Last Update: 8/15/2022
Envoy Global, Inc., together with its affiliates and subsidiaries including Envoy International Holdings, Inc. (collectively, “Envoy”, “we” or “us”), are committed to protecting the privacy of all users of our services, which may include employees or potential employees of our business customers, other individual clients of our associated U.S. Law Firms and Local Representatives, and the dependents and family members of such individuals (“you”).
Please review this policy to understand how we handle your information. If you do not agree to this Privacy Policy, please do not use the Platform or the Support Services.
Please take a moment to understand the different ways Envoy works with customers and others involved in the immigration process:
This Privacy Policy contains the following sections:
4.1. Information Processed For Matters
4.2. Other Information You Provide Us
4.3. Information Collected Through Automated Means
7.1. Cookies and Communications
7.2. Access, Deletion, and other Personal Data Rights
7.3. State-Specific Disclosures
“Business Petitioner Beneficiaries” are actual or potential members of the workforce of a business customer of Envoy (i.e., the Employer) which has engaged Envoy in in connection with a Matter.
“Device and Usage Information” is information about your device, internet connection, the equipment that you use to access our Platform, and how you use the Platform, such as (a) details of your visits to our Platform, including traffic data, location data, logs, other communication data, and the resources that you access and use on the Platform; (b) information about your computer and internet connection, including your operating system, and browser type; and (c) device identifiers, including your IP address and mobile device ID.
“Employer” means Envoy’s customer that uses the Platform to manage its Matters for one or more of its Business Petitioner Beneficiaries.
“Global Services” refers to immigration filing and processing services with respect to non-US immigration (e.g. immigration to a country in Europe).
“Individual Applicants” are individuals who engage Envoy in connection with their own Matter, such as family members of a Business Petitioner Beneficiary, dependents, and other individuals seeking an individual immigration application.
“Personal Data” means any information that relates to an identified or identifiable individual.
“Privileged Information” means the legal materials, documents, correspondence, and other kinds of information stored on the Platform associated with your Matter that are eligible for attorney-client privilege or equivalent protection in the context of your relationship with a U.S. Law Firm or Local Representative.
“Matters” refers to matters initiated through the Platform (a) for business immigration petitions and visa applications for nonimmigrant and immigrant visas, permanent residence, and citizenship status to the U.S. Citizenship and Immigration Services managed by a U.S. Law Firm (a “U.S. Matter”) or (b) Global Services managed and performed by Local Representatives (a “Global Matter”).
“Platform” means, collectively, the technology platform accessible through www.envoyglobal.com, app.envoyglobal.com, Envoy’s mobile applications and related technology and tools.
“Platform Data” is Personal Data collected by Envoy to administer the Platform and technical support for the Platform, such as login credentials and technical support inquiries.
“Billing Data” is Personal Data relating to billing and payment through Envoy Global, Inc. for its own services and services provided by others, such as the U.S. Law Firms and Envoy International Holdings, Inc.
“Controller” refers to the entity that has certain legal rights to determine the purposes for which Personal Data will be processed and the means by which that processing will happen. As used in this Privacy Policy, the term also includes entities considered to be “Businesses” under the California Consumer Privacy Act (“CCPA”).
“Processor” refers to an entity that processes Personal Data solely on behalf of its customer, and not for its own business or legal compliance purposes. As used in this Privacy Policy, the term also includes entities considered to be “Service Providers” under the CCPA.
“U.S. Law Firm” refers to the independent law firm, and its related attorneys and support staff, that has been trained to use the Platform and agreed to use the Platform as the client technology solution to provide you or your Employer with U.S. Legal Services. The U.S. Law Firms may include Global Immigration Associates, P.C., Corporate Immigration Partners, LLP, their respective successors and assigns or another law firm who has agreed to provide U.S. Legal Services to Envoy customers and that has been selected by you or your Employer to be its counsel.
“U.S. Legal Services” refer to the legal services performed by U.S. Law Firms in conjunction with their preparation and submission of visa applications for nonimmigrant and immigrant visas, permanent residence, and citizenship status to the U.S. Citizenship and Immigration Services and other governmental agencies regulating foreign persons entering the United States and related ancillary services of the U.S. Law Firm.
“Local Representatives” refer to Envoy International Holdings, Inc. personnel and its network of global immigration providers or local representatives, which manage and perform Global Services.
This Privacy Policy applies to any information you provide to Envoy, that we collect through the Platform, or that we otherwise handle in connection with a Matter or the promotion of our business. This Privacy Policy covers only Envoy’s handling of the data. U.S. Law Firms, Local Representatives who are not subsidiaries or affiliates of Envoy, your Employer, and the governments involved in your Matters are not within the scope of this Privacy Policy.
