Policy Summary
- Last Updated
16 January 2026
- Governed By
UK Consumer Law & GDPR
- Response Time
Within 2 business days
This privacy policy complies with UK GDPR and Data protection Act 2018
Who We Are & Data Controller
Real Authentic Docs Ltd is registered in England and Wales under Company Number 25687431. Our registered office is at 14 Holborn Viaduct, London EC1A 2AT, United Kingdom. We are the data controller for all personal information collected and processed in connection with our document processing services, our website at www.realauthenticdocuments.com, and any communications you have with us.
We are registered with the information Commissioner’s Office (ICO) under registration number ZB765294. We take our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 very seriously. We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection practices and ensuring compliance with applicable data protection laws.
Personal Data We Collect
We collect different categories of personal data depending on the services you request from us. We collect only the minimum data necessary for each specific purpose, in line with the data minimization principle under UK GDPR. Below is a comprehensive description of each category of personal data we collect and the circumstances in which we collect it.
Identity Data
Full legal name, date of birth, gender, nationality, country of birth, photograph, signature, biometric data contained within travel documents, and any aliases or previous names.
Contact Data
Residential address, postal address, email address, telephone number (s), mobile number, country of residence, and emergency contact details where provided.
Document Data
Passport numbers, driving license numbers, national ID numbers, BRP reference numbers, document issue and expiry dates, issuing authority details, and document history.
Financial Data
Billing address, payment card type and last 4 digits (tokenised – we never store full card numbers), bank account details for refunds, and full transaction and payment history.
Technical Data
IP address, browser type and version, operating system, device identifiers, pages visited, time and date of visits, session duration, cookie identifiers, and referral sources.
Application Data
Document service requests, uploaded supporting documents, correspondence and communications, case notes, feedback, complaints, and any other information you provide to us voluntarily.
Legal Basis for Processing
The UK GDPR requires us to identify a valid legal basis for each processing activity involving personal data. We rely on the following legal bases, each of which is described below in detail. We may only rely on more than one legal basis for a single processing activity depending on the specific circumstances.
Contract Performance
The majority of our processing is carried out because it is necessary to perform the contract we have with you to provide document processing services. Without processing your personal data, we cannot submit your application to the relevant authority, track its progress, or deliver your completed document.
For maketting emails, non-essential cookies, and processing special category data, we rely on your explicit consent. You have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. To withdraw consent, contact us or use our preference centre.
In exceptional circumstances involving risk to life (for example, processing emergency travel documents for medical emergencies abroad), we may rely on vital interests as our legal basis for urgent processing where other bases are not immediately applicable.
Changes to This Privacy Policy
We review and update this Privacy Policy periodically to reflect changes in our services, data processing activities, or applicable law. When we make material changes to this policy, we will notify by:
- posting a prominent notice on our website homepage for at least 30 days.
- sending an email notification to all registered clients with an active account.
- updating the ‘last updated’ date and version number at the top of this policy.
We encourage you to review this privacy policy regularly to stay informed about how we protect your personal data. Your continued use of our services after any changes have been made constitutes your acceptance of the updated policy.
Third-Party Links & External Services
Our website may contain links to third-party websites, applications, or services that are not operated by us. These links are provided for your convenience and information only. We have no control over the content, privacy practices, or security measures of these third-party sites. We are not responsible for the privacy policies or practices of any third-party websites, and we strongly recommend that you read the privacy policy of any third-party website you visit through a link on our site.
We may embed third-party content or tools on our website, including (but not limited to): Google Maps for office location, Youtube videos for service explanations, social media sharing buttons (Facebook, LinkedIn, Twitter/X, Instagram), and live chat widgets. When you interact with this third-party content, the third party may collect data about you in accordance with their own privacy policies of Google, Meta, LinkedIn, and any other third-party provider.
Children's Privacy
Our services are primarily intended for adults aged 18 and over. However, we do process personal data relating to children under 18 in the following specific circumstances: child passport applications, child national identity card applications, and birth certificate requests made by parents or legal guardians. In all such cases, the application must be submitted by a parent or legal guardian who takes responsibility for providing accurate information and consenting to the processing on the child’s behalf.
We do not knowingly collect personal data directly from children under 18 without verified parental or guardian consent. If you believe we have inadvertently collected personal data from a child without appropriate consent, please contact our DPO immediately at dataprotection@realauthenticdocs.com and we will take immediate steps to delete the data. For child passport applications, both parents (or all those with parental responsibility) must provide consent, as required by the relevant government authority. We do not use children’s personal data for any purpose other than processing the specific document application for which it was collected.
