Last Update: 8/10/2023
Envoy Global, Inc., together with its affiliates and subsidiaries including Envoy International Holdings, Inc. (collectively, “Envoy”, “we” or “us”), are committed to protecting the privacy of all users of our website and services, which may include employees or potential employees of our business customers, other individual clients of our associated U.S. Law Firms and Local Representatives, and the dependents and family members of such individuals (“you”).
Please review this policy to understand how we handle your information. If you do not agree to this Privacy Policy, please do not use the website, Platform or the Support Services.
Please take a moment to understand the different ways Envoy works with customers and others involved in the immigration process:
This Privacy Policy contains the following sections:
4.1. Information Processed For Matters
4.2. Other Information You Provide Us
4.3. Information Collected Through Automated Means
7.1. Cookies and Communications
7.2. Access, Deletion, and other Personal Data Rights
7.3. State-Specific Disclosures
“Billing Data” is Personal Data relating to billing and payment through Envoy Global, Inc. for its own services and services provided by others, such as the U.S. Law Firms and Envoy International Holdings, Inc.
“Business Petitioner Beneficiaries” are actual or potential members of the workforce of a business customer of Envoy (i.e., the Employer) which has engaged Envoy in in connection with a Matter.
“Controller” refers to the entity that has certain legal rights to determine the purposes for which Personal Data will be processed and the means by which that processing will happen. As used in this Privacy Policy, the term also includes entities considered to be “Businesses” under the California Consumer Privacy Act (“CCPA”), as may be amended from time to time.
“Device and Usage Information” is information about your device, internet connection, the equipment that you use to access our website and Platform, and how you use our website Platform, such as (a) details of your visits, including traffic data, location data, logs, other communication data, and the Platform that you access and use on the resources; (b) information about your computer and internet connection, including your operating system, and browser type; and (c) device identifiers, including your IP address and mobile device ID.
“Employer” means Envoy’s customer that uses the Platform to manage its Matters for one or more of its Business Petitioner Beneficiaries.
“Global Services” refers to immigration filing and processing services with respect to non-US immigration (e.g., immigration to a country in Europe).
“Individual Applicants” are individuals who engage Envoy in connection with their own Matter, such as family members of a Business Petitioner Beneficiary, dependents, and other individuals seeking an individual immigration application.
“Local Representatives” refer to Envoy International Holdings, Inc. personnel and its network of global immigration providers or local representatives, which manage and perform Global Services.
“Matters” refers to matters initiated through the Platform (a) for business immigration petitions and visa applications for nonimmigrant and immigrant visas, permanent residence, and citizenship status to the U.S. Citizenship and Immigration Services managed by a U.S. Law Firm (a “U.S. Matter”) or (b) Global Services managed and performed by Local Representatives (a “Global Matter”).
“Personal Data” means any information that relates to an identified or identifiable individual.
“Platform” means, collectively, the technology platform used by our customers to manage their Matters, accessible through www.envoyglobal.com, app.envoyglobal.com, Envoy’s mobile applications and related technology and tools.
“Platform Data” is Personal Data collected by Envoy to administer the Platform and technical support for the Platform, such as login credentials and technical support inquiries.
“Privileged Information” means the legal materials, documents, correspondence, and other kinds of information stored on the Platform associated with your Matter that are eligible for attorney-client privilege or equivalent protection in the context of your relationship with a U.S. Law Firm or Local Representative.
“Processor” refers to an entity that processes Personal Data solely on behalf of its customer, and not for its own business or legal compliance purposes. As used in this Privacy Policy, the term also includes entities considered to be “Service Providers” under the CCPA.
“U.S. Law Firm” refers to an independent law firm, and its related attorneys and support staff, that has been trained to use the Platform and agreed to use the Platform as the client technology solution to provide you or your Employer with U.S. Legal Services. The U.S. Law Firms may include Corporate Immigration Partners, P.C., its respective successors and assigns or another law firm who has agreed to provide U.S. Legal Services to Envoy customers and that has been selected by you or your Employer to be its counsel.
“U.S. Legal Services” refer to the legal services performed by U.S. Law Firms in conjunction with their preparation and submission of visa applications for nonimmigrant and immigrant visas, permanent residence, and citizenship status to the U.S. Citizenship and Immigration Services and other governmental agencies regulating foreign persons entering the United States and related ancillary services of the U.S. Law Firm.
This Privacy Policy applies to any information you provide to Envoy, that we collect through our website and Platform, or that we otherwise handle in connection with a Matter or the promotion or operation of our business. This Privacy Policy covers only Envoy’s handling of the data. U.S. Law Firms, Local Representatives who are not subsidiaries or affiliates of Envoy, your Employer, and the governments involved in your Matters are not within the scope of this Privacy Policy.