Data protection laws in certain jurisdictions make a distinction between Controllers and Processors. Different Envoy entities may act as either a Controller or a Processor of your Personal Data, depending on the circumstances, as follows:
For Business Petitioner Beneficiaries:
For Individual Applicants:
Envoy Global, Inc. also acts as a Controller of Personal Data it receives about prospective users of its services, and Personal Data about individuals who sign up to receive marketing emails.
While the exact Personal Data we handle in connection with particular Matters can vary widely depending on the country and on the life history of the applicants, we generally handle the following Personal Data in connection with Matters:
The Controller managing your Matter can inform you what Personal Data is legally required or desirable for your particular Matter. Failure to provide legally required Personal Data will typically prevent the Controller from being able to successfully process your Matter.
While managing Global Matters, Envoy International Holdings, Inc. and other Local Representatives in the Envoy group may receive Personal Data from Employers, other Local Representatives, governmental authorities, and publicly available sources, such as applicants’ LinkedIn profiles. In connection with U.S. Legal Matters, Envoy Global, Inc. and the U.S. Law Firms may receive Personal Data from similar sources.
Where Envoy Global, Inc. acts as a Processor, it uses the Personal Data solely pursuant to the instructions of the person or entity for which it acts as a Processor unless other processing is legally required.
Where Envoy is a Controller, it uses the information:
Where appropriate, Envoy may also use limited Personal Data for marketing purposes.
However, we do not use or disclose any Privileged Information except (i) solely as directed by you, the relevant U.S. Law Firm or Local Representative, or as otherwise legally required or (ii) to disclose the information as described in the “Service Providers” and “Business Transfers” portions of Section 5 of this Privacy Policy.
When you navigate through and interact with our Platform, we automatically collect Device and Usage Information. This information allows us to optimize the Platform to the internet connections and equipment that are used to access the Platform. We collect Device and Usage Information directly from you when you provide it to us and automatically as you navigate through and interact with our Platform.
The technologies we use for this automatic data collection may include:
We share Personal Data as follows:
We may disclose de-identified and aggregated information (which is information that cannot be used to personally identify you) about our users without restriction.
Where an Envoy entity acts as a Controller, the laws in some jurisdictions require us to tell you about the legal grounds we rely on to use or disclose your Personal Data. To the extent those laws apply, our legal grounds for processing Personal Data are as follows:
We strive to provide you with choices regarding the information you provide to us. You can exercise control over your information in the following ways:
If you are a registered user of our Platform, you can review and in some cases change certain Personal Information Envoy holds by logging into the Platform and visiting your account’s My Login page.
Depending on your jurisdiction of residence and the location of the Envoy entity involved, you may have additional rights, such as the right to access, delete, and correct your Personal Data, to revoke your consent to processing of Personal Data (without affecting the lawfulness of prior processing), or to object to the processing of Personal Data.
Please note that we require certain information to be able to provide the Support Services, and the U.S. Law Firms and Local Representatives may not be able to process your Matter without certain information. Additionally, any of the rights described above are subject to significant limitations and exceptions under applicable law. Every individual also has a right to lodge a complaint with the relevant supervisory authority in connection with the processing of Personal Data.
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)). This section applies only to personal information for which Envoy acts as a controller or “business,” as set forth in Section 3 above; it does not apply to personal information for which we act as a processor or “service provider” on behalf of another entity. This information supplements the information in the rest of our Privacy Policy.
Categories of information collected. Throughout this Policy, we discuss in detail the specific pieces of personal information we collect. Under the CCPA, we are also required to provide you with the “categories” of personal information we collect. The categories we collect are: identifiers (such as name, address, email address and other contact information); internet or other network or device activity, such as Device and Usage Information; geolocation information, professional or employment related data (such as title); other information that identifies or can be reasonably associated with you, and inferences drawn from any of the above.
Use and sharing of information. In the twelve months leading up to the effective date of this Privacy Policy, Envoy used the personal information as follows:
We share information with the entities and for the purposes set forth in Section 5 of this Privacy Policy.
“Sale” of information. California residents may opt out of the “sale” of their personal information. We do not “sell” personal information within the meaning of California law.
California Privacy Rights. If you are a California resident, California law may permit you to request that we:
Certain information is exempt from such requests under applicable law. You also may have the right to receive information about the financial incentives that we offer to you (if any). You also have certain rights under the CCPA not to be discriminated against for exercising CCPA rights. We will take steps to verify your identity before responding to your request, which may include requesting that you respond to an email that we send to you, or otherwise verifying your name, email address or other information that will help us to confirm your identity.
If you are an agent making a request on behalf of a consumer, you must verify that you are authorized to make that request, which may include requiring you to provide us with written proof that satisfies CCPA requirements, such as an appropriate letter signed by the consumer or a power of attorney. We also may require the consumer to verify their identity directly with us.
California Shine the Light Disclosure. California Civil Code Section § 1798.83 permits users of our Platform that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purpose. We do not share your personal information with third parties for their own direct marketing purposes.
We have implemented measures designed to secure information we process from accidental loss and from unauthorized access, use, alteration, and disclosure. Additional details about the specific technologies used to secure information are available upon request by sending an email to [email protected].
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your information, we cannot guarantee the security of any information transmitted to our Platform.
We operate the Platform and manage the provision of the Support Services from the United States. If you are located outside of the United States, please be aware that information we collect will be transferred to and processed in the United States. By using the Platform, or providing us with any information, you fully understand and unambiguously consent to this transfer, processing and storage of your information in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen.
We hold Personal Data for as long as necessary to fulfill the purposes set forth in this Privacy Policy and/or, where we act as a Processor, as required by our contracts with the relevant Controller, and also as required by applicable law. Information may persist in copies made for backup and business continuity purposes for additional time. Some Local Representatives in the Envoy group are legally required to retain copies of immigration application files for time periods that vary by jurisdiction and Matter type.
We are headquartered in the United States, and recipients of the data disclosures described in this Privacy Policy are located in the United States and elsewhere in the world, including where privacy laws may not provide as much protection as those of your country of residence.
Envoy Global, Inc. has certified certain of our services, for which we act as a data processor, under the EU-U.S. Privacy Shield Framework (the “Privacy Shield”). On July 16, 2020, Europe’s highest court, the CJEU, invalidated the EU-US Privacy Shield with respect to transfers of data between the European Economic Area (“EEA”) and the United States. Envoy is taking steps to address the CJEU decision, including by entering into Standard Contractual Clauses with third parties where appropriate, though the majority of the Personal Data we handle for Matters qualifies for one or more derogations under GDPR Article 49, obviating the need for additional steps. Additionally, Envoy Global, Inc. will continue to protect EEA and UK data in compliance with the Privacy Shield Principles, as described herein.
Envoy Global, Inc. complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries transferred to the United States pursuant to Privacy Shield. Envoy Global, Inc. has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is a conflict between the protections that Privacy Shield provides to individuals and the rest of this privacy policy, then the extra protections provided by Privacy Shield will govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
Pursuant to the Privacy Shield Frameworks, individuals whose personal data is transferred to us under the Privacy Shield have the right to obtain our confirmation of whether we maintain Personal Information relating to them in the United States. They also have the right to access, correct, amend, or delete the data we hold about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe.
Envoy Global, Inc.’s accountability for personal data that it receives from such data subjects under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Envoy Global, Inc. remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless Envoy Global, Inc. proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Envoy Global, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. As such, Envoy Global, Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Individuals with Privacy Shield inquiries or complaints should first contact Envoy Global, Inc. by email at [email protected].
Envoy Global, Inc. has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.
If your complaint involves human resources data transferred to the United States under the Privacy Shield in the context of the employment relationship, and Envoy Global, Inc. does not address it satisfactorily, Envoy Global, Inc. commits to cooperate with the panel established by the EU data protection authorities (“DPA Panel”), as applicable and to comply with the advice given by the DPA Panel, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
Contact details for the EU data protection authorities can be found at https://commission.europa.eu/law/law-topic/data-protection/data-protection-eu_en, and the United Kingdom Information Commissioner’s Office can be reached as described at https://ico.org.uk/global/contact-us/.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat information for which we are a Controller, as determined in our sole discretion, we will notify you by email to the email address specified in your registered account and/or through a notice on the Platform.
The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you (where you are a registered user of our Platform), and for periodically visiting the Platform and this Privacy Policy to check for any changes.
To ask questions or concerns about this Privacy Policy and our privacy practices or if you would like to make a complaint pursuant to the Privacy Shield Principles, please contact us at [email protected].
Information You Give Us. In order to provide the Platform and Support Services, we may request the following information about you, including:
If Envoy is helping your Employer seek permission for you to work in the United States or otherwise in a jurisdiction that is not your home jurisdiction, Envoy is providing its Support Services to your Employer, and your Employer’s Law Firm and/or Authorized Representatives are providing your Employer with legal and/or immigration assistance. While Envoy does not provide services to you and your Employer’s Law Firm does not represent you (except in limited cases, such as the green card process), as an individual, in order to complete the process for applying for a work authorization, your Employer will need you to provide certain information to your Employer’s Law Firm or Authorized Representatives. Envoy collects and processes this information on behalf of your Employer and we may use your information to provide the Support Services and to facilitate your Employer’s Law Firm’s and the Authorized Representatives’ processing of their Matters. If you have any questions as to how this information (including any of your Personal Information) is used by your Employer (or on behalf of your Employer), please raise these with your Employer.
