top of page
LikeLike

Privacy Policy

ATA Immigration Services (operated by Iryna Atamanchuk, a Regulated Canadian Immigration Consultant, IRCC License #R712265) is committed to protecting your privacy.

We fully adhere to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the European Union’s General Data Protection Regulation (GDPR).

This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use our website or services, and outlines your rights and choices regarding that information. By using our site or services, you consent to the practices described in this Privacy Policy.

Last Updated:
01 Jan 2026

1. Information We Collect

Personal Information You Provide: We collect personal information that you voluntarily provide through web forms, online assessments, consultation requests, payment forms, or other interactions on our site. This may include:

  • Identity and Contact Details: Your name, email address, telephone number, mailing address, and other contact information.

  • Immigration Case Information: Details related to your immigration inquiries or applications, such as date of birth, nationality, family and marital status, employment and education history, immigration/travel history, and any other information you choose to submit that is relevant to your case (e.g. personal circumstances, supporting documentation).

  • Financial Information for Services: If you engage our services requiring payment, we may collect billing details like billing address. Payment card information (e.g. credit card numbers) is not collected or stored by ATA Immigration Services directly – instead, it is processed securely by third-party payment providers (such as Stripe or Wix Payments) on our behalf. For example, when you make an online payment, your credit card details are handled through these compliant processors; we never see or store your full card number or security code.

  • Communication Content: Any correspondence you send us or submit via the website, including emails, contact form messages, survey responses, or consultation scheduling requests. This may include personal information if you include it in those communications.

Information Collected Automatically: When you visit our website, certain data is collected automatically via cookies and similar tracking technologies (pixels, analytics scripts) as part of our site’s operation and security. This data may include:

  • Technical Data: Your IP address, browser type, device type, operating system, device identifiers, and referring website or page requests.

  • Usage Data: Information on how you use and navigate our site, such as pages viewed, time spent on pages, links clicked, and other analytical data. This helps us understand user engagement with our site (e.g., we may log session duration, pages per session, or bounce rate).

  • Cookies and Tracking: We (or service providers acting on our behalf) use cookies, web beacons, and pixels (such as Google Analytics cookies and Facebook Pixel) to collect information about your device and browsing actions over time. These technologies enable site functionality, remember your preferences, analyze website traffic, and support our advertising efforts. For instance, Google Analytics and Facebook Pixel help us measure the effectiveness of our content and ads by collecting data on user interactions with our site and marketing materials. This may include information like which pages you visited, whether you have seen or clicked on a specific advertisement, and conversions (such as form submissions). We use this data to improve our services, tailor user experience, and deliver relevant marketing (see Section 4 on Analytics & Advertising).

Note: We do not knowingly collect any sensitive personal information unless necessary for immigration purposes and provided by you with consent. We also do not knowingly collect information from children under 18, as our services are intended for adults; if you are under 18, please do not submit personal data without parental consent.

2. How We Use Your Personal Information

We use the collected personal information for the following purposes:

  • Providing Services: To deliver immigration consulting services and advice you requested, including assessing your eligibility, preparing and submitting immigration applications, and representing you in immigration matters. Your information is used to understand your situation and perform the services in our contract with you. For example, details about your background are used to determine suitable immigration programs and complete application forms on your behalf.

  • Client Account and Case Management: If you register for an online account or client portal (if applicable), we use your data to create and manage your account. We also use personal information to schedule appointments, maintain records of our interactions, and manage our client relationship with you generally.

  • Communication: To communicate with you regarding your inquiries, requests, or ongoing case. We will use your contact information to send you service-related communications such as responses to questions, appointment confirmations, status updates on your application, and important notices (e.g., changes to this Policy or terms). We may also contact you to gather feedback or provide customer support in resolving issues.

  • Payment Processing and Administration: To process service fees, issue invoices and receipts, and keep track of billing. Payments made through our website are handled by third-party processors (Stripe or Wix Payments) as noted; we use billing information to ensure payments are completed and to maintain transaction records.