Data protection laws in certain jurisdictions make a distinction between Controllers and Processors. Different Envoy entities may act as either a Controller or a Processor of your Personal Data, depending on the circumstances, as follows:
For Business Petitioner Beneficiaries:
For Individual Applicants:
Envoy Global, Inc. also acts as a Controller of Personal Data it receives about prospective users of its services, and Personal Data about individuals who sign up to receive marketing emails.
While the exact Personal Data we handle in connection with particular Matters can vary widely depending on the country and on the life history of the applicants, we generally handle the following Personal Data in connection with Matters:
The Controller managing your Matter can inform you what Personal Data is legally required or desirable for your particular Matter. Failure to provide legally required Personal Data will typically prevent the Controller from being able to successfully process your Matter.
While managing Global Matters, Envoy International Holdings, Inc. and other Local Representatives in the Envoy group may receive Personal Data from Employers, other Local Representatives, governmental authorities, and publicly available sources, such as applicants’ LinkedIn profiles. In connection with U.S. Legal Matters, Envoy Global, Inc. and the U.S. Law Firms may receive Personal Data from similar sources.
Where Envoy Global, Inc. acts as a Processor, it uses the Personal Data solely pursuant to the instructions of the person or entity for which it acts as a Processor unless other processing is legally required.
Where Envoy is a Controller, it uses the information:
Where appropriate, Envoy may also use limited Personal Data for marketing purposes.
However, we do not use or disclose any Privileged Information except (i) solely as directed by you, the relevant U.S. Law Firm or Local Representative, or as otherwise legally required or (ii) to disclose the information as described in the “Service Providers” and “Business Transfers” portions of Section 5 of this Privacy Policy.
We collect contact information for representatives of our customers in connection with our business relationship, such as name, email address, company address and phone number. To receive communications from Envoy such as our Email Newsletter, you may also voluntarily provide Envoy with certain information including your name, email, company name, job title, and phone number.
When you navigate through and interact with our website or Platform, we or our third-party partners may collect Device and Usage Information depending on your location and the preferences you have expressed with respect to our use of tracking technologies. This information allows us to optimize our services, analyze your usage of the services, and serve you advertisements for our services on other platforms.
The technologies we use for this data collection may include:
We may disclose Personal Data as follows:
We may disclose de-identified and aggregated information (which is information that cannot be used to personally identify you) about our users without restriction.
Where an Envoy entity acts as a Controller, the laws in some jurisdictions require us to tell you about the legal grounds we rely on to use or disclose your Personal Data. To the extent those laws apply, our legal grounds for processing Personal Data are as follows:
We strive to provide you with choices regarding the information you provide to us. You can exercise control over your information in the following ways:
If you are a registered user of our Platform, you can review and in some cases change certain Personal Information Envoy holds by logging into the Platform and visiting your account’s My Login page.
Depending on your jurisdiction of residence and the location of the Envoy entity involved, you may have additional rights, such as the right to access, delete, and correct your Personal Data, to revoke your consent to processing of Personal Data (without affecting the lawfulness of prior processing), or to object to the processing of Personal Data.
Please note that we require certain information to be able to provide the Support Services, and the U.S. Law Firms and Local Representatives may not be able to process your Matter without certain information. Additionally, any of the rights described above are subject to significant limitations and exceptions under applicable law. Every individual also has a right to lodge a complaint with the relevant supervisory authority in connection with the processing of Personal Data.
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and disclose your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”), as may be amended from time to time). This section applies only to personal information for which Envoy acts as a controller or “business,” as set forth in Section 3 above; it does not apply to personal information for which we act as a processor or “service provider” on behalf of another entity. This information supplements the information in the rest of our Privacy Policy.
Categories of information collected. Throughout this Policy, we discuss in detail the specific pieces of personal information we collect. Under the CCPA, we are also required to provide you with the “categories” of personal information we collect. The categories we collect are: identifiers (such as name, address, email address and other contact information); internet or other network or device activity, such as Device and Usage Information; geolocation information, professional or employment related data (such as title); information which is considered “sensitive personal information” under California law, including username and password, characteristics of protected classifications, and professional- and employment-related information; as well as other information that identifies or can be reasonably associated with you, and inferences drawn from any of the above.
Use and disclosure of information. In the twelve months leading up to the effective date of this Privacy Policy, Envoy used the personal information as follows:
We may disclose certain information listed in “use and disclosure” above to the entities and for the purposes set forth in Section 5 of this Privacy Policy. Please note that we do not use “sensitive personal information” that we collect (which is limited to usernames and passwords) in ways that are restricted by the CCPA.
