This privacy notice applies to data processing carried out by the following controller (within the meaning of Art. 4(7) GDPR):
visumPOINT GmbH
Ruschestraße 70
10365 Berlin, Germany
Phone: +49 (0) 30 420 258 80
Email: visa@visumPOINT.com
If you have any questions, our internal Data Protection Officer can be contacted at dataprivacy@visumpoint.com.
If you use visumPOINT for business purposes on the instructions of your employer, the following applies to the commissioning of services:
As a processor, visumPOINT processes personal data on behalf of (i.e. on the instructions of) the controller (your employer). This is based on a data processing agreement between the controller and the processor pursuant to Art. 28 GDPR. The controller determines the purposes and means of data processing and is therefore the “controller” within the meaning of Art. 4(7) GDPR.
Further privacy information relating to the use of our online portal will be provided to you when you log in for the first time. You may also access the privacy information at any time thereafter via the footer section of the website.
If you have any questions regarding data protection, please contact the controller (your employer). Alternatively, you may contact visumPOINT’s Data Protection Officer using the contact details provided above.
You have the rights described below with regard to the processing of your personal data.
If you are a private individual, please contact visumPOINT’s Data Protection Officer directly to exercise these rights.
If, however, you use visumPOINT for business purposes on the instructions of your employer, the following applies: please contact the controller (your employer).
You have the following rights:
Right to object
Where your personal data are processed on the basis of legitimate interests pursuant to Art. 6(1) sentence 1 lit. e or f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data where there are grounds relating to your particular situation or where the objection is directed against direct marketing.
In the former case, we will no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or where processing serves the establishment, exercise or defence of legal claims.
In the latter case, you have a general right to object, which we will implement without requiring you to specify a particular situation. If you wish to exercise your right of withdrawal or objection, simply send an email to dataprivacy@visumpoint.com.
3.1 Commissioning of services
3.1.1 For what purpose are your data processed?
Depending on the individual order or on the basis of existing service agreements, various services may be commissioned from visumPOINT and combined with one another. Your personal data may be processed in connection with the following services:
3.1.2 Which of your data are processed?
In accordance with the principle of data minimisation, only personal data necessary for the processing of the order are collected. If you use our visa, immigration and relocation services, this may also include special categories of personal data within the meaning of Art. 9 GDPR, such as biometric data (for example passport photos or passport data) or health data (for example vaccination certificates or medical certificates). No special categories of personal data are processed in connection with EU notification, A1 and social security certificate orders. Other required personal data depend on the commissioned services and result from the official requirements of the destination country. Depending on the country of travel, you may also need to provide personal data relating to third parties (e.g. spouse, parents, children, travel companion). In the course of providing its services, visumPOINT assumes that you have obtained the consent of those persons and, for operational reasons, cannot separately request such consent again from the data subjects. We also process data necessary for order fulfilment (payment data, shipping and address details, and contact details of a contact person for any queries). A list of additional documents required can be found in the respective section of our website (e.g. in the relevant visa requirements).
3.1.3 Who are the recipients of your data and are data transferred to third countries?
Depending on the commissioned service, and solely for the purpose of fulfilling the order, application documents containing personal data may be transmitted physically and/or electronically to third parties and subcontractors in Germany as well as in European and non-European countries, as set out below, in order to fulfil your order.
Visa procurement and worldwide consular services:
Third parties (consulates, consular application centres, notaries, authorities, ministries) and subcontractors in Germany as well as in European and non-European countries
Translations:
Subcontractors in Germany
Certifications and legalisations of documents:
Third parties (consulates, consular application centres, notaries, authorities, ministries) in Germany as well as in European and non-European countries
Organisation of invitation letters and references for visa applications:
Submission of EU notifications:
Third parties (authorities, ministries) in European countries
Provision of representation services in connection with EU notifications:
Subcontractors in European countries
Applications for A1 certificates:
Third parties (competent social security institutions via software certified by the National Association of Statutory Health Insurance Funds) in Germany
Applications for social security certificates for agreement states and posting countries:
Third parties (competent social security institutions) in Germany
Immigration and relocation services:
In addition, depending on the order, we use shipping service providers to deliver your documents to you. We also use payment service providers to process credit card payments. Please note: your credit card data are not collected or managed by visumPOINT. All credit card payment services are provided by our partner, which processes your data as an independent controller. Further information on this is provided at the relevant stage when the order is placed.
