The World's Largest Immigration Software Company

Privacy Shield Policy

Privacy Shield Policy Inc., is an online product and service catering to its customers via website application portal, with a clientele in USA. In the process of service provisioning, personal information is stored or processed on the internet based cloud information technology infrastructure, which falls under the jurisdiction of United States, while the data contains personal information of individuals who may be based out of non-American /European region. Inc sees this as a reason to comply to the Privacy Shield Principles framework. Inc., complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Inc., adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For all conflicts, disputes and concerns the Privacy Shield Principles shall be strictly followed. The principles are stated at


This EU-US Privacy Shield Privacy Policy, henceforth mentioned as ‘policy’, applies to all personally identifiable information knowingly and intentionally received, stored, managed and processed by Inc., in their offices and facilities, the information including but not limited to, personal information collected from Inc., business customers’, the customers’ of customers’ (named as end users). This information may either be collected via a formal non-electronic document or via electronic means such as internet based products. This privacy policy applies to the following online websites of Inc.


“ Inc.,” means Inc., USA and its predecessors, and successors.

“PII” or “Personally Identifiable Information” or Personal information” means information that identifies or reasonably may identify a natural person. In addition, Inc., reserves all rights to use public information or information as to which an individual has given explicit consent for use, consistent with the Privacy Shield Principles.

Customer means the law firms and corporate organizations that subscribe to the services provided by Inc.,

End-user means the individuals who are customers of the customers’ of Inc., who use the online product and thus give out their personally identifiable information (PII).

“Third Party” or “vendor” means any entity which is not part of Inc., that processes, collects, or uses personal information pursuant to the instructions of, and solely for the benefit of, Inc., or to which Inc., discloses personal information for use on its behalf, under a non-disclosure agreement.

Intended use/purpose – the information collected by Inc., customers’ and end-users is for the purpose of service providing, whereby the entities providing the details are applying for visa for foreign travel or the related immigration matter. All information pieces are collected solely for this usage and not for any other purpose.


NOTICE: Inc., is contracted by its clients to leverage the products and services provided. The data processing may involve the storing and processing of customers’ personal data for the purpose of business application functionality. The reasons also may include after sales support, business application problem resolution, functionality improvement etc. During that process, information collected may include personal information about an individual. Inc., collects this information purely for the application’s functionality and hence does not have control on how the clients treat their employees’ and customers’ personal information. A notice of this fact shall be included in the contracts and/or non-disclosure agreement which is signed by Inc., and the customers.


As a part of service and support, Inc., shall not voluntarily collect information directly, while it merely shall act as a data store, data processor for its clients. Abiding to Privacy Shield principals, Inc., shall let the customers choose via an opt-in/opt-out policy, whether or not they wish to provide their personal information. Furthermore, Inc., shall abide to the policy that only the required sensitive personal information shall be collected to serve the purpose of services offered, and no data, sensitive or otherwise, shall be collected other than for the required purpose.


As per the nature of its business, Inc., shall not transfer the collected information to any entity for any reason. Customers of Inc., however, collect the information from the end-users and transfer it to USCIS only for the intended purpose of applying for visa or leverage the related services as provided by USCIS.

In the case of following situations, Inc., is legally bound to allow an onward transfer of the data while still being responsible for the privacy. Those situations are –

  • Law enforcement agencies (Policy, court of law) ask for information, wherein the requests are stemming out of a situation that concerns safety and security of the country.

SECURITY: Inc., has implemented reasonable information security controls, including technical, physical, and administrative measures and training, as appropriate, to protect personal information from loss, misuse, and unauthorized disclosure, access, alteration, and destruction. Latest and widely accepted industry standards are used to create a robust framework which helps establish security standards and periodically assesses new technology for methods of protecting information. While Inc., cannot guarantee the security of personal information, it ensures a continual review and improvement in the framework governance to ensure that Inc., data security is at par with the latest standards and practices in the industry.

To ensure strict control on the data privacy governance, Inc., has implemented following frameworks and measures.

  • ISO27001:2013 Policy and Procedures for
    • Confidentiality
    • Integrity
    • Availability
  • Designated CISO / Data Protection Officer
  • Database level strong encryption for data-at-rest security

Besides above, Inc., ensures adequate management support to empower their key personnel designated to manage these frameworks via formal periodic trainings and review processes, to ensure a continuous improvement.

DATA INTEGRITY AND PURPOSE LIMITATION: Inc., shall provide a mechanism to its customers, who collect data from the end-users. It shall be strictly ensured that the collected data is purely for the intended purpose and its processing as well as the general usage is relevant to the intended purpose. The data collected, shall be secured and protected by implementing a framework consisting of security policy and standard operating procedures. By managing this framework, Inc., shall assure reasonable measures to ensure that personal information, maintains its relevance to for its intended use only, is reliable for its intended use, is accurate, is complete, and is current. This shall apply to the electronic data at rest (residing at Inc., premises and hosting facilities), as well as data in transit (flowing between the hosting facilities and the external world including customers). This applies to the entire time limit for which the data is with Inc.

The purpose limitation however shall not be applicable if the information is already made public, or is being asked for compliance and/or legal purposes, including but not limited to fraud investigation and prevention.

ACCESS Inc., product which stores personal information, are equipped with features which lets an individual see and know about their personal information being stored. This is achieved by providing a controlled and yet easily maneuverable access to their profiles page. Upon a request, the access is provided to the customers and end-users, which gives them an opportunity to correct, amend, or delete inaccurate information. To receive information about any disputes or grievances or escalations, the customers can use the contacts and address page of this document

This clause also applies to the personal data, which is collected by Inc., customers from their customers (who are and referred to as end-users). Inc., expects and contractually mandates that its customers shall sign contracts with their customers (end-users) and shall duly inform them, that their personal information or at least some part of it, is being stored at Inc., via electronic and/or non-electronic means.

In situations where in an end-user approaches Inc., directly, for security and business purposes, Inc., shall co-ordinate such a response with the respective customer responsible for collecting the end-user’s personal data under the supervision of INSZoom direct customers whom the end user belongs to. Inc., may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive under the circumstances or as otherwise permitted by the Privacy Shield Principles.

RECOURSE, ENFORCEMENT AND LIABILITY: Inc., shall follow a well defined incident management procedure to provide appropriate means of communication upon disputes regarding the access and usage of personal information. By that procedure, Inc., shall escalate, content, resolve and investigate the matter and take corrective and preventive actions. Any questions, concerns, or complaints concerning the collection and use of personal information by Inc., shall be directed to appropriate personnel whose contact details are available at the contacts and address page of this document Inc., shall conduct a reasonable investigation and will attempt to resolve any complaints in accordance with the principles contained in this Statement. For complaints that cannot be resolved between Inc., and the complainant, Inc., agrees to participate in the dispute resolution procedures pursuant to the Privacy Shield Principles.


Questions or comments regarding this Policy should be submitted to Inc., by mail to: Inc.
2603 Camino Ramon, Suite 375
San Ramon, California 94583
Tel: 925 244 0600

For more information about INSZoom Privacy Shield Policy please email us at or submit your request here.

EFFECTIVE DATE: Jan 01, 2017
Last Updated Timestamp: Jan 31, 2017

Comments are closed.