III. WHAT PERSONAL DATA DO WE COLLECT?

When we provide our services to you, we may collect the following data categories from you:

• First Name
• Last Name
• Nationality
• Gender
• Marital status
• Delivery Address or home address
• Email address
• Mobile Phone Number
• Date of birth
• Copy of your passport (for example for the form filling service)
• Visa Application reference number

If required by the relevant government authorities, we might ask you for sensitive information such as

• Photo
• Race
• Religion
• Health related information
• Biometrics such as your fingerprint
• Information about your criminal history.

This list is not exhaustive and varies depending on the relevant government’s requirements and the type of visa.

When you make use of our Wi-Fi/hotspot services provided by us at venues, some information is collected automatically. This information includes e.g., the unique device identifiers know as MAC ID, start and stop timestamps of your connections, amount of traffic and the logout reason type. In some countries, where mandated by law we must keep the logbooks of users of our Wi-Fi. For this purpose, we might request your name, surname, ID number.

IV. THE LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA

If the data protection law in your country of residence allows, we will use the “performance of a contract” as the lawful basis for the processing of your personal data. This means that when you purchase a service from us, you enter into a contract with us to receive that service. We cannot deliver a service to you without using personal data from you. For example, in order to provide the form filling assistant, we will need a copy of your passport.

If the data protection law in your country of residence does not allow us to use “performance of a contract,” as a lawful basis, we will ask for your consent for the processing of your personal data.

To the extent that the legal basis for our processing of your personal information is consent, you can anytime withdraw your consent that was given to OneVasco earlier. However, without your consent in most of the circumstances we cannot continue to process the services that you have requested. Withdrawal of your consent will not affect the lawfulness of processing before the withdrawal. In regard to marketing purposes we will not contact you for marketing purposes unless you have given us your explicit permission to do so, nevertheless you have right at any time to withdraw your consent for marketing purposes without effect on our services, provided to you.

V. HOW DO WE USE YOUR PERSONAL DATA

We may use your personal data for the following purposes:

• To book an appointment with us.
• To identify you.
• To enable you to track the progress of your visa application.
• To provide you with our services such as form filling, courier delivery, for which we will need a copy of your passport and we will need to know the delivery address.
• To send you information that you have requested and that may be of interest to you.
• For analytical purposes. We use your personal data to carry out research. We study trends and use personal data with the aim of analysing and continuing to develop our products and services. We may use new technologies as part of this.
• For marketing purposes. You receive tips and offers that are appropriate for you and can benefit you as a client. In this context, we use personal data that we received from you, for example when you requested information about sustainable products and services in the past, or because you are already a client of ours. In this context, we may also use personal data that we received from other sources, such as public data sources and marketing agencies. We only do this if it is permitted by law.
• If you visit our office, we may capture images of you on camera. This is necessary to prevent burglary, theft and vandalism and to ensure the safety of our clients and employees.
• Flight & Hotel booking. For Airlines booking and hotel accommodation we may request you for your personal details as required by the airline or the hotel. This includes: your name, passport information, address, email address, phone number, date of birth.
• We process your persona data only for the purpose/s it was collected for. If we plan to use personal data for a different purpose, we will inform you via this Privacy Notice. Please check this page regularly to ensure that you’re happy with any changes.

VI. HOW LONG DO WE HOLD YOUR DATA?

We retain and hold your personal data in order to be able to perform a requested service, such as form filling or courier delivery of your travel documents. This information is retained by us for 7 years after the collection of your personal data.

VII. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We may have to share your personal data to other parties in order for us to be able to provide you our service. We will only share your data as part of the performance of our contract with you. We will never sell your personal data to a third party. For example, we will share your personal data with a courier company if you have asked us to deliver your travel document to your home or office, we will need to provide the courier company with your name, delivery address, and a contact phone number.

We only use suppliers and partners that have sufficient privacy and data protection measures in place.

VIII. TRANSFERRING YOUR PERSONAL DATA OFFSHORE

In order to provide a service to you, such as appointment scheduling, tracking your application, and invoicing, we may transfer your personal data, internally within our group companies, to one of our data centres located in Europe, Canada, or Russia, as applicable.

The sharing of your personal data with certain recipients may imply transfers of your data out of the European Economic Area (EEA). We pay particular attention to the protection of your personal data when we transfer your personal data outside of the EEA. Thus, where such transfers out of the EEA shall take place, we first implement appropriate safeguards by signing the standard contractual clauses of the European Commission with the entity out of the EEA, which processes your personal data.

IX. YOUR RIGHTS

Under many data protection laws, you have rights with regard to how your personal data is handled. These privacy rights vary from country to country; however, we enable you, subject to all relevant laws, to exercise a full range of data protection rights depending on the applicable jurisdiction. It includes, among others:

• The right to be informed how your personal data is being used.
• The right of access and a copy of your personal data.
• The right to rectification if your personal data is incorrect.
• The right to erasure your personal data (where the law permits this).
• The right to restrict the processing of your personal data.
• The right to data portability.
• The right to object to how your personal data is used.
• Rights in relation to automated decision making and profiling.
• Registering a concern about data privacy.
• Requesting a copy of your personal data, correcting inaccurate personal data, and deletion of personal data.

In order to protect your privacy and to authenticate that the request is genuinely from you and not from anyone else masquerading as you, we might request some additional details of your last interaction with us, some details that nobody else would know about.

This is to ensure that it is really you who is making the request and not someone else. We will only request enough information to enable us to identify you properly.

X. HOW ONEVASCO PROTECTS YOUR PERSONAL DATA

We are committed to protecting all personal data that we hold about you. When you give us personal data, we take steps to ensure that it is safeguarded and held securely. Any sensitive information is encrypted and protected.

On our websites, when you are on a secure page, a lock icon will appear in the address bar of most web browsers. This means the transfer of information from your browser to our web servers is encrypted to keep it safe.

XI. OUR CONTACT DETAILS AND HOW TO ASK QUESTIONS OR MAKE A PRIVACY-RELATED COMPLAINT

We are committed to protecting your privacy. If you wish to contact us or if you have any questions or wish to lodge a complaint about our privacy practices or the way we have handled your personal data, including if you believe that there has been a possible breach of any relevant privacy principles, you may contact us at:

Data Protection Officer e-mail: dataprotection@onevasco.com

XII. THE DATE THIS PRIVACY POLICY WAS LAST UPDATED

This Privacy Policy was last updated in March 2023.