Privacy Policy

1. Introduction

Schengen Pro ("we," "our," or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our website at schengenpro.co.uk and any related services.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our website or services, you acknowledge that you have read and understood this policy.

2. Who We Are (Data Controller)

We are the data controller for personal information collected via this website and our services. If you have any questions about how we handle your data, please contact us at the details above.

3. Information We Collect

We collect information in the following ways:

Information you provide directly

• Full name
• Email address
• Phone number
• Passport nationality and destination country
• Travel dates and appointment preferences
• Payment details (processed and stored by Stripe — we do not store raw card data)
• Any additional information you provide in forms or communications with us

Information collected automatically

• IP address and approximate location
• Browser type and device information
• Pages visited and time spent on our site
• Referral source (how you arrived at our website)
• Cookie identifiers (see Section 9 on Cookies)

4. How We Use Your Information

We use your personal data to:

• Provide and manage our appointment booking and visa assistance services
• Process payments and issue receipts or refunds
• Contact you about your service request, appointment details, or account
• Send transactional emails (e.g. booking confirmation, status updates)
• Comply with legal obligations
• Improve our website and services through analytics
• Respond to your enquiries and support requests

Our lawful basis for processing your data under UK GDPR is:

• Contract performance — processing necessary to deliver the service you have purchased or enquired about
• Legitimate interests — improving our services and communicating relevant service updates
• Legal obligation — where we are required to retain or share data by law
• Consent — for any marketing communications (you may withdraw consent at any time)

5. How We Share Your Information

We do not sell your personal data. We may share your information with trusted third-party service providers who help us operate our business:

All third-party providers are required to handle your data securely and only for the specific purpose for which it is shared.

6. Data Retention

We retain your personal data for as long as is necessary to fulfil the purposes set out in this policy:

• Customer account and booking records: up to 6 years (for tax and legal compliance)
• Enquiry and contact form data: up to 2 years
• Website analytics data: as configured in Google Analytics (default 26 months)
• Email communications: up to 3 years

After the applicable retention period, we securely delete or anonymise your data.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure — request deletion of your data (subject to legal retention obligations)
• Right to restrict processing — ask us to limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at support@schengenpro.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:

• Encrypted data transmission (HTTPS/TLS)
• Secure payment processing via Stripe (PCI-DSS compliant)
• Access controls limiting who can view personal data
• Regular review of our data handling practices

No method of internet transmission is 100% secure. If you suspect any unauthorised access to your data, please contact us immediately.

9. Cookies

Our website uses cookies — small text files stored on your device — to improve your experience and measure how our site is used. We use the following types of cookies:

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

10. International Data Transfers

Some of our third-party service providers (such as Stripe and SendGrid) may process your data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO, to protect your data to the same standard as required by UK GDPR.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this page periodically. Your continued use of our services after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or how we handle your data, please contact: