Who We Are
Gitardor Travel Hub is a travel research and organisation service operated by Gitardor Limited, a registered digital solutions company headquartered in Lagos, Nigeria. We help individuals who want to study abroad, relocate, or plan a holiday to gain clarity, stay organised, and move forward with confidence.
Our service is not a travel agency and is not affiliated with any embassy, consulate, immigration authority, or visa-processing body. We do not process, influence, or make representations in connection with any visa, immigration, or government application. What we do is research, organise, document, and advise — giving our clients the information and structure they need to take those steps themselves.
For the purposes of this Privacy Policy, Gitardor Limited acts as the Data Controller for all personal data collected through our website (travel.gitardor.com), our client portal, and through any direct engagement with our team. Where we handle documents on behalf of clients — reviewing submitted files as part of a service package — we act as a Data Processor under the terms agreed in your signed service agreement and indemnity form.
Clarity is Our Promise. We built this service because people deserve honest, organised help when navigating study abroad and travel planning. Protecting the data and documents you share with us is fundamental to earning and keeping your trust.
Scope of This Policy
This Privacy Policy applies to all personal data processed by Gitardor Travel Hub across every touchpoint through which individuals interact with our website, our client portal, and our team.
Our Website
All pages of travel.gitardor.com — including service pages, the FAQ section, blog content, the pricing page, and any enquiry or contact forms available on the site.
Client Portal & Dashboard
Your personal dashboard at travel.gitardor.com/dashboard — where you submit questionnaires, upload documents, track task progress, and communicate in real time with your assigned team member.
Direct Communications
All direct correspondence between you and the Travel Hub team — including emails to travel@gitardor.com, in-portal chat messages, and any communication initiated during your service.
Submitted Documents
Any files, images, certificates, identification documents, financial statements, academic records, or other materials you upload to the portal as part of your service package.
Payment Transactions
Transaction records created when you purchase a service plan — invoice data, payment status, and billing references. Full card and banking details are handled exclusively by our payment processor.
Community & Marketing
Interactions on public platforms — such as Telegram, WhatsApp groups, or Reddit — where we answer travel questions and direct individuals to our service. Only publicly shared information is involved at this stage.
This policy does not extend to third-party websites, government portals, university application platforms, airline booking systems, or any other external services we may reference. Please review the privacy policies of any third-party services independently.
Data We Collect
We collect only what is genuinely necessary to deliver your service, organise your case, communicate with you, and meet our legal obligations. We do not collect data speculatively or beyond what each specific service requires.
| Data Category | Examples | Purpose |
|---|---|---|
| Identity Data | Full name, date of birth, nationality, gender | AccountService Delivery |
| Contact Data | Email address, phone number, WhatsApp number | CommunicationSupport |
| Travel Intent Data | Destination country, purpose of travel, preferred timeline, budget range | ResearchPlanning |
| Academic Data | Highest qualification, institution attended, grades, intended course of study | Scholarship ResearchCV Assistance |
| Document Data | Passports, birth certificates, degree certificates, transcripts, bank statements, reference letters — uploaded by client | Document OrganisationChecklist Verification |
| Financial Data | Invoice records, payment status, billing reference (no card numbers stored by us) | BillingCompliance |
| Technical Data | IP address, browser type, device type, operating system, session ID | SecurityAnalytics |
| Usage Data | Pages visited, time on site, portal feature usage, links clicked | AnalyticsImprovement |
| Communication Data | In-portal chat messages, email threads, questionnaire responses, task notes | Service DeliveryRecords |
A Note on Document Data: Documents you upload — such as passports or bank statements — contain sensitive personal data by their nature. We treat all uploaded documents with the highest level of confidentiality. They are accessible only to the team member assigned to your case, and only for the specific purpose for which they were submitted. They are never used for any other purpose without your explicit instruction.
How We Collect Your Data
We collect personal data through three primary channels: information you provide directly to us, data generated automatically as you use our platform, and — in limited circumstances — from publicly accessible sources.
