QB Consulting

GlobalPathways OÜ · QB Consulting

Privacy Policy

Effective Date: April 26, 2026

Last Updated: April 26, 2026

This Privacy Policy explains how GlobalPathways OÜ, trading as QB Consulting, collects, uses, stores, shares and protects personal data in connection with its website, online consultation channels, client communication, administrative assistance services and related services.

Please read this Privacy Policy carefully before using our website or submitting any personal data to us. By using our website, contacting us, submitting a consultation request, creating an account, providing documents, or using our services, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy is intended to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the applicable Estonian data protection laws, and, where relevant, French rules applicable to cookies and electronic communications.

1. DATA CONTROLLER

The data controller responsible for the processing of your personal data is:

GlobalPathways OÜ Trading name: QB Consulting Registry code: 16768335 Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551, Estonia Contact email: qbconsulting.work@gmail.com Privacy contact email: qbconsulting.work@gmail.com

For the purposes of this Privacy Policy, “QB Consulting”, “we”, “us” or “our” refers to GlobalPathways OÜ trading as QB Consulting.

We have not appointed a Data Protection Officer. If you have any questions about this Privacy Policy or about the processing of your personal data, please contact us at:

qbconsulting.work@gmail.com

2. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to personal data processed in connection with:

  • our website and online forms;
  • consultation requests submitted through the website, email, WeChat or other communication channels;
  • administrative assistance services relating to CAF housing allowance, student social security, residence permits, APS / RECE, visa applications, freelance or business status transition, and related services;
  • client account creation, contract confirmation, order management and payment processing;
  • customer support, follow-up communication and service records;
  • newsletter, service updates or client communication where applicable;
  • website security, analytics, cookies and similar technologies.

This Privacy Policy does not apply to websites, platforms or services operated by third parties, even if they are linked from our website. Such third parties process personal data according to their own privacy policies.

3. PERSONAL DATA WE MAY COLLECT

Depending on how you interact with us and which services you request, we may collect and process the following categories of personal data.

3.1 Identity and contact data

This may include:

  • full name;
  • email address;
  • telephone number;
  • WeChat ID or other communication account;
  • postal address, where necessary;
  • city and country of residence;
  • nationality, where relevant to the requested service;
  • date of birth, where necessary for an administrative procedure;
  • copy or details of identity documents, residence permit, visa or passport, where necessary for the requested service.

3.2 Service-related administrative data

Depending on the service requested, we may process data relating to:

  • student status;
  • school or university enrolment;
  • accommodation and housing situation;
  • CAF account or housing allowance situation;
  • social security, Ameli, CSS or health insurance administrative status;
  • French visa or residence permit application status;
  • APS / RECE transition status;
  • business registration, freelance status or business project information;
  • financial documents required for administrative or visa procedures;
  • family relationship information, where relevant for visa or administrative files;
  • appointment dates, application deadlines, document submission history and administrative correspondence;
  • documents requested by French or EU administrative bodies, consulates, visa centres or other relevant authorities.

3.3 Communication data

This may include:

  • emails, messages, WeChat conversations or other communication with us;
  • consultation notes;
  • service instructions;
  • questions, requests and follow-up information;
  • feedback, complaints or testimonials voluntarily provided by you.

3.4 Payment and billing data

This may include:

  • billing name;
  • billing address;
  • invoice details;
  • payment confirmation;
  • transaction references;
  • payment status.

Where online card payment is used, full payment card details are processed by the payment service provider. We do not store your full card number, CVV or complete card authentication data.

3.5 Account and order data

Where our website provides user account or order functions, we may process:

  • account login details;
  • order history;
  • contract confirmation status;
  • service status;
  • service messages and notifications;
  • documents uploaded or submitted through the account system.

3.6 Website and technical data

When you visit our website, we may collect technical data such as:

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • pages viewed;
  • date and time of visit;
  • referring website or traffic source;
  • cookie identifiers;
  • interaction data, such as button clicks or page navigation.

3.7 Sensitive or special-category data

We do not intentionally request special-category personal data unless it is necessary for a specific service or administrative procedure.

Special-category data may include, for example, health-related information, disability-related information, biometric data processed for the purpose of uniquely identifying a person, or other information subject to special protection under GDPR.

Please do not send us special-category data unless we specifically request it for a clearly identified purpose or unless it is strictly necessary for the service you request.

Where special-category data is provided and must be processed, we process it only where a valid legal condition under GDPR applies, which may include your explicit consent, processing necessary for legal claims, or another applicable legal basis depending on the circumstances.

