Privacy Policy

This Privacy Policy explains how World Wide Services Sp. z o.o. ("WWS", "we", "us", "our") collects, uses, stores, and protects your personal data when you use our website (worldwideservice.eu), our client portal, and our immigration consulting services.

WWS is a consulting company. We do not sell visas, work permits, or employment. We consult and assist our clients throughout the immigration process — collecting their information, connecting them with verified employers, and facilitating the document preparation and submission process so that clients can obtain work visas or seasonal permits.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our website or services.

The data controller responsible for your personal data is:

World Wide Services Sp. z o.o.
KRS: 0000598190
NIP: 7792438654
Registered office: Szczecin, Poland
Email: info@worldwideservice.eu
Phone: +48 660 165 226

We also operate through our affiliated entities: World Wide Services Limited (Nigeria, RC: 8588112) and Worldwide Services Albania (NUIS: M52409023B).

We collect the following categories of personal data:

Contact Form Data. When you submit our contact form, we collect your first name, last name, email address, phone number, and selected service type.

Portal Account Data. If you register for our client or agent portal, we collect your email, password (encrypted), and profile information.

Documents. Clients may upload passport scans, visa applications, employment contracts, and other immigration-related documents through our secure portal.

Analytics Data. We collect anonymized usage data including pages visited, session duration, referral source, country (from IP), device type, and browser type. This data is associated with a random session identifier, not your personal identity.

Communication Data. When you contact us via WhatsApp, email, or phone, we may retain records of those communications for quality assurance and service delivery.

We use your personal data for the following purposes:

Service Delivery. To consult you on immigration options, connect you with verified employers, facilitate document preparation, and coordinate the application process on your behalf.

Communication. To respond to your inquiries, send status updates about your application, and provide pre-departure briefings.

Marketing. With your explicit consent, to send you information about our services and offers. You can withdraw marketing consent at any time by emailing info@worldwideservice.eu.

Analytics. To understand how visitors use our website and improve the user experience. Analytics data is aggregated and does not identify individual users.

Legal Compliance. To comply with applicable laws, regulations, and legal processes.

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

Contract Performance (Art. 6(1)(b)): Processing necessary to provide our immigration consulting services to you, including employer matching, document preparation, and application management.

Consent (Art. 6(1)(a)): For marketing communications and analytics cookies (Google Analytics). You may withdraw consent at any time.

Legitimate Interest (Art. 6(1)(f)): For website security, fraud prevention, and improving our services. We balance our interests against your rights and freedoms.

Legal Obligation (Art. 6(1)(c)): Where required by Polish, EU, or applicable national law.

Our website uses two categories of cookies:

Strictly Necessary Cookies. These cookies are essential for the website to function properly. They are set in response to your actions, such as setting your privacy preferences or filling in forms. They do not store any personally identifiable information. Cloudflare Turnstile may also set temporary cookies for bot detection on our contact form — these are necessary for security and do not require separate consent.

Analytics Cookies. Google Analytics (GA4) cookies (_ga, _ga_*) are loaded ONLY after you explicitly consent via our cookie banner. These cookies help us understand website traffic and user behavior in aggregated, anonymous form. If you decline, no analytics cookies are set. When you withdraw consent, analytics cookies are automatically removed from your browser.

Your cookie preference is stored in your browser's localStorage and remembered for future visits. You can change your preference at any time by clicking "Manage Cookies" in our website footer.

We share your data with the following third-party processors, each bound by data processing agreements:

Supabase (AWS eu-central-1, Frankfurt, Germany): Our database provider. Stores contact form submissions, portal accounts, documents, and analytics data within the European Union.

KOMMO CRM. Our customer relationship management system. Receives your name, email, phone, and service type when you submit a contact form.

Google Analytics (Google LLC): Receives anonymized website usage data only if you consent to analytics cookies.

Cloudflare (Turnstile): Processes form submission data for bot detection and spam prevention.

Vercel Inc. Our website hosting provider. May process server logs containing IP addresses and request metadata.

