Effective date: April, 2021
Please bear in mind that to access and use our website you must be an adult and have the legal capacity to enter into contracts, according to the applicable national laws and regulations of your birth or residence country.
What Does Personal Data Mean?
Who is the personal data controller?
The Company stated in our Terms and Conditions will be the controller of your or your travel partners’ personal data.
Our website may contain functionalities or links that may redirect you to third-party websites. In this sense, please note that these third-party websites are not operated by us, so we cannot assume any responsibility for the information and content provided on them and/or the correct provision of the functionalities and/or services offered by these third parties since we have no control over this. These third-party websites are bound by their own Cookie and Privacy Policies.
What type of personal data do we collect and process?
We collect the following categories of personal data:
- Direct interactions: such as when you complete your or your travel partners’ Electronic Travel Authorization application form(s) and/or Travel Health Certificate form(s) and/or the Embassy Registration form(s), and the Electronic Travel Authorization application form(s) when we request additional information from you when required to by the Government. We can also contact you in order to check the accuracy of your(s) form(s). Moreover, when you fill in the Contact form, or when you contact our Customer Service Team via email.
- Payment data: We will only request your credit or debit card information on the payment page in connection with the costs for our Services. The captured data will be sent securely to our certified payment service providers for the authorization of the transaction. In no case do we visualize or access the complete data of your credit or debit card. It is the customer’s responsibility not to enter, provide, or send his/her card information through channels not authorized by the Company.
In all cases, we only process personal data which is strictly necessary for the fulfillment of the purposes described above. In this sense, if you provide us with more information than that which is expressly required, you consent to the processing of it for the informed purpose/s for which you’re sending it.
You must provide accurate, truthful, and updated personal data and/or private information in order to obtain a correct Electronic Travel Authorization application(s) and, when appropriate, Travel Health Certificate and/or correctly manage your Embassy Registration. We will not assume any type of responsibility for circumstances that are beyond our reasonable control, such as being provided with erroneous, incomplete, and/or fraudulent information from yourself.
If you provide us with personal data of third parties, whether this is from minors or adults, you confirm that you have informed them about the purposes for which their personal data will be processed and you guarantee to us that you have obtained their prior and express consent to communicate their personal data to us. In this sense, if you provide us with the personal data of a minor, you guarantee that you are a parent and/or legal guardian and, therefore, you consent to the processing of your ward/child’s personal data.
According to the above, the Company will not be held responsible if:
- The Users and/or Customers are not adults nor have the legal capacity to contract the Services offered on this Website in accordance with the laws and regulations of their birth or residence country. In this sense, it is the sole responsibility of parents and/or legal guardians to exercise adequate control over their minor children’s/ward’s online activity and to prevent their access to websites whose content is not suitable or recommended for minors, and that allows the sending of personal data without the prior authorization of their parents or legal guardians.
- The Company has received a minor’s personal data and/or private information to submit his/her Electronic Travel Authorization application(s), to obtain the Travel Health Certificate and/or manage the Embassy Registration, provided by an individual who is not his/her parent and/or legal guardian. As soon as the Company detects and/or becomes aware of this circumstance, it will proceed to take the appropriate measures to fix the situation, including the possibility of canceling the submission of his/her application(s), as well as the cancellation of the processing and provision of the Travel Health Certificate form and/or the Embassy Registration form hired, whether the last two are purchased as add-on or as an individual Service.
- The Company has received an/several adult’s personal data and/or private information to submit his/her/their Electronic Travel Authorization application(s), and/or provide him/her with a Travel Health Certificate and/or to manage the Embassy Registration, by an individual without having requested his/her/their consent to communicate to us his/her/their personal data to us. In such cases, the Company will inform the data subject(s) about how his/her/their personal data and/or private information has been collected and, where appropriate, we will ask the individual who provided the personal data to the Company to confirm he/she requested the consent of the data subject and, where appropriate, to amend this situation. In any case, the data subject(s) will have the possibility of objecting to the processing of his/her/their personal data by the Company at all times, in which case the provision of our Services will not be possible, so the submission of the Electronic Travel Authorization application(s) will be cancelled, as well as (if applicable) the provision of the Travel Health Certificate and/or the Embassy Registration, whether the either of these two have been hired as add-on or as an individual Service.
- For circumstances that are beyond our reasonable control, such as being provided with erroneous, incomplete, and/or fraudulent information from you as a user and/or customer. You will be solely responsible for the inaccuracy or lack of veracity of the information provided.
What do we use your personal data for?
Please be informed that you only are required to provide personal data and information strictly necessary to fill in the Electronic travel Authorization application form(s), and/or when we request from you additional information as a requirement of the Government according to the Services contracted, and/or to submit a query by means of our Contact Form. In this sense, if you provide us with more information than that expressly required, you consent to the processing of it for the purpose/s for which you’re sending it.
Having said that, We use your personal data for the following purposes:
- To provide you with our Services in submitting your Electronic Travel Authorization application(s). It means that we will verify that you have correctly completed your application(s) and, when appropriate, you have provided the required documents/information and that meet the requirements of the Government and, in this sense, will ask you for the missing incomplete and/or missed information/documentation when necessary.
- To provide you with our professional assistance services in obtaining a Travel Health Certificate and/or an Embassy Registration on your or your travel partners’ behalf. It means that we will verify that you have correctly fulfilled your form and, when appropriate, we will ask you for any missing incomplete and/or missed information/documentation when necessary.
