Express Visa Consulting LTD
Company No. 16290425 · Last updated: June 2025
Visa applications involve sensitive personal information such as bank statements, academic transcripts, travel history, family details. You are sharing information with us that you would not disclose to most people, and we treat that responsibility with the utmost seriousness.
This policy outlines what data we collect, why we collect it, how we store it, and your legal rights regarding it. As an organization registered in England and Wales, we operate under the UK GDPR and the Data Protection Act 2018. We also comply fully with all applicable Sri Lankan data protection regulations.
1. Who Controls Your Data
The data controller is Express Visa Consulting LTD, Company No. 16290425, with a registered office at 71–75 Shelton Street, Covent Garden, London.
For any privacy-related questions, contact us at +94 76 667 1267 or via WhatsApp.
2. What We Collect
We collect only what we need to do our job. That typically includes:
Your full name, date of birth, nationality, and passport details
Contact information: phone number, email address, and home address
Financial documents such as bank statements and proof of income or sponsorship
Academic records: certificates, transcripts, and English language test results
Travel history, including previous visas and any refusals
Information about the course or institution you’re applying to
Any other information you share with us during consultations
We don’t collect sensitive information we don’t need. If we ask for something, it’s because the application requires it.
3. Why We Collect It
We process your personal data to:
Assess your eligibility for the visa type you’re applying for
Prepare, review, and submit your visa application accurately
Communicate with you about your case
Comply with our legal and regulatory obligations
The legal basis for processing your data is primarily the performance of a contract, since you are engaging us to provide a service that requires your information to be delivered. In some cases, we may also process data to comply with a legal obligation.
4. Who We Share It With
We don’t sell your data. We don’t share it with marketers. The only parties who may receive your information are:
Members of our team who are working on your case
The immigration authority of the country you’re applying to because your application must be submitted to them
Third-party service providers such as translation agencies or courier services, where they are directly involved in your application process
Regulatory or legal authorities, if we are required by law to disclose it
Any third party we work with is required to handle your data with the same level of care we apply ourselves.
5. International Transfers
Since we prepare applications for multiple destination countries including the UK, Australia, New Zealand, Canada, Europe, and Dubai, your data will be transferred to those jurisdictions as part of the application process. Each of these transfers is necessary to fulfill the service you have engaged us to provide.
We operate from Sri Lanka and are registered in the UK, meaning your data moves between these jurisdictions as part of normal operations. We ensure these transfers are made securely and with appropriate protections in place.
6. How Long We Keep Your Data
We keep your file for seven years after your engagement with us ends. That period exists because immigration history can become relevant to future applications, and you may come back to us. After seven years, we will delete your personal data securely.
If you ask us to delete your data earlier, we will, unless we’re legally required to retain it (for example, for tax or compliance purposes).
7. How We Protect It
Your documents and personal information are stored on password-protected systems. Physical documents are held securely and not left accessible to people outside our team. We use encrypted communication channels where possible.
No system is entirely immune to breach, but we take reasonable and appropriate steps to protect your information. If a breach occurs that poses a risk to you, we’ll notify you and the relevant authority as required by law.
8. Your Rights
Under UK GDPR, you have rights over your personal data. Specifically, you can:
Request access to the personal data we hold about you
Ask us to correct anything that’s inaccurate
Ask us to delete your data, subject to any legal obligations we have to retain it
Object to how we’re processing your data in certain circumstances
Ask us to restrict processing while a dispute is resolved
Request a portable copy of your data in a machine-readable format
To exercise any of these rights, contact us at +94 76 667 1267 or by WhatsApp. We’ll respond within one month.
9. Cookies and Website Data
If you contact us through WhatsApp or social media platforms such as Facebook, Instagram, and LinkedIn, those platforms handle your data under their own privacy policies. We do not control those platforms or their data practices.
We do not currently operate a website that utilizes tracking technologies. If that changes in the future, we will update this policy to reflect those changes.
10. Complaints
If you’re unhappy with how we’ve handled your personal data, please contact us first. We would genuinely like the chance to put it right.
If you are not satisfied with our response, you can raise a complaint with the Information Commissioner’s Office (ICO) in the UK at www.ico.org.uk, or with the relevant data protection authority in Sri Lanka.
11. Changes to This Policy
We’ll update this policy if our practices change or if the law requires it. The date at the top of this document shows when it was last updated. If we make a significant change, we’ll let you know directly.
Privacy policies shouldn’t be something you click past without reading. If anything here is unclear, call us. You have a right to understand what happens with your information.