Visas
Migrizo
Check Eligibility →
Legal

Privacy Policy

How we collect, use, and protect your personal information — written in plain English, aligned with the UK GDPR and the Data Protection Act 2018.

Last updated: 20 April 2026 UK GDPR & DPA 2018 compliant

The short version. We only collect what we need to advise on your visa or match you with a role. We don't sell your data. We don't profile you for advertising. If you want your data deleted, email us and it's gone within 30 days — except where the law requires us to keep records (we explain those cases below).

1. Who We Are

Migrizo ("we", "us", "our") is a UK-registered immigration advisory firm, also trading as Grownmind in some contexts. We help individual applicants secure merit-based visas and help employers hire relocation-ready global talent.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Migrizo is the data controller for the personal information collected through this website and our services.

Registered address: Suite 39, Podium, 85 Ealing Cross, London W5 5BW, United Kingdom.
Email: info@migrizo.com

2. What We Collect

We collect personal information in three ways. We've listed each category below with the specific fields involved.

(a) Information you give us directly

When you complete the eligibility assessment, submit a contact or employer enquiry form, or engage us as a client, we collect:

  • Identity data: full name, date of birth (where provided for visa processing), nationality.
  • Contact data: email address, phone number, postal address, country of residence.
  • Professional data: current employer, job title, years of experience, salary band, education, industry, areas of specialisation, CV content.
  • Achievement data: awards, patents, publications, media mentions, open-source contributions, references — the kind of information needed to evidence a merit-based visa case.
  • Visa-related data: travel history, prior visa applications, destination preferences, intended visa route.
  • Company data (employers only): company name, size, role briefs, salary ranges, hiring timelines.
  • Free-text content: any information you write in message or notes fields.

(b) Information we collect automatically

When you visit our website, we automatically collect limited technical data via standard web analytics:

  • IP address, approximate location (country/city level only), browser type and version, operating system.
  • Pages visited, referring URL, session duration, clicks on forms and buttons.
  • Cookie identifiers (see Section 9).

(c) Information from third parties

In limited cases, we may receive information about you from:

  • References you nominate (e.g. former managers writing reference letters for a visa application).
  • Endorsement bodies (e.g. Tech Nation, NASEM, Anabin) during application processing — only with your consent.
  • Employers you've agreed to be introduced to.

We do not purchase data from brokers, scrape profiles from third-party platforms, or enrich your record from public sources without telling you.

3. How We Use Your Information

We use your information for the following defined purposes:

Eligibility assessment
To score your profile against merit-based visa criteria and return a matched visa shortlist.
Client service delivery
To advise on your case, build evidence packs, prepare endorsement applications, and file visa paperwork with government bodies.
Employer matching
To match relocation-ready candidates with employer briefs, with the consent of both parties before any personal details are shared.
Communication
To respond to enquiries, send case updates, and — only if you opt in — send occasional updates about visa route changes or Migrizo services.
Billing & records
To raise invoices, collect payment, and maintain financial records as required by HMRC and UK company law.
Service improvement
To understand how our site is used, identify friction points, and improve the eligibility assessment — using aggregated, de-identified data only.
Legal compliance
To meet our obligations under immigration advisory regulations, anti-money-laundering law, and any lawful government request.

We do not use your information for automated decision-making that has legal or similarly significant effects on you. The final eligibility assessment always involves human Case Officer review before any engagement.

Under UK GDPR Article 6, we process your data only where we have a lawful basis. The basis depends on the purpose:

  • Consent — when you tick a marketing opt-in, submit an eligibility assessment, or ask us to share your profile with an employer.
  • Contract — when you engage us as a client, we process your data to deliver the services we've agreed.
  • Legitimate interests — for responding to your enquiries, improving our service, and maintaining the security of our systems. We've weighed these interests against your rights and believe they don't override them, but you can object at any time (see Section 8).
  • Legal obligation — when we need to keep records for tax, anti-money-laundering, or regulatory reasons.

Where we process special category data (e.g. sensitive personal details disclosed in visa applications relating to health, political views, or similar), we rely on your explicit consent under UK GDPR Article 9(2)(a).

5. Who We Share Your Information With

We share your data with only the following categories of recipients, and only as necessary:

Internal team

Your dedicated Case Officer and, where relevant, senior reviewers. Access is restricted on a need-to-know basis.

Government bodies (with your consent)

When you engage us to handle a visa application, we share your information with the relevant immigration authority — UK Home Office, US USCIS, Australian Department of Home Affairs, or German Federal Foreign Office. We also share with endorsement bodies such as Tech Nation (UK), National Academies of Sciences, Engineering, and Medicine (US), and Anabin (Germany). This sharing is always with your prior written consent, on a case-by-case basis.

