← Back to site
This Privacy Notice for Schengen Mallu ("we", "us", "our") describes how and why we may access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
If you do not agree with our policies and practices, please do not use our Services. If you have questions, contact us at hello@schengenmallu.com.
What we collect: name, phone number, email, mailing address, passport/travel details, and other information you choose to share with us to process your visa, hotel, or insurance request.
Sensitive data: we do not process sensitive personal information (racial/ethnic origin, religion, sexual orientation, etc.).
Third parties: we do not purchase or collect information about you from third-party data brokers.
Retention: we keep your data only for as long as needed for your application, and delete it 6 months after you first shared it with us — see our GDPR Policy for details.
In short: we collect personal information that you voluntarily provide to us.
The personal information we collect depends on the context of your interactions with us, the choices you make, and the services you use. It may include:
In short: some information — such as your IP address and browser/device characteristics — is collected automatically when you visit our Services.
This includes log and usage data (device type, browser, pages viewed, referring URLs, timestamps) and approximate location data inferred from your IP address. This information helps us keep our Services secure and understand how they're used. You can limit location collection via your device settings, though some features may not work as well as a result.
In short: we process your information to provide our Services, communicate with you, prevent fraud, and comply with the law.
We do not use your information for advertising, profiling, or any purpose beyond processing your visa documentation, hotel booking, and travel insurance.
Under the GDPR and UK GDPR, we rely on the following legal bases:
We only share your information where it's necessary to deliver your visa application, hotel booking, or travel insurance — for example with the relevant visa application centre (VFS/TLS), embassy, insurance provider, or accommodation partner acting on your booking. We do not sell your information, and we do not share it for marketing purposes.
We may also share information during a business transfer (such as a merger or acquisition), or where required by law.
In short: we may use cookies and similar technologies to keep our Services secure and functioning well.
We use essential cookies to operate the website and your application dashboard. We do not use advertising or cross-site tracking cookies.
We keep your personal information only for as long as necessary to complete your visa application, hotel booking, or travel insurance request. In line with our GDPR Policy, we delete your personal data 6 months after the date you first shared it with us, unless we're required to retain it for longer by law (for example, accounting records).
We use reasonable organisational and technical safeguards to protect your personal information. However, no method of transmission over the internet is 100% secure, so we cannot guarantee absolute security. Please only share sensitive documents with us over our official WhatsApp number or email.
If you're in the UK, EEA, or Switzerland, you have the right to access, correct, or delete your personal information, restrict or object to its processing, and request data portability. You can exercise these rights by contacting us — see Section 11.
If we rely on your consent to process your data, you can withdraw it at any time without affecting processing carried out before your withdrawal.
If you believe we've processed your data unlawfully, you have the right to complain to the UK Information Commissioner's Office (ICO) or your local data protection authority.
Most browsers include a Do-Not-Track ("DNT") setting. As no uniform standard for DNT has been finalised, we do not currently respond to DNT browser signals.
Yes — we'll update this Privacy Notice as needed to stay compliant with the law. Material changes will be indicated by an updated "Last updated" date at the top of this page.
You have the right to request access to the personal information we hold about you, ask us to correct inaccuracies, or delete it entirely. To make a request, please contact us using the details above — we'll respond in line with applicable data protection law.