This policy explains how we protect your personal data and respect your rights under the GDPR. We only collect the information you voluntarily send us through our inquiry forms, without any cookies or tracking.
Last Updated: July 3, 2026
This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use our website, and tells you about your privacy rights and how the law protects you under the General Data Protection Regulation (GDPR).
1. Data Controller and Contact Information
Shamà Immigration acts as the Data Controller for the personal data collected through this website. If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, you can contact us directly using the details below:
Company Name: SHAMÀ & REHMAT SRL
Contact Email: shamaimmigrationpoint@gmail.com
Phone Number: +39 08 119914685
Mailing Address: Via San Cosmo Fuori Porta Nolana, 41, 80142 Napoli NA, Italy
2. Categories of Personal Data We Collect
We practice data minimization as required by the GDPR. We only collect personal information that you voluntarily choose to provide to us when submitting an inquiry through our online contact forms. We strictly limit our collection to the following data points:
Identity Data: Full Name.
Contact Data: Email Address and Phone Number.
Inquiry Data: Case details and custom messages provided voluntarily in your form submission.
We do not collect any "Special Categories of Personal Data" (such as race, ethnicity, religious beliefs, political opinions, or health data) through this website, nor do we collect any automated background data beyond what is technically required to load the webpage.
3. Absolute Absence of Cookies and Tracking Mechanisms
We believe in absolute user privacy. Our website does not use tracking cookies, analytics cookies (such as Google Analytics), advertising identifiers, tracking pixels, or any automated profiling mechanisms. Your visit to our site is private, anonymous, and entirely untracked.
4. Purposes of Processing and Lawful Bases
Under the GDPR, we must have a valid legal reason to process your personal data. We process your data exclusively for the following purposes and rely on these specific lawful bases under GDPR Article 6:
To Respond to Inquiries (Pre-contractual Steps - GDPR Article 6(1)(b)): We use your name, email, and phone number strictly to process, evaluate, and respond to the specific immigration inquiries, consultation requests, or service questions you submit to us.
To Manage Business Correspondence (Legitimate Interests - GDPR Article 6(1)(f)): It is in our legitimate business interests to securely maintain a record of communications from prospective clients to efficiently manage our business operations and protect against fraudulent inquiries.
We do not use your personal data for automated decision-making, algorithmic profiling, or marketing newsletter distributions.
5. Third-Party Data Processors (Subprocessors)
We do not sell, rent, lease, trade, or share your personal data with third-party marketers or outside companies. All client communication is handled directly and securely in-house by our agency.
However, to operate our online presence, we utilize specialized infrastructure providers who act as Data Processors under strict technical safety controls:
Website Infrastructure & Form Handling: Our website and default contact forms are built and hosted using Framer B.V. (Framer). When you fill out an inquiry form, Framer's secure cloud servers serve as the technical data processor to route your submission directly to our internal communication tools.
6. International Data Transfers
Because our website infrastructure is powered by Framer, data submitted via our web forms may be processed and stored on secure servers located outside the European Economic Area (EEA), including in the United States. To ensure your data remains protected, we verify that our technical infrastructure providers utilize appropriate safeguards, such as European Commission-approved Standard Contractual Clauses (SCCs), to guarantee an equivalent level of data protection.
7. Data Retention Periods
We retain your personal data only for as long as necessary to fulfill the specific purposes outlined in Section 4 of this policy:
Prospective Clients: If an inquiry leads to a formal contract or the initiation of an immigration case file, your information will be retained in accordance with our formal client data retention schedules and local legal requirements.
General Inquiries: If an inquiry does not result in a professional engagement or business relationship, your contact data and correspondence history will be securely and permanently deleted within 1 year from the date of final contact.
8. Your Legal Rights Under the GDPR
If you reside within the European Economic Area (EEA), you hold comprehensive rights regarding your personal data. You may exercise these rights at any time completely free of charge:
Right of Access (Article 15): You have the right to request a complete copy of the personal data we hold about you.
Right to Rectification (Article 16): You have the right to demand that we correct or update any inaccurate or incomplete personal data.
Right to Erasure / "Right to be Forgotten" (Article 17): You have the right to request that we permanently delete your name, email, and phone number from our active communication databases.
Right to Restriction of Processing (Article 18): You have the right to block or restrict how we use your data in specific scenarios (e.g., if you contest its accuracy).
Right to Data Portability (Article 20): You have the right to request that we transmit your structured data to another digital service provider where technically feasible.
To exercise any of these rights, please email us directly at shamaimmigrationpoint@gmail.com. We are legally required to verify your identity and respond to your request within 30 days of receipt.
9. Right to Lodge a Complaint
While we encourage you to contact us directly to resolve any privacy issues, you have the absolute legal right to lodge a formal complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if you believe our processing of your personal data violates the GDPR. You can find their official contact methods and filing procedures at www.garanteprivacy.it.
10. Changes to This Privacy Policy
We may update our Privacy Policy from time to time to reflect structural changes to our agency or evolving legal frameworks. Any changes will be posted directly to this webpage with an updated "Last Updated" at the top of the policy. We encourage you to review this page periodically.