Book a Consultation
Contact us
Sign In

Privacy Policy

  • Home
  • /
  • Privacy Policy

Privacy Policy

Effective Date: January 1, 2025

This Privacy Policy ("Policy") describes how Rytime Travels  Ltd. ("Company," "we," "us," or "our") collects, uses, stores, and discloses your personal information when you visit our website, use our services, contact us, or otherwise interact with us online or offline. This Policy is designed to ensure transparency, accountability, and legal compliance with applicable global data protection laws, including but not limited to the General Data Protection Regulation (GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Nigerian Data Protection Regulation (NDPR), and California Consumer Privacy Act (CCPA),   It also meets the threshood  of other nations privacy law.

By accessing our services, booking a consultation, submitting your information through our forms, or creating an account with us, you agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use our services.

1. Scope of This Privacy Policy

This Privacy Policy applies to personal data collected through:

  • Our official websites and web portals;
  • All digital platforms or mobile services under the Rytime Travels  brand;
  • Online appointment booking systems and payment interfaces;
  • Consultation sessions, application processing, and legal document handling;
  • Email communication, phone calls, and physical office visits;
  • Any third-party services integrated with our client services (e.g., secure document uploads);
  • Job applications, business partnerships, affiliate or referral inquiries;
  • Cookies, analytics platforms, and automated tools used on our site.

This Policy does not apply to third-party websites or services linked to or from our website. We are not responsible for the privacy practices of any third parties.

2. Definitions

For purposes of this Policy:

  • Personal Data refers to any information relating to an identified or identifiable individual, including names, contact details, passport numbers, IP addresses, identification documents, or biometric data.
  • Processing means any operation performed on personal data, including collection, storage, use, disclosure, modification, or deletion.
  • Data Subject refers to the individual whose personal data is collected.
  • Data Controller means the entity that determines the purposes and means of processing personal data (in this case, Rytime Travels Ltd).
  • Consent means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data.

3. Types of Personal Data We Collect

Depending on your relationship with us, we may collect the following categories of personal data:

A. General Identification and Contact Data

  • Full name
  • Date of birth
  • Gender
  • Photographs or scanned IDs
  • Address and nationality
  • Email address and phone number
  • Next of kin or family information
  • And, other information based on need.

B. Immigration-Related Information

  • Passport details
  • Visa or permit history
  • Education background
  • Employment records
  • Medical history (when required by immigration authorities)
  • Criminal record or background checks
  • Language test scores (IELTS, TOEFL, etc.)
  • Proof of funds or bank statements,
  • And, other information based on naeed.

C. Financial and Payment Information

  • Billing address
  • Credit/debit card details (via third-party payment processors)
  • Invoices and payment history
  • Consultation and service agreement records,
  • IP address and browser information
  • Device type, OS, and screen resolution
  • Pages visited, time on site, and clickstreams
  • Cookie identifiers and tracking pixels

E. Communication and Support Data

  • Correspondence via email or phone
  • Form submissions and contact requests
  • Support inquiries and notes from calls or chats

4. How We Use Your Personal Data

We use the personal data we collect for the purposes described in this Policy or as otherwise disclosed to you at the time of collection. The legal bases for processing your data may vary depending on your jurisdiction (e.g., consent, contract, legal obligation, legitimate interest). Specifically, we may use your personal information for the following:

A. Service Provision and Contract Fulfillment

  • To assess your eligibility for immigration, visa, study, or work programs;
  • To prepare, complete, and submit immigration or government applications on your behalf;
  • To manage your consultation and case files;
  • To send updates regarding your application progress and status;
  • To fulfill our obligations under service contracts or agreements you enter into with us.

B. Account Registration and Access

  • To create and manage user accounts and client portals;
  • To provide secure login access and identity verification for registered users;
  • To track consultation history, document uploads, and client notes within your account;
  • To allow clients to apply for new consultations or services securely through the portal.