Where data are transferred to non-European countries, the following applies:
For some of these countries, there is no adequacy decision by the European Commission pursuant to Art. 45(3) GDPR confirming an adequate level of data protection, nor are there alternative appropriate safeguards for the transfer of data pursuant to Art. 46(1) GDPR. In such cases, the transfer is based on the derogations set out in Art. 49(1)(b) (“the transfer is necessary for the performance of a contract between the data subject and the controller or for the implementation of pre-contractual measures taken at the data subject’s request”) and Art. 49(1)(c) (“the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person”) GDPR. Upon request, we will be happy to provide you, either before the order is placed or afterwards, with an individual overview of all recipients of your personal data relevant to your order.
3.1.4 On what legal basis are your data processed?
For private individuals: your personal data are processed by us in the course of providing the services exclusively for the performance of a contract or for the implementation of pre-contractual measures taken at your request (Art. 6(1)(b) GDPR). If special categories of personal data pursuant to Art. 9 GDPR are processed in the course of providing the services, the legal basis for this processing is your consent given for this purpose pursuant to Art. 9(2)(a) GDPR.
If you use visumPOINT for business purposes on the instructions of your employer: your personal data are processed by us in the course of providing the services exclusively for the performance of a contract (service agreement plus agreements on data processing pursuant to Art. 28 GDPR) or for the implementation of pre-contractual measures taken at your request or at the request of the controller (Art. 6(1)(b) GDPR). You may obtain information from your employer regarding the legal basis on which your employer, as controller, relies for the processing of data in the internal relationship with you, including the processing of special categories of personal data pursuant to Art. 9 GDPR.
3.1.5 How long are your data stored?
visumPOINT processes your personal data only for as long as necessary to fulfil our contractual and legal obligations. Once the data are no longer required for the fulfilment of contractual or legal obligations, the following blocking and deletion concept applies to digitally stored documents:
For documents that are not available in digital form, the following applies: all application documents will be destroyed in compliance with data protection requirements no later than after completion of the procedure (i.e. once the service has been provided).
3.2 Visiting the website
3.2.1 For what purpose are your data processed?
During your visit to the website, data are processed for the following purposes:
Log files:
3.2.2 Which of your data are processed?
When you access our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in so-called log files. The following information is collected without any action on your part and stored until it is automatically deleted:
3.2.3 Who are the recipients of your data and are data transferred to third countries?
The recipient of the data is visumPOINT. No transfer to third countries takes place.
3.2.4 On what legal basis are your data processed?
The legal basis for data processing is Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest lies in operating our website and presenting our company online.
3.2.5 How long are your data stored?
Your data are deleted as soon as they are no longer required for the stated purposes, and no later than after 6 months.
3.3 Newsletter
3.3.1 For what purpose are your data processed?
Once you subscribe to our newsletter, the information you provide will be processed exclusively for the purpose of delivering the newsletter service.
3.3.2 Which of your data are processed?
To subscribe to our newsletter, you only need to provide your email address.
3.3.3 Who are the recipients of your data and are data transferred to third countries?
We use Newsletter2Go as our newsletter software. As part of the provision of this software, your data are transmitted to Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. In this context, the software provider acts as our processor pursuant to Art. 28 GDPR. The basis for this processing is a data processing agreement between us, as controller, and the provider. No data are transferred to third countries. Sendinblue is prohibited from selling your data or using them for any purpose other than sending newsletters. Sendinblue is a German provider selected in accordance with the requirements of the GDPR and the German Federal Data Protection Act. Further information can be found here: https://de.sendinblue.com/informationen-newsletter-empfaenger/
3.3.4 On what legal basis are your data processed?
To ensure that newsletters are only sent with proper consent, we use the so-called double opt-in procedure. As part of this process, you are added to a mailing list. You then receive a confirmation email giving you the opportunity to confirm your subscription in a legally compliant manner. Only once this confirmation has been received will your email address be actively added to the mailing list.
The legal basis is therefore your consent pursuant to Art. 6(1)(a) GDPR.