  • Marketing & Newsletter (with Consent): With your consent, we may use your email address or other contact info to send you newsletters, industry updates, or promotional communications about our services that we think may be of interest. For example, if you subscribe to our newsletter or opt in to receive updates, we will send immigration news, new service offerings, or special promotions. You can opt out of marketing emails at any time (see Section 6 on Your Rights). We will not send you such communications unless you have given consent, in compliance with Canada’s Anti-Spam Legislation (CASL).

  • Analytics and Service Improvement: We use data (including automatically collected technical and usage data) to analyze how our website and services are used. This helps us troubleshoot performance issues, improve site functionality, develop new features, and customize our content. For instance, understanding which pages are most visited or where users encounter errors allows us to enhance user experience. We may also use analytics data to assess the effectiveness of our advertising campaigns (e.g., seeing if clients found us via a Google or Facebook ad) and to optimize our marketing strategies.

  • Advertising and Retargeting: We, or third-party advertising partners on our behalf, may use cookies and pixel data to provide you with relevant advertisements on our services or on other platforms. For example, information gathered via Facebook Pixel or Google Analytics may be used to show you ATA Immigration Services ads on Facebook or Google’s advertising network if you have visited our site (a practice known as remarketing). These tools help us reach people who have shown interest in our services and measure ad performance. Any such activities are done in compliance with applicable privacy laws and your consent choices for cookies.

  • Legal and Regulatory Compliance: To fulfill our legal obligations under Canadian law and professional regulations. We may use personal information to verify your identity (for example, to prevent fraud or confirm you are represented by our firm), to comply with requirements of the College of Immigration and Citizenship Consultants (CICC) or government requests, and to meet record-keeping laws. We also use and disclose information as needed to comply with court orders, subpoenas, or other legal processes.

  • Protecting Our Rights and Interests: We may process and retain information as necessary to prevent or investigate potential wrongdoing in connection with our services, to enforce our service agreements or terms of use, and to protect the rights, property, and safety of ATA Immigration Services, our clients, or others. This includes using data to detect and prevent fraud, security breaches, or other malicious activities.

We will not use your personal data for any purposes incompatible with those above without obtaining your consent, and we do not engage in any automated decision-making or profiling that has legal or similarly significant effects on you.

3. Legal Basis for Processing (GDPR Notice)

If you are located in the European Union (EU) or a jurisdiction with similar laws, we process your personal data under the following legal bases, as permitted by GDPR:

  • Consent: We rely on your consent for processing activities such as sending marketing communications or collecting analytics/advertising data via non-essential cookies. When consent is our basis, you have the right to withdraw it at any time.

  • Performance of a Contract: When we provide immigration consultation or representation, we process personal data to perform our contract with you (e.g., using your information to complete immigration application forms).

  • Legal Obligation: We may process data to comply with our legal obligations (for instance, verifying identity to prevent fraud or keeping certain records for government compliance).

  • Legitimate Interests: We process certain data as needed for our legitimate business interests – for example, to improve our services, secure our website, or communicate with existing clients about similar services – provided those interests are not overridden by your data-protection rights.

Where applicable, we will identify the appropriate basis for processing your information and will only rely on consent where we cannot or do not rely on another legal ground. Note that PIPEDA also requires consent for most personal information handling in Canada, so we ensure we obtain your consent when required (either explicitly, such as by having you agree to this policy and check an opt-in box for newsletters, or implicitly for uses that are obvious from the context of your interaction). You always have choices regarding your data, as described next.

4. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to provide and personalize our services, analyze usage, and facilitate advertising:

  • Essential Cookies: Some cookies are necessary for the website to function (e.g. to enable site security, user login sessions, or to remember your form inputs). These cookies do not require consent as they are needed for service functionality.

