Your personal documents deserve the highest level of protection. Here is how we keep your data safe.
Data Controller
ICO Registered
Full Compliance
GDPR Compliant
AES-256 / TLS 1.3
Encryption Standard
UK-Based Servers
Data Storage
NriDirect is committed to protecting the personal data of every client. We handle sensitive identity documents — passports, birth certificates, naturalisation certificates — and take this responsibility seriously.
NriDirect is registered with the Information Commissioner's Office (ICO) as a data controller under the Data Protection Act 2018.
We comply fully with all requirements of the UK GDPR across all six data protection principles.
We process your data only with your explicit consent or where necessary to perform our contract with you. Our privacy policy clearly explains what data we collect and why.
Your data is collected for the specific purpose of processing your immigration document application and is not used for any other purpose.
We only collect the minimum amount of personal data necessary to complete your application. We do not request information that is not required.
We take steps to ensure your data is accurate and up to date. You can request corrections at any time.
Personal data and documents are retained for a maximum of 12 months after your application is complete, after which they are securely deleted.
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or destruction.
All documents are uploaded through our encrypted portal using TLS 1.3 encryption. Files are stored on secure UK-based servers.
Only authorised team members who are working on your specific application can access your documents. We maintain strict role-based access controls.
Your documents are used solely to prepare and submit your application. They are not copied, shared, or retained beyond what is necessary.
Once your application is complete and the retention period has passed, all personal data and document copies are permanently and securely deleted.
In the unlikely event of a data breach, we will notify you and the ICO within 72 hours as required by the UK GDPR.
All data transmitted between your device and our servers is encrypted using TLS 1.3, the latest transport layer security protocol.
Documents and personal data stored on our servers are encrypted using AES-256 encryption.
All data is stored on servers located in the United Kingdom, subject to UK data protection law.
Our internal systems require two-factor authentication for all team members accessing client data.
We conduct regular security assessments and vulnerability testing to identify and address potential risks.
Physical documents received by post are securely shredded after processing. Digital files are permanently deleted using certified deletion methods.
As our client, you have the following rights regarding your personal data. You can exercise any of these rights by contacting us.
Right of Access
You can request a copy of all personal data we hold about you. We will respond within 30 days.
Right to Rectification
You can ask us to correct any inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data, subject to our legal obligations to retain certain records.
Right to Restrict Processing
You can ask us to limit how we use your data in certain circumstances.
Right to Data Portability
You can request your data in a structured, commonly used, machine-readable format.
Right to Object
You can object to processing of your personal data in certain circumstances.
Right to Complain
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been mishandled.