C. Communication and Support

  • To respond to your inquiries, support tickets, or complaints;
  • To contact you about updates, changes to services, deadlines, or legal notices;
  • To follow up on leads or service requests you have initiated on our platforms;
  • To provide reminders and notifications related to your immigration journey.

D. Payment Processing and Billing

  • To process service or consultation payments via secure payment processors;
  • To issue receipts and invoices for tax or regulatory compliance;
  • To handle refunds, chargebacks, or disputes when applicable;
  • To detect and prevent fraudulent transactions or misuse of payment systems.

E. Legal and Regulatory Compliance

  • To comply with legal obligations, such as anti-money laundering (AML), know-your-customer (KYC), and international sanctions screening;
  • To disclose information when requested by immigration authorities, courts, or law enforcement (as required by law);
  • To retain application files for audit and regulatory purposes, in line with legal retention requirements;
  • To ensure adherence to data protection laws across jurisdictions where we operate.

F. Analytics and Platform Improvement

  • To monitor traffic, behavior, and technical performance of our website;
  • To understand user preferences and optimize site navigation or content delivery;
  • To track engagement metrics, consultation interest, and service performance;
  • To develop and improve products, processes, features, and customer experience.

G. Marketing and Promotional Purposes

  • To send newsletters, immigration news updates, and educational materials (with your consent);
  • To promote webinars, information sessions, or workshops you may find relevant;
  • To offer loyalty programs, discounts, or referral incentives;
  • To display testimonials or anonymized success stories with your approval.

We do not sell or rent your personal information to third parties for marketing purposes.

5. Lawful Basis for Processing Personal Data

Our processing of your personal data is grounded in one or more legal bases, depending on the nature of your interaction with us and the applicable data protection laws in your country. Below are the most common legal grounds under which we collect and use your information:

A. Consent

In many cases, we rely on your explicit consent to process personal data. For example:

  • When you submit a consultation request form;
  • When you opt-in to receive newsletters or marketing emails;
  • When you agree to our Terms of Service and Privacy Policy upon creating an account;
  • When you upload or share immigration-related documents voluntarily.

You may withdraw your consent at any time by contacting our Data Protection Officer (DPO) or by using the unsubscribe link in our communications. Please note that withdrawing consent does not affect the lawfulness of prior processing based on your consent.

B. Contractual Necessity

We process your personal data when it is necessary to fulfill a contract with you or to take steps at your request before entering into a contract. For example:

  • Processing your application after you book a consultation;
  • Communicating with you regarding case progression and deadlines;
  • Creating and managing your client account or consultation record;
  • Providing you with the legal representation or immigration services you paid for.

C. Legal Obligation

We process personal data to comply with various legal, statutory, or regulatory obligations. Examples include:

  • Retention of billing records and consultation logs for accounting and tax compliance;
  • Disclosure of required information to immigration or government agencies;
  • Verifying client identities for anti-fraud and anti-money laundering (AML) purposes;
  • Maintaining documentation for audits or official investigations.

D. Legitimate Interests

In some instances, we may process your personal information based on our legitimate interests, provided that such processing does not override your rights and freedoms. This may include:

  • Improving our website functionality and service delivery;
  • Monitoring system performance and user behavior to detect misuse or threats;
  • Conducting internal research or satisfaction surveys to enhance the client experience;
  • Informing you of services or programs that are directly related to your immigration interests or past interactions.

E. Vital Interests

In rare cases, we may process personal data to protect your vital interests or those of another person. For example:

  • Reporting a medical emergency disclosed during a visa application (if required by law);
  • Alerting relevant authorities in the event of immediate threat to a client's life or safety during the immigration process.

F. Public Interest or Official Authority

Where applicable, we may process data under the lawful basis of carrying out a task in the public interest or exercising official authority, such as where immigration laws or treaties require it.

7. International Data Transfers

As we operate globally with  partners in Canada,  United States,  and  European Union, (EU), and serve clients worldwide, your personal information may be transferred to, stored in, or processed in jurisdictions outside your country of residence. These jurisdictions may have different data protection laws that may not offer the same level of protection as those in your home country. However, we take all reasonable steps to ensure that your information remains protected in compliance with this Privacy Policy and applicable laws.