  • Analytics Cookies: We use Google Analytics cookies to collect information on how visitors use our site (such as which pages are visited, how long users stay, and how they arrived at our site). This information is aggregated and helps us improve the website’s design, functionality, and content. Google Analytics may set its own cookies on your browser. You can opt out of Google Analytics by installing Google’s opt-out browser add-on if you prefer not to be tracked.

  • Advertising Cookies/Pixels: We utilize Facebook Pixel and possibly other advertising cookies to assist with targeted advertising and re-marketing. These technologies allow us and our advertising partners to understand your interests and show you relevant ads on external platforms. For example, if you visit our site, Facebook Pixel may note that and later enable us to show a promotional immigration services ad in your Facebook feed. Such pixels also help measure how ads perform (e.g., if you contacted us after seeing an ad). We only deploy these cookies with your consent where required. You can adjust your ad preferences through your Facebook account settings to control personalized ads, and likewise adjust settings on Google’s Ad Preferences if applicable.

  • Cookie Consent & Control: When you first visit our site, you may be presented with a cookie consent banner (depending on your location) allowing you to accept or manage non-essential cookies. You can always control cookies through your browser settings as well: you may refuse or delete cookies. However, note that disabling certain cookies (especially essential ones) might affect the functionality of our site. Our cookies typically expire after a certain period (for example, some may last a few days or weeks, others up to a year), but they may be renewed on repeat visits. For more details on our use of cookies, you can contact us or refer to any Cookie Policy (if provided separately).

5. Disclosure of Personal Information to Third Parties

We treat your personal information as confidential. We do not sell, rent, or trade your personal data to third parties for their own marketing or any other purposes. We only share your information in the following circumstances, and always in accordance with applicable privacy laws:

  • Service Providers (Processors): We may share necessary personal information with trusted third-party service providers who perform functions on our behalf to operate our business. These include:

    • Payment Processors: As noted, we use third-party payment platforms (e.g. Stripe, Wix Payments) to handle online transactions securely. These processors will receive your payment-related information in order to process your payment to us. They are PCI-DSS compliant and authorized to use your information only for this purpose.

    • Website Hosting and IT Providers: Our website may be hosted on third-party servers (for example, if our site is built on a platform like Wix, your data may be stored on Wix’s servers). These providers store data (such as form submissions or site analytics) on secure servers and are contractually bound to protect your information.

    • Analytics and Advertising Partners: We utilize analytics tools (Google Analytics) and advertising partners (Facebook/Meta for Facebook Pixel) as described in Section 4. These third parties may have access to certain usage and device data via embedded tracking code on our site. This data does not include direct identifiers like your name or contact info, but it may be associated with you by the third party (for example, if you are logged into your Google or Facebook account). We ensure any such partners are reputable and that data is used in line with this Policy (for instance, Google and Facebook provide their own mechanisms for user privacy and consent).

    • Email Marketing Platform: If we use a third-party email service to send newsletters or mass communications, we would share your email address and name with that provider for the sole purpose of sending emails on our behalf. They cannot use your data for their own purposes.

    • Cloud Storage/CRM: We may use cloud-based software to store client files or manage client relationships. Personal data stored in such systems is protected by encryption and strict access controls. The providers are bound by confidentiality and security obligations.

    In all cases, service providers acting on our behalf are given only the information necessary to perform their specific function, and we require them to safeguard your data and use it only for the purposes we specify. They must comply with privacy standards equivalent to ours.

  • Affiliates and Personnel: Personal information may be shared with employees of ATA Immigration Services or any affiliated consultants on a need-to-know basis, for the purposes of delivering services to you. All such personnel are bound by confidentiality obligations. If we collaborate with co-counsel or refer your case to another regulated immigration consultant or lawyer (with your consent), we will transfer only the information required for that consultation or representation, and the third party will assume responsibility for protecting that information.