We do not sell your personal data to third parties.

Your personal data is primarily stored within the European Union (Supabase, AWS eu-central-1). However, some third-party providers may process data outside the EU/EEA.

Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the provider's adequacy certification.

By using our services, you acknowledge that some data processing may occur outside your country of residence.

We retain your personal data for as long as necessary to fulfill the purposes described in this policy:

Contact form submissions. Retained for the duration of your service engagement plus 3 years for record-keeping purposes.

Portal accounts and documents. Retained for the duration of your account plus 5 years after your last interaction.

Analytics data. Retained for 26 months (Google Analytics default) or until manually deleted.

Marketing consent records. Retained for as long as the consent is valid, plus 3 years after withdrawal for compliance records.

We periodically review stored data and delete information that is no longer needed.

Under the GDPR, you have the following rights regarding your personal data:

Right of Access. You may request a copy of the personal data we hold about you.

Right to Rectification. You may request correction of inaccurate or incomplete data.

Right to Erasure. You may request deletion of your personal data where there is no compelling reason for continued processing.

Right to Restriction. You may request that we restrict processing of your data in certain circumstances.

Right to Data Portability. You may request your data in a structured, machine-readable format.

Right to Object. You may object to processing based on legitimate interest or direct marketing.

Right to Withdraw Consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Right to Lodge a Complaint. You may file a complaint with the Polish Data Protection Authority (UODO):
Urząd Ochrony Danych Osobowych
ul. Stawki 2, 00-193 Warsaw, Poland
Website: uodo.gov.pl
Phone: +48 22 531 03 00

To exercise any of these rights, contact us at info@worldwideservice.eu. We will respond within 30 days.

Under Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

WWS does not use automated decision-making or profiling in relation to our immigration consulting services. All case assessments, eligibility evaluations, and service recommendations are made by our human staff.

Our analytics tools (Google Analytics) process data in aggregated, anonymous form and do not make individual decisions about you.

As an immigration consulting service, we handle particularly sensitive documents including passport scans, visa applications, employment contracts, and educational certificates.

Security Measures. All uploaded documents are stored in encrypted form on Supabase (AWS eu-central-1, Frankfurt, Germany) with access restricted to authorized WWS personnel assigned to your case. Documents are transmitted over TLS-encrypted connections.

Access Control. Only your assigned case manager and senior operations staff have access to your documents. We maintain audit logs of all document access.

Retention. Immigration documents are retained for the duration of your service engagement plus 5 years for legal compliance and potential permit renewal support. You may request earlier deletion by contacting us, subject to legal retention requirements.

Deletion. Upon request or after the retention period, documents are permanently deleted from our systems. We do not retain copies after deletion.

WWS operates a network of local agents and partners in Africa and Asia who refer clients to our services. When an agent submits your information on your behalf, we process it under the same terms as direct submissions.

Agents act as independent referral partners, not as employees or data processors of WWS. They are contractually required to obtain your consent before sharing your personal data with us.

If you were referred by an agent, your agent may have limited access to your application status through our agent portal. They do not have access to your uploaded documents or financial information.

We use WhatsApp (operated by Meta Platforms, Inc.) as a primary communication channel with clients. When you communicate with us via WhatsApp, your messages, phone number, and profile information are processed by Meta under their own privacy policy.

We recommend reviewing Meta's privacy policy at https://www.whatsapp.com/legal/privacy-policy to understand how they handle your data.

We also communicate via email and phone. Email communications may be processed by our email service provider (Resend). Phone communications may be recorded for quality assurance with prior notification.

Our website supports web push notifications. If you opt in, we store a notification subscription token associated with your browser. This token does not contain personal information.

You can unsubscribe from push notifications at any time through your browser settings. We use VAPID (Voluntary Application Server Identification) keys for secure push delivery.

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top of this page indicates when the most recent changes were made.

We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

World Wide Services Sp. z o.o.
Email: info@worldwideservice.eu
Phone: +48 660 165 226
Registered office: Szczecin, Poland
KRS: 0000598190