Expedition Services Logo

1. Legal Preamble & Framework

Expedition Services (hereinafter referred to as "the Company," "we," "us," or "our") operates as a premier education consulting firm specializing in European student mobility. This Privacy Policy is a comprehensive legal instrument designed to meet the rigorous standards of the Digital Personal Data Protection Act (DPDP) 2023 (India) and the General Data Protection Regulation (GDPR).

By accessing [https://expeditionservices.in](https://expeditionservices.in) or engaging our consulting services, you enter into a legally binding agreement regarding the processing of your personal, academic, and financial data. We act as a Data Fiduciary, committed to the principle of "Purpose Limitation"—meaning your data is used only for the educational goals you have explicitly authorized.

2. Comprehensive Data Collection

2.1 Candidate Profile Data: We collect full legal names, gender, date of birth, and nationality to establish your identity for university application portals in Germany, Austria, and France.

2.2 Contact & Communication: Permanent residential addresses, secondary contact numbers, and verified email IDs are required for delivery of offer letters and visa scheduling.

2.3 Academic Dossier: This includes high-resolution scans of 10th/12th mark sheets, B.Tech semester transcripts, back-log history, and Statement of Purpose (SOP). For graduates, we also collect Work Experience certificates and letters of recommendation.

2.4 Language Proficiency: We process IELTS, TOEFL, GRE, or GMAT score reports, including the verification of TRF numbers via official testing agency portals.

3. KYC and Immigration Data

To facilitate your Study Visa (Type D) application, we process highly sensitive documents:

  • Passport Information: Full bio-data page scans and travel history for embassy vetting.
  • Financial Solvency: Bank statements, sponsor’s Income Tax Returns (ITR), and proof of "Blocked Account" (Sperrkonto) funding.
  • Aadhaar & PAN: Used solely for internal KYC verification as per Indian regulatory requirements for educational consultants.

Note: Financial data is never stored on public-facing servers and is purged immediately after the visa process is finalized.

4. Data Processing Addendum (Enterprise Grade)

This section constitutes our DPA. Expedition Services acts as the "Processor" of your information.

4.1 Purpose Limitation: We shall process data only to fulfill the "Study in Europe" objective. Any other use (marketing, third-party analytics) requires fresh, explicit consent.

4.2 Sub-processor Disclosure: You authorize us to share data with Uni-Assist, VFS Global, European University Portals, and our secure cloud hosting partners. We maintain back-to-back privacy agreements with all such sub-processors.

4.3 Breach Response: In accordance with Indian Law, we maintain a 72-hour notification protocol for any suspected data compromise.

5. International Transfers & SCCs

As your data moves from India to the EU, we utilize Standard Contractual Clauses (SCCs). These are legal safeguards that ensure the entity receiving your data (like a German university) provides the same level of protection required by the GDPR.

"We ensure that your data is only transferred to jurisdictions that have 'Adequacy Status' or where we have established contractual safeguards that meet the high-water mark of international privacy law."

6. Security Infrastructure (TOMs)

To protect high-value student data, we implement:

  • Encryption-at-Rest: Using AES-256 standards for all database storage.
  • Encryption-in-Transit: TLS 1.3 protocols for all website uploads.
  • Identity & Access Management (IAM): Multi-factor authentication for every counselor accessing the student portal.
  • Network Security: Periodic Penetration Testing and 24/7 Intrusion Detection Systems (IDS).

7. Data Life Cycle Management

7.1 Active Phase: Data is kept for the duration of your application process (approx. 6-18 months).

7.2 Archive Phase: Post-visa approval, we retain your file for 2 years to assist with potential "Change of Course" or "Post-Study Work Visa" queries.

7.3 Destruction Phase: After 7 years (to comply with Indian Income Tax and Audit requirements), all digital and physical records are permanently destroyed using certified wiping software and cross-cut shredding.

8. Your Rights as a Data Subject

You possess the following "Digital Rights" under the DPDP Act and GDPR:

  • Right to Rectification: Correction of academic or personal errors.
  • Right to Portability: Transferring your application dossier to another consultant or entity.
  • Right to Withdraw Consent: revoking our authority to handle your visa file at any time.
  • Right to be Forgotten: Full deletion of your presence on our servers once legal retention ends.

9. Limitation of Liability

While we use enterprise-grade security, Expedition Services shall not be liable for data loss caused by "Force Majeure" events including cyber-warfare, state-mandated internet shutdowns, or satellite failures. Our liability for any data-related grievance is capped at the total service fee paid by the student for that specific academic year.

10. Your Rights and Contact Information

Under DPDP/GDPR, you have the Right to Access, Right to Correction, and the Right to Erasure (The Right to be Forgotten). If you wish to withdraw your consent for data processing, please note that it may affect our ability to process your university applications.

Grievance Redressal

If you have any privacy concerns, reach out to our Grievance Officer:

  • Officer Name: Patrik C. Arita
  • Email: privacy@expeditionservices.in
  • Jurisdiction: All disputes are subject to the exclusive courts of Republic of Deutschland.