  • Legal Requirements: We may disclose personal information if required by law or lawful authority. For example, we may release information in response to a subpoena, court order, or legally binding demand by governmental authorities. We will also disclose data if necessary to meet the requirements of immigration authorities (such as providing documents to IRCC or other government bodies as part of an application) or to comply with auditing and professional regulatory requirements. Additionally, if we believe in good faith that disclosure is required to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request, we will do so as permitted by law.

  • Business Transfers: In the unlikely event that ATA Immigration Services undergoes a significant business transition, such as a merger, acquisition by another company, or sale of assets, personal information might be transferred to the successor entity as part of that process. If so, we will ensure the new owner is bound to respect your personal information in a manner consistent with this Privacy Policy, or we will obtain your consent as required by law.

Except for the situations above, we will not disclose your personal information to third parties without your explicit consent. Notably, we do not provide client personal information or contact lists to third parties for marketing their products. Your data is used and shared only as needed to serve you and as allowed by law.

6. International Data Transfers

ATA Immigration Services is based in Canada, and our clients may be worldwide. Personal information that we collect may be stored or processed in jurisdictions outside of your own, including the United States or other countries. For example, if our website is hosted on servers in the U.S. or if we use an email service or payment processor with servers outside Canada, your data might be transferred to and stored in those locations.

When we transfer personal data outside of Canada (or outside of the European Economic Area for EU individuals), we take steps to ensure the information remains protected. These steps include:

  • Transferring to countries deemed to have adequate data protection laws, or

  • Using contractual agreements (such as Standard Contractual Clauses under GDPR) with recipients, obligating them to provide a level of protection for personal data comparable to Canadian and EU standards, or

  • Relying on other applicable safeguards or legal derogations as appropriate.

All cross-border data transfers we engage in comply with PIPEDA and applicable laws in the destination jurisdiction, ensuring adequate protection of your data. This means your personal information will receive a similar level of security and confidentiality as it would under our care in Canada.

By providing us with personal information or using our services, you acknowledge that your information may be transferred to and processed in countries outside of your country of residence. Regardless of where processing occurs, we will protect your data as described in this Policy.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Policy or as required or permitted by law. This means:

  • If you become a client, we will retain your data for the duration of our client relationship, and thereafter for any period required by professional standards or legal obligations. For instance, we may need to keep certain records for a number of years to comply with CICC regulations or tax laws.

  • If you contact us for an inquiry but do not engage our services, we will retain your information only as long as needed to respond and follow up, then delete it within a reasonable time if it’s no longer required.

  • Information collected via cookies and analytics is retained as per the tool’s policies (for example, Google Analytics data may be retained for 26 months by default, but we may configure settings as appropriate). We anonymize or delete analytics identifiers when they are no longer needed.

  • Personal data used for marketing (e.g., email subscriptions) is kept until you unsubscribe or withdraw consent, or if we discontinue our marketing program. We promptly honor opt-out requests and will remove your contact from our mailing list.

  • When personal information is no longer required for the purposes stated or for any legal retention period, we will securely erase, anonymize, or destroy it. This may involve permanent deletion of electronic records and shredding of physical documents. In cases where data is aggregated or anonymized (so it can no longer be associated with an identifiable individual), we may retain it for analysis or historical purposes without further notice to you.

Our retention practices are designed to comply with applicable laws and the principle of not keeping personal data longer than necessary. If you have any specific questions about our data retention periods for different categories of data, you can contact us for more information.

8. Your Rights and Choices

We respect your rights to control your personal information. Subject to applicable law (which may grant different rights depending on your jurisdiction), you have the following rights regarding your personal data in our custody:

  • Access Your Information: You have the right to request confirmation of whether we hold personal information about you and to obtain access to that information. Upon request, we will provide you with a copy of your personal data that we have, in a common format (subject to some exceptions under law).

  • Correct or Update: If any of your personal information is inaccurate or outdated, you have the right to request a correction or update. We encourage you to keep your information with us current, and we will make appropriate corrections to our records upon verification.

