Effectiveness date: June 2020
Please bear in mind that in order to access and use our website you must be an adult and have the legal capacity to enter into contracts, according to the applicable national laws and regulations of your country of birth and/or residence.
What does personal data mean?
Who is your personal data controller?
The Company stated in our Terms and Conditions will be the controller of your personal data collected in the following circumstances (among others): when you browse our website, you fulfill the Travel Authorization form, you contact our Customer Service Department, etc.
Our website may contain icons and/or links to redirect you to websites of third parties. Please note that these third-party websites are not operated by us, so we cannot assume any responsibility for the information and content provided on them and/or the correct provision of the functionalities and/or services offered by these third parties, since we have no control over them. These third-party websites are bound by their own Cookie and Privacy Policies.
What personal data do we collect?
The personal data we collect from and about you is as follows:
- Direct interactions: Data collected when you interact with us by completing the forms on our website (such as the Travel Authorization form or the Contact form) and/or when you contact our Customer Service Team by the enabled means, such as the website's chat, post, email or telephone.
- Payment data: We will only request your payment information once you have completed your Travel Authorization form and you have accepted our Terms and Conditions which will then allow you to proceed to the payment page of the Electronic Travel Authorization. The captured data will be sent securely to our certified payment service providers for the authorization of the transaction. In no case we visualize or access the complete data of your credit or debit card. It is the customer’s responsibility not to enter, provide, or send his/her card information through channels not authorized by the company.
Please be informed that you will only be required to provide the personal data and information that is strictly necessary to fulfill the purposes explained below. Therefore, if you provide us with more information than the one expressly required, you consent to its processing for the informed purpose/s for which you are sending it.
The User must provide accurate, updated and complete personal data and/or private information in order to properly submit his/her Travel Authorization form and/or to manage his/her information and/or support request. We will not assume any type of responsibility for circumstances that are beyond our reasonable control, such as being provided with erroneous, incomplete, and/or fraudulent information from the User.
If you provide us with personal data of third parties, whether these be minors or adults, you assure us that you have informed them about the purposes for which their personal data will be processed by the Company and that you have obtained their prior and express consent to communicate us their personal data.
If you provide us with the personal data of a minor, you assure us that you are his/her parent and/or legal guardian.
Moreover, please note the following:
- if the Company has received an adult’s personal data and/or private information to submit his/her Electronic Travel Authorization application from an individual who has not requested his/her consent to communicate us his/her personal data, the Company will inform the data subject of how his/her personal data and/or private information has been collected. Moreover, where appropriate, we will ask the individual who provided the personal data to the Company to confirm whether he/she requested the consent of the data subject and, if necessary, to amend this circumstance. In any case, the data subject will have at all times the possibility of objecting the processing of his/her personal data by the Company, in which case the provision of our professional services will not be possible, so that submission of the Electronic Travel Authorization application will be canceled.
- if the Company has received a minor’s personal data and/or private information to submit his/her Travel Authorization form from an individual who is not his/her parent and/or legal guardian, as soon as the Company detects and/or becomes aware of these circumstances, it will proceed to take the appropriate measures to fix the situation, including the possibility of canceling the submission of his/her application.
What do we use your personal data for?
Your personal data is processed for the following purposes:
- To provide you with our professional assistance services in submitting your Electronic Travel Authorization application. It means that we will verify that you have correctly fulfilled your application and (if applicable) that you have provided the required documents and that these meet the requirements of the Government. Should that not be the case, we will ask you for the missing and/or incomplete information and/or documentation when necessary.
- To send you up-to-date information according to Government updates and/or operational communications regarding the status of your Travel Authorization form, as well as its approval or denial. In this sense, we will let you know if the Government requires more personal information and/or additional documentation in order to assess your application;
- To properly address your request for information, claims or queries about us and/or our professional services and/or to complete your refund and cancellation requests;
- For administrative purposes related to the processing and management of our professional services, such as verification of your payment information (fraud control), accountancy and billing tasks;
- To comply with our legal obligations and/or to respond to judicial, police or to the corresponding authorities requirements;
- To improve your user experience on our website and improve our services and customer support by analyzing your behavior while navigating through this website;
- To carry out periodic checks against fraudulent, unauthorized, or illegal activity on/or through our website.
What is the legal basis for processing your personal data?
