Privacy Policy

Effective Date: December 19, 2025

Last Updated: December 19, 2025

YCI Canada Immigration Services Ltd. ("we," "us," or "our") operates the yci.co website and is committed to protecting the privacy of our visitors and clients. This Privacy Policy outlines how we collect, use, store, and protect your personal information when you use our website, communication channels, and immigration consultation services.

1. Information We Collect

We collect several types of information to provide and improve our immigration services through various communication channels:

1.1 Personal Information

• Contact Information: Name, email address, phone number, mailing address, and preferred communication methods
• Identification Information: Date of birth, nationality, passport details, and government-issued identification documents
• Immigration-Related Information: Educational credentials, work experience, language test scores (IELTS, CELPIP, TEF, etc.), family information, immigration history, and visa application details

1.2 Supporting Documents

We collect extensive documentation to support your immigration applications, including but not limited to:

• Educational certificates, diplomas, degrees, and transcripts
• Employment letters, pay stubs, tax documents, and reference letters
• Police clearance certificates and background check documents
• Medical examination results and health records
• Marriage certificates, birth certificates, and family documentation
• Passport copies, visa documents, and travel history records
• Financial statements, bank records, and proof of funds
• Language test results and credential assessments

1.3 Communication Data

We collect information through multiple communication channels:

• Website Forms: Information submitted through contact forms, assessment forms, and appointment booking systems
• Email Communications: Messages, attachments, and correspondence sent to our email addresses via Microsoft 365 email services
• Text Messages (SMS): Text message communications sent to our business phone numbers
• WhatsApp Messages: Messages, voice notes, documents, and media files shared via WhatsApp Business
• Social Media: Communications through our official social media channels including Facebook Messenger, Instagram Direct Messages, LinkedIn messages, and other social platforms
• Phone Conversations: Call recordings (where legally permitted and disclosed) and notes from phone consultations
• Microsoft Teams: Video consultations, chat messages, and file sharing through Microsoft Teams when applicable

1.4 Technical Data

• IP addresses, browser type, device information, and operating system
• Website usage data, page views, and navigation patterns through cookies and analytics tools (Google Analytics, Microsoft Clarity, etc.)
• Log files and access timestamps

2. How We Use Your Information

We use the collected information for the following purposes:

• To provide immigration consultation and representation services
• To assess your eligibility for Canadian immigration programs (Express Entry, Provincial Nominee Programs, Family Sponsorship, Study Permits, Work Permits, etc.)
• To prepare, review, and submit immigration applications to Immigration, Refugees and Citizenship Canada (IRCC)
• To communicate with you regarding your immigration case status, updates, and required actions via your preferred communication channels (email, WhatsApp, text, social media, Microsoft Teams, or phone)
• To maintain comprehensive case files and documentation as required by the College of Immigration and Citizenship Consultants (CICC)
• To respond to inquiries from immigration authorities
• To improve our website functionality, service quality, and client experience
• To comply with legal obligations, professional standards, and regulatory requirements

3. How We Store Your Information

We use Microsoft 365 and OneDrive for Business as our primary cloud storage platform to securely store and manage your documents and personal information. Our cloud storage practices include:

3.1 Microsoft 365 and OneDrive for Business Security Features

• Enterprise-Grade Platform: Microsoft 365 and OneDrive for Business are industry-leading cloud platforms with comprehensive security features and compliance certifications
• Encryption in Transit: All documents and data are encrypted during transmission using 256-bit SSL/TLS encryption protocols when being uploaded, downloaded, or accessed
• Encryption at Rest: All stored documents and data are encrypted using AES 256-bit encryption while stored on Microsoft's secure data centers
• Multi-Factor Authentication: Access to our Microsoft 365 environment requires multi-factor authentication (2FA/MFA) for all authorized personnel
• Advanced Threat Protection: Microsoft 365 includes built-in security features such as Advanced Threat Protection, anti-malware, and anti-phishing capabilities
• Access Controls: Strict role-based access controls and permissions ensure that only authorized personnel can access your information on a need-to-know basis
• Automated Backup: Microsoft 365 and OneDrive for Business provide automated version history and file recovery capabilities to prevent data loss
• Data Redundancy: Microsoft maintains geographically redundant data centers to ensure business continuity and disaster recovery
• Compliance Certifications: Microsoft 365 and OneDrive for Business comply with international standards including ISO 27001, ISO 27018, SOC 1, SOC 2, GDPR, HIPAA, and other regulatory frameworks
• Activity Monitoring: Microsoft 365 provides comprehensive audit logs and activity monitoring to track file access and changes

3.2 Data Location

Your data stored in OneDrive for Business is maintained in Microsoft's certified data centers. While Microsoft operates globally, we ensure that data handling complies with Canadian privacy laws and regulations. Microsoft provides transparency about data center locations and data residency options.

