you will find the regulations, insofar as Business Visum GmbH and IAC Unternehmensberatung GmbH process their data at its own responsibility. This is the case if you yourself become a contractual partner for the commissioned service and do not place your order within a framework agreement with another controller.
you will find information on data protection if you use the Easy Access portal because a controller (e.g. your employer) has concluded a framework agreement with Business Visum GmbH or with IAC Unternehmensberatung GmbH and you have been authorized to use the portal through this.
Business Visum GmbH (hereinafter: Business Visum) and the IAC Unternehmensberatung GmbH (hereinafter: IAC) are pleased about your visit of our portal and the linked interest in our services. The protection of personal data when being processed and during the entire business process is a very important issue for us and we want to give you a secure feeling when visiting our portal.
Hereinafter we explain which information is collected during your visit of our portal, how it is used and how Business Visum and the IAC in general comply with the data protection regulations.
1. Name and contact data of the joint controllers
Business Visum GmbH
, Rheinaustraße 134, 53225 Bonn, Germany, email: portal[at]business-visum.de
, phone: +49 228 71 00 23-0 or fax: +49 30 26 39 30-199
The responsible data protection officer of BV is resident at dhpg IT-Services GmbH, Bunsenstr. 10a, 51647 Gummersbach, attn. Dr. Christian Lenz, resp. available at datenschutz[at]dhpg.de or +49 22 61 81 95 0
IAC Unternehmensberatung GmbH
, Spohrstraße 9, 34117 Kassel, Germany, email: info[at]i-a-c.de
, phone: +49 561 703 453-0 or Fax: +49 561 703 453-19
The IAC is not legally obliged to appoint a data protection officer and has therefore not appointed one. Please contact the IAC directly as a data controller.
2. Rights of data subjects
You have the right:
3. Right of objection
- pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. Insofar as we process your data you may request information especially about the processing purpose, the categories of personal data, the recipients of your disclosed personal data, especially recipients in third countries, the planned storage period or the criteria of determination, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if it was not collected by us as well as the existence of an automated decision-making including profiling and, if applicable, meaningful detailed information.
- pursuant to Art. 16 GDPR, to obtain the immediate rectification of incorrect or incomplete of your personal data stored with us;
- pursuant to Art. 17 GDPR, to obtain the erasure of the personal data stored with us, unless the processing is required to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR, to obtain the restriction of processing of your personal data, if the correctness of data is disputable, the processing is unlawful, but you refuse its erasure and we do not need the data anymore. On the other hand, you might need it to assert, exercise or defend legal claims or you have lodged an objection against the processing pursuant to art. 21 GDPR and it is not yet clear whether our legitimate reasons prevail your interests.
- Pursuant to Art. 20 GDPR, to obtain your personal data which you provided us, in a structured, common and machine-readable format or to demand the transfer to any other responsible person, insofar as the processing is based on your consent or a contract and the processing is made by means of automated procedures;
- pursuant to Art. 7 para. 3 GDPR, to revoke your uniquely given consent at any time. This entails that a continued processing of your personal data is prohibited and
- pursuant to Art. 77 GDPR, to lodge a complaint with the supervisory authority. As a rule, you can address to the supervisory authority at your usual place of residence or workplace or at our company headquarter.
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 seq. 1 sent. 1 lit. e or f GDPR, you have the right, pursuant to Art. 21 GDPR, to appeal against processing your personal data insofar as there are reasons resulting from your particular situation or which are directed against direct advertising.
In the first case, we will no longer process your data unless we can prove compelling reasons that prevail your interests, liberties and rights or our processing serves to assert, exercise or defend legal claims.
In the latter case you have a general right of objection which is realized by us without indicating a particular situation.
If you want to make use of your right of revocation or objection, an email to firstname.lastname@example.org will be sufficient.
4. Data transfer
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
- you have expressly given your consent pursuant to Art. 6 seq. 1 sent. 1 lit. a GDPR
- the transfer pursuant to Art. 6 seq. 1 sent. 1 lit. f GDPR is required for the assertion, exercise or defence of legal claims and there is no reason to assume that you have a prevailing legitimate interest in not transferring your data,
- in the event that there is a legal obligation to transfer data pursuant to Art. 6 seq. 1 sent. 1 lit. c GDPR, and
- this is required by law and pursuant to Art. 6 seq. 1 sent. 1 lit. b GDPR for the execution of contractual relationships with you.
In addition, your personal data are processed by our order processors in compliance with instructions, insofar as this is necessary for the fulfilment of the order. Our contract processors do not have an own right to use your data.
5. Data security
We use the common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the representation of the closed bowl or lock symbol or by the use of "https" in front of the address of our (sub)website. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in accordance with technological development.