Employers (for talent matching)

If you opt in as a candidate on our employer platform, we share a specified profile (skills, experience, expected salary, relocation readiness) with employers whose briefs match. We never share your contact details without your consent.

Service providers (data processors)

We rely on a small number of vetted third parties to operate. Each has a signed Data Processing Agreement with us. Currently, these include:

  • Netlify, Inc. — website hosting and form submissions.
  • Google LLC — email (Gmail) and office productivity (Drive, Docs).
  • WhatsApp / Meta — messaging channel (we only receive what you send us).
  • Zoho Corporation — client relationship management.
  • Payment processors — for collecting fees (Stripe or equivalent).

Professional advisors

Our accountants, lawyers, and regulatory advisors, where needed to operate the business and respond to legal requirements.

We do not sell, rent, or trade your personal information to third parties. Period.

6. International Data Transfers

Our services inherently involve moving data across borders. If you're in India applying for a UK visa, your data will cross at least two jurisdictions. We handle these transfers under the following safeguards:

  • Within the UK / EEA: no additional measures required.
  • To the United States (e.g. Netlify, Google): we rely on the UK's adequacy finding for the EU-US Data Privacy Framework, or Standard Contractual Clauses (SCCs) where the provider hasn't certified.
  • To other countries (e.g. government visa authorities in Australia, Germany): we rely on explicit consent you give when engaging us for a specific visa route, since the transfer is necessary to perform the contract.

You can request a copy of the specific safeguards in place for any transfer by emailing us.

7. How Long We Keep Your Information

We keep personal data only as long as it serves a defined purpose. Retention periods are:

Eligibility assessments (unconverted)
24 months, then deleted, unless you opt in to longer retention.
Contact form enquiries
12 months after the last interaction, then deleted.
Client case files
6 years after case closure (to comply with UK HMRC and professional record-keeping requirements).
Financial records (invoices, payments)
6 years minimum, per UK tax law.
Employer platform profiles
Active while you remain on the platform; deleted within 30 days of your request.
Marketing consent
Until you unsubscribe, then held as a suppression record only.
Website analytics (cookies)
Up to 14 months (standard Google Analytics retention).

8. Your Rights

Under UK GDPR, you have the following rights over your data. All of these are free to exercise. We respond within 30 days.

  • Right to access: request a copy of the personal data we hold about you.
  • Right to rectification: correct anything that's inaccurate or incomplete.
  • Right to erasure: ask us to delete your data ("right to be forgotten"), subject to the retention periods set out above.
  • Right to restrict processing: ask us to pause using your data in certain situations.
  • Right to data portability: receive your data in a structured, machine-readable format, or have it transferred to another provider.
  • Right to object: object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: where we rely on consent, you can withdraw it at any time. Doing so doesn't affect processing that happened before withdrawal.
  • Right to complain: lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk. We'd rather hear from you first — but the right is yours.

To exercise any of these rights, email info@migrizo.com with "Data request" in the subject line. We may ask for proof of identity before acting.

9. Cookies

Our website uses a small number of cookies and similar technologies. We categorise them as follows:

  • Strictly necessary cookies: required for the site to function (e.g. remembering your form inputs during a session). These don't require consent.
  • Analytics cookies: help us understand how visitors use the site (via Google Analytics). We only activate these with your consent.
  • Functional cookies: remember your preferences (e.g. whether you've dismissed a banner).

We do not use third-party advertising cookies or tracking pixels from ad networks. You can disable cookies in your browser settings, but parts of the site may not work as intended.

10. How We Protect Your Data

We take data security seriously, especially given the sensitivity of visa and immigration data. Our measures include:

  • HTTPS encryption across our entire website.
  • Two-factor authentication on all internal systems (email, CRM, file storage).
  • Role-based access control — staff only see data they need for their role.
  • Encrypted backups with a documented recovery plan.
  • Regular security reviews of third-party service providers.
  • A data breach notification process: if a breach occurs and creates a risk to you, we will notify you and the ICO within 72 hours as required by law.

No system is 100% secure. If you suspect a breach, email us immediately.

11. Children

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe we've inadvertently collected data about a minor, please contact us and we'll delete it promptly.

12. Changes To This Policy

We may update this policy from time to time — when our services change, when the law changes, or when we improve our practices. The "Last updated" date at the top reflects the current version. For material changes, we'll notify existing clients by email.

13. Contact Us About Your Data

For any privacy matter — data requests, consent questions, or complaints — email us directly:

Email: info@migrizo.com (subject: "Data request")
WhatsApp: +44 7887 348822
Post: Migrizo, Suite 39, Podium, 85 Ealing Cross, London W5 5BW, United Kingdom

If we don't resolve your concern to your satisfaction, you have the right to complain to the UK Information Commissioner's Office at ico.org.uk or by calling +44 303 123 1113.