4. Information Sharing and Disclosure

YCI keeps your documents confidential and never uses your information, including visa photos and personal documents, for advertisement or other purposes without your explicit consent. We may share your information only in the following circumstances:

• With Immigration Authorities: When submitting applications to Immigration, Refugees and Citizenship Canada (IRCC), provincial immigration offices, visa application centres, or other relevant government bodies
• With Service Providers: Third-party vendors who assist in providing our services (such as translation services, credential assessment organizations, medical examination facilities, or secure document delivery services) under strict confidentiality agreements
• With Microsoft: As our cloud storage provider, Microsoft may have technical access to encrypted data for service maintenance and operation, subject to their privacy policies and data protection commitments
• With Your Consent: When you explicitly authorize us to share information with third parties (such as employers, educational institutions, or family members)
• Legal Requirements: When required by law, court order, government regulation, or professional regulatory obligations
• CICC Compliance: With the College of Immigration and Citizenship Consultants (CICC) when required for regulatory audits, investigations, or compliance purposes

5. Data Security

We implement comprehensive technical, physical, and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction:

5.1 Technical Security Measures

• 256-bit SSL/TLS encryption for all data transmission via Microsoft 365 services
• AES 256-bit encryption for data storage in OneDrive for Business
• Secure, password-protected access to all Microsoft 365 applications and systems
• Multi-factor authentication (2FA/MFA) required for all Microsoft 365 accounts with access to client data
• Microsoft Defender for Office 365 providing advanced threat protection
• Data Loss Prevention (DLP) policies within Microsoft 365 to prevent unauthorized sharing
• Automated security updates and patch management through Microsoft 365
• Azure Active Directory security features including conditional access policies
• Regular security monitoring through Microsoft 365 security dashboard

5.2 Organizational Security Measures

• Mandatory employee training on data protection, privacy practices, Microsoft 365 security features, and cybersecurity awareness
• Confidentiality agreements signed by all staff members
• Clear data handling policies and procedures for using Microsoft 365 tools
• Regular internal security audits and compliance reviews
• Incident response protocols for potential security breaches
• Secure deletion protocols using Microsoft 365 retention and deletion features
• Limited access principles ensuring personnel only access information necessary for their duties
• Regular review of user permissions and access rights within Microsoft 365

5.3 Microsoft's Security Commitments

• Microsoft undergoes regular independent security audits and vulnerability assessments
• Microsoft 365 maintains compliance with international security standards (ISO 27001, ISO 27018, SOC 1, SOC 2, FedRAMP, etc.)
• Microsoft provides transparency reports and security documentation
• 24/7 security monitoring and threat intelligence from Microsoft Security Response Center
• Service level agreements (SLAs) ensure 99.9% uptime and data protection commitments

Security Disclaimer: While we implement industry-standard security measures and utilize Microsoft 365's robust security infrastructure, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continually strive to use commercially acceptable means to protect your personal information.

6. Data Retention

We retain your personal information and supporting documents in accordance with professional regulatory requirements:

• Active Cases: During the duration of your immigration case and service engagement
• Completed Cases: For a minimum of 7 years after case completion, as required by the College of Immigration and Citizenship Consultants (CICC) Code of Professional Conduct
• Microsoft 365 Retention Policies: We configure retention policies within Microsoft 365 and OneDrive for Business to ensure compliance with regulatory requirements
• Regulatory Compliance: Immigration consultants are legally required to maintain client files for compliance, audit, and potential future reference purposes
• Extended Retention: In some cases, longer retention may be necessary for legal purposes, ongoing appeals, or if specifically requested by the client

After the required retention period expires, we securely delete your information using Microsoft 365's secure deletion features and data disposal procedures.

7. Your Rights and Data Deletion Requests

You have the following rights regarding your personal information:

• Access: Request access to your personal information and documents we hold in our Microsoft 365 environment
• Correction: Request correction of inaccurate, incomplete, or outdated information
• Portability: Request a copy of your data and documents in a structured, commonly-used format (Microsoft 365 supports standard export formats)
• Withdrawal of Consent: Withdraw consent for specific data processing activities (subject to contractual and legal obligations)
• Complaint: File a complaint with the Office of the Privacy Commissioner of Canada or relevant privacy authorities if you believe your rights have been violated

7.1 Data Deletion Requests

Important Notice Regarding Deletion Requests:

While you have the right to request deletion of your personal information, we must balance this right with our professional and regulatory obligations as licensed immigration consultants. When you request deletion of your data:

• CICC Requirements: As regulated members of the College of Immigration and Citizenship Consultants (CICC), we are legally required to maintain client files, including all communications and supporting documents stored in OneDrive for Business, for a minimum of 7 years from the date of case completion or last service provided
• Legal Obligations: We may be required to retain certain information to comply with immigration laws, tax regulations, and legal proceedings
• Partial Deletion: Where permissible, we can restrict access to your information using Microsoft 365 access controls while maintaining the minimum records required for compliance
• Post-Retention Deletion: Once the mandatory retention period expires and there are no outstanding legal obligations, we will honor your deletion request using secure deletion methods
• Marketing Data: You can request immediate removal from marketing communications and non-essential data processing at any time

To submit a deletion request or exercise any of your rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days and explain what actions we can take based on our regulatory obligations.

