Privacy Policy

1. Who We Are

This Privacy Policy explains how Gerlior Limited, a company incorporated in Cyprus (Reg. No HE 382120, VAT: 10382120A), having its registered office at 11 Vladimirou Kafkaridi, Nicosia, 2548, Cyprus ("Online Visas", "we", "us", "our"), collects, uses, discloses and protects your personal data when you use our website online-visas.com and related services (collectively, the "Service").

We act as the Data Controller under the General Data Protection Regulation (EU) 2016/679 ("GDPR").

2. Information We Collect

We collect personal data in three main ways:

a) Information you provide directly

Examples:

• Name, date of birth, nationality, gender.
• Passport details (number, issue and expiry dates, photo).
• Contact details (email, phone, address).
• Travel plans (arrival date, destination, purpose of travel).
• Employment or education details (if required for the application).
• Payment information (handled by our PCI-DSS-compliant processors).
• Any support messages, uploads or attachments you send us.

b) Information collected automatically

When you visit our site, we automatically collect:

• Device data (IP address, browser type, OS, language, referrer URL).
• Usage data (pages visited, click path, time spent, error logs).
• Cookies and similar technologies (see Section 5).

c) Information from third parties

We may receive data from:

• Government or embassy systems (for status checks).
• Payment providers (to confirm transactions).
• Marketing partners (if you opt-in via ads or affiliates).
• Identity-verification or fraud-prevention services.

3. How We Use Your Data

We process your data for the following purposes:

4. Who We Share Your Data With

We share data only as needed to provide the Service:

• Visa agents / embassies – to submit your application.
• Payment processors – to process secure transactions.
• Cloud hosting & IT providers – for infrastructure (EEA or adequacy countries only).
• Customer support partners – for 24/7 assistance.
• Affiliated entities or platforms operating under our control – as explained in our Terms of Service.

We never sell or rent personal data to third parties.

5. Cookies & Analytics

We use cookies for essential site functions, analytics (Google Analytics / Matomo), and to remember your preferences. You can manage or disable cookies via your browser settings. See our separate Cookie Policy for full details.

6. International Transfers

Data is stored primarily in the EEA. If we transfer information outside the EEA (for example to a cloud provider or embassy system), we do so only where:

• the country has an adequacy decision from the European Commission, or
• we have Standard Contractual Clauses (SCCs) and appropriate safeguards in place.

7. Retention Period

We keep your data only as long as necessary to provide the Service and comply with law — typically up to 3 years for visa files (unless a longer period is required by regulations). Payment records are kept for 7 years for accounting purposes.

8. Your Rights (EEA / UK)

You have the right to:

• Access and obtain a copy of your data.
• Rectify inaccurate or incomplete data.
• Erase data ("right to be forgotten") in certain cases.
• Restrict or object to processing based on legitimate interest.
• Withdraw consent at any time (where processing relies on consent).
• Data portability (for data provided by you in digital form).

To exercise these rights, contact us at privacy@online-visas.com. We may need to verify your identity before responding.

If you believe your data has been mishandled, you may complain to the Office of the Commissioner for Personal Data Protection (Cyprus) or your local EU authority.

9. Security

We apply appropriate technical and organizational measures to protect data, including encryption, firewalls, access controls, and staff training. No online system is 100% secure; we cannot guarantee absolute protection against unauthorized access.

10. Children's Privacy

Our Service is not directed to minors under 18. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

11. Marketing & Preferences

We may send you travel or service updates if you opt in. You can unsubscribe at any time via the link in emails or by contacting support. Even if you unsubscribe from marketing, we may still send transactional or service messages (e.g. visa status updates).

12. Links to Other Websites

Our site may contain links to external sites (embassies, government portals, travel partners). We are not responsible for their content or privacy practices. We encourage you to review their policies before sharing any data.

13. Automated Decision-Making / Profiling

We do not use personal data for automated decisions that produce legal effects on you. Basic fraud screening and risk scoring may be applied to protect users and transactions.

14. Changes to This Policy

We may update this Policy periodically. The latest version will always be available on our website with an updated "Effective Date." If changes materially affect your rights, we will notify you by email or on-site notice.

15. Contact Us