  • Deletion (Right to be Forgotten): You may request that we delete the personal information we hold about you. We will do so to the extent possible unless we are required to retain certain information by law or it’s needed for legitimate business purposes that are still ongoing. For example, we might not be able to delete data related to an active immigration application or records we must keep for audit/tax purposes. However, we will erase all data that we are not legally obliged to keep.

  • Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw that consent at any time. This includes withdrawing consent to receive marketing emails – you can opt out by clicking the “unsubscribe” link in any newsletter or by contacting us directly. Note that withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw consent for a service we cannot provide without that information, we will advise you of any consequences (for instance, if you withdraw consent for us to use your data, we may not be able to continue providing certain services).

  • Object to Processing: In certain jurisdictions (such as the EU), you have the right to object to processing of your personal data, particularly for direct marketing or if processing is based on legitimate interests. If you object, we will re-evaluate your request and stop or limit processing unless we have compelling legitimate grounds to continue or a legal requirement.

  • Data Portability: If applicable, you can request to receive the personal data you provided to us in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller where technically feasible (this typically applies to data processed by us on the basis of consent or contract).

  • Restriction: You may have the right to ask us to restrict or suspend the processing of your personal information, for example, if you contest its accuracy or have objected to processing (pending our review).

  • Consent for Cookies/Tracking: You can manage your preferences for cookies as described in Section 4. You can also opt out of targeted advertising by adjusting your settings on the relevant platforms (Google, Facebook) or using industry opt-out tools (like the Digital Advertising Alliance’s opt-out page).

To exercise any of these rights, please contact us using the information in the Contact section below. We will respond to your request in accordance with applicable law. For security, we may need to verify your identity before fulfilling certain requests (e.g., access or deletion requests) to ensure that we do not disclose data to the wrong person.

Please note that some rights may not be absolute. In certain cases, we may legally or legitimately refuse requests (for example, if accessing your data would reveal someone else’s personal information, or if you request deletion of records that we must keep by law). We will always explain the rationale if we cannot fulfill a request in part or in full.

Your Choices: In addition to formal rights, you have a number of privacy choices: you may choose not to provide optional personal information; you can opt out of marketing communications; you can set your browser to refuse cookies; and you can use privacy settings on your social media or browser to limit tracking. We provide you with these options so you can make informed decisions about your personal data.

If you have any questions about your rights or how to exercise them, you can always reach out to us for assistance.

9. Data Security Measures

ATA Immigration Services takes the security of your personal information very seriously. We employ industry-standard administrative, technical, and physical safeguards to protect your data against unauthorized access, disclosure, or destruction. Our security measures include, but are not limited to:

  • Encryption: We use Transport Layer Security (TLS/SSL) encryption to protect data transmitted on our website (e.g., information you enter into forms is encrypted in transit). For data stored electronically, we utilize encryption at rest where applicable (for instance, our databases or cloud storage apply strong encryption standards such as AES-256).

  • Secure Servers and Firewalls: Personal information is stored on secure servers with robust firewall protection to prevent external intrusions. Our hosting environment is monitored for vulnerabilities, and we apply regular security patches and updates to our software.

  • Access Controls: Access to personal data is restricted strictly to those who need it to perform their duties. ATA Immigration Services implements role-based access controls and authentication safeguards (strong passwords, and where possible, two-factor authentication) to ensure only authorized personnel can access sensitive information. All staff and any contractors are bound by confidentiality agreements to protect client information. Physical files (if any) are secured in locked cabinets or offices with controlled access.

  • Administrative Safeguards: We educate our team about privacy and security best practices. Internal policies are in place to govern how we handle personal data. We regularly review our procedures to ensure they remain effective and up-to-date with evolving threats.

  • Monitoring and Testing: We utilize security monitoring tools to detect unauthorized access or anomalies on our systems. We may conduct periodic vulnerability assessments or work with security experts to test our defenses.

  • Data Backups: We perform regular backups of critical data to ensure integrity and availability. Backups are encrypted and stored securely. In the event of data loss or a security incident, we have incident response plans to restore functionality as quickly as possible.