4. HOW WE COLLECT PERSONAL DATA

We may collect personal data from the following sources:

  • directly from you, when you fill in a form, contact us, create an account, send documents, communicate with us, pay for a service or sign a contract;
  • through communication channels such as email, WeChat, online forms, website account systems, social media or other messaging tools;
  • from documents you provide to us;
  • from administrative platforms, authorities or third-party systems where you authorise us to assist you;
  • from payment service providers and invoicing tools;
  • automatically through cookies, analytics tools and technical logs when you use our website;
  • from third parties where you have authorised them to provide information to us or where this is necessary for the requested service.

If you provide personal data relating to another person, such as a family member, invitee, guarantor, landlord or accommodation provider, you must ensure that you have the right to provide that data and, where necessary, inform that person about this Privacy Policy.

5. PURPOSES AND LEGAL BASES FOR PROCESSING

We process personal data only where we have a lawful basis to do so.

5.1 Responding to enquiries and consultation requests

Purpose: To respond to your questions, assess your situation, provide preliminary information and suggest the appropriate service path.

Legal basis:

  • taking steps at your request before entering into a contract;
  • our legitimate interest in responding to enquiries and providing client communication.

5.2 Providing administrative assistance services

Purpose: To provide services relating to CAF housing allowance, social security, residence permit renewal, APS / RECE, visa applications, freelance or business status transition, document preparation, administrative follow-up and related services.

Legal basis:

  • performance of a contract with you;
  • taking steps before entering into a contract;
  • your authorisation and instructions;
  • our legitimate interest in providing the requested service;
  • consent or explicit consent where required for specific categories of data.

5.3 Managing client accounts, contracts and orders

Purpose: To create and manage client accounts, confirm service scope, issue contracts, manage orders, track service progress and communicate with you.

Legal basis:

  • performance of a contract;
  • compliance with legal obligations;
  • our legitimate interest in managing service records and business operations.

5.4 Payment, invoicing and accounting

Purpose: To process payments, issue invoices, keep accounting records, manage refunds where applicable and comply with tax and accounting obligations.

Legal basis:

  • performance of a contract;
  • compliance with legal obligations;
  • our legitimate interest in managing payment and financial records.

5.5 Communication and customer support

Purpose: To communicate with you about your request, service progress, missing documents, appointment dates, administrative deadlines, contract matters and customer support.

Legal basis:

  • performance of a contract;
  • our legitimate interest in client communication and service follow-up;
  • consent where required.

5.6 Website operation and security

Purpose: To operate the website, maintain security, prevent fraud, detect technical issues, prevent unauthorised access and protect our systems.

Legal basis:

  • our legitimate interest in ensuring website security and service continuity;
  • compliance with legal obligations where applicable.

5.7 Analytics and website improvement

Purpose: To understand how visitors use our website, improve page structure, user experience, content and service navigation.

Legal basis:

  • consent for non-essential analytics cookies or trackers where required;
  • legitimate interest for strictly necessary technical measurements that do not require consent under applicable law.

5.8 Marketing communication

Purpose: To send service updates, newsletters or relevant information where you have requested or consented to receive such communication.

Legal basis:

  • consent, where required;
  • our legitimate interest in communicating with existing clients about similar services, where permitted by applicable law.

You may opt out of marketing communication at any time.

5.9 Legal claims and compliance

Purpose: To comply with applicable laws, respond to lawful requests, protect our rights, resolve disputes, prevent misuse of services, and establish, exercise or defend legal claims.

Legal basis:

  • compliance with legal obligations;
  • our legitimate interest in protecting legal rights and maintaining records;
  • establishment, exercise or defence of legal claims.

6. FAILURE TO PROVIDE PERSONAL DATA

In some cases, providing personal data is necessary for us to respond to your request, assess your situation, enter into a contract, provide services, process payment or comply with legal obligations.

If you do not provide the required personal data, we may be unable to:

  • respond accurately to your enquiry;
  • assess your administrative situation;
  • provide the requested service;
  • prepare or review documents;
  • submit or assist with administrative procedures;
  • issue a contract or invoice;
  • complete payment processing;
  • comply with legal or accounting obligations.

7. DATA SHARING AND RECIPIENTS

We do not sell your personal data.

We may share personal data only where necessary and in accordance with applicable law.

7.1 Internal access

Your personal data may be accessed only by authorised persons who need access for the purposes described in this Privacy Policy.

7.2 Service providers

We may share personal data with trusted service providers, including:

  • website hosting providers;
  • cloud storage providers;
  • email and communication service providers;
  • payment service providers;
  • invoicing and accounting service providers;
  • customer management or order management tools;
  • analytics and security service providers;
  • technical maintenance providers.

Such providers may process personal data only for agreed purposes and subject to appropriate confidentiality and data protection obligations.

