Privacy Policy

1 Introduction

Welcome to VisaEase ("we", "us", "our"). We are a private visa assistance and consultancy platform operating in India, helping individuals navigate the visa application process for international travel. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you visit our website at www.visaease.com or use any of our services.

This Policy is published in accordance with the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act"). It applies to all users who access our website, submit inquiries, or engage our services — whether as visitors, registered users, or clients.

By using our website or services, you consent to the collection and use of your personal data as described in this Policy. If you do not agree, please discontinue use of our platform immediately.

2 Data We Collect

We collect personal data only to the extent necessary for providing our visa assistance services. The categories of data we may collect include:

2.1 Information You Provide Directly

• Identity Information: Full name, date of birth, gender, nationality, and photograph.
• Contact Information: Email address, mobile number, and residential address.
• Passport & Travel Details: Passport number, issue/expiry date, travel history, and previous visa details.
• Financial Information: Bank statements, income proof, or other financial documents required for visa applications. We do not store payment card details on our servers.
• Application Documents: Any supporting documents you submit including employment letters, property documents, and educational certificates.
• Inquiry & Communication Data: Messages, emails, and details shared via our contact forms, WhatsApp, or phone.

2.2 Information Collected Automatically

• Usage Data: Pages visited, time spent, links clicked, and navigation patterns on our website.
• Device & Technical Data: IP address, browser type, operating system, and device identifiers.
• Cookies & Tracking Technologies: Session cookies, analytics cookies, and similar technologies (see Section 5).

2.3 Sensitive Personal Data or Information (SPDI)

Under the SPDI Rules 2011, certain categories of data we may collect (such as financial information and passport data) qualify as sensitive personal data. We collect SPDI only with your explicit consent and solely for the purpose of processing your visa application. You may withdraw consent at any time, though this may affect our ability to deliver the service.

3 How We Use Data

We use the personal information we collect for the following lawful purposes:

• Service Delivery: To process your visa application, prepare documents, coordinate with embassies and VFS centres, and communicate application status updates.
• Client Communication: To respond to inquiries, send appointment reminders, and provide updates regarding your application via email, SMS, or WhatsApp.
• Payment Processing: To verify payments and issue receipts for services rendered.
• Legal Compliance: To comply with applicable Indian laws, regulations, court orders, and government directives.
• Service Improvement: To analyse usage patterns, improve our website, and enhance the quality of our services.
• Marketing Communications: With your prior consent, to send you information about our new services, offers, or relevant updates. You may opt out at any time by contacting us or clicking the unsubscribe link in any marketing email.
• Fraud Prevention & Security: To detect, investigate, and prevent fraudulent or unauthorised activity on our platform.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you without your knowledge and consent.

4 Data Sharing

VisaEase does not sell, rent, or trade your personal data to any third party for commercial purposes. We share your data only in the following limited and necessary circumstances:

• Embassies & Consulates: Your personal and travel data is submitted to the relevant embassy or consulate as part of the visa application process. This is the primary purpose for which you engaged our services.
• Visa Facilitation Centres: Data may be shared with authorised centres such as VFS Global or BLS International appointed by the respective embassy.
• Payment Processors: Payment information is processed by certified third-party payment gateways. We do not store card details on our servers.
• Courier Partners: Name and address may be shared with authorised courier services for document return and passport delivery.
• Legal Authorities: We may disclose data to law enforcement agencies, regulatory authorities, or courts when required by law, court order, or to protect our legal rights and the safety of our users.
• Professional Advisors: Data may be shared with our legal, financial, or compliance advisors who are bound by strict confidentiality obligations.

Any third party with whom we share your data is required to handle it lawfully and in accordance with applicable data protection standards. We do not permit third parties to use your data for their own independent marketing purposes.

5 Cookies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and gather analytical data. Cookies are small text files placed on your device by your browser when you visit our website.

Types of Cookies We Use

• Essential Cookies: Necessary for core website functionality, including session management and security features. These cannot be disabled without affecting your access to the site.
• Analytics Cookies: Used to collect aggregated, anonymised data on how visitors interact with our site (e.g., via Google Analytics). This data helps us improve performance and content relevance.
• Preference Cookies: Used to remember your settings and preferences (such as language or region) to personalise your experience on return visits.
• Marketing Cookies: Used to deliver relevant advertisements and measure the effectiveness of our marketing campaigns. These are only activated with your explicit consent.

You may manage or disable cookies through your browser settings at any time. Please note that disabling certain cookies may limit the functionality of our website. By continuing to browse our site without changing your cookie settings, you consent to our use of cookies as described above.

6 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, comply with applicable legal obligations, resolve disputes, and enforce our agreements.

• Active Client Data: Retained for the duration of your engagement with us and for a period of 5 years thereafter, in compliance with Indian tax and regulatory record-keeping requirements.
• Inquiry & Lead Data: Information submitted through our contact forms or WhatsApp but not converted into an active engagement is retained for a maximum of 12 months, after which it is securely deleted.
• Application Documents: Passport copies, financial documents, and other supporting materials are retained for 3 years post-application for reference and compliance purposes, unless you request earlier deletion.
• Website Analytics Data: Aggregated and anonymised analytics data may be retained indefinitely as it does not identify any individual.
• Payment Records: Transaction records are retained for 7 years as required under the Income Tax Act, 1961 and applicable financial regulations.

