Security & Privacy
Your Data Security and Privacy
3 min read
How Workium protects your personal data, our GDPR compliance measures, encryption standards, and your rights regarding your information.
Data Security and Privacy
Workium takes the security of your personal information extremely seriously. As an immigration services platform, we handle sensitive personal documents and data including passports, financial information, and employment records. Protecting this data is a core responsibility.
How We Protect Your Data
1Encryption
All data transmitted between your browser and our servers is encrypted using TLS 1.3/SSL
Sensitive documents uploaded to My Dossier are encrypted at rest using AES-256 encryption
Payment information is processed through PCI-DSS Level 1 compliant payment providers (Stripe)
No payment card details are ever stored on our servers
2Access Controls
Strict role-based access controls limit who on our team can access your data
Only your assigned caseworker and authorised support staff can view your documents
Multi-factor authentication (MFA) is enforced for all administrative access
Regular access audits to ensure no unauthorised access occurs
3Secure Storage
Documents uploaded to My Dossier are stored in enterprise-grade, encrypted cloud storage (Wasabi S3)
Presigned URLs ensure temporary, secure access to documents
Regular security audits, penetration testing, and vulnerability assessments
Data centres are located in secure, ISO 27001 compliant facilities
4Application Security
Regular security updates and patching
Input validation and protection against common web vulnerabilities (XSS, CSRF, SQL injection)
Session management with secure tokens
Rate limiting to prevent brute force attacks
GDPR Compliance
As a UK-based company, Workium fully complies with the UK GDPR and the Data Protection Act 2018.
Your Rights Under GDPR
Right to Access: Request a copy of all personal data we hold about you, free of charge
Right to Rectification: Request correction of any inaccurate or incomplete data
Right to Erasure: Request deletion of your data (subject to legal retention requirements)
Right to Portability: Request your data in a machine-readable, portable format
Right to Object: Object to certain types of data processing
Right to Restrict Processing: Request that we limit how we use your data
Data Retention
Active application data: Retained throughout your application process and for 12 months after completion
Financial records: Retained as required by UK law (typically 6-7 years)
Account data: Retained until you request deletion of your account
Marketing data: Retained until you unsubscribe or request removal
Contact for Data Requests
For any data protection inquiries, requests, or concerns:
Email: support@workium.co.uk with the subject line Data Protection Request
Include your full name and account email for identification
We will respond within 30 days as required by law
For our full privacy policy, visit https://workium.co.uk/privacy
Did this answer your question?
Chat with our experts
Save the dateThe Work Abroad Annual Summit 2026 — Nairobi, 31 OctoberRegister your interest
Annual Summit 2026NairobiRegister