Navio Immigration HQ — Privacy Policy
Last updated: September 9, 2025
This Privacy Policy explains how Navio Immigration ("Navio", "we", "us") collects, uses, discloses, and protects personal information when you access the Navio Immigration HQ (the "HQ" or "Portal"), including our free tools, resources, events, and forms.
By using the HQ, you agree to this Policy. If you later retain us, your information will also be governed by our Client Service Agreement and professional obligations.
1) Who we are & scope
Controller (EU/UK term): Navio Immigration (operated by Navio Immigration Inc.).
Where this applies: HQ webpages, sign‑up and lead forms, downloads, webinars/events, and HQ‑related communications.
Not legal advice; no retainer formed: Using the HQ (including submitting forms or receiving emails) does not create a consultant–client relationship or legal advice. A retainer is formed only after we accept an engagement and both parties sign a written agreement. We still handle your information in line with this Policy and our professional duties.
2) What we collect
a) Information you provide
Contact & profile: name, email, phone, province/country, language, interests (e.g., PR, work permits), subscription choices, event registrations.
Questionnaires/uploads (optional): background you choose to share to receive tailored tools or resources.
Transactional: if you purchase access to resources: billing name, email, and limited payment metadata (payments handled by our PCI‑compliant processor; we do not store full card numbers).
b) Information collected automatically
Usage & device: IP address, device/browser, pages visited, time on page, referrers, clickstream.
Cookies & similar tech: necessary, preferences, analytics, and marketing (see Section 7 and your choices).
c) From other sources
Public/partner enrichment (e.g., company/industry, publicly available social links) to tailor communications and measure campaign performance.
Referrals/third‑party info: If you submit someone else’s data, you confirm you’re authorized and will direct them to this Policy.
3) How we use your information (purposes & legal bases)
We use personal information for the following purposes. For GDPR/UK GDPR users, we also identify the legal basis relied upon.
Provide, secure & improve the HQ — for access control, troubleshooting, fraud prevention, quality assurance/testing, and product improvement. Legal basis: Legitimate interests (to operate, maintain, and secure the services).
Deliver resources you request — to send downloads, event access, and any HQ content you purchase. Legal basis: Contract (or steps prior to entering into a contract).
Service communications — to send operational notices related to the HQ or resources you requested (for example, access instructions or service updates). Legal basis: Contract / Legitimate interests (service continuity and user support).
Newsletters, webinars & offers — to send segmented content, invitations, and promotions based on your selections. Legal basis: Consent (you can withdraw at any time).
Personalization — to recommend tools, topics, or checklists based on your preferences and interactions. Legal basis: Consent in the EEA/UK where required; otherwise Legitimate interests where permitted by law.
Compliance & record‑keeping — to meet tax, auditing, regulatory, and professional obligations. Legal basis: Legal obligation / Legitimate interests.
Legitimate interests include operating, securing, and improving the HQ; measuring engagement to keep content relevant; and preventing misuse—balanced against your rights and reasonable expectations.
We do not sell personal information.
4) Professional & regulatory alignment (CICC)
We are regulated by the College of Immigration and Citizenship Consultants (CICC). Consistent with the Code of Professional Conduct and by‑laws, we:
Safeguard confidentiality; restrict access on a need‑to‑know basis; maintain accurate records; and retain/destroy data per legal and professional requirements.
Ensure marketing is truthful and not misleading, never guarantees outcomes or implies government affiliation, and uses our registered name with a link to the CICC Public Register where appropriate.
Maintain indefinite confidentiality for clients/former clients. (HQ access alone does not create a client relationship.)
5) Email, SMS & electronic marketing (CASL)
We send commercial electronic messages (CEMs) only with express consent (or implied consent where permitted). No pre‑checked boxes or bundled consent.
Each CEM identifies us (legal name), includes our mailing address and contact information, and provides a functional unsubscribe.
We honor unsubscribes without delay and in any event within 10 business days. The unsubscribe method remains available for at least 60 days after the message was sent.
We keep consent records (who, when, how; scope) for as long as we rely on that consent.
For SMS, we honor common opt‑out keywords (e.g., STOP/END) and process them within 10 business days.
6) Quebec (Law 25) specifics
Privacy Officer: Brooke Finlay, CEO — hello@navioimmigration.com — Navio Immigration Inc. 102- 4369 Main Street c/o UPS Store Box 926 Whistler, BC V8E 1B7 Canada.
We disclose when we use technologies that may identify, locate, or profile you (e.g., certain analytics or ad pixels). These features are off by default or controllable via our consent settings; you can activate them at any time.
Our HQ privacy settings provide the highest level of confidentiality by default, where applicable.
We respond to access/rectification requests within 30 days (see Section 11).
7) Cookies & tracking technologies
Categories: necessary (always on), preferences, analytics, marketing.
Consent: In jurisdictions that require it (e.g., EEA/UK, Quebec Law 25 context), analytics/marketing run only after opt‑in via our consent banner; you may change choices anytime.
