Our commitment to data privacy and security is embedded in every part of our work. Our company, our employees and our products follow all the laws, regulations, standards, and ethical practices that are required.
The data privacy and security are concerned to all of us – our team, our users and our partners which is why we have a team of trained third-party security professionals who provide guidance, ensure compliance and validate security.
On this page, you will learn about the data protection, Viselio regulations, how we store your data, and other important information regarding our company.
What is GDPR?
The EU General Data Protection Regulation 2016/679 (the “GDPR”) is a regulation from the European Union that protects the privacy of EU residents. It is designed to allow individuals to more effectively control their personal data. The GDPR went into effect on May 25, 2018.
GDPR is well outlined in the following article on Medium – The General Data Protection Regulation (GDPR) In A Nutshell that the GDPR Alliance posted in 2017. In summary, we can say that the GDPR:
- applies to personal data — any data that relates to or can be used to identify a person (the “data subject”) in any way.
- controls what can be done with personal data
- requires consent or a good legal reason to process or store personal data.
- gives a person a right to know what information is held about them.
- allows a person to request that the information about them is erased and that they are ‘forgotten’ — unless there is a legal reason not to do this.
- makes sure that personal data is properly protected.
- obliges that in case that data is lost, stolen or is accessed without authority, the authorities must be notified and possibly the people whose data has been accessed may also need to be notified.
- prevents data from being used for anything other than the reason given at the time of collection.
- obliges for data to be securely deleted after it is no longer needed.
- allows national authorities to impose fines on companies breaching the regulation.
What is Viselio doing to comply with GDPR?
- As a Swiss company operating in EU markets, we have appointed an EU Representative in Germany pursuant to Article 37 of the GDPR.
- We have appointed an experienced Data Protection Officer pursuant to Article 38 of the GDPR to oversee our compliance efforts. The DPO’s nomination was reported to the Swiss data protection authority.
- We have gone through a GDPR audit to identify all areas for improvement and followed its recommendations to achieve full compliance.
- We are planning future GDPR audits on a regular basis to maintain compliance in the light of changing technological and business context.
- We adhere to GDPR’s Article 5 key principles in our data processing operations,namely:
– Purpose limitation
– Data minimization
– Storage limitation.
- We have carried out a data protection impact assessment (DPIA) for our visa processing/customer service operations (Article 35 of the GDPR).
- We apply data protection by design and data protection by default principles (Article 25 of the GDPR).
- Our technical and organizational measures ensure a level of security appropriate to the processing risk in compliance with Articles 5 and 32 of the GDPR. Specifically, our platform architecture ensures security as follows:
Our database is a MySQL database in the demilitarized zone with access only via 2 password-protected VPN tunnels, coming out of our API application servers.
Our partners can only access the Viselio API servers through the Visa Panel server (a web application) that in turn can access our API server. The platform is state-of-the-art in terms of IT security.
All our servers are virtual cloud servers physically located in Germany (hosting provider Hetzner Online GmbH https://www.hetzner.com/) with regular backups.
On the privacy governance side:
- Our employees have been trained in the GDPR as well as data security fundamentals.
We keep a record of processing activities and other data processing documentation such as data processing policies required by the GDPR.
- We have a procedure for dealing with data subjects’ requests in order to guarantee their rights, such as the right to be informed (Article 13 of the GDPR), the right of access (Article 15 of the GDPR), the right of rectification (Article 16 of the GDPR), the right to be forgotten (Article 17 of the GDPR), the right to object (Article 21 of the GDPR), the right to restrict processing (Article 18 of the GDPR), the right to data portability (Article 20 of the GDPR).
- We have adopted robust incident management procedures to deal with data protection breaches pursuant to Articles 33 and 34 of the GDPR.
We have executed GDPR-compliant data processing agreements with our subcontractors.
How is my personal data processed by Viselio?
When you visit our website, the company we use to operate the website processes and stores technical information about the terminal device used by you (operating system, screen resolution, and other non-personal features) about the browser (version, language settings), in particular and the public IP address of the computer you use to visit our website, including the date and time of access.
Our service provider uses the processed data in a non-personally identifiable manner for statistical purposes so that we can trace what kind of terminal devices, with which settings, are used to access our website, and then optimize them accordingly. These statistics do not contain any personally identifiable data.
We process data in Switzerland (data transfer at the conclusion of the contract, server log files, contact form, registration, cookies) and in Germany, where our hosting services provider is located.
Providing your personal data is voluntary in every case but remember that failing to provide them will prevent us from achieving the purposes for which the data are collected, in particular, it will prevent or significantly hinder contact with you or will prevent the conclusion of the agreement with you.
Is using Viselio safe?
Yes, using Viselio is perfectly safe.
As a rule of thumb your personal data, including your photos, are and will only be used for the visa application process (including ancillary services thereto). To a limited degree, we can also use it for customer service, your personalization preferences and other legal matters related to the visa application process (such as handling of claims).