or Tribunal (publicly or privately)

  • whether they have been a barrister, solicitor, advocate or a member of CILEx, or supervised by one of the above

  • whether they have ever been subject to disciplinary action or intervention by a Designated Professional Body or Designated Qualifying Regulator or overseas body equivalent

  • whether they are prohibited by The Law Society’s Rules or equivalent from being employed as a solicitor’s clerk

  • whether they have been sued by a client or made a claim on their Professional Indemnity Insurance in the last 5 years

  • whether they have ever been involved in any conduct that may call into question their honesty, integrity or respect for the law

ANNEX C: Data we process about owners and trustees

We process data relating to the owner(s)/manager(s) or trustees of the organisation or charity. This includes:

  • their name(s)

  • their date(s) of birth

  • their title(s)

  • their nationality

  • their role(s) and position(s) within the organisation

  • details of any shares held

  • whether they have traded under a different name or been known by a different name in the last 5 years

  • whether they are involved in the running of any other business or employed at any other organisation

  • whether they have ever been involved in any conduct that may call their honesty, integrity or respect for the law into question

Owners’ character:

  • whether they have any unspent criminal convictions in the UK or abroad

  • whether they are currently subject to any criminal proceedings in the UK or abroad

  • whether they are subject to, or ever been, subject to disciplinary proceedings by regulatory/professional bodies in the UK or abroad

Owners’ financial background:

  • whether they have been a director of a company or member of an LLP that has been subject to a winding up order, an administrative order or administrative receivership, or entered into a voluntary arrangement under the Insolvency Act 1986, or whether the company has been wound up or put into administration in circumstances of insolvency

  • whether they have been declared bankrupt or entered into an individual voluntary arrangement or a partnership voluntary arrangement under the Insolvency Act 1986

  • whether they have ever been disqualified or banned from being a director of a company or from acting as a charity trustee

ANNEX D: Data we process about complaints

When submitting a formal complaint, the complainant must provide us with their personal data in accordance with our complaints scheme.

Details of the complainant:

  • their name, date of birth, address, email address and contact numbers

  • name, date of birth, address, email address and contact numbers of person who submits the complaint on behalf of the complainant

Details of adviser and/or organisation they are complaining about:

  • adviser and/or organisation’s name, address, email address and contact numbers

Details of the complaint:

  • whether the complaint has been reported to any other agencies and details of the other agencies’ investigation

  • facts of the complaint, including information from any work undertaken by the adviser/organisation (i.e. the complainant’s case file)

For further detail on what data we process from the complainant’s case file please click here.

ANNEX E: Data we process from a complainant’s case file

If you make a complaint about the work undertaken by an adviser/organisation, as part of our investigation, we will request your case file(s) from the adviser/organisation to examine the work done on the file.

For example, if your complaint is about an adviser who did work on your asylum application and you allege that they did this work incompetently, we will request your case file. A complaints caseworker will then review the file and determine whether the work was done incompetently.

By doing this we are processing the data contained in your case file.

Your case file will in most cases contain personal information relating to third parties. This can be family members, witnesses or unmarried partners.

Every case file is different and the data processed from a case file will be different in every investigation.

Below is a list of all the data that we can process from a case file (your data and third party data).

Data from case file (yours and third parties):

This data will mainly come from any attendance notes, applications, submissions or representations contained in the case file.

  • facts of the case

  • date and place of births

  • names and previous names/identities

  • addresses and previous addresses

  • gender and sexual orientation

  • nationality and any other nationality/citizenships held

  • addresses and contact numbers

  • passport number, place of issue, issuing authority, date of issue, date of expiry

  • language(s) familiar with

  • NI numbers

  • BRP numbers

  • Home Office and/or Case ID reference numbers

  • immigration history

  • details of education, employment history and tax history (including details of payments made to HMRC)

  • relationship history including details of previous partners (name and date of birth), date and place of marriage and date of divorce

  • details of any children and/or parental responsibility arrangements

  • details of nature and dependency child has on client

  • details any visits to any other countries and time spent outside of UK

  • details of residency outside of UK

  • history relating to claiming any welfare benefit

  • details of living arrangements including number of rooms, people living there and whether it is rented or mortgaged