7.3 Administrative bodies and authorities

Where necessary for the service requested and where authorised by you or required by law, we may share or submit relevant information to administrative bodies, platforms or authorities such as:

  • CAF;
  • CPAM, Ameli or social security-related bodies;
  • ANEF or French residence permit platforms;
  • French prefectures;
  • France-Visas, consulates, visa centres or related service providers;
  • business registration or tax-related platforms;
  • other competent administrative authorities involved in your procedure.

These authorities and platforms usually act as independent data controllers. Their processing of personal data is governed by their own legal obligations and privacy policies.

7.4 Professional advisers and legal obligations

We may share personal data with professional advisers, accountants, auditors, legal advisers, courts, regulators or public authorities where necessary to comply with legal obligations or protect our legal rights.

7.5 Communication platforms and social media

If you contact us through WeChat, social media platforms, messaging applications or other third-party communication tools, your use of those platforms is also subject to their own privacy policies and terms.

Please avoid sending unnecessary sensitive documents or personal data through third-party messaging platforms unless we specifically request them for the service.

8. INTERNATIONAL DATA TRANSFERS

We are established in Estonia, within the European Economic Area (“EEA”).

However, some of our service providers, communication tools, payment providers or third-party platforms may process personal data outside the EEA. In addition, if you contact us from outside the EEA or use platforms operated outside the EEA, personal data may be transferred internationally.

Where personal data is transferred outside the EEA, we take appropriate measures required by GDPR, which may include:

  • relying on an adequacy decision adopted by the European Commission;
  • using Standard Contractual Clauses approved by the European Commission;
  • implementing appropriate technical and organisational safeguards;
  • relying on a specific derogation permitted by GDPR where the transfer is necessary for the performance of a contract or for pre-contractual measures requested by you;
  • obtaining your explicit consent where required.

You may contact us to request further information about applicable transfer safeguards.

9. DATA RETENTION

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Our general retention periods are as follows:

9.1 Enquiries and consultation requests

If you contact us but do not become a client, we generally retain your enquiry and related communication for up to 12 months after the last communication, unless a longer period is necessary for legal, security or dispute-related reasons.

9.2 Client service files

We generally retain client service files, documents, communication records and service notes for up to 5 years after completion of the relevant service, unless a longer period is necessary for legal claims, regulatory requirements, accounting obligations or your specific request.

9.3 Contracts, invoices and accounting records

Contracts, invoices, payment records and accounting documents may be retained for 7 years or for any other period required by applicable accounting or tax laws.

9.4 Website technical logs

Technical logs may be retained for a limited period necessary for security, troubleshooting and fraud prevention, unless a longer period is required for legal or security reasons.

9.5 Cookies and analytics data

Cookies and analytics data are retained in accordance with the applicable cookie settings, consent choices and legal requirements. Non-essential cookies will not be used without your consent where consent is required.

9.6 Deletion or anonymisation

When personal data is no longer required, we delete it, anonymise it or securely archive it in accordance with applicable law.

10. DATA SECURITY

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, disclosure or misuse.

Such measures may include, where appropriate:

  • access controls;
  • password protection;
  • encrypted communication or storage where feasible;
  • restricted access to client files;
  • secure document handling procedures;
  • regular review of service providers;
  • confidentiality obligations;
  • backup and recovery procedures;
  • internal access limitation based on necessity.

No electronic transmission or storage method is completely secure. You should avoid sending unnecessary sensitive information through unsecured channels. If you believe your data has been compromised, please contact us immediately at qbconsulting.work@gmail.com.

Where legally required, we will notify the competent supervisory authority and affected individuals of a personal data breach.

11. COOKIES AND SIMILAR TECHNOLOGIES

Our website may use cookies and similar technologies.

Cookies are small files or identifiers placed on your device or browser. They may be used to operate the website, remember your preferences, analyse website use, improve services or support security.

11.1 Strictly necessary cookies

Strictly necessary cookies are required for the website to function properly. They may be used for security, session management, form submission, account login or payment-related functions. These cookies do not require consent where they are strictly necessary.

11.2 Analytics cookies

Analytics cookies help us understand how visitors use the website and improve content, navigation and performance. Where required by law, we use analytics cookies only with your consent.

11.3 Marketing or third-party cookies

If we use marketing, advertising or third-party tracking cookies, we will request your consent where required by law.

11.4 Cookie consent

Where consent is required, you may accept, refuse or manage cookies through the cookie banner or cookie settings tool on our website.

You may withdraw or change your consent at any time through the cookie settings tool, where available, or by adjusting your browser settings.

Refusing non-essential cookies will not prevent you from accessing the main website content, although some optional features may be limited.

12. YOUR DATA PROTECTION RIGHTS

Subject to the conditions and limits under GDPR, you have the following rights:

12.1 Right of access

You may request confirmation as to whether we process your personal data and request access to the personal data we hold about you.