If you do provide Envoy with your information as part of the Support Services, we will use such information to provide the Support Services and as part of the process of applying for the work authorization requested by your Employer.
We may also use your information to contact you about our services or information that may interest you, and to provide you with information you have requested (such as if you contact us about the services we provide, or if you sign up for our email blog updates). You can opt-out of these communications by unsubscribing to such emails via the unsubscribe link found in the footer of each email.
Except as specifically stated in this Privacy Policy, we do not disclose your information to third parties.
Device and Usage Information. When you navigate through and interact with our Platform, we automatically collect certain information about your device, internet connection, the equipment that you use to access our Platform, and how you use the Platform. We refer to this information as “Device and Usage Information”. This information allows us to optimize the Platform to the internet connections and equipment that are used to access the Platform. We collect Usage Information directly from you when you provide it to us and automatically as you navigate through and interact with our Platform. Device and Usage Information includes:
The technologies we use for this automatic data collection may include:
Sharing Information
We may disclose deidentified and aggregated information about our users without restriction. This information cannot be used to personally identify our users. We do not disclose your information that can personally identify you except in the circumstances described here:
We strive to provide you with choices regarding the information you provide to us. You can exercise control over your information in the following ways:
Accessing and Correcting Your Information
If you are a registered user of our Support Services, you can review and change your Personal Information by logging into the Platform and visiting your account’s My Login page.
Depending on your jurisdiction of residence, you may have additional rights, such as the right to access, delete, and correct your information. If you are an individual employee or candidate, please contact your Employer, prospective Employer, Law Firm or Authorized Representative to exercise these rights. If you are a Law Firm, Authorized Representative or an Employer you may also contact your account manager or send us an email at [email protected] to request access to, correct or delete any personal data that we process on your behalf.
Please note that if you delete some or all of your information, we may not be able to provide the Support Services and your Employer’s Law Firm and Authorized Representatives may not be able to process the relevant Matters. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
California Shine the Light Disclosure
California Civil Code Section § 1798.83 permits users of our Platform that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purpose. We do not share your Personal Information with third parties for their own direct marketing purposes.
Data Security
We have implemented measures designed to secure information we process from accidental loss and from unauthorized access, use, alteration, and disclosure. Additional details about the specific technologies used to secure information are available upon request by sending an email to [email protected].
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your information, we cannot guarantee the security of any information transmitted to our Platform.
We operate the Platform and manage the provision of the Support Services from the United States. If you are located outside of the United States, please be aware that information we collect will be transferred to and processed in the United States. By using the Platform, or providing us with any information, you fully understand and unambiguously consent to this transfer, processing and storage of your information in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen.
INTERNATIONAL DATA TRANSFERS
Envoy has certified certain of our services, for which we act as a data processor, under the EU-U.S. Privacy Shield Framework (the “Privacy Shield”). On July 16, 2020, Europe’s highest court, the CJEU, invalidated the EU-US Privacy Shield with respect to transfers of data between the European Economic Area (“EEA”) and the United States. Envoy is taking steps to comply with the CJEU decision, including by entering into Standard Contractual Clauses with its customers and subprocessors upon request. Additionally, Envoy will continue to protect EEA, UK, and Swiss data in compliance with the Privacy Shield Principles, as described herein.
Envoy complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries transferred to the United States pursuant to Privacy Shield. Envoy has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is a conflict between the protections that Privacy Shield provides to individuals and the rest of this privacy policy, then the extra protections provided by Privacy Shield will govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain Personal Information relating to you in the United States. You also have the right to access, correct, amend, or delete the data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe.
Envoy’s accountability for personal data that it receives from EU data subjects under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Envoy remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless Envoy proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Envoy commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. As such, Envoy is subject to the investigatory and enforcement powers of the FTC. European Union individuals with Privacy Shield inquiries or complaints should first contact Envoy by email at [email protected].
Envoy has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your complaint involves human resources data transferred to the United States from the EU in the context of the employment relationship, and Envoy does not address it satisfactorily, Envoy commits to cooperate with the panel established by the EU data protection authorities (“DPA Panel”), as applicable and to comply with the advice given by the DPA Panel, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat our users’ information, as determined in our sole discretion, we will notify you by email to the email address specified in your registered account and/or through a notice on the Platform.
The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you (where you are a registered user of our Platform), and for periodically visiting the Platform and this Privacy Policy to check for any changes.
Contact Information
To ask questions or concerns about this Privacy Policy and our privacy practices or if you would like to make a complaint pursuant to the Privacy Shield Principles, please contact us at [email protected].
4852-6297-4192, v. 9