8. Communication Channel Security

We communicate with clients through various channels, each with specific security considerations:

• Microsoft 365 Email: Our email communications are protected by Microsoft 365's security features including Exchange Online Protection, anti-spam, anti-malware, and optional message encryption
• Microsoft Teams: Video consultations and chat communications through Microsoft Teams are encrypted in transit and at rest, with enterprise-grade security
• WhatsApp: WhatsApp Business messages are end-to-end encrypted. We use WhatsApp for client convenience while maintaining professional communication standards
• Text Messages (SMS): SMS messages are not encrypted. We avoid sending sensitive personal information via SMS and use it primarily for appointment reminders and non-sensitive communications
• Social Media: Social media platforms have their own privacy policies and security measures. We recommend discussing case-specific details through more secure channels like Microsoft Teams or encrypted email
• OneDrive Sharing: When sharing documents, we use OneDrive for Business secure sharing features with password protection and expiration dates when appropriate

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience and analyze website traffic. Cookies are small data files stored on your device.

Types of cookies we use:

• Essential Cookies: Required for website operation, navigation, and security
• Analytics Cookies: Help us understand how visitors interact with our website using tools like Google Analytics and Microsoft Clarity
• Functional Cookies: Remember your preferences, settings, and language choices
• Marketing Cookies: Track your browsing activity to provide relevant advertisements (with your consent)

You can control cookie preferences through your browser settings, though disabling cookies may affect website functionality. For more information, see our Cookie Policy.

10. Third-Party Services and Links

Our website and communications may contain links to third-party websites, services, or platforms (such as IRCC, provincial immigration websites, credential assessment organizations, or educational institutions). We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services you access, including Microsoft's privacy statement at privacy.microsoft.com.

11. International Data Transfers

Your information stored in Microsoft 365 and OneDrive for Business may be transferred to and processed in countries other than Canada. Microsoft operates data centers globally and may transfer data across jurisdictions. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, Canadian privacy laws (PIPEDA), Microsoft's data protection commitments, and applicable data protection regulations including GDPR where applicable.

12. Children's Privacy

While we provide immigration services for families including minor children, we collect information about minors only with parental or legal guardian consent and as necessary for immigration applications. Our website and direct marketing are not directed to individuals under 18. If we become aware that we have collected information from a minor without proper consent, we will take steps to delete such information or obtain appropriate authorization.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, technology, or business operations. We will notify you of any material changes by:

• Posting the updated policy on our website with a new effective date
• Sending an email notification to active clients via Microsoft 365 email
• Providing notice through our communication channels (WhatsApp, Microsoft Teams, text, or social media)

Your continued use of our services after such changes constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

14. Professional Regulation and Accountability

YCI Canada Immigration Services Ltd. is regulated by the College of Immigration and Citizenship Consultants (CICC). Our privacy practices comply with:

• Personal Information Protection and Electronic Documents Act (PIPEDA)
• CICC Code of Professional Conduct
• Immigration Consultants of Canada Regulatory Council (ICCRC) standards (predecessor to CICC)
• Provincial privacy legislation where applicable
• Microsoft 365 Trust Center compliance standards

For information about our regulatory obligations or to verify our licensing status, visit the CICC website at college-ic.ca.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, your personal information, or wish to exercise your privacy rights, please contact us:

YCI Canada Immigration Services Ltd.
Privacy Officer
Email: [email protected]
Website: yci.co

We will respond to all privacy-related inquiries within 30 days of receipt.

16. Consent

By using our website, services, and communication channels (including Microsoft 365 email, Microsoft Teams, WhatsApp, text messages, social media, and phone), you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, storage, and disclosure of your personal information and supporting documents as described herein.

You understand that we are required to retain your information for regulatory compliance purposes even if you request deletion, as outlined in Section 7.1 of this Privacy Policy.

---

This Privacy Policy is effective as of December 19, 2025, and applies to all information collected through yci.co, Microsoft 365 services, communication channels, and related immigration consultation services provided by YCI Canada Immigration Services Ltd.