Privacy Policy

 

Study World Consultant – Immigration & Education Services

Introduction

At Study World Consultant, we are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website or engage with our immigration and educational consultancy services.

We value your trust and strive to be transparent about our data practices in accordance with applicable laws in Pakistan and internationally recognized data protection principles. This policy applies to all users of our website and services.

Legal Framework in Pakistan

Pakistan has not yet enacted a comprehensive data protection law comparable to the EU’s General Data Protection Regulation (GDPR). However, the following legal instruments govern aspects of data protection:

Prevention of Electronic Crimes Act, 2016 (PECA 2016):

Provides a framework for the protection of identity information. It criminalizes unauthorized access, use, transmission, or disclosure of personal data. Key sections include:

Section 16(1): Prohibits obtaining, selling, possessing, transmitting, or using another person’s identity information without authorization.

• Section 4: Penalizes unauthorized copying and transmission of data with dishonest intent.
• Section 7: Addresses unauthorized copying and transmission of critical infrastructure data.
• Section 25: Prohibits spamming for wrongful gain.

Draft Personal Data Protection Bill 2023 (PDPB):

Once enacted, this bill will establish a National Commission for Personal Data Protection and introduce comprehensive obligations for data controllers and processors, including mandatory breach notification within 72 hours, cross-border data transfer restrictions, and enhanced data subject rights.

Enforcement Authorities:

Currently, the Federal Investigation Agency (FIA) – through its National Response Centre for Cyber Crime (NR3C) – and the Pakistan Telecommunication Authority (PTA) are authorized to enforce PECA 2016 and related rules.

We monitor legislative developments and will update this policy to remain compliant with the PDPB upon its promulgation.

Definitions

Personal Data

Under PECA 2016, personal data is referred to as “identity information” – any information that may authenticate or identify an individual or an information system and enable access to any data or information system. “Data” includes content data and traffic data.

The draft PDPB defines “personal data” more broadly as:

“any information that relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that information or other information in the possession of a data controller and/or data processor.”

Sensitive Personal Data

While PECA 2016 does not distinguish between personal and sensitive data, the draft PDPB defines “sensitive personal data” to include:

• Financial information (credit/debit card details, account numbers)
• Health data (physical, behavioral, psychological, mental health, medical records)
• National ID card (CNIC) or passport details
• Biometric and genetic data
• Religious beliefs, political affiliations, caste, tribe, ethnicity

Criminal records

We handle such sensitive information with heightened care and only when strictly necessary for providing our immigration and educational services.

Data Controller & Processor

Under the draft PDPB, a data controller is a natural or legal person (or the government) who decides on the collection, use, or disclosure of personal data. A data processor processes data on behalf of the controller.

Anonymized & Pseudonymized Data

The draft PDPB defines anonymized data as data irreversibly transformed so that the data subject cannot be identified. Pseudonymization allows data to be attributed to a subject only with additional information kept separately and securely.

Data We Collect

We may collect the following categories of personal information:

Category	Examples
Identity Information	Name, CNIC/passport number, date of birth, nationality
Contact Information	Email address, phone number, postal address
Technical Data	IP address, browser type, device information, traffic data (as defined under PECA 2016)
Service-Related Information	Educational background, visa application details, employment history, correspondence
Website Usage Data	Pages visited, time spent, referral sources, interaction data (to analyze leads from Google traffic)

How We Collect Data

We collect data through:

• Direct interactions: Filling forms, contacting us via email or phone, registering for services.
• Automated technologies: Cookies, analytics tools, and log files.
• Third-party sources: Social media, referral partners, or educational institutions.

Legal Basis for Processing

In the absence of a specific data protection law, we rely on:

• Your consent – which you may withdraw at any time.
• Legitimate interests – improving our services, analyzing website traffic, and ensuring security.
• Contractual necessity – processing visa or educational applications.
• Legal obligations – complying with PECA 2016, FIA, PTA, or other lawful requests.

Use of Your Data

We use your personal data to:

• Provide, operate, and maintain our immigration and education consultancy services.
• Process visa, study, or immigration applications.
• Communicate with you about inquiries, requests, and updates.
• Analyze website traffic and lead generation (e.g., Google Analytics, user behavior).
• Improve our website, marketing strategies, and user experience.
• Comply with legal obligations and respond to lawful requests from authorities like the Federal Investigation Agency (FIA) or Pakistan Telecommunication Authority (PTA) .

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

While PECA 2016 does not prescribe specific security requirements, we follow internationally recognized best practices, including:

• Secure servers and encrypted communications.
• Restricted access to personal data on a need-to-know basis.
• Regular security assessments and employee training.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law (e.g., under PECA 2016, sector-specific regulations, or professional obligations). Immigration files are retained in accordance with legal requirements and securely destroyed when no longer needed.

Data Transfer

Under PECA 2016, unauthorized transmission of identity information is prohibited. We do not transfer your personal data outside Pakistan unless:

You have provided explicit consent.

The transfer is necessary for providing our services (e.g., submitting applications to foreign embassies or educational institutions).

• The recipient jurisdiction offers an equivalent level of data protection.
• We comply with Pakistan’s restrictions on data transfers to unrecognized territories (including Israel, Taiwan, Somaliland, and others as listed by the government) and exercise caution when transferring data to entities in India or other sensitive jurisdictions.
• The draft PDPB would require cross-border transfers to territories with equivalent protection, subject to a framework devised by the proposed National Commission.

Your Rights

You have the following rights regarding your personal data:

• Right to Access: Request confirmation of whether we hold your personal data and obtain a copy.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure (Right to Be Forgotten): Request deletion of your personal data from our systems, subject to legal retention obligations.
• Right to Withdraw Consent: Withdraw previously given consent for data processing.
• Right to Object: Object to processing based on legitimate interests.
• To exercise these rights, contact us using the details in Section 16 – Key Contacts. We will respond within a reasonable timeframe.

Breach Notification

• While PECA 2016 does not mandate data breach notifications, we follow best practices to:
• Investigate any suspected data breach promptly.
• Notify affected individuals and relevant authorities (such as the FIA or PTA) where appropriate.
• Take corrective actions to prevent recurrence.
• Once the PDPB is enacted, we will comply with its requirement to notify the National Commission for Personal Data Protection within 72 hours of becoming aware of a breach that risks the rights and freedoms of data subjects.

Electronic Marketing

We may send you promotional communications regarding our services. In compliance with PTA regulations and Section 25 of PECA 2016 (prohibition of spamming for wrongful gain), all such messages will include an unsubscribe option allowing you to opt out at any time.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience and analyze traffic (including leads from Google traffic). You may adjust your browser settings to refuse cookies, though some website features may be affected.

We use Google Analytics to understand website traffic and user behavior. Google may use cookies as described in its privacy policy. You can opt out of Google Analytics tracking by visiting: https://tools.google.com/dlpage/gaoptout 

Third-Party Links

Our website may contain links to third-party websites (e.g., embassies, universities, partner organizations). We are not responsible for the privacy practices or content of such external sites. We encourage you to review their privacy policies.

Key Contacts

If you have any questions about this Privacy Policy, wish to exercise your rights, or request removal of your information from our database, please contact our Senior Immigration Lawyers, who oversee data protection matters: