Legal document

Privacy Policy

Last updated: March 1, 2025 5 min read

1. Introduction

getLegalStatus ("we", "our", "the Company") is committed to protecting the personal data of all individuals who interact with our website, services, and communications. This Privacy Policy explains what data we collect, how we use it, with whom we share it, and what rights you have under applicable law.

This policy applies to all visitors and clients of getLegalStatus.com and is governed by the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national data protection legislation.

By using our website or submitting a consultation request, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of our services.

2. Data Controller

The data controller responsible for your personal data is:

If you have any questions about how your data is handled, please contact us at the email above.

3. Data We Collect

We collect personal data only when it is necessary for the provision of our legal consultation services or the operation of our website. The categories of data we process include:

3.1 Data you provide directly

  • Contact information — full name, phone number, email address, country of residence.
  • Case information — details about your citizenship inquiry, ancestry, travel documents, or other information necessary to assess your eligibility.
  • Communication records — messages sent via our contact form, live chat, email, or phone.

3.2 Data collected automatically

  • Technical data — IP address, browser type, device type, operating system, referring URL, pages visited, and session duration.
  • Cookies and tracking technologies — see our Cookie Policy for details.

3.3 Data from third parties

We may receive limited data from third-party platforms such as Google Analytics, Facebook Pixel, or review platforms (Trustpilot, Google Reviews), solely for the purpose of improving our services and understanding user behaviour.

We process your personal data on one or more of the following legal bases under GDPR Article 6:

  • Consent (Art. 6(1)(a)) — when you submit a contact form or subscribe to our newsletter.
  • Performance of a contract (Art. 6(1)(b)) — when processing is necessary to provide the legal consultation service you have requested.
  • Legitimate interests (Art. 6(1)(f)) — for analytics, fraud prevention, and improving our website, where these interests are not overridden by your rights.
  • Legal obligation (Art. 6(1)(c)) — where processing is required to comply with applicable law.

5. How We Use Your Data

We use your personal data for the following purposes:

  • Responding to consultation requests and providing legal advisory services.
  • Assessing your eligibility for EU citizenship programmes.
  • Communicating updates about your case status.
  • Sending relevant legal news and guides, where you have consented.
  • Improving website performance and user experience through analytics.
  • Complying with legal and regulatory obligations.
  • Preventing fraud and ensuring the security of our systems.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances:

  • Service providers — trusted third-party processors (e.g., CRM platforms, email delivery services, cloud hosting) who process data on our behalf under a Data Processing Agreement.
  • Legal authorities — where required by law, court order, or governmental regulation.
  • Professional advisors — lawyers, accountants, or auditors bound by confidentiality obligations.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

All third-party processors are contractually required to maintain the confidentiality and security of your data and may not use it for any purpose other than those specified.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Consultation inquiries — up to 3 years from last contact, unless a contract is entered into.
  • Client files (active cases) — for the duration of the engagement plus 7 years thereafter, in accordance with professional legal retention obligations.
  • Newsletter subscribers — until you withdraw consent or unsubscribe.
  • Website analytics data — up to 26 months in anonymised or aggregated form.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15) — request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — request deletion of your data where there is no longer a legal basis for processing.
  • Right to restrict processing (Art. 18) — request that we limit how we use your data in certain circumstances.
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please email privacy@getlegalstatus.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include encrypted data transmission (TLS/SSL), access controls, regular security assessments, and staff training on data protection obligations.

Despite these measures, no internet transmission is completely secure. You provide data at your own risk and should take appropriate precautions when transmitting sensitive information online.

10. Cookies

Our website uses cookies and similar tracking technologies. For detailed information about the types of cookies we use, their purpose, and how to manage your preferences, please refer to our Cookie Policy.

11. International Data Transfers

Your personal data is processed primarily within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR), or we rely on an adequacy decision.

12. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date of the most recent revision appears at the top of this page. We encourage you to review this policy periodically. Where changes are material, we will notify you via email or a prominent notice on our website.

14. Contact

For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact our Data Protection Officer: