Privacy Policy

The protection of your personal data is very important to us. Your data is processed in accordance with the legal requirements of the General Data Protection Regulation (GDPR) and other applicable data protection regulations. We would like to inform you about how we handle your personal data and what rights you have under the European General Data Protection Regulation (GDPR).

1. General Information

1.1 Controller for Data Processing

The controller for data processing within the meaning of Art. 4 para. 7 GDPR is:

visumPOINT GmbH
Ruschestraße 70
10365 Berlin, Germany
Email: visa@visumpoint.de
Phone: +49 (0) 30 420 258 80
Website: www.visumpoint.com

1.2 Data Protection Officer

For questions or concerns regarding data protection, please feel free to contact our data protection officer using the contact details below.

Email: dataprivacy@visumpoint.com

1.3 Purposes of Data Processing

Your personal data is processed for the purpose of providing and improving our services, particularly for processing your orders and applications, using our online portal, and sending you information as part of our newsletter. Specifically, your data is processed for the following purposes:

  • Contract Processing and Service Fulfillment: For processing orders and applications and for registration in our online portal.
  • Contact: For processing your inquiries or providing information.
  • Use of the online portal: To enable you to register and use our services securely and efficiently.
  • Sending the newsletter: To inform you about relevant developments, news, and offers.

Data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR for the fulfillment of a contract with your employer, for the fulfillment of the service commissioned by you, or for the implementation of pre-contractual measures, as well as on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR for sending newsletters and using cookies.

2. Service Commissioning

When using our services for visa procurement and similar services, personal data is processed. Below, we inform you about the processing of your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR). Please refer to the applicable data protection information below, depending on whether you commission visumPOINT for a service for yourself or someone else, privately or for business purposes.

2.1 Service commissioning on behalf of your employer and for business travel

If you commission visumPOINT for a service for yourself or another person on behalf of your employer, the following data protection information applies to you.

2.1.1 Controller

visumPOINT, as a processor, processes personal data on behalf of (i.e., on the instructions of) your employer. The basis for this is a data processing agreement between your employer and visumPOINT in accordance with Art. 28 GDPR. Your employer determines the purposes and means of data processing and is therefore the "controller" within the meaning of Art. 4 para. 7 GDPR.

If such a data processing agreement has not yet been concluded with your employer, please contact our data protection officer at dataprivacy@visumpoint.com.

2.1.2 Purposes of data processing

Data processing is carried out on behalf of your employer for the purpose of providing services related to the application for visas, residence permits, and other country-specific permits necessary for business trips, assignments, or other professional requirements. This includes, but is not limited to:

  • Application and management of visas and other country-specific permits: For this purpose, personal and professional information of the employee concerned is processed, which is required by the authorities in the respective destination country.
  • Communication with authorities: Transmission of necessary information to authorities, consulates, and embassies involved in processing the applications.
  • Fulfillment of contractual obligations towards your employer: Provision of the requested services on behalf of your employer.

2.1.3 Categories of data processed

The personal data processed include, but are not limited to:

  • Identification data: Name, date of birth, nationality, passport number, photograph
  • Contact details: Address, email address, phone number
  • Employment data: Employer, position, professional contact details
  • Travel data: Travel dates, duration of stay, purpose of travel, application status
  • Documents: Passport copies, official application forms, invitation letters, employer confirmations

The specific personal data required in each individual case depends on the respective official requirements.

2.1.4 Legal bases for processing

We process your data on behalf of your employer. This requires a data processing agreement in accordance with Art. 28 GDPR. Please contact your employer for further information.

2.1.5 Recipients of the data

Your data will only be transferred to the entities necessary for processing the visa application, such as:

  • Authorities and consulates: For processing applications and issuing visas, residence permits, and other country-specific permits.
  • Third-party providers of visa services, residence permits, and other country-specific permits: If external service providers are used to assist with processing or must be used due to requirements in the destination country.
  • Employer: Information about the application status and the provision of relevant documents.

2.1.6 Transfer to third countries

Since applying for a visa or other country-specific permits often requires the transfer of personal data to authorities or service providers in third countries, it may be necessary to transfer data outside the European Union (EU) or the European Economic Area (EEA). These transfers are made exclusively within the framework of the legal requirements of the GDPR, e.g., based on adequacy decisions by the EU Commission or appropriate safeguards such as standard contractual clauses.

2.1.7 Storage period

Personal data will only be stored for as long as necessary to fulfill the purposes mentioned above or as long as we are legally obliged to do so. After the expiry of statutory retention periods, the data will be deleted in accordance with the regulations.

2.1.8 Rights of data subjects

To exercise your rights, please contact your employer, who is the controller responsible for the processing. You are also welcome to contact our data protection officer, who will forward your request to your employer.

As a data subject, you have the following rights:

  • Access: You have the right to receive information about the personal data we process.
  • Rectification: You can request the rectification of inaccurate or incomplete data.
  • Deletion: You have the right to have your data deleted if it is no longer necessary or if its processing is unlawful.
  • Restriction of processing: In certain cases, you can request the restriction of the processing of your data.
  • Data portability: You have the right to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object: You can object to the processing of your personal data at any time if the processing is based on a legitimate interest.

2.1.9 Contact

If you have questions about the processing of your personal data or wish to exercise your data subject rights, please contact your employer or their data protection officer.

2.2 Service Commissioning for Private Purposes

If you commission visumPOINT for a service for private purposes, the following data protection information applies to you.

2.2.1 Controller

The responsible entity for commissioning services for private travel and related services is visumPOINT GmbH.

2.2.2 Purposes of data processing

Data processing is carried out for the purpose of providing services related to applying for official permits necessary for private travel or other requirements. This includes, but is not limited to:

  • Application and provision of official permits: To fulfill this purpose, personal and professional information required by the authorities in the respective destination country will be processed.
  • Communication with authorities: transmission of necessary information to authorities, consulates, and embassies involved in processing applications.
  • Fulfillment of contractual obligations to you: provision and processing of the requested service on your behalf.

2.2.3 Categories of data processed

The personal data processed includes, but is not limited to:

  • Identification data: name, date of birth, nationality, passport number, photograph
  • Contact details: address, email address, phone number
  • Employment data: employer, position, contact details
  • Travel data: travel dates, duration of stay, purpose of travel, application status
  • Documents: Passport copies, official application forms, invitation letters

The specific personal data required in each individual case depends on the respective official requirements.

2.2.4 Legal Basis for Processing

The processing of personal data is carried out on the basis of the following legal grounds:

  • Art. 6 para. 1 lit. b GDPR (Performance of a contract): Data processing is necessary to fulfill contractual obligations towards you.
  • Art. 6 para. 1 lit. a GDPR (Consent): Where necessary, we obtain the explicit consent of data subjects for specific processing activities.

2.2.5 Recipients of Data

Your data will only be transferred to entities necessary for processing the visa application or other country-specific permits, such as:

  • Authorities and Consulates: For processing applications and issuing visas, residence permits, and other country-specific permits.
  • Third-party providers of visa services, residence permits, and other country-specific permits: If external service providers are used to assist with processing or are required due to regulations in the destination country.
  • Employers: Information about application status and provision of relevant documents.

2.2.6 Transfer to Third Countries

Since applying for a visa or other country-specific permits often requires the transfer of personal data to authorities or service providers in third countries, it may be necessary to transfer data outside the European Union (EU) or the European Economic Area (EEA). These transfers are made exclusively within the framework of GDPR legal requirements, e.g., based on adequacy decisions by the EU Commission or appropriate safeguards such as standard contractual clauses.

2.2.7 Storage Duration

Personal data is stored only for as long as necessary to fulfill the purposes mentioned above or as required by law. After statutory retention periods expire, the data will be deleted in accordance with regulations.

3. Registration and Login to the Online Portal

3.1 Purpose of Processing

As part of the registration and login process for the online portal, we process your personal data to enable your access to the portal and the use of our services (e.g., applying for visas, residence permits). This processing ensures secure access and efficient provision of our services.

3.2 Categories of Data Processed

For registration and login to the online portal, we collect and process the following personal data:

  • Registration Data: Name, email address, username, password (encrypted).
  • Contact Data: Phone number, business and/or private address, if required.
  • Authentication Data: IP address, login data, access timestamp.

3.3 Legal Basis for Processing

The processing of your personal data for registration and login is based on:

  • Art. 6(1)(b) GDPR: The processing is necessary for the performance of a contract or for the implementation of pre-contractual measures.
  • Art. 6(1)(f) GDPR: Our legitimate interest lies in providing secure and functional access to the online portal and protecting against misuse and unauthorized access.

3.4 Storage Duration

We store your personal data collected during registration and login only for as long as necessary to fulfill contractual services or as required by legal retention obligations.

You can delete your profile yourself at any time in the profile section. If your last login, last activity, or last order entry was more than 12 months ago, you will be informed by email. If you do not log in again within 30 days, your profile will be automatically deleted. After your user account is terminated, the data will be deleted, unless there are legal retention obligations.

3.5 Disclosure to Third Parties

Data collected during registration and login will generally not be disclosed to third parties, unless this is necessary for the provision of our services or you have given your explicit consent.

In certain cases, data may be disclosed to the following categories of recipients:

  • IT service providers (e.g., for maintaining the online portal).

3.6 Security Measures

To protect your personal data, we implement appropriate technical and organizational measures to prevent unauthorized access, loss, misuse, or unlawful disclosure. These include, among others, the encrypted storage of passwords and the use of SSL encryption during data transfer.

4. Cookies and Tracking Technologies

On our website, we use cookies and similar technologies to collect statistical data and analyze visitor behavior. This information helps us optimize the website, improve the user experience, and measure the effectiveness of marketing activities. Below, we explain what data is collected by these cookies and for what purposes it is used.

4.1 Purposes of Cookie Usage

4.1.1 Visitor Statistics

We use cookies to collect general information about the use of our website. This includes:

  • Page Views: The number of visits and views of individual pages.
  • Unique Visitors: The number of individual users who visit the website.
  • Visit Path: The sequence in which pages are viewed.
  • Time on Site: The time visitors spend on our pages.

4.1.2 Behavioral Analysis

Through behavioral analysis, we gain insights into how visitors interact with our website. These data include:

  • Bounce Rate: The percentage of visitors who leave the page after a single page view.
  • Most Popular Pages: Pages that are visited particularly often.
  • Entry and Exit Pages: The pages through which visitors enter or leave the website.
  • Page Interactions: Actions such as clicking on links, downloading documents, and other interactions.

4.1.3 Access Sources

We analyze how visitors reach our website. This includes:

  • Traffic Sources: Identifying whether access comes from search engines, social media, or direct visits.
  • Campaign Tracking: Monitoring marketing campaigns using UTM parameters (e.g., clicks on ads or links in newsletters).

4.1.4 Geographical Data

We collect geographical information to understand where our visitors come from. This includes:

  • Countries and Cities of Origin: The geographical locations of visitors.
  • Languages: The language settings of visitors' browsers.

4.1.5 Technical Details

To improve functionality and optimize the website, we analyze technical details about the devices and software our visitors use:

  • Devices and Browsers: Which devices (smartphones, tablets, computers) and browsers are used.
  • Operating Systems: The operating systems installed on the devices.
  • Screen Resolution and Size: The resolution and size of screens to adapt the page layout.

4.1.6 E-commerce Tracking

If our website offers e-commerce functionalities, we use cookies to analyze the following data:

  • Revenue: The total sum of purchases made.
  • Conversion Rate: The percentage of visitors who complete a desired action (e.g., purchase, registration).

4.1.7 Goals and Conversions

We use cookies to track the achievement of specific goals on our website:

  • Goal Tracking: Monitoring whether specific actions (e.g., registration, contact initiation) have been successfully completed.
  • Conversion Tracking: Tracking visitor paths through conversion funnels to analyze the effectiveness of marketing campaigns.

4.1.8 Custom Reports and Dashboards

To provide a clearer overview, we create customizable dashboards and reports from the collected data for targeted optimizations.

4.2 Legal Basis for Processing

The use of cookies that are not strictly necessary for the functionality and maintenance of our website is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent or change your cookie settings at any time.

4.3 Storage Period

Cookies are stored for different periods, depending on their purpose. Session cookies are deleted as soon as you close your browser. Persistent cookies remain stored on your device until you delete them manually or they expire automatically after a defined period.

4.4 Disclosure to Third Parties

The data collected by cookies may, if necessary, be passed on to third parties, e.g., to analytics and tracking service providers. These service providers process the data on our behalf and are contractually obliged to protect the data in accordance with legal data protection regulations.

5. Newsletter

5.1 Purpose of Data Processing

After your registration, we process the information you provided exclusively to send you our newsletter and to provide you with current news via email for one or more countries of your choice.

5.2 Data Processed

For newsletter registration, we only require your email address.

5.3 Recipients of Your Data and Data Transfer

We use the Newsletter2Go software (Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin) to provide our newsletter service. In the context of this service, Sendinblue acts as our data processor in accordance with Art. 28 GDPR.

Your data will not be transferred to third countries. Sendinblue processes your data exclusively for sending newsletters and is contractually obliged not to sell your data or use it for other purposes. Further information on data protection at Sendinblue can be found here: https://de.sendinblue.com/informationen-newsletter-empfaenger/.

5.4 Legal Basis for Data Processing

We use the double opt-in procedure to ensure that you have explicitly consented to receiving the newsletter. After registering, you will receive a confirmation email in which you must actively confirm your registration.

The legal basis for processing your data is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

5.5 Data Retention Period

You can revoke your consent to receive the newsletter at any time by using the "unsubscribe" link in the newsletter or by sending a message to dataprivacy@visumpoint.com. After unsubscribing, your data will be deleted immediately.

6. Demo Access Registration (Contact Form)

6.1 For what purpose are your data processed?

For any questions, we offer you the opportunity to contact us via a form provided on the website. The processing of your provided data is carried out to answer your inquiry and for any follow-up questions.

6.2 What data about you is processed?

To enable us to respond to your inquiry, providing a name and your email address is required.

6.3 Who is the recipient of your data and is data transferred to third countries?

The recipient of the data is visumPOINT. No data transfer to third countries takes place.

6.4 On what legal basis is your data processed?

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your voluntarily given consent.

If your request aims at concluding a contract, Art. 6 para. 1 sentence 1 lit. b) GDPR serves as the legal basis. In this case, we store your data for the duration of the statutory retention periods.

6.5 How long is your data stored?

You can revoke your consent at any time with future effect. In the event of revocation, your data will be deleted immediately. Otherwise, your data will be deleted once we have processed your request or if the purpose of storage no longer applies. If your request aims at concluding a contract, Art. 6 para. 1 sentence 1 lit. b) GDPR serves as the legal basis. In this case, we store your data for the duration of the statutory retention periods.

7. Applications

7.1 For what purpose is your data processed?

By submitting an application, you express your interest in seeking employment with us. The processing of your submitted personal data is generally carried out exclusively for the purpose of filling the advertised position for which you have applied.

7.2 What data about you is processed?

As part of your application, you submit personal data to us, which we use and store exclusively for processing your application and assessing your suitability for the advertised position. When using our online application form, we collect the following data:

  • Name (First and Last Name)
  • Email address
  • Phone number (optional)
  • Availability (when you are available)
  • Salary expectation
  • LinkedIn profile (optional)
  • How you heard about us (e.g., job portal, referral)

Additionally, you can upload relevant documents via the application form, such as a cover letter, your CV, and certificates. These documents may contain further personal data, such as date of birth, address, educational and professional background.