Controls: Use the cookie banner or your browser settings. Blocking some cookies may limit HQ features.
Signals: Where supported, we respect applicable consent signals passed by the consent platform.
8) Disclosures & international transfers
We share information only as needed for the purposes above:
Service providers (processors): hosting, analytics, communications, event/learning platforms, payment processing, security/IT.
Professional advisers & compliance: auditors, legal counsel, regulators, law enforcement—where required or appropriate.
Business transactions: in a merger, acquisition, or reorganization, data may transfer under confidentiality and appropriate safeguards.
Some recipients may be outside your province/country (including the United States and the EEA/UK). Where required, we use approved transfer mechanisms (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum) and implement contractual/technical safeguards appropriate to the sensitivity of the data. Under Canadian law (PIPEDA), we rely on accountability: your information may be processed by service providers in other jurisdictions and may be accessible to courts, law enforcement, and national security authorities there.
9) Security
We use administrative, technical, and physical safeguards proportionate to the sensitivity of the information, including access controls, encryption in transit, secure configurations, vendor due diligence, and staff confidentiality/training. No method is 100% secure.
Breach notification (Canada/EU/UK): If a breach creates a real risk of significant harm (Canada) or triggers EU/UK notification thresholds, we will notify affected individuals and regulators as required and maintain mandated breach records.
10) Retention
We retain personal information only as long as necessary for the purposes described in this Policy, to comply with legal and professional obligations, to resolve disputes, and to enforce agreements. When no longer required, we securely delete or de‑identify data.
Illustrative retention periods
Marketing contacts (active): while active, then up to 24 months of inactivity.
Unsubscribed list: retained for the minimum period necessary to ensure we honor opt‑outs (ongoing).
Consent logs (CASL/GDPR): retained while we rely on your consent, plus 2 years thereafter.
Cookie/consent preferences: up to 24 months (or until you clear/reset preferences).
Web analytics data: up to 14 months (or provider default unless configured otherwise).
Support tickets and event logs: approximately 24 months after closure.
Payment/tax records: typically 7 years (or longer if required by applicable tax law).
Client files (if you later retain us): retained in line with the CICC Code of Professional Conduct and our retainer agreement (at least the minimum statutory/professional periods).
Where exact periods vary by system or law, we apply the shortest consistent period unless a longer period is required.
11) Your rights & how to exercise them
Canada (PIPEDA & provincial)
Access and correction: Request access to or correction of your personal information.
Timelines: We typically respond within 30 days; we may extend once with notice where permitted.
Withdraw consent: You may withdraw consent for non‑essential processing (e.g., marketing, non‑necessary cookies) at any time.
Quebec (Law 25)
Access/rectification: Response within 30 days.
Profiling tech: Right to be informed and to control activation (Section 6).
EU/UK (GDPR/UK GDPR)
Rights: access, rectification, erasure, restriction, portability, and objection (especially to processing based on legitimate interests or for direct marketing).
Timelines: We respond within one month (extendable to up to three for complexity).
Representation: If required, we will appoint and publish our EU/UK representative(s).
Complaints: You can complain to your local supervisory authority (e.g., the ICO in the UK).
Verification: We may ask for information to verify your identity before acting on a request. To exercise rights, use the contact details in Section 14.
12) Children’s privacy
The HQ is not intended for children under 16. In Canada, children under 13 generally cannot provide meaningful consent for non‑essential processing. In Quebec, parental consent is required for the collection of personal information for those under 14, unless clearly in the child’s best interests. If you believe a child’s information was provided to us improperly, contact us and we will take appropriate steps.
13) Automated decision‑making & profiling
We may use limited automation (including AI‑assisted features) to personalize content and understand engagement. We do not make decisions that produce legal or similarly significant effects about you solely by automated means through the HQ.
14) How to manage your choices
Unsubscribe: Use the link in any promotional email/SMS. We process requests without delay and no later than 10 business days; our unsubscribe method remains available for at least 60 days after a message is sent.
Cookie settings: Use the HQ cookie banner or your browser controls to manage preferences.
Update or delete information / privacy requests: Email us (below) describing your request and how we can verify your identity.
15) Third‑party sites & platforms
The HQ may link to third‑party websites or platforms (e.g., learning portals, payment processors). Their privacy practices govern their sites. Review their policies before submitting information.
16) Complaints & regulatory contacts
If you have concerns, please contact us first. You also have the right to contact:
Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy commissioner (e.g., BC OIPC).
Your EU/UK data protection authority (if GDPR/UK GDPR applies).
We cooperate with regulators as required.
17) Changes to this Policy
We may update this Policy from time to time. We will update the “Last updated” date and, where appropriate, provide a notice within the HQ or by email.
18) Contact us
Privacy Officer: Brooke Finlay, CEO
Email: hello@navioimmigration.com
Mailing address: Navio Immigration Inc. 102- 4369 Main Street c/o UPS Store Box 926 Whistler, BC V8E 1B7 Canada
Phone (optional): 604-962-8844
EU/UK Representative(s) (if required): Not applicable