Last Updated: 21 January 2022

Welcome to the Lex Legal Ltd (“Lex Legal”)'s privacy policy.

Your privacy is very important to us. We have developed this privacy policy in order to explain how we look after your personal data. Please read this carefully as it contains important information on how Lex Legal collects, uses, stores, controls, shares, transmits, transfers, deletes or otherwise processes (collectively “process”) the personal data relating to you ("your personal data"; "your data"), which rights you have and how to contact us in relation to the processing of your personal data.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the General Data Protection Regulation, Regulation (EU) 2016/679 as it forms part of domestic law in the UK by virtue of section 3 of the EU (Withdrawal) Act 2018 (UK GDPR).

This privacy notice is provided in a layered format so you can click through to the specific areas set out below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.

Data Controller

For the purposes of this privacy policy, Lex Legal is the controller and responsible for your personal data (referred to as "we", "us" or "our" in this privacy policy and (“you” or “your”) means users of this website and the clients of Lex Legal.

If you have any questions about this privacy policy or our privacy practices, please contact us in the following ways:

Lex Legal Limited (a company incorporated in the UK with company registration number 09242407)

  • Email address:
  • Telephone number: +44 7739 699968

In this policy, we provide you with details about:

  • The personal data we collect about you
  • How we collect your personal data
  • The legal basis for using personal data provided to us
  • Purposes for which we will use your personal data
  • Who we share your personal data with
  • How do we protect your data
  • Marketing and Opting Out
  • Cookies
  • How long we will keep your personal data
  • What are your rights
  • Data Subject Request and How to Communicate Us
  • Glossary


What is a personal data?

Your personal data includes information or a combination of information that could directly or indirectly be used to identify you. This includes identifiers like a name, address, ID number, date of birth, address or physical, physiological, genetic, mental, economic, cultural or social identity (“Sensitive Data”).

The Personal data we collect about you

We have grouped together the personal data we may collect and process about you as follows:

  • Identity Data includes first name, maiden name, last name or similar identifier, title, date of birth and gender, your immigration historu, travel history;
  • Contacts includes home/business address, email address and telephone numbers;
  • Financial Data includes billing address, bank account and payment card details;
  • Technical Data includes device information such as internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform and versions other technology on the devices you use to access this website;
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences, your interests, preferences, feedback and survey responses.

We may need to collect Sensitive Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, and genetic and biometric data) considering asylum claims and verifying your identity or criminal convictions and offences and data concerning health on the basis of Article 9 of the UK GDPR where you are required to provide your medical history. This processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

How we collect your personal data

We collect personal data through direct communications where you;

  • request information or contact us or by corresponding with us by phone, email or instant messaging systems i.e. information request box on our website free of charge;
  • give us your Identity Data, Contacts by filling in forms to provide our services;
  • apply for our consultancy services;
  • opt-in marketing to be sent to you;
  • give us feedback.

As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using Cookies (see section below) and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our Cookies.

We also use any indirect methods to collect data from you such as;

  1. Automated technologies or interactions such as you interact with our website, we will automatically collect Technical Data
  2. Third party analytics providere. Google Analytics
  3. Internet search information providers including but not limited to Google, Bing, Yahoo

As an important note is that you are under no obligation to provide Lex Legal with your personal data; however, not providing some of the personal data described above could prevent us from performing our obligations in relation to your purchase of services (and any related services) from us.

Purposes for which we will use your personal data

The term “processing” means any action taken, also with the help of electronic means, in connection with personal data, including collection, handling, use, transfer and disclosure by transmission, dissemination or otherwise making available, as well as recording, organisation, storage, retention, adaptation or alteration, access, retrieval, consultation, alignment or combination, blocking, anonymising, erasure, disposal or destruction.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Type of data Purpose/Activity Lawful basis for processing including basis of legitimate interest




Financial Data

To register you as a new customer and to process and deliver our services to you (a) Performance of a contract with you



(b) Necessary to comply with a legal obligation i.e. OISC Guidance, UK Immigration and Home Office Guidance.

