Privacy Policy

1. User’s Acknowledgement and Acceptance of Terms.

This Privacy Policy describes what information we may collect about you through our website, why we collect it, how we use it, and under what circumstances we may share it with third parties. This Privacy Policy also describes the choices you can make about the collection and use your information. All references to “Controller,” “we,” “us,” or “our” refer to PassRight Sp. z o.o. (Limited Liability Company), which is a Polish private company.

By using our site, you acknowledge and consent to our Privacy Policy and Terms of Use. If you do not consent to our collecting and sharing your information as described in this Privacy Policy, do not use this website.

2. Personal Data Controller

  1. PassRight Sp. z. o. o. (Limited Liability Company) with its registered office in Warsaw at the following address: Al. Jana Pawla II 27, 00-867, entered into the Register of Entrepreneurs under KRS number 0000787977, taxpayer identification number NIP: 5252790665, Polish business registry number REGON: 383442333, is the personal data controller. Data protection is provided pursuant to the universally binding provisions of the law, and the data is stored on protected servers.
  2. As a personal data controller (hereinafter “Controller”) PassRight is committed to the protection of privacy and ensuring confidentiality of the personal data entered by the internet users in the electronic forms on the website located at
  3. The Controller can be contacted by email at: or at the following street address: PassRight Sp. z o. o., Al. Jana Pawla II 27, 00-867 Warsaw, Poland. 
  4. The Controller exercises due diligence in selecting and applying the appropriate technical and organizational measures ensuring the protection of the personal data processed. Only persons duly authorized by the Controller have full access to databases.
  5. The Controller protects the personal data against disclosure to unauthorized persons, as well as against their processing in a manner that is contrary to the law in force.
  6. Visitors to the website may browse the web pages without providing any personal data.

3. Scope of personal data processing

  1. The Controller processes the following types of data provided by the user in the contents of the query addressed to the Controller:
    1. Registration Data. This is data that you voluntarily provide to us and is often information that we need in order to determine your eligibility for our services, or that may be given to us when you request more information and/or contact us. The information depends on the service we are providing and may include your contact and billing info. 
    2. Usage Data. This helps us improve our websites and experiences and is often tracked automatically in the background such as your browser type, operating system, your IP address or device type.
    3. Cookie Data. Cookies are small packets of data which are stored on your computer or mobile device. Cookies are used to make certain features work on our websites as well providing reporting data. For more information on how we collect this information, see our Cookies Policy.
    4. Personal Data. Personal Data is any piece of data that identifies or can be reasonably used to identify you as an individual. We collect Personal Data in a few different ways with the most common being when:
  • you fill out our questionnaire to check your eligibility for our services,
  • you request more information about one of our services,
  • you register your interest in one of our services,
  • you contact us online,
  • you provide feedback or answer a survey relating to one of our services or programs,
  • you voluntarily join our mailing lists.

When registering for any of our services we will ask you for information such as your full name, email address, date of birth, address, postal code and country. During the application we will then ask you to voluntarily provide further information including, for example: employment history, passport number, and U.S. visa history. When requesting more information about our services, registering your interest or contacting us online we may ask you for information such as your full name, email address and contact number.

4. Sensitive Personal Data

  1. Information such as your criminal background, medical history, race or ethnical descent may be considered “Sensitive Personal Data” under the GDPR. We collect this data in order to comply with the visa requirements set by different international governments.
  2. If data has been aggregated or anonymized so it is no longer reasonably associated with an identifiable individual it is no longer classified as Personal Data. PassRight may use this for any business purpose.

5. Lawful Basis for Processing Personal Data under GDPR

When registering for PassRight services we will rely on Contract as the lawful basis for processing your personal information. As a potential customer registering for PassRight services we will need to process your data in order to provide you with our services. When signing up to marketing communication or providing us with feedback related to PassRight services we will rely on Consent as the lawful basis for processing. You will be asked explicitly to provide us with consent for marketing communication at the point of registering for our services. 

6. Lawful Basis for Processing – Criminal Data

PassRight has a lawful basis under Article 6 of GDPR (i.e., contract, legitimate interest) to process data about criminal convictions or offences; the company also has legal authority to do so under Article 10 of GDPR based on data subject consent. A comprehensive register of participant criminal convictions is not kept, and any data related to criminal convictions or offences is anonymized when service is complete.

  1. Usage Data. When visiting a PassRight website or application we collect usage data, which is done automatically in the background. This includes:
  2. Device Information. PassRight collects information about the devices accessing our websites and applications including: the type of device, device operating system, device settings, application IDs, unique device identifiers and crash reports. The exact information we collect varies depending on device and system settings.
  3. Log Data. When visiting our websites or apps our servers automatically record information in server logs. These logs may include information such as your Internet Protocol address, browser type and settings, referring and exit pages, landing pages, pages viewed, language preferences and date and time stamps.
  4. Location Information. When visiting our websites or apps we will receive data that will help us approximate your location – this helps us deliver the correct language and website to you. We may use the IP address from your browser or device to determine approximate location.
  5. Cookie Data. We use cookies on our websites. Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive. Like many sites, we use “cookies” to collect information, however the information is not personally identifiable. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use certain features on our website.

For more information on our use of cookies please read our Cookie Policy

7. How we use your information

We use the information we collect in the following ways:

  • Evaluating whether you qualify for specific visa classification (and it may be shared with third-party organizations for this purpose);
  • Enabling you to participate in a variety of our site’s features, including verifying your information is active and valid;
  • Improving our site, marketing, or services, and customizing your site experience;
  • Providing customer support and contacting you with regard to your use of the website and changes to the website or its policies;
  • Furthering our business purposes and the business purposes of third parties we share your information with;
  • Processing transactions or providing you with information (e.g. newsletters), or providing you with surveys, or promotional materials on behalf of us or third parties;
  • Contacting you by phone, email, mail, or any other manner with information about our services; and
  • Any additional purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Policy.

8How we disclose or share data

In all cases relating to PassRight programs or services, PassRight is the Controller. PassRight does not sell or rent Personal Data to unaffiliated third parties or companies for marketing purposes. We will only share your data with trusted third parties or affiliates including:

  1. Service Providers. In order to provide our services to customers we use third party providers for areas such as infrastructure, email communication, payment gateways and evaluations.
  2. PassRight Affiliates. We may share Data with companies worldwide that we control or are under our common control, to provide our services. PassRight is the Data Controller and responsible for the management and use of the Data by these affiliated parties. Affiliated parties will act as the Data Processor. We will only share data that is needed to provide our services and the data usage will be limited to that. Companies within PassRight will always process data in accordance with this Privacy Policy or where national law imposes a requirement, which is stricter than imposed by this policy, the requirements in national law must be followed. Furthermore, where national law imposes a requirement that is not addressed in this policy, the relevant national law must be adhered to.
  3. Partners. In order to provide our services of visa preparation around the world, we work with a range of Partners such as, Law Firms, and Visa Sponsors. When necessary we will share required Personal Data with them. This is only for the purpose of delivering visa consultation services and will only be done with your consent when signing our Contract. All Partners have signed a Data Protection Agreement with PassRight which ensures your Personal Data will be managed in accordance with GDPR.
  4. Safety, Legal and Law Enforcement. PassRight may share your Personal Data in order to comply with safety, legal and law enforcement purposes. 

9. Data Retention. 

Your Personal Data is only ever used for the purposes for which it was collected and will only be retained for as long as it is needed to fulfill contractual, financial and legal obligations. In general:

  1. If you register for our service but do not progress to making a payment, all of your Personal Data will be deleted thirty (30) days after the date of registration.
  2. If you register for a program and make a payment, your Personal Data (except name, address and financial transactions) will be deleted two (2) years after the date of your last payment or two (2) years after the completion of our Contract (whichever is later). All remaining Personal Data will be deleted three (3) years after the date of your last payment.

10. Your Rights. 

You have the right to:

  • A copy of the Personal Data we hold about you. 
  • Request erasure or restriction of your Personal Data.
  • Request rectification to correct any inaccuracies in the Personal Data we hold.
  • Object to your Personal Data being processed.
  • Request not to receive any direct marketing material from us, such emails or physical letters.
  • Lodge a complaint with the UODO or another supervisory body.

11. Contact information. 

You may assert your rights and raise your concerns or complaints about the handling of your personal data by hitting “unsubscribe” in marketing emails or by writing to PassRight Sp. z o. o., Al. Jana Pawla II 27, 00-867 Warsaw, Poland or at

Policy last updated [March 9, 2021]