Your Data Protection Rights
Under UK GDPR, you have a comprehensive set of rights in relation to your personal data. These rights are described in full below. To exercise any of your rights, please contact our DPO at rights@realauthenticdocs.com or write to us at our registered address. We will respond to all requests within one calendar month of receipt. This period may be extended by a further two months where requests are complex or numerous , in which case we will inform you within the first month.
Right of Access (Subject Acess Request)
You have the right to request a copy of all personal data we hold about you, together with information about how and why we process it, who we share it with, and how long we keep it. We will provide this information free of charge in a commonly used electronic format. We will verify your identity before responding to ensure we do not disclose personal data to the wrong person. The standard response time is one calendar month from receipt of your verified request.
Right to Rectification
You have the right to ask us to correct inaccurate personal data we hold about you, or to complete incomplete personal data. If you believe any information we hold is incorrect, please contact us with the correction and supporting evidence. We will correct the data within one month. Note that we may need to verify the accuracy of the new data you provide before making the correction. In some cases, particularly for government-submitted documents, corrections may be complex.
Right to Erasure
You have the right to request deletion of your personal data in certain circumstances: when the data is no longer necessary for the purpose it was collected; when you withdraw consent (where consent is the legal basis); when you object to processing and there are no overriding legitimate grounds; when the data has been unlawfully processed; or when deletion is required by law. This right is not absolute — we may refuse erasure where we have legal obligations to retain data (e.g. AML or tax laws).
Right to Restriction of Procesing
You have the right to request that we temporarily stop processing your personal data in certain situations: while you contest the accuracy of the data; where processing is unlawful but you prefer restriction to erasure; where we no longer need the data but you need it for legal claims; or while we consider your objection to processing. During restriction, we will still store your data but will not otherwise process it without your consent, except for legal claims or protection of rights.
Right to Data Potability
Where processing is based on your consent or for contract performance, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as CSV or JSON), and to transmit that data to another controller. You can also ask us to transfer your data directly to another service provider where technically feasible. This right applies to data you provided to us, not to data we generated or derived from your information.
Right to Object
You have the right to object to processing based on legitimate interests or the performance of a task in the public interest, including profiling. You also have an absolute right to object to processing for direct marketing purposes at any time, with no need to provide justification. Where you object to legitimate interests processing, we must stop unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment or defence of legal claims.
Rights Related to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces significant legal or similarly significant effects on you. Where we use automated decision-making (for example, automated fraud screening during payment processing), we will inform you and you have the right to request human review of the decision, express your point of view, and contest the decision. We will explain the logic involved and the significance of the outcome.
Rights to Withdraw Consent
Where our processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. To withdraw consent, you can: unsubscribe from marketing emails using the link in any email, update your cookie preferences via our Cookie Settings panel, or contact our DPO directly. Once consent is withdrawn, we will stop the relevant processing within 30 days.
How to Exercise Your Rights
To submit a data subject rights request, email: rights@realauthenticdocs.com with the subject line Data Rights Request and include your full name, email address, the right you wish to exercise, and a description of the specific data or action requested. We will acknowledge your request within 5 business days and provide a full response within one calendar month. We may need to verify your identity before processing your request — this is for your protection.
Cookies & Tracking Technologies
Our website uses cookies and similar technologies to enhance your experience, remember your preferences, analyse site traffic, and support our marketing activities. A cookie is a small text file placed on your device when you visit our website. Some cookies are essential for the website to function; others are used for analytics and marketing purposes and require your consent.
Essential / Strictly Necessary
Session management, security tokens, CSRF protection, load balancing, shopping cart functionality, and user authentication. Without these cookies the website cannot function properly. They do not store any personally identifiable information beyond what is required for the session.
Functional / Preference
Language and region preferences, saved form data, accessibility settings, video playback preferences, and remembering your login state between visits. These cookies improve your experience but are not essential for basic website functionality. They expire after 12 months.
Analytics / Performance
Google Analytics 4 (with IP anonymisation), Hotjar heatmaps, and internal performance monitoring. These cookies collect anonymised data about how visitors use our website, which pages are most popular, and where technical errors occur. The data is aggregated and cannot identify you personally.
Marketing / Targetting
Google Ads remarketing tags, Meta Pixel (Facebook/lnstagram), Linkedln Insight Tag, and Google Tag Manager. These cookies track your visits across websites to show you relevant advertisements. You can opt out of targeted advertising at any time via our Cookie Settings or through your browser settings.
You can manage your cookie preferences at any time by clicking the ‘Cookie Settings’ link in the footer of our website.
You can also control cookies through your browser settings — most browsers allow you to refuse cookies, delete existing cookies, and receive warnings before cookies are placed. Note that disabling essential cookies will prevent certain parts of our website from functioning correctly.
Ready to Experience the RAD Difference?
Join over 50,000 satisfied clients. Start your appliction in minutes.