3.3.5 How long are your data stored?
You may revoke your consent to the processing of your email address and its use for sending the newsletter at any time, for example via the “unsubscribe” link included in each newsletter. Alternatively, you may send your unsubscribe request at any time to dataprivacy@visumpoint.com. Once you unsubscribe from the newsletter, your data will be deleted automatically.
3.4 Use of the contact form
3.4.1 For what purpose are your data processed?
If you have questions of any kind, we offer you the opportunity to contact us via a form provided on the website. The data you provide will be processed for the purpose of responding to your enquiry and in the event of any follow-up questions.
3.4.2 Which of your data are processed?
In order for us to respond to your enquiry, you must provide your name and email address.
3.4.3 Who are the recipients of your data and are data transferred to third countries?
3.4.4 On what legal basis are your data processed?
Data processing for the purpose of contacting us is carried out pursuant to Art. 6(1)(a) GDPR on the basis of your voluntarily given consent.
If your enquiry is aimed at concluding a contract, Art. 6(1) sentence 1 lit. b GDPR serves as the legal basis. In this case, we store your data for the duration of the statutory retention periods.
3.4.5 How long are your data stored?
You may revoke your consent at any time with effect for the future. In the event of withdrawal, your data will be deleted without undue delay. Otherwise, your data will be deleted once we have processed your enquiry or the purpose of storage no longer applies. If your enquiry is aimed at concluding a contract, Art. 6(1) sentence 1 lit. b GDPR serves as the legal basis. In this case, we store your data for the duration of the statutory retention periods.
3.5 Applications
3.5.1 For what purpose are your data processed?
By submitting an application, you express your interest in working for us. The personal data you provide will generally be processed exclusively for the purpose of filling the vacant position for which you have applied.
3.5.2 Which of your data are processed?
As part of your application, you provide us with personal data that we use and store exclusively for the purpose of your application. When using our web form, we collect the following data:
In addition, you have the option of uploading or providing relevant documents such as a cover letter, your CV and references. These documents may contain further personal data such as date of birth, address, etc.
3.5.3 Who are the recipients of your data and are data transferred to third countries?
The database and web form used to store your data are operated by Personio GmbH, which provides HR administration and applicant management software (https://www.personio.de/impressum/). In this context, Personio acts as our processor pursuant to Art. 28 GDPR. The basis for this processing is a data processing agreement between us, as controller, and Personio. No transfer to third countries takes place. Further information on processing by Personio in connection with the use of the web form can be found at https://visumpoint.jobs.personio.de/privacy-policy?language=de. General privacy information is provided by Personio at https://www.personio.de/datenschutz/.
3.5.4 On what legal basis are your data processed?
If you apply to us by email, via our web form or by post, we collect and process your personal data for the purpose of handling the application process and implementing pre-contractual measures (Art. 6(1) sentence 1 lit. b GDPR).
3.5.5 How long are your data stored?
Your data will be stored for 90 days after the end of the application process. This is generally done in order to comply with legal obligations or to defend against possible claims under statutory provisions. Thereafter, we are obliged to delete or anonymise your data. In that case, the data will only remain available to us as so-called metadata without direct personal reference for statistical evaluations (for example, the proportion of female or male applicants, the number of applications per period, etc.).
In addition, where you apply via our web form, we reserve the right to store your data for inclusion in our “talent pool” for 180 days after the end of the application process in order to identify any other positions that may be of interest to you. This also applies, for example, to applications for apprenticeships or internships. By accepting the privacy policy, you consent to the possible further storage of your data and their inclusion in our “talent pool”.
If, during the application process, you receive and accept an offer of employment from us, we will store the personal data collected during the application process for at least the duration of the employment relationship.
Website visit: We use the widely adopted SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether a particular page of our website is being transmitted in encrypted form by the closed key or lock symbol displayed in your browser and by the use of https in the address of the respective (sub-)website.
Email: Unless special arrangements have been made, encryption is carried out using TLS where this is supported by the other party. In addition, communication by email may take place via S/MIME-encrypted mailboxes. Please contact us in advance if this is required.
Server: Data that you transmit to us directly in digital form are stored exclusively in ISO 27001-certified data centres with appropriate protective measures.
In addition, in accordance with Art. 32 GDPR, we implement suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously reviewed and improved in line with technological developments.