Effective date: October 6, 2025

This Privacy Policy explains how Migrall Consulting ("we", "us", "our") collects, uses, discloses and protects personal data in connection with the website migrall.com and related services. The policy describes your rights under European data protection law (including the EU General Data Protection Regulation — GDPR). By using our website or submitting information through our contact form you accept the practices described here.

1. Data controller

The controller of your personal data for the purposes of this website is Migrall Consulting (operating as Migrall). For questions or to exercise your data subject rights please contact us via Telegram: @migrallpt.

2. Personal data we collect

We collect the following categories of personal data:

  • Contact information: name, telephone number, message content submitted via the website form.
  • Technical data: IP address, browser and device information, pages visited and timestamps (collected by standard server logs and analytics).
  • Cookies and similar technologies: small files stored on your device to enable site functionality and basic analytics.

3. How we collect data

We collect personal data that you provide directly (for example, when you complete and submit the contact form) and data collected automatically when you visit the website (server logs, cookies). We do not collect special category (sensitive) data.

4. Purpose and legal basis for processing

We process personal data for the following purposes and on the stated legal bases:

  • To respond to enquiries and provide services — processing necessary to take steps at your request prior to entering a contract and to perform a contract (Articles 6(1)(b) GDPR).
  • Legitimate interests — to operate and improve the website, to maintain security and to prevent fraud (Article 6(1)(f) GDPR). We balance these interests against your rights and freedoms.
  • Consent — where you give consent for optional cookies or tracking, we process data based on your consent (Article 6(1)(a) GDPR). You may withdraw consent at any time.
  • Legal compliance — where processing is required to comply with a legal obligation (Article 6(1)(c) GDPR).

5. Third parties and international transfers

When you submit the contact form on this website, your message is forwarded to our Telegram chat using Telegram’s API. This means that your submitted data (name, telephone, message) is transferred to and processed by Telegram as a separate data controller or processor. Please review Telegram’s privacy policy for details about their processing and retention practices.

We may also use third-party services for hosting, analytics, email, and other support (for example, web hosting providers, analytics providers and social platforms). These providers may process data outside the European Economic Area (EEA). When personal data is transferred outside the EEA we ensure appropriate safeguards are in place (e.g. adequacy decisions, standard contractual clauses) or rely on an appropriate legal basis for the transfer.

6. Cookies

We use cookies and similar technologies to provide basic site functionality and gather anonymous analytics. You can control cookie preferences through your browser settings or through any cookie consent tool we provide. Blocking cookies may affect the functionality of the site.

7. Data retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, including to comply with legal obligations, resolve disputes and enforce our agreements. For contact form submissions, we typically retain data for as long as necessary to respond and for a reasonable period afterwards (for example up to 3 years) unless you request deletion sooner — retention periods may vary depending on the nature of the request and legal requirements.

8. Your rights under European law

Under the GDPR you have the right to:

  • Access — request a copy of personal data we hold about you;
  • Rectification — correct inaccurate or incomplete data;
  • Erasure ("right to be forgotten") — request deletion of personal data where there is no lawful reason for further processing;
  • Restriction of processing — request limitation of processing in certain circumstances;
  • Data portability — receive your data in a structured, commonly used and machine-readable format;
  • Objection — object to processing based on legitimate interests or direct marketing;
  • Withdraw consent — where processing is based on consent, you may withdraw consent at any time; withdrawal does not affect processing that occurred prior to withdrawal.

To exercise any of these rights, contact us via Telegram @migrallpt. We will respond to verified requests without undue delay and in any event within the timeframes required by law.

9. Complaints

If you consider that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work or the place of the alleged infringement.

10. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. However no internet transmission is completely secure — if you have concerns about sharing particularly sensitive information, please contact us first via Telegram.

11. Children

Our website is not directed to children and we do not knowingly collect personal data from children under the legal age. If you believe we have collected data from a child, please contact us so we can take appropriate steps.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will publish the updated policy on this page with a revised effective date.

13. Contact

For questions about this policy or to exercise your rights please contact us via Telegram: @migrallpt.

Note: this privacy notice is provided for informational purposes and is not a substitute for legal advice. If you require tailored legal advice about data protection obligations for your specific operations, consider consulting a qualified data protection professional.