12.2 Right to rectification

You may request correction of inaccurate or incomplete personal data.

12.3 Right to erasure

You may request deletion of your personal data where the conditions under GDPR are met.

12.4 Right to restriction of processing

You may request restriction of processing in certain circumstances.

12.5 Right to data portability

Where applicable, you may request to receive certain personal data in a structured, commonly used and machine-readable format.

12.6 Right to object

You may object to processing based on legitimate interests, including certain forms of direct marketing.

12.7 Right to withdraw consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

12.8 Rights relating to automated decision-making

You have rights in relation to automated decision-making and profiling where such processing produces legal effects or similarly significant effects. We do not use automated decision-making that produces legal or similarly significant effects.

13. HOW TO EXERCISE YOUR RIGHTS

To exercise your rights, please contact us at:

qbconsulting.work@gmail.com

Please include sufficient information to identify you and describe your request.

For security reasons, we may request additional information to verify your identity before responding.

We will respond to your request within the timeframe required by GDPR, generally within one month. If your request is complex or if we receive multiple requests, this period may be extended as permitted by law.

We may refuse or limit a request where permitted by law, for example where the request is manifestly unfounded, excessive, conflicts with legal obligations, affects the rights of others, or concerns data that must be retained for legal claims or compliance purposes.

14. RIGHT TO LODGE A COMPLAINT

You have the right to lodge a complaint with a competent data protection supervisory authority.

As we are established in Estonia, the relevant supervisory authority is:

Estonian Data Protection Inspectorate Andmekaitse Inspektsioon Address: Tatari 39, 10134 Tallinn, Estonia Email: info@aki.ee Website: https://www.aki.ee

If you reside or work in another EU Member State, or if you believe that your data protection rights have been infringed in another EU Member State, you may also contact the supervisory authority in that Member State.

For users in France, the competent supervisory authority may be:

Commission Nationale de l’Informatique et des Libertés (CNIL) Website: https://www.cnil.fr

We encourage you to contact us first so that we can try to resolve your concern.

15. THIRD-PARTY WEBSITES AND PLATFORMS

Our website may contain links to third-party websites, platforms or social media pages, including WeChat, Xiaohongshu, payment providers or administrative platforms.

We are not responsible for the privacy practices, security or content of third-party websites or platforms. When you access or use a third-party service, your personal data is processed according to that third party’s privacy policy.

16. USE OF WECHAT AND OTHER MESSAGING TOOLS

Many clients may choose to communicate with us through WeChat or other messaging tools.

If you communicate with us through WeChat or another third-party messaging platform:

  • your use of that platform is governed by the platform’s own terms and privacy policy;
  • the platform may process your personal data independently;
  • data may be stored or transferred outside the EEA;
  • you should avoid sending unnecessary sensitive data or documents unless needed for the service;
  • where possible, we may ask you to provide important documents through a more appropriate channel.

By choosing to communicate through such a platform, you acknowledge that the platform provider may process your data independently from us.

17. CHILDREN AND MINORS

Our website and services are not directed to children under 16.

If a minor’s personal data is required for a visa, family, education or administrative procedure, such data must be provided by a parent, guardian or person legally authorised to act on behalf of the minor.

If we become aware that we have collected personal data from a child without appropriate authorisation, we will take reasonable steps to delete such data or obtain proper authorisation where legally appropriate.

18. DATA PROVIDED ON BEHALF OF OTHERS

If you provide personal data about another person, including a family member, friend, landlord, host, guarantor, invitee, business partner or employee, you represent that:

  • you have the legal right or appropriate authorisation to provide that data;
  • the data is accurate and relevant;
  • you have informed the person, where required, about the processing of their data and this Privacy Policy.

You must not provide personal data about another person unlawfully or without proper authority.

19. ACCURACY OF INFORMATION

You are responsible for ensuring that the personal data and documents you provide to us are accurate, complete and up to date.

If your information changes, please inform us promptly. Incorrect or incomplete information may affect our ability to provide services or may lead to errors in administrative procedures.

20. DATA MINIMISATION

We request that you provide only the personal data and documents necessary for the relevant service.

Please do not send documents or information that are unrelated to your request. If unnecessary documents are provided, we may delete, return or ignore them where appropriate.

21. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, technology, website functions or data processing practices.

When we update this Privacy Policy, we will revise the “Last Updated” date above. Where required by law, we may notify you of significant changes or request your consent.

The version published on our website is the current version.

22. CONTACT US

If you have any questions about this Privacy Policy, your personal data, or your rights, please contact us at:

GlobalPathways OÜ, trading as QB Consulting Registry code: 16768335 Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551, Estonia Email: qbconsulting.work@gmail.com Privacy email: qbconsulting.work@gmail.com