Privacy Policy for “UK Company Visa Sponsorship Verifier”

Privacy Policy for “UK Company Visa Sponsorship Verifier”

Last updated: 2025-09-29

This Privacy Policy explains what data the extension collects, how it is used, and your choices. It is designed to comply with Chrome Web Store Developer Program Policies, GDPR, and UK Data Protection Act 2018, given that the extension may analyze user geography.

If you have questions, contact: [email protected]

Overview

• Product: “UK Company Visa Sponsorship Verifier” Chrome extension
• Single purpose: Indicate whether employers on supported job sites hold a UK work visa sponsorship licence.
• Key data practices: Local processing by default; minimal data collection; no sale of personal data.

What Data We Process

We keep data collection to the minimum necessary for the extension’s single purpose.

1) Data you provide

• Optional support messages or feedback: If you email us or submit a form, we receive the information you provide (e.g., email address, message content).

2) Extension-generated data (local)

• Preferences and settings: Enable/disable state, UI options.
• Cached sponsor register: Latest copy of the official sponsor list and refresh timestamps.
• Storage location: chrome.storage.local on your device.

3) Geolocation-related data

• Purpose: To tailor behavior to your geography (e.g., prioritizing UK-specific job domains, adjusting UI locale, or limiting operation to certain regions).
• What we analyze:
  • Either a coarse country/region signal inferred from your browser locale, site TLD, or IP-derived country via a third-party geolocation API.
  • We do not need precise latitude/longitude.
• Default behavior:
  • Geolocation is limited to a coarse country/region level.
  • Processing is performed locally whenever feasible. If using a geolocation API, only the requesting IP is visible to that provider as part of the request; we do not send any personal identifiers.
• Retention:
  • We may cache the resolved country/region code (e.g., GB, IE, IN) in local storage to avoid repeated lookups.
  • We do not store precise location data.

4) Technical data

• Diagnostics/telemetry (optional): We do not collect analytics by default. If you opt in to diagnostics, we may collect anonymized, aggregate events such as update success/failure or feature usage counts. No page contents, personal identifiers, or full URLs are collected.

What We Do Not Collect

• We do not collect or store precise GPS/location, browsing history, keystrokes, or the contents of pages you visit.
• We do not sell or rent personal data.
• We do not use data for targeted advertising.

Data Use Purposes

• Provide core functionality (sponsor status indication on supported sites).
• Maintain and improve reliability (e.g., update the official sponsor list).
• Localize or adjust behavior based on coarse geography.
• Respond to support requests.

Legal bases under GDPR (where applicable):

• Performance of a contract: Delivering the extension’s core features.
• Legitimate interests: Security, fraud prevention, and minimal product analytics (when opted in).
• Consent: Optional diagnostics/telemetry or geolocation API usage where required by law.

Data Sharing

• No sale of personal data.
• We do not share user data with third parties except:
  • Service providers: If a coarse geolocation API is used, your IP is visible to that provider during the request. We do not send additional identifiers. We select providers with appropriate data protection and DPAs where required.
  • Legal compliance: When required by law.

We do not share data with advertisers or data brokers.

Remote Code and Content Security

• The extension does not load or execute remote code.
• Updates to the sponsor register are downloaded as data files (e.g., JSON/CSV) and are not executed as code.
• Content-Security Policy follows Chrome MV3 requirements.

Storage and Retention

• User preferences, coarse region code, and cached sponsor register are stored locally via chrome.storage.local.
• Retention is tied to your device; data is removed when you uninstall the extension or clear extension data.
• If you opt into diagnostics, aggregated logs are retained for up to 12 months, then deleted or anonymized.

User Controls

• Settings panel:
  • Toggle extension on/off.
  • Clear local cache and settings.
  • Opt in/out of diagnostics.
  • Enable/disable geolocation-based adjustments.
• Uninstall: Removes all locally stored data.
• Access/Deletion requests: If you submitted personal data via support, contact us to access or delete it.

Children’s Privacy

The extension is not intended for children under 16. We do not knowingly collect data from children.

Security

• Principle of data minimization and local-first processing.
• HTTPS for all data fetches.
• No remote code execution.
• Least-privilege permissions; host permissions limited to supported sites.

International Transfers

If support data or optional diagnostics are processed outside the UK/EEA, we use appropriate safeguards (e.g., SCCs, UK IDTA) where required.

Your Rights (GDPR/UK GDPR)

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. You also have the right to withdraw consent for optional features at any time in settings.

Changes to This Policy

We may update this policy to reflect changes to the extension or legal requirements. We will update the “Last updated” date and, for material changes, provide in-extension notice.

Contact

• Email: [email protected]
• Visajob.co.uk

Chrome Web Store Disclosures (Short Form)

• Data collected: Local preferences, cached sponsor list, coarse region code; optional anonymized diagnostics (opt-in).
• Purpose: Core functionality, localization, reliability.
• Data sharing: No sale; limited sharing with geolocation provider (IP only during lookup), and only as necessary to provide the service.
• Security: No remote code; HTTPS; least-privilege permissions.
• User controls: Clear data, opt-in diagnostics, disable geo features, uninstall.

Implementation Notes for Manifest/Store Listing

• In manifest.json, declare only required permissions (e.g., storage, scripting, host permissions for LinkedIn/Indeed/Glassdoor). Avoid broad wildcards.
• If using a geolocation API:
  • Document the provider name and link to its privacy policy in your store listing (optional but recommended).
  • Cache country code locally; do not transmit user identifiers.
  • Consider providing a “Disable geo adjustments” toggle on first run.

If you share your exact geolocation approach (API/provider, what’s cached), I can tailor the policy text and the Chrome Web Store “Data usage” form entries precisely.