Introduction & Policy Scope

1. Privacy Commitment

Vishwanta Overseas ("we", "us", "our", "Company") recognizes the importance of preserving complete confidentiality and protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services or visit our website.

2. Policy Coverage

• Website Usage: All visitors to vishwanta.com and related domains
• Service Users: Clients engaging our immigration and consultancy services
• Communication Channels: Email, phone, WhatsApp, and other contact methods
• Document Processing: All documents submitted for immigration purposes
• Third-Party Services: Interactions with government authorities and service providers

3. Legal Framework

• GDPR Compliance: Full adherence to European General Data Protection Regulation
• Indian Data Protection: Compliance with Information Technology Act, 2000
• International Standards: Following global privacy best practices
• Industry Regulations: ICCRC, MARA, and professional body requirements

Data Collection & Categories

4. Types of Personal Data We Collect

5. How We Collect Information

• Direct Collection: Information you provide through forms, consultations, and applications
• Document Submission: Official documents submitted for immigration processing
• Communication Records: Emails, phone calls, WhatsApp messages, and meeting notes
• Website Analytics: Usage data, IP addresses, browser information (anonymized)
• Third-Party Sources: Verification from educational institutions, employers, and authorities

6. Special Categories of Data

• Sensitive Personal Data: Health information, criminal records, biometric data
• Explicit Consent Required: All sensitive data processing requires your explicit consent
• Enhanced Protection: Special security measures for sensitive information
• Limited Access: Restricted access on need-to-know basis only

Data Usage & Purpose

7. Primary Purposes

• Immigration Services: Assessment, application preparation, and submission to authorities
• Legal Representation: Acting as your authorized representative with government agencies
• Document Verification: Authenticating and verifying submitted documents
• Service Delivery: Providing consultation, guidance, and support services
• Compliance Requirements: Meeting regulatory and legal obligations

8. Secondary Purposes (With Consent)

• Service Improvement: Analyzing service quality and client satisfaction
• Communication: Updates on immigration policies and relevant opportunities
• Marketing: Information about new services (opt-in only)
• Research: Anonymized data for immigration trend analysis

9. Legal Basis for Processing

• Contractual Necessity: Processing required to fulfill our service agreement
• Legal Obligation: Compliance with immigration and regulatory requirements
• Legitimate Interest: Fraud prevention and service improvement
• Explicit Consent: Marketing communications and optional services

Data Sharing & Third Parties

10. Authorized Data Sharing

• Government Authorities: Immigration departments, embassies, consulates for application processing
• Educational Institutions: Universities and colleges for verification and admission processes
• Professional Partners: Licensed lawyers, medical practitioners, and translation services
• Financial Institutions: Banks for verification of financial documents
• Service Providers: Trusted vendors providing document courier and verification services

11. Data Protection Requirements

• Contractual Agreements: All third parties bound by strict confidentiality agreements
• Data Processing Agreements: GDPR-compliant agreements with all processors
• Security Standards: Third parties must meet our security requirements
• Purpose Limitation: Data shared only for specific, authorized purposes
• Retention Limits: Third parties must delete data when purpose is fulfilled

12. International Data Transfers

• Adequate Protection: Transfers only to countries with adequate data protection
• Safeguarding Mechanisms: Standard contractual clauses and binding corporate rules
• Client Consent: Explicit consent for transfers to non-adequate countries
• Transfer Records: Detailed logs of all international data transfers

Security Measures & Protection

13. Technical Security Controls

• Encryption: End-to-end encryption for all data transmission and storage
• Access Controls: Multi-factor authentication and role-based access systems
• Firewall Protection: Advanced firewall and intrusion detection systems
• Secure Servers: ISO-certified data centers with 24/7 monitoring
• Regular Updates: Continuous security patches and system updates

14. Organizational Security Measures

• Staff Training: Regular privacy and security training for all employees
• Background Checks: Comprehensive screening of all personnel with data access
• Confidentiality Agreements: Binding confidentiality agreements for all staff
• Data Minimization: Access to personal data on need-to-know basis only
• Incident Response: Comprehensive data breach response procedures

15. Physical Security

• Secure Premises: Access-controlled offices with security systems
• Document Security: Locked cabinets and secure storage for physical documents
• Clean Desk Policy: No sensitive information left unattended
• Secure Disposal: Proper destruction of documents and electronic media
• Visitor Controls: Strict visitor access and monitoring procedures

Data Retention & Storage

16. Retention Periods

• Active Client Files: Duration of service plus 7 years for legal compliance
• Immigration Documents: 10 years after case completion for potential appeals
• Financial Records: 7 years as required by tax and financial regulations
• Communication Records: 3 years for service quality and dispute resolution
• Marketing Data: Until consent withdrawn or 2 years of inactivity

17. Data Storage Locations

• Primary Storage: Secure servers in India with GDPR-compliant security
• Backup Systems: Encrypted backups in geographically distributed locations
• Cloud Storage: GDPR-compliant cloud providers with data residency controls
• Physical Documents: Secure storage facilities with environmental controls

18. Data Disposal

• Secure Deletion: Cryptographic erasure of electronic data
• Physical Destruction: Certified destruction of paper documents
• Disposal Records: Detailed logs of all data disposal activities
• Verification: Independent verification of complete data destruction

Your Privacy Rights

19. GDPR Rights

• Right to Access: Request copies of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restrict Processing: Limit how we use your personal data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

20. How to Exercise Your Rights

• Written Request: Submit requests via email to privacy@vishwanta.com
• Identity Verification: We may require proof of identity for security
• Response Time: We respond within 30 days of receiving valid requests
• Free of Charge: Most requests are processed free of charge
• Right to Complaint: Contact data protection authorities if unsatisfied

21. Automated Decision Making

• No Automated Decisions: We do not make significant automated decisions about you
• Human Review: All important decisions involve human assessment
• Profiling Transparency: Any profiling activities are clearly explained
• Right to Explanation: You can request explanation of any automated processing

Cookies & Website Data

22. Cookie Usage

• Essential Cookies: Required for website functionality and security
• Analytics Cookies: Anonymous usage statistics to improve our website
• Preference Cookies: Remember your settings and preferences
• No Tracking Cookies: We do not use invasive tracking technologies

23. Website Analytics

• Google Analytics: Anonymized data for website improvement
• IP Anonymization: IP addresses are anonymized for privacy protection
• Opt-Out Available: You can opt out of analytics tracking
• No Personal Identification: Analytics data cannot identify individuals

24. Third-Party Links

• External Websites: Our website may link to third-party sites
• No Responsibility: We are not responsible for third-party privacy practices
• Review Policies: Please review privacy policies of linked sites
• User Caution: Exercise caution when providing information to third parties

Policy Updates & Contact

25. Policy Updates

• Regular Review: This policy is reviewed and updated annually
• Change Notification: Significant changes will be communicated to clients
• Effective Date: Current version effective from August 9, 2025
• Version Control: Previous versions available upon request

26. Data Protection Officer

• Designated Officer: Trained data protection officer oversees compliance
• Regular Training: Continuous education on privacy laws and best practices
• Internal Audits: Regular privacy impact assessments and audits
• External Oversight: Independent privacy compliance reviews