Intake Questionnaires
When you begin a service, we provide a structured questionnaire to gather the information needed to tailor our research and support. Your answers form the foundation of your client file.
Document Uploads
Through the secure client portal, you may upload documents required for your service package. You control which documents you share and when. All uploads are encrypted in transit and at rest.
Portal Chat & Email
All messages exchanged between you and your assigned team member — via in-portal chat or email — are stored on our secure system for service continuity and reference purposes.
Payment Processing
When you complete a payment, we receive transaction-level confirmation (amount, date, invoice reference, status). Full card or banking details are processed exclusively by our third-party payment provider.
Automated Technologies
As you browse our website and portal, technical and usage data is collected automatically via cookies, server logs, and analytics tools. This helps us maintain security and improve the platform (see Section 12).
Community Interactions
If you ask a question in a public forum (Telegram, Reddit, WhatsApp) and we respond publicly, that exchange may be referenced if you later become a client — but no private data is collected from those platforms.
Document Handling & Portal Security
Because our service involves working with sensitive personal documents — passports, academic certificates, financial records, reference letters — we apply the most rigorous handling standards to every file that passes through our portal.
Important: We do not copy, print, or transmit your documents to any government body, embassy, consulate, university, or third party without your explicit written instruction. Reviewing your documents to advise on completeness or to organise a checklist does not constitute submission on your behalf.
How We Use Your Data
We use personal data only for defined, legitimate purposes directly connected to delivering the service you have commissioned. We do not repurpose your data without appropriate notice.
Research & Service Delivery
To conduct tailored research on your behalf — institution requirements, scholarship opportunities, document checklists, destination-specific travel requirements, and deadline tracking — based on the details you provide.
Case File Management
To create and maintain your client file — organising your questionnaire responses, uploaded documents, task progress, and research outputs so that nothing is lost and every detail is accessible to your assigned team member.
CV & Document Preparation
Where you have purchased a CV writing, personal statement, or similar add-on service, your data is used by the assigned team member to produce an accurate, personalised output for your review and approval.
Communication & Updates
To respond to your queries, provide research updates, send deadline reminders, issue invoices, notify you of policy changes, and communicate all service-related information relevant to your case.
Analytics & Improvement
To analyse how our platform and services are used in aggregate, identify improvements, test new features, and produce internal performance reports. We use anonymised or aggregated data wherever possible for this purpose.
Legal & Compliance
To maintain service and financial records as required by Nigerian law, respond to lawful requests from regulatory bodies, enforce our service agreement and indemnity form, and prevent fraud or abuse of our platform.
What We Will Never Do: We will never use your data or documents to provide immigration advice, make representations to any government authority on your behalf, or guarantee any outcome related to your visa, admission, or travel application. Our role is to inform, organise, and support — the decisions and applications remain entirely yours.
Legal Basis for Processing
Under the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act (NDPA 2023), every act of processing personal data must be grounded in a lawful basis. Below we identify the basis we rely on for each type of processing we carry out.
Contract Performance
Processing your identity, contact, travel intent, academic, and document data is necessary to perform the service contract you enter into when you purchase a plan. Without this data, we cannot deliver the service.
Explicit Consent
For the handling of sensitive documents (passports, financial records, academic history), we rely on your explicit, informed consent as documented in the signed indemnity and service agreement.
Legal Obligation
We are required by Nigerian law to retain financial records, tax-related data, and certain business correspondence for a minimum statutory period. Processing for compliance purposes rests on this legal obligation.
Legitimate Interests
We process technical and usage data — such as IP addresses and session logs — to protect our platform's security and detect fraudulent activity. We have assessed that these interests do not override your fundamental rights.
Marketing (Opt-In)
Where you have opted in to receive updates, newsletters, or travel content from us, we rely on your consent. You may withdraw this consent at any time by using the unsubscribe link in any email we send.
Vital Interests
In rare circumstances where processing is necessary to protect your vital interests or those of another person, we may rely on this basis — for example, if a safety concern arises during the service period.
Third-Party Sharing
We do not sell, rent, trade, or otherwise disclose your personal data to third parties for commercial gain. Sharing occurs only with the strictly limited categories of party described below, and only to the extent necessary for the stated purpose.
Technology & Infrastructure
Providers of cloud hosting, database services, and secure file storage that underpin our platform. These providers are bound by formal Data Processing Agreements and are prohibited from using your data for any purpose beyond providing the contracted service to us.
Payment Processors
When you make a payment, your transaction data is processed by our payment gateway provider under their own privacy and security standards. We do not receive or store your full card or bank details at any point.
Communication Tools
Email delivery platforms used to send service updates, deadline reminders, and account notifications. These providers are instructed to process your email address only for message delivery purposes — nothing more.
Assigned Team Members
Researchers, CV writers, and specialists assigned to your case within the Travel Hub team. They are granted access only to the specific data and documents relevant to their assigned task, and are bound by confidentiality obligations.
Legal & Regulatory Authorities
Where we are required by law, court order, or a legitimate request from a Nigerian regulatory authority (such as the NDPC) to disclose personal data, we will comply with that obligation. Where legally permissible, we will notify you before making such a disclosure. We will not share data based on informal or unverified requests.
Your Documents: Your uploaded documents — passports, certificates, bank statements — are never shared with any third party, including government bodies, universities, or embassies, without your explicit written instruction. Engaging our service does not constitute authorisation for us to share your documents on your behalf.
Data Retention
We retain personal data and documents only for as long as is necessary to fulfil the purpose for which they were collected, or as required by applicable law.
At the end of the applicable retention period, data is securely and permanently deleted or anonymised so that it can no longer be linked to an identifiable individual. You may request early deletion at any time — see Section 11.
For uploaded documents specifically, you will receive a notification when your service is marked complete. You may request immediate deletion or authorise retention for up to 12 months should you return for further assistance. If no response is received within 60 days, documents are permanently deleted as a matter of default.
Data Security
Given the sensitive nature of the documents our clients entrust to us, we apply a layered, defence-in-depth approach to data security — from encryption and access controls to breach notification procedures.
Encryption at Rest & in Transit
All data stored on our servers — including documents, case files, and communications — is encrypted at rest. All data in transit between your browser and our servers is protected by TLS/HTTPS encryption.
Role-Based Access Controls
Access to client data and documents is role-based and strictly limited. Each team member is granted access only to the specific cases assigned to them. Administrative access is protected by multi-factor authentication.
Secure Portal Architecture
The client portal is built with session management, automatic logout on inactivity, and protection against common web vulnerabilities including CSRF and XSS attacks.
Activity Logging
We maintain server-side access logs tracking who accesses which client records and when. These logs are reviewed periodically and retained for security audit purposes.
Secure Deletion
When data reaches the end of its retention period or a deletion request is received, files are permanently and irrecoverably deleted. Soft-deleted data is purged from backups within 30 days.
Breach Notification
In the unlikely event of a data breach affecting your personal data, we will notify you and the NDPC within 72 hours of becoming aware of the incident, as required by the NDPA 2023.
Your Responsibilities: Please keep your portal login credentials private and use a strong, unique password. Do not share your account access with others. If you suspect unauthorised access to your account, contact us immediately at travel@gitardor.com.
Your Rights
Under the NDPR and the Nigeria Data Protection Act (NDPA 2023), you have a comprehensive set of rights over your personal data. We are committed to honouring these rights promptly and without undue obstruction.
Right to Access
You may request a copy of all personal data we hold about you, including how it is used, who has accessed it, and where it is stored.
Right to Rectification
If any personal data we hold is inaccurate or incomplete, you have the right to have it corrected. We will update your records within 5 business days of a valid request.
Right to Erasure
You may request deletion of your personal data and uploaded documents at any time. We will comply unless legally required to retain certain records (e.g. financial data for 7 years).
