VisaDoc LTD (Company No. 15937270) of 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ ("VisaDoc", "we", "us", or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, websites, and applications (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy.

For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and UK GDPR, VisaDoc LTD acts as the data controller for the personal information we process.

We collect personal information that you voluntarily provide when using our Services, including:

- Basic identification information (name, date of birth, nationality)

- Contact information (email address, phone number, postal address)

- Government-issued identification documents

- Professional information (employment history, qualifications)

- Immigration history and visa documentation

- Financial information for processing payments

- Communications with us

- Account credentials for our services

When you use our Services, we automatically collect certain information, including:

- Device information (IP address, browser type, operating system)

- Usage data (pages visited, time spent, clicks)

- Location data (country and city level only)

- Cookies and similar tracking technologies

- Service usage patterns and preferences

We may receive information about you from:

- Our corporate customers (your employer)

- Identity verification services

- Credit reference agencies

- Government authorities

- Public databases

- Our service providers

We process your personal information for the following purposes:

- Processing visa applications

- Document verification and authentication

- Communication about your application

- Customer support

- Account management

- Identity verification

- Fraud prevention

- Compliance with immigration laws

- Regulatory reporting

- Legal obligations fulfillment

- Service improvement

- Product development

- Analytics and statistics

- Customer experience enhancement

- Technical issue resolution

- Service updates (with consent)

- Newsletter distribution (with consent)

- Customer feedback collection

- Market research (with consent)

- Product recommendations (with consent)

We process your personal information based on the following legal grounds:

- Contract performance

- Legal obligations

- Legitimate interests

- Your consent

- Public interest

- Vital interests

We share your information with trusted service providers who assist us in:

- Document processing and verification

- Identity verification

- Payment processing

- Cloud hosting

- Analytics

- Customer support

- Email communication

For corporate customers, we share relevant information with:

- Designated company representatives

- HR departments

- Travel management companies

- Immigration specialists

We may share information with:

- Immigration authorities

- Embassy and consular services

- Law enforcement agencies

- Regulatory bodies

We may disclose information:

- In response to legal requests

- To protect our rights

- To prevent fraud

- In emergency situations

- For national security purposes

We maintain strict data storage policies aligned with GDPR and EU data privacy requirements:

- EU/EEA customer data is stored primarily within the EU/EEA (specifically in data centers located in Frankfurt, Germany)

- UK customer data is stored primarily in the UK (London)

- Swiss customer data is stored primarily in Switzerland (Zurich data center)

- Customer data is always stored within its respective regulatory jurisdiction unless explicitly required otherwise

We adhere to the following data localization principles:

- Primary data processing occurs within the customer's jurisdiction

- Backup and disaster recovery systems are maintained within the same jurisdiction as primary storage

- Technical logs and monitoring data are kept within the respective jurisdiction

- Any deviation from these principles requires explicit customer consent

When international data transfers are necessary (such as for global visa processing), we ensure:

- Transfers only occur with appropriate safeguards

- Data minimization principles are applied

We employ the following safeguards for international transfers:

- EU Standard Contractual Clauses (SCCs) - latest 2021 versions

- UK International Data Transfer Agreement (IDTA)

- Binding Corporate Rules (BCRs)

- Adequacy decisions where applicable

- Additional technical measures including encryption and pseudonymization

We implement appropriate technical and organizational measures to protect your personal information, including:

- Encryption at rest and in transit

- Access controls

- Regular security assessments

- Staff training

- Incident response procedures

- Backup systems

- Physical security measures

We retain your personal information for as long as necessary to:

- Provide our Services

- Comply with legal obligations

- Resolve disputes

- Enforce agreements

- Meet business requirements

Specific retention periods:

- Visa application data: 7 years from completion

- Account information: Duration of account plus 2 years

- Financial records: 7 years

- Communications: 3 years

- Analytics data: 2 years

Under applicable data protection laws, you have the following rights:

- Access your personal information

- Correct inaccurate data

- Request erasure

- Restrict processing

- Data portability

- Object to processing

- Withdraw consent

- Lodge complaints with supervisory authorities

Our Services are not intended for children under 16. We do not knowingly collect or process personal information from children under 16 without parental consent.

If you agree, we use cookies and similar technologies to:

- Maintain sessions

- Remember preferences

- Analyze usage

- Improve security

- Enable functionality

You can control cookies through your browser settings.

We respect Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place.

We may update this Privacy Policy periodically. We will notify you of material changes through:

- Email notifications

- Website notices

- Application updates

For privacy-related inquiries:

VisaDoc LTD

71-75 Shelton Street

Covent Garden

London, WC2H 9JQ

United Kingdom

Email: [email protected]

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

- Right to know what personal information is collected

- Right to know if personal information is sold or disclosed

- Right to say no to the sale of personal information

- Right to access personal information

- Right to equal service and price

This Privacy Policy does not create or confer any third-party beneficiary rights. We reserve all rights not expressly granted in this Privacy Policy.