Last updated: 1st April 2026
This Privacy Policy explains how IRARA (“we”, “us”, or “our”) collects, uses, stores, and protects personal information across the business, including in connection with our reintegration support services globally. We are committed to safeguarding the privacy and confidentiality of all clients, applicants, and website users and complying with the UK GDPR, EU GDPR, and other applicable global data protection laws.
For the purposes of the UK GDPR, EU GDPR, and other applicable data protection laws, the data controller is:
IRARA
Innovation Centre
217 Portobello
Sheffield
S1 4DP
dpo@irara.org
01433 627247
The services we provide include: reintegration services, visa application support, document preparation, and related services to clients across the UK and globally.
Data Protection Contact: Paul.Edwards@Irara.org
Due to the nature of the work we undertake, we may collect the following personal information:
Collected only when necessary and with appropriate safeguards:
We process your information to:
We do not use your data for solely automated decision-making or profiling that produces legal or similarly significant effects.
We process your data under one or more of the following legal bases:
We take the security of your personal information very seriously. Our technical and organisational measures are designed to align with the UK Cyber Essentials / Cyber Essentials Plus baseline controls (firewalls, secure configuration, access control, malware protection and patch management).
While no system can be guaranteed to be completely secure, we take reasonable and proportionate steps to protect your information.
We maintain procedures to detect, report, investigate, and respond to security incidents and personal data breaches.
Where required, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of a reportable personal data breach, and we will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
We keep records of personal data breaches and the remedial actions taken, whether or not notification is required.
We may share your information with:
Supplier assurance: Where third parties process personal data on our behalf, we put appropriate contractual and organisational safeguards in place, including confidentiality, security requirements, and (where appropriate) audit/assurance provisions.
Legal requirements: We may disclose information if required by law, court order, or a regulator.
We never sell your personal information.
Your data may be transferred outside the UK/EU when required (for example for international case processing).
When we transfer data internationally, we ensure appropriate safeguards, such as:
We maintain backup and recovery arrangements designed to protect personal data against loss, corruption, or ransomware and to support business continuity.
Backups are protected with access controls and encryption where appropriate, and recovery processes are tested periodically where feasible.
We retain your information only as long as necessary for the purposes for which it is processed and to meet legal and regulatory obligations.
After retention periods expire, data is securely deleted, destroyed, or anonymised in line with our retention and disposal procedures.
Depending on your location and the applicable law, you may have the right to:
To exercise your rights, contact us at dpo@irara.org. We will respond promptly and in line with statutory time limits.
We use cookies and similar technologies to:
You can manage or disable cookies through your browser settings. Where required, we will request consent for non-essential cookies.
We do not sell or share your personal information with third parties for their own marketing purposes.
We only disclose necessary data to trusted third parties to deliver our services, and we apply appropriate safeguards as described above.
Our services are not generally directed at children under 18.
We only collect information about minors when necessary for family cases and where we have an appropriate lawful basis and safeguards in place.
We may update this policy from time to time to reflect changes in laws or our practices. The most up to date version of this policy will be published on our website.
If you have questions about this Privacy Policy or how we handle your data, please contact:
dpo@irara.org
01433 627427
IRARA
The Innovation Centre, 217 Portobello, Sheffield, S1 4D
We use cookies to improve your experience on our site. By using our site, you consent to cookies.
Manage your cookie preferences below:
Essential cookies enable basic functions and are necessary for the proper function of the website.
These cookies are needed for adding comments on this website.
Statistics cookies collect information anonymously. This information helps us understand how visitors use our website.
Google Analytics is a powerful tool that tracks and analyzes website traffic for informed marketing decisions.
Service URL: policies.google.com (opens in a new window)
Clarity is a web analytics service that tracks and reports website traffic.
Service URL: clarity.microsoft.com (opens in a new window)
You can find more information in our Cookie Policy and .