Privacy & Data Protection Policy
This summarizes the official privacy, data protection, and digital security framework for Migrelo Services. This policy dictates how personal and academic information is collected, processed, secured, and retained across the agency’s digital portal (migrelo.services), customer relationship management (CRM) systems, and global student recruitment operations.
Compliance is strictly maintained in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the Spam Act 2003 (Cth), and the relevant digital security and data protection regulations within Bangladesh.
Organizational Responsibilities
Strict data governance is enforced across all levels of the organization:
• Executive Management oversees the deployment of security protocols and mandatory privacy compliance training.
• Staff and Contractors are bound by strict non-disclosure agreements and are required to handle sensitive client documents with absolute confidentiality.
• The Privacy Administrator acts as the dedicated authority for managing compliance inquiries, data access requests, and breach of protocols. Contact: admin@migrelo.services.
Data Collection Parameters
Information is collected lawfully, fairly, and only when directly relevant to international educational consultancy services. While general inquiries may be made anonymously, full identification is mandatory for the creation of a CRM portal account and the processing of formal applications.
Categories of Processed Data:
• Identifying Information: Full name, birth date, gender, nationality, and government-issued passport records.
• Contact Details: Residential addresses, email communication, phone records, and emergency contacts.
• Academic and Professional Records: Educational transcripts, diplomas, English language proficiency results (IELTS, PTE, TOEFL), and career history.
• Digital Footprint: Portal login records, IP addresses, and system interaction logs.
• Unsolicited Data: Any personal information received by the agency that serves no operational purpose is subjected to immediate and secure destruction.
Operational Use of Data
Data processing is conducted strictly to advance the student’s international education objectives. Primary applications of this data include:
• Evaluating academic eligibility via the CRM portal’s internal algorithms.
• Preparing, formatting, and submitting formal college and university admission files.
• Providing administrative and clerical assistance for student visa applications. (Disclaimer: Migrelo Services provides clerical support only. The agency does not employ registered migration agents and does not issue legal or migration advice).
• Executing internal quality assurance, service optimization, and system maintenance.
Authorized Disclosures
Client records are never sold, rented, or traded. Disclosure is strictly limited to authorized third parties required to facilitate the student’s journey:
• Academic Institutions: Destination universities and colleges evaluating the student’s admission.
• Regulatory Authorities: Government immigration departments (e.g., the Australian Department of Home Affairs) strictly for the purpose of authorized visa processing.
• B2B Network: Verified sub-agents who require access to monitor the application progress of their specific referrals via the B2B portal.
• Technology Partners: Secure cloud hosting, IT infrastructure, and communication vendors bound by stringent privacy contracts.
International Data Transit
Due to the inherently global nature of international education, data must frequently cross borders (e.g., transmissions between Bangladesh, Australia, the UK, and North America). Migrelo Services enforces rigorous transmission protocols to ensure that overseas institutions and technology vendors meet recognized privacy benchmarks before any sensitive data is transferred.
Information Security Infrastructure
The protection of client records is paramount. Defensive measures deployed by the agency include:
• Encrypted Environments: Data is protected via secure socket layer (SSL) transmission and stored on advanced, secure cloud infrastructure.
• Role-Based Access: Digital access to the CRM is compartmentalized. Staff and B2B agents are restricted to viewing only the files essential to their specific operational tasks.
• Physical & Digital Confidentiality: Comprehensive security audits and mandatory confidentiality agreements for all personnel handling academic and financial documents.
Incident Response Protocol
In the event of a suspected digital vulnerability or data breach, Migrelo Services adheres to a strict incident response plan:
1. Isolation: Affected systems are immediately isolated to contain the vulnerability.
2. Risk Assessment: A thorough evaluation is conducted to determine the likelihood of serious harm to any individual.
3. Regulatory Notification: If a serious risk is identified, immediate notification is provided to the affected users and the relevant regulatory bodies (such as the OAIC in Australia), detailing the breach and outlining protective measures.
Data Retention Lifecycle
Records are held only as long as operationally or legally required.
• CRM profiles are subject to de-identification or permanent deletion following 24 months of complete account inactivity.
• Legal, financial, and visa-related transaction records may be archived for up to seven (7) years to satisfy statutory compliance requirements.
• Expired records undergo certified, secure digital destruction.
Digital Tracking and Cookies
The migrelo.services platform utilizes cookies to stabilize the portal and analyze traffic patterns.
• Essential Cookies: Required to verify secure logins and maintain CRM session stability.
• Analytical Tracking: Utilized to improve interface performance and user experience.
Users retain the ability to restrict cookies via browser settings, though disabling core security cookies may interrupt access to the Migrelo portal.
Minors and Guardianship
When handling files for applicants under 18 years of age, explicit verification and consent from a parent or legal guardian are required prior to the collection or processing of any sensitive academic or identifying information.
Client Privacy Rights
Individuals interacting with the agency retain full legal rights to their personal data:
• The right to request copies of stored files and records.
• The right to demand the correction of inaccurate or outdated information.
• The right to withdraw processing consent (noting that this may halt ongoing application or visa services).
All requests are processed by the administration team following strict identity verification protocols.
Inquiries and Resolution
All privacy-related correspondence, data access requests, or formal grievances should be directed to the designated authority:
Migrelo Privacy Administrator
Email: admin@migrelo.services
Grievances are investigated thoroughly and internally. Clients retain the right to escalate unresolved matters to the appropriate national regulatory authorities.