0207 096 6448 Same Day Appointments

Data Protection Policy

Date: 2 April 2026

1. Introduction

This Data Protection Policy (“Policy”) sets out how ID1 Form Verification Online complies with its obligations under UK GDPR and the Data Protection Act 2018.

ID1 Form Verification Online is a trading name of Umaad Sheikh Law LTD (Company Number: 16590180), a company registered in England and Wales (“the Business”, “we”, “us”, “our”).

The Business provides identity verification services for HM Land Registry Forms ID1, ID2 and ID5, carried out by a qualified solicitor.

We are committed to ensuring that personal data is handled lawfully, securely, and transparently at all times.

2. Scope

This Policy applies to:

  • The business owner
  • Any solicitors engaged to carry out ID verification
  • Staff, contractors, and administrative personnel
  • Third-party service providers processing data on our behalf

All individuals handling personal data must comply with this Policy.

For the purposes of data protection law, the data controller is Umaad Sheikh Law LTD.

3. Data Protection Principles

The Business shall comply with the following principles:

3.1 Lawfulness, Fairness and Transparency

Personal data shall be processed lawfully, fairly, and transparently.

3.2 Purpose Limitation

Data shall only be collected for specified and legitimate purposes.

3.3 Data Minimisation

Only data necessary for the intended purpose will be processed.

3.4 Accuracy

Reasonable steps will be taken to ensure data is accurate and up to date.

3.5 Storage Limitation

Data will not be kept longer than necessary.

3.6 Integrity and Confidentiality

Appropriate security measures will protect personal data.

3.7 Accountability

The Business is responsible for demonstrating compliance with these principles.

4. Categories of Personal Data

The Business may process:

  • Identity data (name, date of birth, ID documents)
  • Contact data (email, phone, address)
  • Verification data (video call logs, Credas outputs, audit records)
  • Technical data (IP address, device/browser data)
  • Communication data (emails, enquiries)
  • Consent and compliance logs

Where necessary, sensitive data will be processed strictly in accordance with legal requirements.

5. Lawful Basis for Processing

Personal data is processed on the following bases:

  • Contract – to deliver identity verification services
  • Legal obligation – to comply with HM Land Registry and regulatory requirements
  • Legitimate interests – fraud prevention, service improvement, administration
  • Consent – where applicable

6. Handling of Identity Documents

Due to the sensitive nature of identity verification:

  • ID documents are only collected where necessary
  • Secure platforms (e.g. Credas) are used
  • Access is restricted to authorised individuals
  • Documents are not duplicated unnecessarily
  • Data is retained only as long as required
  • Secure deletion procedures are followed

7. Data Sharing

Personal data may be shared only where necessary:

  • With qualified solicitors conducting verification
  • With service providers (e.g. Credas, Zoom, hosting providers)
  • With regulators or law enforcement where required

All third parties must comply with data protection requirements.

8. International Transfers

Where personal data is transferred outside the UK:

  • Appropriate safeguards (e.g. IDTA or SCCs) are implemented
  • Only reputable providers with adequate protections are used

9. Data Retention

The Business retains data:

  • For completion of services
  • For up to 6 years for legal and regulatory purposes
  • Longer where required by law

Data is securely deleted or anonymised when no longer required.

10. Data Security

The Business implements:

Technical Measures

  • Encryption and secure systems
  • Password protection and two-factor authentication
  • Regular updates and monitoring

Organisational Measures

  • Restricted access controls
  • Confidentiality obligations
  • Secure handling procedures

Operational Controls

  • No use of personal email for client data
  • Controlled use of third-party platforms

11. Data Subject Rights

Individuals have the right to:

  • Access their data
  • Rectify inaccuracies
  • Request erasure (where applicable)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with the Information Commissioner’s Office

Requests will be handled in accordance with legal requirements.

12. Personal Data Breaches

In the event of a breach, the Business will:

  • Identify and contain the issue
  • Assess risk to individuals
  • Record the breach
  • Notify the ICO where required
  • Inform affected individuals where necessary

13. Third-Party Processors

The Business will ensure that all third-party providers:

  • Are assessed before use
  • Are engaged under appropriate contracts
  • Only process data under instruction
  • Maintain adequate security standards

14. Use of Technology and Systems

All systems used must:

  • Be approved by the Business
  • Protect personal data
  • Be used only for legitimate purposes
  • Be subject to appropriate risk assessment

15. Training and Awareness

Anyone handling personal data must:

  • Understand confidentiality obligations
  • Follow this Policy
  • Handle data securely and responsibly

16. Governance and Review

The Business will:

  • Monitor compliance
  • Review this Policy regularly
  • Update procedures where necessary

Responsibility for compliance rests with the Business owner.

17. Contact

For any data protection queries:

Email: info@id1formverificationonline.co.uk

18. Policy Status

This Policy is an internal compliance document and may be updated periodically.