(c) Necessary for our legitimate interests to keep our records updated and to study how customers use our products/services

Technical Data To use data analytics to improve our website, products/services, marketing, customer relationships and experiences and ensuring business policies are adhered to, e.g. policies covering security and internet use (a)        Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
Marketing and Communications




Identity Data

Notifying you about changes to our terms or privacy policy;



To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Necessary for our legitimate interests (to develop our products/services and grow our business including improving efficiency)

Please note that this privacy statement may be updated from time to time reflect any changes in the way we handle your personal data or any changes in applicable laws. We will notify you we will notify you by updating this page.

Who we share your personal data with

We do not share your personal data with any third parties expect with third parties unless it is necessary for providing you services. We process and share your personal data with UK Home Office. A number of organisations from the private, public and charity sectors are either contracted by, or subject to agreement with, the Home Office to provide functions in relation to the borders, immigration and citizenship system. In these cases, we are in the position of submitting your personal data on behalf of you to the trusted third party processors. These include for example;

  • TLSContact; click here to access their privacy statement;
  • Sopra Steria Group; click here to access their privacy statement.

We may also be required to provide your personal data to government authorities or HM Courts and Tribunals Service in the United Kingdom where it is required by law enforcement.

We do not transfer your personal data outside of the UK. Where this is needed by law we will ensure your rights are adequately seek an adequacy decision in terms of data protection laws.

How do we protect your data

We maintain organizational, physical and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake. Personal data is kept accurate, up to date and protected against unauthorised or accidental destruction, alteration or disclosure, accidental loss, unauthorised access, misuse, unlawful processing and/or damage and to treat it in accordance with the law.

Marketing and Opting Out

We may use your Identity, Contacts and/or Technical Data to form a view on what we think you may want or need, or what may be of interest to you. You will receive marketing communications through Whatsapp including new visa types or updates in relation immigration rules from us if you have requested information and you have not opted out of receiving that marketing. We will ensure you consent separately to receive further marketing communications. In the event of third-party marketing or any processing actions under automated decision making including profiling, we will get your express opt-in consent before we share your personal data with any third party for marketing purposes. You can decide not to receive marketing communications at any time by contacting us by text or e-mail.


Cookies refer to a small text file placed on your computer by this website (“Cookies”) – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference. Those cookies are set by us and called first-party cookies.

Strictly necessary cookies

These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies

They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies

These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language).

Name Provider Purpose Expiry
pll_language The pll _language cookie is used by Polylang to remember the language selected by the user’s Technical Data when returning to the website, and also to get the language information when not available in another way. 1 year

We may also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we may use cookies and other tracking technologies for the following purposes to collect Technical Data as set out below:

Cookie Purpose
Google Google shows us how you found our website and which ads you came from.
Google Analytics Google Analytics provides statistical analysis for our website.  Configuring these cookies is predetermined by Google’s service, which is why we suggest that you consult the Google Analytics privacy page,, to get more information about the cookies they use and how they can be disabled.

Unlike first party cookies, we do not control the setting of these cookies. For further information on the cookies, and instructions on how to manage them, please visit the third-party websites.

You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. If you disable or refuse Cookies, please note that some parts of this website may become inaccessible or not function properly.  You can choose to delete Cookies at any time; however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.

For further information about cookies and how to disable them please go to the guidance on cookies published by the UK Information Commissioner’s Office.

How long we will keep your personal data

Our standard practice is to retain your personal data only for as long as is necessary for the relevant purpose for which it was collected. Under OISC, Immigration guidance section xyz, we are required to keep your persona data for six years. This may extend up to 25 years where the cases are concerning settlement or naturalisation.

What are your rights

As an individual you have certain rights regarding our processing of your personal data, including a right to lodge a complaint with the Information Commissioner as the relevant supervisory authority.

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances(where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.). You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Data Subject Request and How to Communicate Us

‘Data Subject Requests’ can be made by data subjects where an organisation holds personal data about them. If you wish to make a request to use any of these data subject rights described above, please contact through our contacts details below.

This can be done at any time, and the requests are made in order for the data subject to find out what data is being held, and what is being done with it. You will not have to pay a fee to access your personal information (or to exercise any of the other rights).

If you want to exercise these rights please email us at:

Postal applications may be made at:

Marylebone, London W1H 5PW

Meridien House, 42 Upper Berkeley St

If you choose the make a compliant by sending a letter post, please add a copy of your ID for us to be able to respond your request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.



Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.