  • details of any business interests outside of the UK

  • details of any property owned in and outside of the UK

  • details regarding annual/monthly income

  • details of any employment benefits/arrangements

  • details of any court judgments/civil penalties

  • details of registered GP

  • bank details contained in application forms (business accounts and individuals’ accounts and any joint holder accounts)

  • name and address of any joint account holders

  • name and address of any person providing financial support

  • information relating to the complainant’s racial/ethnic origins, political opinions, religious beliefs, trade union membership(s), physical/mental conditions, sexual life

  • information relating to the commission or alleged commission of any criminal offence, the proceedings for the commission or alleged commission of a criminal offence

  • information (as above) relating to children

  • information (as above) relating to family members, unmarried partners, dependents (adult or child), sponsors, or anyone else mentioned in the complainant’s case file(s)

  • copies of any documents that are held on the case file. This can include copies of:

  • photographs

  • passports

  • BRPs

  • driving licences

  • national ID cards

  • travel documents

  • bank statements

  • payslips

  • certificates

  • marriage certificates

  • correspondence (emails, letters, attendance notes/minutes)

  • mortgage/rent agreements and other financial agreements

  • contracts

  • birth certificates

  • bills and invoices

  • police registration certificates

Under the OISC Code of Standards, in the client care letter, advisers usually confirm to their clients that they are regulated by us and that we have the power to examine the client’s file.

ANNEX F: Data we process from an audit

Data processed from case file (yours and third parties):

This data will mainly come from any attendance notes, applications, submissions or representations contained in the case file.

  • facts of the case

  • date and place of births

  • names and previous names/identities

  • addresses and previous addresses

  • gender and sexual orientation

  • nationality and any other nationality/citizenships held

  • addresses and contact numbers

  • passport number, place of issue, issuing authority, date of issue, date of expiry

  • language(s) familiar with

  • NI numbers

  • BRP numbers

  • Home Office and/or Case ID reference numbers

  • immigration history

  • details of education, employment history and tax history (including details of payments made to HMRC)

  • relationship history including details of previous partners (name and date of birth), date and place of marriage and date of divorce

  • details of any children and/or parental responsibility arrangements

  • details of nature and dependency child has on client

  • details any visits to any other countries and time spent outside of UK

  • details of residency outside of UK

  • history relating to claiming any welfare benefit

  • details of living arrangements including number of rooms, people living there and whether it is rented or mortgaged

  • details of any business interests outside of the UK

  • details of any property owned in and outside of the UK

  • details regarding annual/monthly income

  • details of any employment benefits/arrangements

  • details of any court judgments/civil penalties

  • details of registered GP

  • bank details contained in application forms (business accounts and individuals’ accounts and any joint holder accounts)

  • name and address of any joint account holders

  • name and address of any person providing financial support

  • information relating to the complainant’s racial/ethnic origins, political opinions, religious beliefs, trade union membership(s), physical/mental conditions, sexual life

  • information relating to the commission or alleged commission of any criminal offence, the proceedings for the commission or alleged commission of a criminal offence

  • information (as above) relating to children

  • information (as above) relating to family members, unmarried partners, dependents (adult or child), sponsors, or anyone else mentioned in the complainant’s case file(s)

  • copies of any documents that are held on the case file. This can include copies of:

  • photographs

  • passports

  • BRPs

  • driving licences

  • national ID cards

  • travel documents

  • bank statements

  • payslips

  • certificates

  • marriage certificates

  • correspondence (emails, letters, attendance notes/minutes)

  • mortgage/rent agreements and other financial agreements

  • contracts

  • birth certificates

  • bills and invoices

  • police registration certificates

Under the OISC Code of Standards, in the client care letter, advisers usually confirm to their clients that they are regulated by us and that we have the power to examine the client’s file.

Updates to this page

Published 24 May 2018
Last updated 11 October 2024 + show all updates

  1. Updated in light of launch of OISC Webforms

  2. Updated address and DPO details

  3. Added new section relating to publishing information

  4. First published.

Sign up for emails or print this page

Contents