A. Data Hosting and Processing Locations

Our servers and third-party cloud service providers may be located in jurisdictions such as:

  • Canada
  • Nigeria
  • European Union (EU)
  • United States of America
  • Other jurisdictions as necessary for service delivery

We carefully select our infrastructure providers and require that they adhere to strict security, privacy, and data protection standards consistent with global regulations, including the General Data Protection Regulation (GDPR), Nigeria Data Protection Act (NDPA), and Personal Information Protection and Electronic Documents Act (PIPEDA Canada).

B. Safeguards for International Transfers

Where required by law, we implement one or more of the following safeguards for international data transfers:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Data Processing Agreements (DPAs) with binding terms that ensure adequate protection;
  • Reliance on adequacy decisions where the destination country offers equivalent protection;
  • Encryption, access controls, and anonymization of sensitive data before transfer;
  • Minimizing data shared to only what is necessary for service delivery or legal compliance.

C. Your Consent to Cross-Border Transfers

By submitting your personal information to us, you consent to its transfer, storage, and processing in countries where we or our partners operate, in accordance with this Privacy Policy and applicable legal frameworks.

D. Your Rights Regarding Transferred Data

You may have the right to request additional details about how your data is transferred and the safeguards in place. If you reside in the EU, UK, or other jurisdictions with data export restrictions, you may also have the right to obtain a copy of the Standard Contractual Clauses or equivalent mechanisms upon request.

6. Data Sharing and Disclosure

We treat all personal information provided to us with the highest degree of confidentiality. However, there are specific circumstances under which your personal data may be shared with third parties in accordance with legal requirements, industry practices, or your consent. These include but are not limited to the following:

A. Immigration Authorities and Government Agencies

We may disclose personal information to immigration bodies, embassies, consulates, border agencies, and other relevant government authorities as required to process your visa or immigration application. This may include entities such as:

  • Immigration, Refugees and Citizenship Canada (IRCC)
  • Canada Border Services Agency (CBSA)
  • U.S. Citizenship and Immigration Services (USCIS)
  • UK Visas and Immigration (UKVI)
  • Other country-specific immigration agencies

B. Service Providers and Sub-Processors

We may engage vetted third-party service providers to perform specific tasks on our behalf. These parties may access personal data only to the extent necessary to provide services such as:

  • Cloud data hosting and backup solutions
  • Secure document storage and transmission
  • Payment processing (e.g., Paystack, Stripe, PayPal)
  • Email and SMS communication platforms
  • Translation or credential evaluation services

All such providers are bound by confidentiality agreements and must comply with applicable data protection laws, including the GDPR and Nigerian Data Protection Regulation (NDPR) where applicable.

C. Legal Disclosures

We may disclose your personal data where required by law, regulation, court order, or other legal processes, or to establish, exercise, or defend our legal rights. This includes disclosures to:

  • Regulatory authorities
  • Law enforcement agencies
  • Government oversight bodies or licensing institutions

D. Business Transfers

If we are involved in a merger, acquisition, restructuring, or asset sale, your personal information may be transferred to the acquiring entity, subject to the guarantees of continued protection in line with this Privacy Policy.

E. Professional Advisors

We may disclose limited personal information to our professional advisers (such as lawyers, auditors, accountants, or IT consultants) when necessary for legal, tax, or regulatory purposes or to ensure business continuity and legal compliance.

F. With Your Consent

In cases not covered by the above, we will seek your explicit consent before disclosing personal data to any external party. You have the right to withdraw such consent at any time, which will not affect the processing already carried out based on the initial consent.

7. International Data Transfers

As our services are available globally and  serve clients worldwide, your personal information may be transferred to, stored in, or processed in jurisdictions outside your country of residence. These jurisdictions may have different data protection laws that may not offer the same level of protection as those in your home country. However, we take all reasonable steps to ensure that your information remains protected in compliance with this Privacy Policy and applicable laws.