Despite our thorough efforts to safeguard your information, please be aware that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. However, we continually strive to protect your personal information to the best of our ability. You also play a role in security – we encourage you to use strong passwords for any accounts, never share your account credentials, and alert us immediately if you suspect any unauthorized use of your personal information or any security breach.

In the unlikely event of a data breach that poses a real risk of significant harm to you (e.g., a loss or theft of your personal data), we will notify you and the appropriate authorities as required by law. We will also take all necessary steps to mitigate the breach and prevent future occurrences.

10. Professional Accountability and Confidentiality

As a licensed Canadian immigration consultant, Iryna Atamanchuk and ATA Immigration Services adhere to strict professional codes of conduct regarding client confidentiality. Our relationship with our clients is founded on trust, and maintaining the privacy and confidentiality of client information is of paramount importance to us. We will not disclose details of your case or personal information to any unauthorized person or entity. All information you provide to us within the client-consultant relationship is kept confidential, except as required to carry out your instructions or as lawfully required (as described in this Policy).

We also do not use government-issued identifiers (such as Social Insurance Numbers) as a method of identifying or organizing client information internally, unless required for the immigration process, in which case such data is handled with the highest security.

Our staff are trained in privacy requirements and understand the sensitive nature of immigration matters. ATA Immigration Services regularly reviews its privacy practices and this Policy to ensure we meet or exceed the standards set out by law and by our professional regulatory body. If you ever have a concern about how we handle your confidentiality or privacy, please contact us immediately (see Contact section below), and we will address it with utmost seriousness.

11. Links to Other Websites

Our website may contain links to external websites or resources that are not operated by ATA Immigration Services (for example, links to government immigration portals, third-party articles, or partner organizations). Please be aware that this Privacy Policy applies only to our own website and services. We have no control over the privacy practices of third-party sites and cannot be responsible for their content or policies. If you click on an external link, we encourage you to review the privacy policy of that site before providing any personal information.

Similarly, if our site offers features like social media share buttons or embedded content (videos, maps, etc.), interacting with those services may allow the third party to collect certain information (such as through cookies or your login with them). Those interactions are governed by the privacy policy of the third party (e.g., YouTube, Facebook, etc.), not ours.

12. Changes to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify users by posting the updated Policy on our website and updating the “Last Updated” date at the top. In certain cases, we may also notify you via email or a notice on our homepage of significant changes.

We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any changes to the Privacy Policy constitutes acceptance of the updated terms, to the extent permitted by law.

If we ever intend to use your personal information for a new purpose not originally stated (and not otherwise permitted by law), we will obtain your consent before doing so.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal information is handled, please do not hesitate to contact us. We are here to help and will address your inquiries promptly and in accordance with applicable laws.

Contact Information for Privacy Inquiries:

When contacting us, please describe your question or request with sufficient detail. For example, if you are requesting access to your data, please let us know what information you are seeking. If you are making a correction, please tell us the correct information. This will help us respond more efficiently.

We will respond to all legitimate inquiries as soon as possible, generally within 30 days or earlier if required by law.

Your Right to Lodge a Complaint: If you are not satisfied with our response to any privacy-related concern, you have the right to lodge a complaint with the relevant supervisory authority. In Canada, you may contact the Office of the Privacy Commissioner of Canada (OPC). If you are in a province with its own privacy commissioner (such as British Columbia, Alberta, or Quebec), you can contact that office. Similarly, EU residents can contact their local Data Protection Authority. We would, however, appreciate the chance to address your concerns directly first, so we invite you to reach out to us with any issues.

ATA Immigration Services is dedicated to maintaining your trust and confidence. We do not sell or misuse your information, and we implement strong safeguards to protect it. We value your privacy and will continue to uphold the highest standards of privacy protection in our operations. Thank you for reading our Privacy Policy. If you have any further questions, please get in touch with us.

bottom of page