Current as of 20 Jan 2025

Privacy Policy

Your privacy is important to us at Untitled. We respect your privacy regarding any
information we may collect
from you across our website.

(1) Who we are

This Privacy Policy explains how [GVMC legal entity name] (“GVMC”, “we”, “us”, “our”) collects,
uses,
shares, and protects your personal data when you visit our websites, talk to our team, apply for jobs/visas,
or use our services.

Contact (Controller):

Email: privacy@gvmcglobal.com • Support: support@gvmcglobal.com

Address: [Registered address] • Phone/WhatsApp: [+country code number]

EU/UK details (if applicable):

  • EU Representative (GDPR Art. 27): [Name, address, email]
  • UK Representative: [Name, address, email]
  • Data Protection Officer (if appointed): dpo@gvmcglobal.com

(2) What this policy covers

  • Our sites, portals, chat/WhatsApp/email/phone communications, events, and services.
  • People we process data about: candidates, students, tourists, investors and dependents, and
    employers/recruiters, plus website visitors.

This policy does not cover third-party websites, apps, or government/embassy portals. They have
their own
privacy rules.

(3) The data we collect

(A) You give us

  • Identity & contact: name, date of birth, gender, photo, passport details, IDs, addresses, emails,
    phone/WhatsApp.
  • Professional/education: CV/Resume, experience letters, certificates, licenses, language level,
    references.
  • Immigration & travel: visas/permits history, appointments, forms, interview notes, travel plans.
  • Financial & compliance: bank letters/statements, proof of funds, tax numbers/returns, insurance,
    police clearances, medicals (where required by law), source-of-funds (investment routes).
  • Family: spouse/children/parents details for reunification or dependent processing (with required
    consent).
  • Communications: chats, emails, call recordings (if we record for quality; we’ll say so).
  • Preferences: roles, countries, marketing choices.

(B) We collect automatically

  • Device/usage data: IP, pages viewed, timestamps, clicks, referral source.
  • Cookies/SDKs: see Cookie Notice (Section 14).

(C) We get from others (where lawful)

  • From employers/recruiters & universities/training partners: job details, offers, admissions.
  • From background/verification vendors: ID, sanctions/AML checks where needed.
  • From public sources & job boards: (e.g., LinkedIn, government registers).
  • From government/visa centers: (status updates, appointments).

We avoid collecting sensitive data unless strictly required (e.g., medicals/police checks for visas). If we
must, we’ll process under the appropriate legal basis and safeguards.

(4) Why we use your data (purposes) & legal bases

Purpose Examples Legal basis*
Recruitment & placement Match you to roles, schedule interviews, coordinate offers Contract; Legitimate interests
Visa/immigration & travel Prepare documents, forms, appointments, submissions Contract; Legal obligation
Education/Student services Shortlist programs, applications, visa help Contract
Investor/residency services KYC/AML, source-of-funds, filings via licensed partners Legal obligation; Contract
Communications Service updates, reminders, alerts Contract; Legitimate interests
Marketing (optional) Newsletters, program updates Consent; Legitimate interests (where allowed)
Security & fraud prevention Identity checks, misuse monitoring Legitimate interests; Legal obligation
Analytics & product improvement Site/app performance, feature use Legitimate interests

*Under EU/UK GDPR. In other countries we rely on equivalent legal concepts. Where we rely on
consent, you
can withdraw it anytime (Section 10).

(5) Automated decision-making & profiling

We may score profiles to suggest job/visa matches (e.g., skills/country fit). These tools do
not
make final
decisions on their own. You can request human review, express your view, or object (Section 10).

(6) Who we share data with (categories of recipients)

  • Employers & recruiters / universities & schools (when you apply or ask us to share).
  • Embassies/consulates/visa centers (for appointments, filings).
  • Licensed partners & vendors: background checks, translators, notaries, KYC/AML, medicals,
    couriers, insurance, payment processors, IT/cloud providers.
  • Affiliates/Group companies helping deliver services.
  • Authorities/regulators where required by law or to protect rights.

We require recipients to keep data secure and use it only for the stated purpose.