Right to Restrict Processing
You may ask us to restrict how we use your data — for example, while you contest its accuracy or object to a specific use — while we investigate or consider your request.
Right to Portability
Where we process your data on the basis of consent or contract, you have the right to receive a copy in a structured, machine-readable format (e.g. JSON or CSV) so you can transfer it elsewhere.
Right to Object
You have the right to object to processing based on legitimate interests, and to opt out of direct marketing at any time — including via the unsubscribe link in any email we send.
How to Exercise Your Rights
Email travel@gitardor.com with subject line "Data Rights Request — [Your Full Name]". Include your full name, the email on your account, the right you wish to exercise, and any relevant details. We will acknowledge within 5 business days and respond in full within 30 days — at no charge to you.
Cookies & Tracking
Our website and client portal use cookies and similar tracking technologies to ensure the platform functions correctly, to measure how it is used, and — where you consent — to improve your experience.
On your first visit to travel.gitardor.com, a cookie consent banner will invite you to set your preferences. You may accept all, reject non-essential cookies, or manage each category individually. You may update your choices at any time via the "Cookie Settings" link in the footer.
International Data Transfers
As a service assisting clients seeking to travel internationally, some data may be processed by infrastructure providers located outside Nigeria. We ensure all cross-border transfers are subject to appropriate safeguards.
Where personal data is transferred to a country that does not offer an equivalent standard of protection to Nigeria, we implement one or more of the following: Standard Contractual Clauses (SCCs) with the receiving party; transfer to countries with an adequacy decision; or explicit, informed consent from the client where neither of the foregoing applies.
Third-party providers we rely on — such as cloud hosting and analytics platforms — may operate infrastructure in the United States, European Union, or United Kingdom. Our agreements with those providers include appropriate data transfer mechanisms aligned with the NDPR and, where applicable, GDPR principles.
Your uploaded documents — being the most sensitive data category — are stored on servers within the European Union or United Kingdom, both of which offer robust data protection frameworks. They are not transferred to any country with a lower standard of protection without your explicit written consent.
You may request information about the specific safeguards in place for any international transfer of your data by writing to travel@gitardor.com.
Updates to This Policy
Data protection law and our service offering continue to evolve. We review this Privacy Policy at least once every 12 months and update it whenever we make material changes to how we collect, use, or protect personal data.
When we make material changes — such as introducing new categories of data collection, adding new processing purposes, or engaging new third-party processors — we will notify registered clients via email at least 14 days before the changes take effect. The revised policy will be accessible on our website with the updated effective date prominently displayed.
For minor, non-material updates — such as typographical corrections or clearer wording — we will update the "Last Updated" date on this policy without formal notification. We encourage you to review this policy periodically by visiting travel.gitardor.com.
Your continued use of the platform or our services after the effective date of any update constitutes your acknowledgment of the revised terms. If you do not agree with a material change, please contact us before the effective date to discuss your options or to close your account.
Contact & Data Officer
For all privacy-related matters — including exercising your data rights, raising a concern about how your documents are handled, or asking any question about this policy — please contact us using the details below.
Registered Details
Gitardor Travel Hub
Operated by Gitardor Limited
Lagos, Nigeria · CAC Registered
Privacy & Data Enquiries
Email: travel@gitardor.com
Subject: "Privacy Policy Enquiry"
Response: within 24–48 business hours
Supervisory Authority — Nigeria
If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng. For EU or UK residents, your national data protection supervisory authority also has jurisdiction over cross-border complaints.
Data Rights Request Procedure
Email travel@gitardor.com with subject line "Data Rights Request — [Your Full Name]". Include your full name, the email on your account, the specific right you wish to exercise, and any relevant details. We acknowledge within 5 business days and respond in full within 30 days — free of charge.
Document Deletion Request
To request immediate deletion of specific uploaded documents, email travel@gitardor.com with subject line "Document Deletion Request — [Your Full Name]" and list the files you wish removed. We confirm deletion within 5 business days.