A. Data Hosting and Processing Locations

Our servers and third-party cloud service providers may be located in jurisdictions such as:

  • Canada
  • Nigeria
  • European Union (EU)
  • United States of America
  • Other jurisdictions as necessary for service delivery

We carefully select our infrastructure providers and require that they adhere to strict security, privacy, and data protection standards consistent with global regulations, including the General Data Protection Regulation (GDPR), Nigeria Data Protection Act (NDPA), and Personal Information Protection and Electronic Documents Act (PIPEDA Canada).

B. Safeguards for International Transfers

Where required by law, we implement one or more of the following safeguards for international data transfers:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Data Processing Agreements (DPAs) with binding terms that ensure adequate protection;
  • Reliance on adequacy decisions where the destination country offers equivalent protection;
  • Encryption, access controls, and anonymization of sensitive data before transfer;
  • Minimizing data shared to only what is necessary for service delivery or legal compliance.

C. Your Consent to Cross-Border Transfers

By submitting your personal information to us, you consent to its transfer, storage, and processing in countries where we or our partners operate, in accordance with this Privacy Policy and applicable legal frameworks.

D. Your Rights Regarding Transferred Data

You may have the right to request additional details about how your data is transferred and the safeguards in place. If you reside in the EU, UK, or other jurisdictions with data export restrictions, you may also have the right to obtain a copy of the Standard Contractual Clauses or equivalent mechanisms upon request.

8. Data Retention

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, including satisfying legal, regulatory, contractual, or legitimate business requirements. The specific retention period depends on the nature of the information, the purpose for which it was collected, and applicable legal obligations.

A. General Retention Policy

We maintain a comprehensive data retention policy that categorizes data based on its type and purpose. In general:

  • Client information related to immigration processing is retained for a minimum of seven (7) years after the completion of the service or the end of the client relationship, to comply with audit, legal, and immigration authority requirements.
  • Financial records, invoices, and payment logs are retained for a minimum of seven (7) years, or longer if required by tax authorities or relevant financial regulations.
  • Website usage data, logs, and analytics are typically retained for up to two (2) years unless required for legal or security investigations.
  • Marketing consent records and opt-in data are retained until the user revokes consent or requests deletion.

B. Criteria for Determining Retention Periods

We consider several factors to determine the appropriate retention periods for your personal information:

  • Legal and regulatory obligations in the jurisdictions where we operate;
  • The type and sensitivity of the data collected;
  • The duration of our relationship with you and whether you are an active client;
  • The purpose(s) for which the data was collected;
  • Potential litigation or dispute resolution needs;
  • Applicable statutes of limitation under immigration or data protection laws.

C. Secure Disposal of Data

Once the retention period expires or the data is no longer required, we securely dispose of your information in compliance with applicable laws. Disposal methods include:

  • Secure digital deletion or overwriting of electronic files;
  • Shredding of paper-based records;
  • Revoking access rights to archived databases;
  • Data anonymization or aggregation where continued use is needed without identifying individuals.

D. Exceptions

In certain circumstances, we may retain your data longer than the standard retention periods, such as:

  • Where a legal claim is in progress or anticipated;
  • To comply with a request from a regulatory or government authority;
  • If we are required to retain data under immigration case law or country-specific compliance rules.

If you have any questions regarding our data retention practices or wish to request early deletion of your personal information, you may contact us using the details provided in the Contact Us section of this  Privacy Policy.

9. Your Privacy Rights

We recognize that individuals may have certain rights under applicable data protection laws depending on their country of residence. These rights are designed to give you more control over how your personal information is collected, used, and retained. We are committed to ensuring that your rights are respected and fulfilled in accordance with all applicable legal frameworks, including but not limited to the General Data Protection Regulation (GDPR EU), the Nigeria Data Protection Act (NDPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA Canada).

A. Right to Access

You have the right to request access to the personal information we hold about you, including the purposes for which it is used, the categories of data involved, the recipients (or categories of recipients) to whom the data has been or will be disclosed, and the retention period.

