← Back to site
This GDPR Policy explains, in plain terms, how Schengen Mallu handles the personal data you share with us under the UK GDPR and the EU GDPR. It works alongside our Privacy Policy — read that for the full detail on what we collect and why.
Before we collect or process any personal information — your passport details, contact information, bank balance, or travel plans — we ask you to give consent via a digital tick-box at the point you share your information with us (for example, in our lead form, eligibility checker, or WhatsApp conversation). We do not collect or process your data without this explicit consent.
You can withdraw your consent at any time by contacting us at hello@schengenmallu.com or on WhatsApp. Withdrawing consent won't affect any processing we've already carried out.
Your information is used only to process your visa documentation, hotel booking, and travel insurance. We do not use it for marketing, profiling, advertising, or any other purpose — and we do not sell or rent it to third parties.
Where we need to share information to deliver these services — for example with a visa application centre (VFS/TLS), embassy, insurance provider, or hotel — we only share what's necessary to complete that specific step of your application.
We retain your personal information for 6 months from the date you first shared it with us. After that period, your data is permanently deleted from our systems unless:
If you'd like your data deleted sooner than the 6-month period, you can request this at any time and we'll act on it in line with applicable law.
You have the right to:
We use reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse, for as long as we hold it.