Somygo
Privacy Policy

How we handle your data.

Effective: 02 May 2024Last updated: 02 May 2024
Who We Are

Somygo is a trading name of S O Immigration Limited

Legal entity
S O Immigration Limited
Trading as
"Somygo"
Company number
08239985 (England & Wales)
Registered office
42 Fords Park Road, London, England, E16 1NL
Website
somygo.com

Offices & contact

United Kingdom · EMEA

UK Office

42 Fords Park Road, London, England, E16 1NL

+44 (0)74 5742 4280 · info@somygo.com

Mon–Fri, 09:00–18:00 GMT/BST

United States · APAC

US Office

1 City Center, Portland, ME 04101

+1 (321) 220-7399 · info@somygo.com

Mon–Fri, 09:00–18:00 ET (with evening overlap for APAC)

1.

Scope

This policy explains how we collect, use, disclose, store, and protect personal data when you:

  • visit our websites or social pages;
  • submit a form or book a consultation;
  • engage us for immigration services;
  • receive updates or marketing communications; or
  • apply for a role with us.

This policy does not cover third-party websites or services we link to.

2.

The data we collect

A. Identity & contact: name, aliases, date and place of birth, nationality, passport or ID numbers, photos, signatures, addresses, phone numbers, email addresses.

B. Case & eligibility: CV/résumé, education, employment history, job offers and contracts, salary and tax data, licences, study offers and enrolment, sponsorship and invitations.

C. Family & relationships: marital or partnership status, spouse, partner, and children details, birth and marriage records, custody and consent documents.

D. Immigration & travel: prior visas and permits, refusals, travel history, entry and exit stamps, I-94 or equivalents, biometrics notices, case numbers, decision letters.

E. Finance & documents: bank statements, proof of funds, sponsorship declarations, company and ownership records, source of funds and wealth (e.g. for investor routes).

F. Sensitive data (special category / criminal): health information for medicals (e.g. TB tests), disability accommodations, police certificates, and data revealing racial, ethnic, or religious origin where present on official records. We collect this only where necessary and lawful.

G. Technical & usage: device identifiers, IP address, country inferred from IP, pages visited, referring URLs, timestamps, cookies, and pixels for analytics and session management.

H. Communications: emails, messages, call notes, WhatsApp or chat transcripts (if you choose to use them), and feedback.

3.

Where we get your data

  • directly from you or someone you authorise;
  • your employer or prospective employer, school, or sponsor;
  • government bodies and visa centres where you ask us to interact;
  • public sources and verification providers, where appropriate;
  • service providers (e-signature, scheduling, payments, translation, identity verification).
4.

How we use your data and lawful bases

We process personal data only where a lawful basis applies.

A. Providing services / contract: eligibility assessments, strategy, document preparation, bookings, submissions where permitted, status tracking, and guidance. Basis: performance of a contract or steps prior to a contract.

B. Compliance with law: record-keeping, tax and accounting, sanctions and identity checks, lawful requests. Basis: legal obligation.

C. Legitimate interests: client relationship management, improving services, preventing fraud and abuse, security of our systems, audits, business continuity. Basis: legitimate interests not overridden by your rights.

D. Consent: optional marketing, testimonials, and certain uses where required. Basis: your consent (you can withdraw at any time).

E. Vital interests: urgent circumstances affecting health or safety. Basis: vital interests.

Special category and criminal-history data (only where needed for immigration work):
  • legal claims and advice (establishment, exercise, defence of claims);
  • substantial public interest where permitted by law;
  • explicit consent where required (withdrawal may affect our ability to act).
5.

Automated decisions and profiling

We do not make decisions with legal or similarly significant effects based solely on automated processing. Government authorities may use automated tools in their own systems; we do not control those systems.

6.

Sharing your data

We share data only for the purposes described and with appropriate safeguards:

  • licensed local counsel where regulated representation is required;
  • translation and legalisation providers and document couriers;
  • medical panels and police certificate bodies at your instruction;
  • government authorities and visa centres to submit and manage applications;
  • technology vendors acting as processors (secure cloud storage, CRM, email, scheduling, e-signature, ticketing, accounting);
  • payment processors for billing;
  • professional advisers and auditors;
  • successors in a merger, acquisition, or reorganisation, with safeguards.
We do not sell personal data and we do not share it for cross-context behavioural advertising.
Controller vs processor. When engaged directly by you, we are a controller. If we deliver services to you on behalf of your employer or sponsor under their instructions, we may act as a processor and will process your data according to that contract.
7.

International transfers

To deliver services, we may transfer data internationally, including:

  • between the UK and the United States;
  • between the UK / EEA and other countries relevant to your matter.

For transfers from the UK or EEA to countries without an adequacy decision, we use appropriate safeguards such as:

  • Standard Contractual Clauses (EU SCCs) and the UK Addendum;
  • vendor participation in the EU-US or UK-US Data Privacy Framework where applicable;
  • additional technical and organisational measures (encryption, access controls).

Request copies of applicable safeguards at privacy@somygo.com.

8.

Data retention

We retain data only as long as necessary for the purposes in this policy and to meet legal and regulatory requirements. Typical periods:

  • Client matter files: 6 years after case closure (longer if required for legal claims).
  • Accounting and tax: 7 years from the end of the financial year.
  • KYC and sanctions checks: 5 years from the end of the client relationship (or as required by law).
  • Marketing contacts: until you opt out, then minimal suppression data for up to 2 years.
  • Recruitment applications: 12 months if not hired (or as required by local law).
  • Messaging transcripts: up to 2 years from case closure (longer if required for compliance).

If you request deletion, we'll comply subject to legal limits and explain any records we must retain.

9.

Security

We apply layered safeguards proportionate to risk, including:

  • role-based and least-privilege access;
  • encryption in transit and at rest, where supported;
  • multi-factor authentication for key systems;
  • backups and continuity planning;
  • vendor due diligence and confidentiality obligations;
  • audit logging;
  • employee training.
No system is perfectly secure. If we become aware of an incident affecting your data, we will act promptly and, where required by law, notify you and relevant authorities without undue delay.
10.

Your rights

Depending on your location, you may have rights to:

  • access your data;
  • rectify inaccurate or incomplete data;
  • erase data in certain cases;
  • restrict processing in certain cases;
  • data portability (a machine-readable copy of data you provided);
  • object to processing based on legitimate interests or to direct marketing;
  • withdraw consent where processing relies on consent;
  • complain to a supervisory authority.
How to exercise your rights: email privacy@somygo.com. We may need to verify your identity and clarify the request. We aim to respond within one month, or inform you if more time is needed due to complexity.

Supervisory authorities:

  • UK: Information Commissioner's Office (ico.org.uk)
  • EEA: your local Data Protection Authority (see edpb.europa.eu)
  • US: your state attorney general or relevant federal agency
11.

Quick summary for clients

  • We collect only what's needed to deliver immigration services and meet legal duties.
  • We never sell your personal data.
  • We share data only with authorities, licensed counsel, and trusted providers, under safeguards.
  • You control marketing choices and can exercise privacy rights at any time.
  • We keep data only as long as needed and protect it with layered security.
Contact

Questions about this policy?

Privacy contact
privacy@somygo.com
General enquiries
info@somygo.com
Postal address
S O Immigration Limited (t/a Somygo)
42 Fords Park Road, London, England, E16 1NL