7.3 Who is the recipient of your data and is data transferred to third countries?

For storing and managing your application data, we use the software of Personio GmbH, a provider of HR management and applicant tracking software (see Personio Impressum). In this context, Personio acts as our processor in accordance with Art. 28 GDPR. The basis for this processing is a data processing agreement between us and Personio, which ensures the data protection-compliant handling of your data.

Your application data will not be transferred to third countries outside the European Economic Area (EEA). Further information on the processing of your data by Personio within the scope of the web form can be found under Personio Datenschutzinformationen für Bewerber. Personio also provides general data protection information under Personio Datenschutz.

7.4 On what legal basis is your data processed?

If you apply to us by email, via the online application form, or by post, we collect and process your personal data for the purpose of carrying out the application process and for pre-contractual measures in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR.

7.5 How long is your data stored?

Your data is generally stored for a period of 90 days after the conclusion of the application process. This storage serves to fulfill legal obligations and to defend against any potential legal claims. Subsequently, your data will be deleted or anonymized. The anonymized data remains in our database exclusively for statistical purposes (e.g., proportion of applicants, number of applications per period) and no longer contains any direct personal reference.

In the case of an application submitted via our web form, we reserve the right to store your data for inclusion in our "Talent Pool" for up to 180 days after the conclusion of the application process. This allows us to consider you for future suitable job openings. This also applies to applications for apprenticeships or internships. By accepting this privacy information, you consent to the possible extended storage of your data and to your inclusion in our Talent Pool.

If you receive a job offer from us during the application process and accept it, the data collected during the application process will be stored for at least the duration of your employment.

8. Webinars

8.1 For what purpose is your data processed?

We process your personal data to enable your participation in our webinars and to conduct them. Furthermore, we may use your email address to send you information about our own similar offers or events via email. You can object to the use of your email address for this purpose at any time.

8.2 What data about you is processed?

When participating in a webinar via Microsoft Teams, the following data is processed:

  • Registration data (name, email address)
  • Technical connection data (e.g., IP address, device information)
  • Communication content (e.g., questions, chat messages, your displayed name if you do not participate anonymously)

Note on anonymous participation:

If you are already logged into your Microsoft account on your system, you will automatically join the event with that account when you click “Join event” in the invitation you received. Your name will then be visible to other participants in the webinar. If this is not desired, proceed as follows:

  • Do not left-click “Join event” on the event date.
  • Instead, copy the event link to your clipboard (on Windows: right-click the “Join event” button + then “Copy link”).
  • Open an incognito window in your browser, paste the link into the address bar, and navigate to the page.
  • Select “Cancel” if your browser asks you to use the Teams application.
  • On the page, click “Continue in this browser”.
  • In the setup screen that opens, you can now choose any name for your participation at the top and then click “Join now”.

8.3 Who is the recipient of your data and is data transferred to third countries?

The recipient of your data is visumPOINT. In addition, Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (as the provider of Microsoft Teams) processes the data as a processor according to Art. 28 GDPR for the execution of the webinar. The processing of personal data arising in connection with the webinar generally takes place in data centers within the European Union (EU). Microsoft ensures that the core storage of participant data (such as name, email address, chat contributions) occurs within the EU. However, in exceptional cases, data may be transferred to third countries (especially the USA), for example, if technical support from Microsoft is required, and in the context of processing telemetry, diagnostic, and log data (e.g., crash reports). Microsoft is certified under the EU-US Data Privacy Framework. This ensures an adequate level of data protection for these transfers within the meaning of Art. 45 GDPR. More about data processing by Microsoft: https://privacy.microsoft.com/de-de/privacystatement.

8.4 On what legal basis is your data processed?

Data processing for the purpose of webinar registration and participation is based on Art. 6 Para. 1 lit. b GDPR (fulfillment of a contract or implementation of pre-contractual measures). We base the data processing for sending you information about our own similar offers or events via email on Art. 6 Para. 1 lit. f GDPR in conjunction with Section 7 Para. 3 UWG.

8.5 How long will your data be stored?

We store your data only for as long as necessary for the execution of the webinar and – where permissible – for sending email information about similar offers. You can object to the sending of such emails at any time.

9. Special Categories of Personal Data

As part of providing our services in immigration, relocation, visas, workation, A1 certificates, social security proofs, and similar services via our online portal for private and business purposes, we also process special categories of personal data within the meaning of Art. 9 GDPR. These sensitive data include, in particular, information on ethnic origin, health data, biometric data (e.g., for identity verification), as well as data on nationality and, if applicable, criminal convictions and offenses, provided this is necessary for the fulfillment of our services. This depends on the requirements of the authorities and the respective travel countries. Detailed information on the special categories of personal data processed can be found in your order placed with visumPOINT, or you can contact visumPOINT's Data Protection Officer at dataprivacy@visumpoint.com.

The processing of this sensitive data is carried out exclusively for the fulfillment of contractual and pre-contractual obligations and to enable the provision of our services. Lawful processing of this data is therefore justified according to Art. 9 Para. 2 lit. b GDPR. Furthermore, this data is only processed when necessary to fulfill legal obligations, particularly towards authorities and institutions at home and abroad, or based on the explicit consent of the data subject according to Art. 9 Para. 2 lit. a GDPR.

To protect these special categories of data, we have implemented technical and organizational measures that ensure their integrity and confidentiality and meet the high requirements of the General Data Protection Regulation (GDPR).

10. Data Transfer to Third Countries

As part of our services in immigration, relocation, visas, workation, A1 certificates, and social security proofs, the transfer of personal data to recipients in countries within and outside the EU or the European Economic Area (EEA) may be necessary. These transfers involve both cooperation with authorities and the use of external service providers and consultants within and outside Europe to support our services.

Other recipients may include the following, depending on the service commissioned:

  • Consulates and their acceptance points
  • Notaries
  • Ministries
  • Social security institutions
  • Translation service providers

For cooperation with consultants in the EEA and third countries, we have concluded Data Processing Agreements (DPAs) or Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection in accordance with the GDPR. These agreements ensure that personal data is processed in accordance with data protection requirements and with the application of appropriate safeguards.

Furthermore, depending on the order, we engage shipping service providers to deliver your documents to you. We also use payment service providers for processing credit card payments.

Please note: Your credit card data is not collected or managed by visumPOINT. All credit card payment services are offered by our partner, who processes your data as an independent controller. Further information on this can be found at the relevant point when placing an order.

Internally, we use Microsoft 365 for administration and communication. The use of this platform complies with GDPR requirements and includes additional security measures such as the use of European data centers and encryption techniques.

Depending on the service commissioned, the transfer of data to local authorities in certain third countries such as China, India, and the USA may also be necessary to fulfill contractual and legal obligations. Such transfers occur exclusively when required for application processing or to fulfill legal obligations. The use of government-mandated software or interfaces is carefully reviewed to ensure that only necessary data is transmitted and appropriate data protection measures are guaranteed.

The transfer of personal data to third countries, especially to the aforementioned countries, is carried out in strict compliance with applicable data protection regulations. We ensure that data transfers are reduced to the necessary minimum and that the confidentiality of your data remains guaranteed.

11. Your Rights as a Data Subject

When we process your personal data, you have various rights. For private individuals: If you use our services as a private individual and wish to exercise your rights, please contact our Data Protection Officer directly. For professional users acting on behalf of an employer: If you use our service on behalf of your employer, please contact your company's Data Protection Officer.

11.1 Your Rights at a Glance

  • Right of access (Art. 15 GDPR): You have the right to know what personal data we have stored about you and how we use it. This includes information on why we use the data, which data categories are affected, who receives the data (including in countries outside the EU), how long we store the data, or how we determine this duration. You can also request information on whether there are automated decisions such as profiling and how they work.
  • Right to rectification (Art. 16 GDPR): You can request that we immediately rectify any inaccurate or incomplete data we have stored about you.
  • Right to erasure (Art. 17 GDPR): You can request the deletion of your data if we no longer need it or if there is no legal reason to continue storing it. Exceptions apply if we need the data due to legal requirements, for the public interest, or for the defense of legal claims.
  • Right to Restriction of Processing (Art. 18 GDPR): You can request that we restrict the processing of your data. This applies, for example, if you dispute the accuracy of the data or if the data should not be deleted because you need it for legal claims.
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive the data you have provided to us in a structured and commonly used format (e.g., electronically) or to have it transmitted directly to another entity, if the processing is based on your consent or a contract.
  • Right to Withdraw Consent (Art. 7 para. 3 GDPR): You may revoke any consent given for data processing at any time. Data processing based on this consent will then be stopped in the future. However, if our service is not possible without this data processing, this could mean that we can no longer provide the service.
  • Right to Lodge a Complaint (Art. 77 GDPR): If you believe that our handling of your data violates data protection regulations, you can lodge a complaint with a data protection authority. Usually, the supervisory authority at your place of residence or work, or at our company headquarters, is responsible. For us, the 'Berlin Commissioner for Data Protection and Freedom of Information' is responsible. You can find current contact information on their website: https://www.datenschutz-berlin.de.

11.2 Right to Object

If we process your data based on legitimate interests (in accordance with Art. 6 para. 1 sentence 1 lit. e or f GDPR), you have the right to object to the processing of your personal data (Art. 21 GDPR).

This right to object applies in two cases:

  • Objection Based on Your Particular Situation: You can object to the processing if you have reasons arising from your particular situation. In this case, we will stop processing your data, unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. Alternatively, we may continue processing if it serves the establishment, exercise, or defense of legal claims.
  • Objection to Direct Marketing: If we use your data for direct marketing, you can object at any time without stating reasons. In this case, we will no longer process your data for these purposes.

If you wish to exercise your right of revocation or objection, simply send an email to dataprivacy@visumpoint.com.

12. Duration of Storage

visumPOINT processes your personal data for as long as this is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, the following blocking and deletion concept for digitally stored documents applies:

  • 120 days after order completion, the order will be locked for visumPOINT case workers.
  • Months after order completion, the order in your order overview will be locked for processing for you and your approvals. Additionally, supplementary application documents linked to the order that were submitted to visumPOINT (e.g., invitation letters, passport photos, secondment letters) will be deleted.
  • Application forms (e.g., visa applications, A1 application forms, and EU registration) will be deleted 4 years after the order is completed.
  • Remaining documents (order form with payment and delivery data, accounting data (invoice), proof of service provision (e.g., scan of the issued visa, registration certificate)) are digitally archived. These data will also be deleted 11 years after the order is completed.

For documents not available digitally: All application documents will be destroyed in compliance with data protection regulations no later than after the completion of the process (i.e., after the service has been rendered).

13. Security Measures

13.1 Website Visit

We use the widely adopted SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. This is typically 256-bit encryption. If your browser does not support 256-bit encryption, we will revert to 128-bit v3 technology instead. You can recognize whether an individual page of our website is transmitted encrypted by the closed key or lock symbol, or by the use of 'https' before the address of our (sub-)webpage.

13.2 Email

Unless specific agreements are made, encryption via TLS will be used if supported by the other party. Additionally, email communication can take place via S/MIME-encrypted mailboxes. Please contact us in advance if this is desired.

13.3 Servers

Data that you transmit to us digitally is stored exclusively by us in ISO 27001 certified data centers with appropriate protective measures.

13.4 Technical and Organizational Measures

Furthermore, in accordance with Art. 32 GDPR, we employ other appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously adapted and improved in line with technological developments.

14. Amendments to the Privacy Policy

We reserve the right to amend this privacy policy at any time to adapt it to changed legal frameworks, technical developments, or modified services. In the event of such a change, we will publish the updated version of the privacy policy on our website and adjust the date of the last update.