“Sale” or “Sharing” of information. California law grants residents the right to opt out of the “sale” of their personal information or “sharing” of personal information for cross-context behavioral advertising purposes. Envoy makes personal information available to non-service provider third parties only when individuals have affirmatively agreed to such disclosure (for example, where we submit an immigration application to a government on behalf of the applicant, or where a site visitor has opted in to our use of advertising cookies) or where the disclosure of personal information is otherwise exempt from the CCPA (such as disclosing information to secure the Services). As such, we do not “sell” or “share” personal information within the meaning of California law.
California Privacy Rights. If you are a California resident, California law may provide you with the following rights, subject to certain exceptions:
Moreover, if you opted into allowing third-party cookies and non-cookie technologies or shared your email with us, please visit Section 7.1 of this Privacy Policy to learn how you can exercise control over this information.
Certain information is exempt from such requests under applicable law. You also may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right not to be discriminated against for exercising CCPA rights. We will take steps to verify your identity before responding to your request, which may include requesting that you respond to an email that we send to you, or otherwise verifying your name, email address or other information that will help us to confirm your identity.
If you are an agent making a request on behalf of a consumer, you must verify that you are authorized to make that request, which may include requiring you to provide us with written proof that satisfies CCPA requirements, such as an appropriate letter signed by the consumer or a power of attorney. We also may require the consumer to verify their identity directly with us.
California Shine the Light Disclosure. California Civil Code Section § 1798.83 permits users of our Platform that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purpose. We do not disclose your personal information to third parties for their own direct marketing purposes.
We have implemented measures designed to secure information we process from accidental loss and from unauthorized access, use, alteration, and disclosure. Additional details about the specific technologies used to secure information are available upon request by sending an email to [email protected].
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to disclose your password to anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your information, we cannot guarantee the security of any information transmitted to our Platform.
We operate the Platform and manage the provision of the Support Services from the United States. If you are located outside of the United States, please be aware that information we collect will be transferred to and processed in the United States. By using the Platform, or providing us with any information, you fully understand and unambiguously consent to this transfer, processing and storage of your information in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen.
We hold Personal Data for as long as necessary to fulfill the purposes set forth in this Privacy Policy and/or, where we act as a Processor, as required by our contracts with the relevant Controller, and also as required by applicable law. Information may persist in copies made for backup and business continuity purposes for additional time. Some Local Representatives in the Envoy group are legally required to retain copies of immigration application files for time periods that vary by jurisdiction and Matter type.
We are headquartered in the United States, and recipients of the data disclosures described in this Privacy Policy are located in the United States and elsewhere in the world, including where privacy laws may not provide as much protection as those of your country of residence.
For certain personal data we receive on behalf of certain enterprise customers as a data processor to them, Envoy Global, Inc. has certified its compliance under the EU-U.S. Data Privacy Framework , the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. We refer to these three programs together as the “DPF.”
Accordingly, Envoy Global, Inc. receives transfers of personal data from certain enterprise customers under (1) the DPF, or (2) under Standard Contractual Clauses, or (3) through one or more derogations under GDPR Article 49 or its equivalent in UK or Swiss law, depending on the situation and our contract with our customer.
In more detail:
For data we receive under our DPF certification, if there is any conflict between the terms in this Privacy Policy and the relevant DPF Principles, the relevant DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Pursuant to the DPF, individuals whose personal data is transferred to us under the DPF have the right to obtain our confirmation of whether we maintain personal data relating to them in the United States. They also have the right to access, correct, amend, or delete the data we hold about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF should direct their query to [email protected]. Because we handle such information as a processor on behalf of our business customers, we typically will need to forward the request to that customer and follow their instructions or refer the individual to that customer.
Envoy Global, Inc.’s accountability for personal data that it receives from such data subjects under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, Envoy Global, Inc. remains responsible and liable under the DPF Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the DPF Principles, unless Envoy Global, Inc. proves that it is not responsible for the event giving rise to the damage.
In compliance with the DPF Principles, Envoy Global, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to DPF. As such, Envoy Global, Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Individuals with DPF inquiries or complaints should first contact Envoy Global, Inc. by email at [email protected]. If we do not respond to your DPF complaint within 45 days or resolve your DPF complaint to your satisfaction, Envoy Global, Inc. has further committed to cooperate with one of two different independent dispute resolution mechanisms for resolution of your DPF complaint (depending on the context), both of which are provided free of charge to you:
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See EU-U.S. DPF Annex 1 at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf and the Swiss-U.S. DPF Annex 1 at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-sw-dpf.
It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat information for which we are a Controller, as determined in our sole discretion, we will notify you by email to the email address specified in your registered account and/or through a notice on the Platform.
The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you (where you are a registered user of our Platform), and for periodically visiting the Platform and this Privacy Policy to check for any changes.
To ask questions or concerns about this Privacy Policy and our privacy practices or if you would like to make a complaint, please contact us at [email protected].