Upon expiry of the applicable retention period, your data is securely deleted, anonymised, or destroyed in a manner that prevents unauthorised access or reconstruction. You may request earlier deletion of your data subject to any overriding legal obligations (see Section 8 — Your Rights).

7 Security Measures

VisaEase takes the security of your personal data seriously. We have implemented the following technical and organisational measures in accordance with Rule 8 of the SPDI Rules, 2011:

• Encryption: All data transmitted between your browser and our servers is protected using SSL/TLS encryption (HTTPS). Sensitive data stored on our servers is encrypted at rest.
• Access Control: Access to personal data is restricted to authorised personnel on a strict need-to-know basis. All team members are bound by confidentiality obligations.
• Secure Infrastructure: Our platform is hosted on reputable cloud infrastructure providers with industry-standard security certifications and regular security audits.
• Document Handling: Physical documents received from clients are stored in secured, access-controlled premises and disposed of by shredding once no longer required.
• Incident Response: We maintain a data breach response protocol. In the event of a breach affecting your data, we will notify you and the relevant authorities as required under applicable law.
• Employee Training: Our team members handling personal data receive regular training on data privacy and security best practices.

8 Your Rights

As a data principal under the Digital Personal Data Protection Act, 2023, and a user of our platform, you have the following rights with respect to your personal data:

• Right to Access: You may request a copy of the personal data we hold about you, along with information on how it is being used and with whom it has been shared.
• Right to Correction: You may request correction of any inaccurate, incomplete, or outdated personal data we hold about you.
• Right to Erasure: You may request deletion of your personal data, subject to any overriding legal obligations that require us to retain it.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
• Right to Grievance Redressal: You have the right to raise a grievance with us regarding the processing of your data. We will acknowledge and respond to such requests within 30 days.
• Right to Nominate: Under the DPDP Act, 2023, you may nominate an individual to exercise your data rights in the event of your death or incapacity.

To exercise any of the above rights, please contact our Grievance Officer at privacy@visaease.com. We will verify your identity before processing your request and respond within 30 days of receipt. We reserve the right to decline requests that are manifestly unfounded, repetitive, or that conflict with our legal obligations.

9 Children's Privacy

VisaEase does not knowingly collect personal data directly from children under the age of 18 years without verifiable parental or guardian consent. Our services are intended for use by adults, and individuals below 18 years of age must have their visa applications managed by a parent or legal guardian.

Where a visa application includes a minor as a co-applicant or dependent, the parent or legal guardian who engages our services is responsible for providing consent on the minor's behalf, confirming the accuracy of information submitted, and ensuring compliance with applicable embassy requirements for minors.

If we become aware that we have inadvertently collected personal data from a minor without appropriate consent, we will take prompt steps to delete such data from our records. If you believe we may have collected data from or relating to a child without proper consent, please contact us immediately at privacy@visaease.com.

10 Third-Party Links

Our website may contain links to third-party websites, portals, or resources — including embassy websites, VFS Global, BLS International, travel insurance providers, and payment gateways. These links are provided for your convenience and information only.

VisaEase does not own, operate, or control these third-party websites, and this Privacy Policy does not apply to them. We have no responsibility or liability for the privacy practices, content, or security of any third-party website. We strongly encourage you to review the privacy policy of every external website you visit before submitting any personal information.

The presence of a link to a third-party website on our platform does not constitute an endorsement, recommendation, or approval of that website or its content by VisaEase.

11 Legal Compliance

This Privacy Policy is drafted and maintained in compliance with the following applicable Indian laws and regulations:

• Information Technology Act, 2000 (IT Act): The primary legislation governing electronic commerce, digital transactions, and cybersecurity in India.
• IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules): Prescribing standards for collection, storage, and handling of sensitive personal data by companies operating in India.
• Digital Personal Data Protection Act, 2023 (DPDP Act): India's comprehensive data protection legislation governing the processing of digital personal data, rights of data principals, and obligations of data fiduciaries.
• Income Tax Act, 1961: Requiring retention of financial records and transaction data for specified periods.
• Consumer Protection Act, 2019: Governing the rights and protections of consumers in service relationships.

We periodically review and update our data practices to remain compliant with evolving Indian legislation and regulatory guidance issued by competent authorities including the Data Protection Board of India.

12 Policy Updates

VisaEase reserves the right to modify, update, or revise this Privacy Policy at any time to reflect changes in our business practices, the services we offer, applicable laws, or regulatory requirements. We will not reduce your rights under this Policy without providing you with prior notice.

When we make material changes to this Policy, we will update the "Last Updated" date displayed at the top of this page. Where required or appropriate, we may also notify registered users or active clients via email or through a prominent notice on our website.

Your continued use of our website or services following the publication of any updates to this Policy constitutes your acceptance of the revised terms. We encourage you to review this page periodically to stay informed about how we protect your personal data.

13 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact our designated Grievance Officer:

We will acknowledge all privacy-related requests or grievances within 48 hours and endeavour to resolve them within 30 days of receipt, in accordance with the DPDP Act, 2023.