We only process your personal data when there is a legal basis for doing so. The legal basis will depend on the reason why we collect and process your personal data. In almost all cases, the legal basis will be:
- To fulfill the contract with you, meaning, to check the accuracy of your Travel Authorization form and submit it before the Government; to keep you updated regarding the status of your application and communicate to you the Government’s final decision regarding its approval or denial; to respond to your information requests addressed to our Customer Service Department, among others.
- The consent that you provided us with for the processing of your personal data in connection to the purposes communicated at the time of collection of your data (i.e. to receive the requested information by writing to our Customer Service team).
- For compliance with our legal obligations and/or to satisfy the requirements of administrative, judicial, police or corresponding authorities.
- Our legitimate interest regarding (i) credit/debit cards and other methods of payment verification, (ii) address possible claims regarding our services, (iii) enhancing the user experience when you use this website and to operate it efficiently, (iv) enhance the quality of our professional services, (v) monitor fraudulent activity in order to preserve the security and integrity of our website.
How long do we keep your personal data for?
We will process your personal data for as long as necessary to fulfill the purposes for which it was collected and, after that, your personal data will be retained, duly securely blocked, for the necessary period we need to keep it. For example, it will be kept for as long as necessary to comply with our legal obligations and/or address possible claims related to the professional services we have offered; to finish the investigation of a fraudulent or illicit activity detected; to retain the Cookies’ information providing that you do not revoke its consent, etc. Once the necessary retention period has ended, your personal data will be securely deleted from our information systems.
Furthermore, if you had provided us with your consent to process your personal data for specific purposes, note that you can withdraw said consent at any time. Upon receiving your withdrawal request, we will proceed to delete your personal data.
With whom wo we share personal data?
Your personal data will be processed and/or shared in the following circumstances:
- To the Government of the country you're going to visit as it is the competent body to approve or deny the Electronic Travel Authorization applications.
- To our payment service providers to process the payment of the costs related to the Electronic Travel Authorization application process and to carry out fraud controls, as well as to your bank entity credit/debit card companies when you have initiated a dispute of the charges made.
- To our technology service providers which host our information systems and/or that offer us tools or technological support.
- To comply with our legal obligations and when administrative, judicial and/or police authorities require it in accordance with the applicable law and regulations.
- To protect our legitimate interests in the event that a claim may arise regarding the professional services offered.
The third parties mentioned above may have their headquarters outside the European Economic Area, therefore the personal data will be subject to international transfer. In this regard, we inform you that we only transfer personal data to recipients located in countries that offer a level of personal data protection comparable to the laws and regulations of data protection of European countries or, failing that, we will apply the appropriate safeguards required by the current applicable law and regulations on the protection of personal data, in order to ensure the privacy and security of your personal data and that your individual rights and freedoms are guaranteed.
How do we protect your personal data?
Your personal data is securely stored in our information systems and we have established the appropriate technical and organizational measures in order to ensure the confidentiality and integrity of your personal data and to protect it against unauthorized or unlawful processing and/or accidental loss, destruction or damage.
Likewise, we have taken reasonable measures to guarantee that all our staff, as well as the suppliers or partners with access to your personal data, have received adequate information and/or training regarding their obligations concerning the processing of the personal data of our Users and/or Customers to which they have access to for the specific purposes previously mentioned.
Although we will do our best to guarantee the protection of your personal data transmitted through our website and/or that you may provide us with by others means such as email or phone, please bear in mind that you should also take precautions to keep your personal data safe, e.g you must not enter or confirm bank details by means of fake messages and/or websites.
What rights do you have and how can you exercise them?
You may exercise your rights of access, rectification, erasure, restriction of the processing, objection, as well as the right to the portability of your personal data, with a written request addressed to us, sent by email to: firstname.lastname@example.org or by means of our Contact Form
You may modify the “privacy settings” of your web browser to set up tracking cookies at any time. Also, you can install programs or add-ons to your browser, known as "Do Not Track" tools, which will allow you to choose the Cookies you want to allow.
Your data protection right request will be responded to within one (1) month; but occasionally, this period may be extended by two (2) further months where necessary, taking into account the complexity and/or the number of requests you may have made. In this case, we will notify you of such an extension together with the reasons for the delay.
When you consider it appropriate, you have the right to lodge a complaint before the corresponding Supervisory Authority, e.g if you consider that your data protection rights have not been adequately addressed.