(7) International transfers

We operate globally. Your data may be transferred outside your country (e.g., between the EU, UK, India,
USA, UAE). We use appropriate safeguards: EU Standard Contractual Clauses (SCCs), UK IDTA/Addendum,
adequacy
decisions, or another legal mechanism. You can ask for a copy of relevant clauses (redacted).

(8) Data retention (how long we keep data)

We keep data only as long as needed for the purpose or as the law requires. Typical periods:

  • Candidate/job & visa files: up to 24 months after last activity (or longer if a case is
    ongoing /
    legal retention applies).
  • Student/tourist/immigration case files: 5–7 years after closure (common for compliance).
  • Investor/KYC/AML records: 7–10 years after closure (regulatory requirements).
  • Employer contracts & invoices: 7 years (tax/audit).
  • Marketing contacts: until you unsubscribe or after 24 months of inactivity.
  • Cookies/analytics: per cookie type (see Section 14).

When a retention period ends, we securely delete or anonymize data.

(9) Security

We use technical and organizational measures to keep data safe, including: encryption in transit and at
rest, role-based access, multi-factor authentication, least-privilege access, audit logs, vendor due
diligence and DPAs, staff training, and incident response plans. No method is 100% secure, but we work
continuously to strengthen protections.

(10) Your privacy rights

Depending on your location, you may have the right to:

  • Access your data and get a copy
  • Correct inaccurate data
  • Delete your data (where allowed)
  • Restrict or object to processing (e.g., marketing or profiling)
  • Port your data (structured, machine-readable)
  • Withdraw consent (for things you consented to, like newsletters)
  • Complain to a data-protection authority

How to use your rights: email privacy@gvmcglobal.com with your request and proof of identity.
We’ll
reply
within the legal deadline.

EU/UK: You can also complain to your local authority, e.g., Malta IDPC (or the authority in your
EU/EEA
country), or the UK ICO.

(11) Children’s data

Our services are for adults. If we process data of minors (e.g., dependents in family visas), we do so
with
parental/guardian consent and only as required for the application.

(12) Payments & anti-fraud

Pay only via official GVMC invoices/portals. We never ask you to send money to personal accounts or
random
DMs. If something seems suspicious, contact support@gvmcglobal.com immediately.

We may process limited payment metadata (e.g., transaction ID) via our payment providers; we don’t store
full card numbers on GVMC systems.

(13) Communications (email, SMS, WhatsApp, calls)

We use email/SMS/WhatsApp/calls for application updates and reminders. You can change your preferences or
opt out of marketing messages anytime (service messages may still be necessary). Some channels (e.g.,
WhatsApp) have their own privacy terms.

(14) Cookies & similar technologies

We use:

  • Strictly necessary cookies (site security, forms).
  • Performance/analytics (to improve our site).
  • Functional (to remember choices).
  • Advertising/remarketing (only if you consent, where required).

You can manage cookies via our cookie banner and your browser settings. See the

Cookie Notice

for details
(types, lifetimes, partners).

(15) Special categories & background checks

Some visa routes require police clearances, medicals, or sanctions/AML checks. We process these
only
when
required, with safeguards, and limit access to need-to-know staff and partners.

We ask you not to provide sensitive data that we do not request (e.g., political views, religion)
unless it
is legally required for your case.

(16) Third-party links & services

Our site may link to other sites, job boards, or government portals. Their privacy practices are their own.
Please read their policies.

(17) Changes to this policy

We may update this policy when laws or our services change. We’ll post the new date at the top and, if
changes are significant, provide a notice on our site or by email.

(18) Country-specific information (examples—customize)

EU/UK (GDPR):

  • Legal bases are listed in Section 4.
  • International transfers use SCCs/IDTA or adequacy.
  • You have the rights described in Section 10.

India (DPDP Act, 2023):

  • Grievance Officer: [Name], grievance@gvmcglobal.com
  • We process your data for lawful purposes with your consent or other permitted grounds. You can withdraw
    consent for optional processing at any time.

Add other jurisdictions where you operate (e.g., UAE, US state laws) as needed.

(19) How to contact us

  • Privacy requests: privacy@gvmcglobal.com
  • General support: support@gvmcglobal.com
  • Postal: [Legal entity name & address]
  • EU/UK Rep / DPO: [Details, if applicable]

We’re ready to make your European ambitions a reality whether you’re a candidate, employer or investor.