- To send you up-to-date information according to Government updates and/or operational communications regarding the status and result of your or your travel partners’ Electronic Travel Authorization application(s). In this sense, we will contact you if the Government requires more personal information and/or additional documentation in order to assess your application(s);
- To attend to your information and/or refund or cancellation queries sent to our Customer Service Team;
- To send you operational emails in connection with our Service, such as payment confirmation emails;
- For administrative purposes related to the processing and management of our Services, such as accountancy and billing tasks, verification of your payment information;
- To comply with our legal obligations, with legal requirements, laws, and regulations and/or to respond to judicial, police or to the corresponding authorities’ requirements;
- To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity on/or through this website.
- To improve our website, services, and customer support, as well as to improve your user experience on our website by analyzing your behavior while navigating through this website;
What is the legal basis for processing your personal data?
We only process your personal data when there is a legal basis for doing so. The legal basis will depend on the reason we collect and process your personal data. In almost all cases the legal basis will be:
- The execution of the contract when purchasing our Services (i.e submitting your or your travel partners’ Electronic Travel Authorization application form(s) before the Government; submitting your Travel Health Certificate form(s) and/or managing your Embassy registration and responding to your information requests addressed to our Customer Service Team, among others).
- The consent that you provided us for the processing of your personal data in connection to the purposes informed at the time of collection of your data (i.e. to receive the requested information by writing to our Customer Service Team).
- To comply with our legal obligations and/or to attend administrative, judicial, police, or the corresponding authorities’ official requirements.
- Our legitimate interest to (i) offer an enhanced user experience when you access and use this website and to operate it efficiently, (ii) to verify the Customer’s identity and monitor fraudulent activity in order to preserve the security and integrity of our website; (iii) defend and address our rights in the event that a claim regarding our Services may arise.
How long do we keep your personal data?
We will keep your personal data only for as long as is necessary to fulfill the purposes for which they are being processed and, beyond that, your personal data will be retained, and duly blocked, until the Company has complied with its legal obligations and has met with its business needs, objectives and strategies. In this sense, your personal data will be kept, for example, for as long as is needed in order to address and defend our legitimate interests regarding any claims in connection with the Services offered; until your request for information and/or refund is answered; to finish the investigation of detected fraudulent or illicit activity; we will retain the Cookies’ information providing that you do not revoke its consent.
Once the necessary retention period has ended, your personal data will be securely deleted from our information systems.
Furthermore, if you had provided us with your consent to process your personal data for specific purposes, note that you can withdraw said consent at any time. Upon receiving your withdrawal request, we will proceed to delete your personal data.
Who Do We Share Personal Data With?
We may communicate your personal data to the following third parties, including but not limited to:
- The Government of the Country you’re going to visit as it is the competent body to approve or deny the Electronic Travel Authorization application(s).
- Credit and debit card companies to process payments and (when necessary) carry out fraud controls;
- Public bodies and/or administrative or judicial authorities, as well as the police, as long as they are required in accordance with the applicable law and regulations;
- Law firms to respond to claims regarding our Services and/or to protect our legitimate interests;
- Technology service providers which host our information systems and/or that offer us tools or technological support;
- Suppliers who help us to correctly offer our Services.
The third parties mentioned above may have their headquarters outside the European Economic Area, therefore the personal data will be subject to an international transfer. In this regard, we inform you that we only transfer personal data to recipients located in countries that offer a level of personal data protection comparable to the laws and regulations of data protection of European countries or, failing that, we will apply the appropriate safeguards required by the current applicable law and regulations on the protection of personal data, in order to ensure the privacy and security of your personal data and that your individual rights and freedoms are guaranteed.
How do we protect your personal data?
Your trust is very important to us. For that reason, your personal data is stored confidentially and securely in our information systems. We have established the appropriate technical and organizational measures to safeguard and protect your personal data against illegal or unauthorized access, loss or accidental destruction, damage, use, and illegal or unauthorized disclosure.
Likewise, we have taken reasonable precautions to guarantee that all our staff, as well as the suppliers or collaborators who have access to Customers’ personal data, have received adequate training regarding the processing of the personal data collected and that they comply with said data protection obligations.
Although We will do our best to guarantee the protection of your personal data transmitted through our website and/or that you may provide to us by other means such as by email, please bear in mind that you should also take precautions to keep your personal data safe e.g you must not enter or confirm bank details by means of fake messages and/or websites.
What Rights Do You Have and How Can You Exercise Them?
You may exercise your rights of access, rectification, erasure, restriction of processing, and to object, as well as the right to the portability of your personal data, with a written request, addressed to us, via our Contact form, or by writing to us at firstname.lastname@example.org
You may modify the “privacy settings” of your web browser to set up the tracking cookies at any time. Also, you can install programs or add-ons to your browser, known as “Do Not Track” tools, which will allow you to choose the Cookies you want to allow.
As a general rule, we will respond to data protection rights requests within one (1) month. Occasionally, this period may be extended by two (2) further months where necessary, taking into account whether your request is particularly complex or whether you have made several requests. In this case, we will notify you of this event and explain the reasons for the delay to you.
Finally, we inform you that, where you consider it appropriate, you have the right to lodge a complaint before the corresponding Supervisory Authority, especially if you consider that your data protection rights have not been adequately addressed.