B. Right to Rectification

If you believe that the information we hold about you is inaccurate or incomplete, you have the right to request correction or update. We will respond to such requests promptly and make the necessary changes where appropriate.

C. Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal information under certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected or when you withdraw your consent (where applicable). Please note that this right may be limited if the information is required to comply with legal obligations or in defense of legal claims.

D. Right to Restrict Processing

You can request that we limit the processing of your personal data where one of the following applies:

  • You contest the accuracy of the data;
  • Processing is unlawful but you oppose deletion and request restriction instead;
  • We no longer need the data, but you require it for legal claims;
  • You have objected to processing and verification is pending.

E. Right to Data Portability

You may request to receive the personal data that you provided to us in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller where feasible and legally applicable.

F. Right to Object

Where we rely on legitimate interest as the legal basis for processing your data, or where your data is being used for direct marketing, you have the right to object to such processing at any time.

G. Right to Withdraw Consent

If you have given consent for the processing of your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing carried out before your withdrawal.

H. Right to Lodge a Complaint

If you believe that we have not handled your personal data in a manner that complies with applicable law, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. Examples include:

  • Office of the Privacy Commissioner of Canada (PIPEDA)
  • Nigeria Data Protection Commission (NDPC)
  • Your local Data Protection Authority in the EU or UK

I. How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

We may request additional information to verify your identity before acting on your request. We aim to respond within 30 calendar days, subject to any extensions permitted by law.

10. Cookies and Tracking Technologies

Our website and client portals use cookies and other similar technologies to enhance your browsing experience, analyze site traffic, understand usage patterns, and support certain functionalities such as secure login and personalized services. This section explains what cookies are, what types we use, why we use them, and how you can control them.

A. What Are Cookies?

Cookies are small text files that are stored on your device (computer, tablet, smartphone) when you visit a website. They help websites remember your preferences, activities, or login details over time. Cookies may be set by us ("first-party cookies") or by third parties ("third-party cookies") such as analytics or advertising partners.

B. Types of Cookies We Use

  • Essential Cookies: These cookies are strictly necessary for the operation of our website and portals. They enable core functions such as page navigation, secure areas, user session management, and form submissions.
  • Performance and Analytics Cookies: These cookies collect anonymized information about how users interact with our website. We use services like Google Analytics to track page visits, bounce rates, device usage, and navigation behavior. This helps us optimize our content and improve user experience.
  • Functionality Cookies: These cookies remember your preferences and choices (such as language selection, location, or past interactions) to personalize your experience.
  • Advertising and Retargeting Cookies: These cookies track your browsing behavior and may be used to deliver relevant ads on other websites. We may use Facebook Pixel, Google Ads, or similar tools to retarget visitors who have shown interest in our services.
  • Security Cookies: These cookies are used to detect and prevent fraudulent activity, protect user sessions, and monitor unauthorized access to your account.

C. Third-Party Technologies

We may also embed third-party content or use third-party tools (e.g., YouTube, live chat, payment gateways, or social media plugins) that place cookies on your device when you interact with them. These third parties are responsible for their own cookie and privacy practices, and we encourage you to review their respective policies.

D. How to Control Cookies

You have the right to control or restrict the use of cookies on your device:

  • You can manage cookie preferences using our on-site Cookie Consent Manager (where available).
  • You can delete cookies through your browser settings. Most browsers also allow you to block cookies entirely or to alert you before they are placed.
  • Opt-out options for third-party cookies (e.g., Google Ads, Facebook Pixel) can be accessed through the respective platform's settings.

Please note that disabling certain cookies may limit your ability to use some features of our site or access secure areas, including client login areas and consultation forms.

E. Do Not Track (DNT) Signals

Some browsers offer a "Do Not Track" feature. While we currently do not respond to DNT signals due to inconsistent standards, we honor your choices made through our cookie consent banner or browser settings.

F. Updates to Cookie Policy

We may update our use of cookies from time to time to reflect changes in technology, legal requirements, or business practices. We will notify you through our site or cookie banner when significant changes are made.