6. Third countries
Data will be transmitted by us to third countries exclusively in accordance with the statutory regulations. Insofar as we fulfil our contract with you, data are made available to third parties.
Appropriate safeguards pursuant to Art. 46 GDPR or an adequacy decision pursuant to Art. 45 GDPR are not necessary.
If you have not consented to the data transfer, if the data transfer does not serve the fulfilment of the contract or if the transfer is necessary for the assertion, exercise or defence of legal claims, the data are only transferred by us if there are suitable safeguards or an adequacy decision.
A suitable safeguard exists, for example, if the EU standard contractual clauses issued by the EU Commission have been concluded.
The legal basis is Art. 45 and 46 GDPR.
Specific privacy information for data processing operations on the portal
1. When visiting the website
When visiting our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the retrieved file
- website allowing the access (referrer-URL),
- used browser and the operating system of the computer as well as the name of your access provider.
The mentioned data are processed by us for the following purposes:
- to ensure a smooth connection to our website,
- to ensure a comfortable use of our website,
- assessment of the system security and stability as well as
- for further administrative purposes.
The legal basis for data processing is laid down in Art. 6 seq. 1 sent. 1 lit. f GDPR. Our legitimate interest lies in the operation of our website and the related presentation of our company.
Your data will be erased as soon as they are not needed any more for the indicated purposes, but after 6 months at the latest.
2. When registering on our portal
On our portal, we offer users the opportunity to register by providing personal data. The data are entered into a form and transmitted to us and stored. The following data is collected in the course of the registration process:
- type of customer
- salutation, title, first name, surname
- phone number
- email address
- Username and password
The following data will also be stored at the time of registration:
- the IP address of the user
- date and time of registration
The legal basis for the processing of the data is Art. 6 seq. 1 sent. 1 lit. b GDPR.
A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.
The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. This applies to the data collected during the registration process if the registration on our website is cancelled or modified. As a user you have the possibility to cancel the registration at any time. The stored personal data can be changed at any time. In this case please contact email@example.com.
You voluntarily can enter further data in the portal, what might facilitate our assignment for you. We only store these data with your consent, which you give us by filling in these fields. You can change or erase the data at any time in the portal or through our customer service at firstname.lastname@example.org. The legal basis for the processing of this data is laid down in Art. 6 seq. 1 sent. 1 lit. a GDPR.
3. For the assignment of a service
When you place an order for one of our services, various data will be requested in addition to the registration data (see 2.) for the conclusion of the contract, in accordance with the requirements of the country of destination, so that we can process your order. This information is stored until the order is completed. For the conclusion of the contract it is necessary that you provide us with the data required for the respective service.
Depending on the destination country, it may also be necessary for you to provide personal data of third parties (e.g. spouse, parents, children, travel companions). In this case, you may only transmit the data to us if you have previously obtained the consent of this person.
In addition, some travel countries require you to submit particularly sensitive data such as health data. This data is only requested by the destination country for ordering the travel documents. The legal basis for the processing of this particularly sensitive data is your consent, which you give us by entering the data and sending the order. Without this data, we cannot fulfill your order. If you do not wish to transmit the data to us, you can request the travel documents directly from the relevant authority in the country of travel.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. a, b, 9 para. 2 lit a) GDPR.
We store your data as long as this is necessary for the fulfilment of the contractual obligations. Subsequently, we store the data for the duration of the statutory retention periods.
You can also agree that we store your personal data for the purpose of requesting further travel documents. The special categories of personal data are explicitly not stored and shall be provided again each time you order travel documents. You can change or erase the data at any time in the portal or by contacting our customer service at email@example.com. The legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. a GDPR.
The use of our necessary cookies serves on the one hand to make the use of our range more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically erased after leaving our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain period of time. If you visit our site again in order to use our services, it automatically recognizes that you have already visited us and which entries and settings you have made so that you do not have to enter them again.
These data will be deleted after 6 months at the latest.
We process your data on the basis of our justified interest in the external presentation of our company via the website you have called up and to promote user friendliness. The legal basis for the processing is Art. 6 seq. 1 sent. 1 lit. f GDPR.
Most browsers automatically accept these cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before such a cookie is generated. However, if cookies are completely deactivated, the website may not be displayed correctly, or you may not be able to use all the functions of our website.
5. Currency and changes of the privacy statement
This privacy statement is currently valid as of June 2021. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to amend this data protection declaration. You can retrieve and print out the current data protection declaration at any time on the website https://www.easy-access.de/datenschutz/
Information on joint controllers according to Art. 26 seq. 2 sent. 2 GDPR
1. What is the reason for joint controllers?
Business Visum and the IAC work closely together in providing the services (e.g. visas, A1 certificates, EU registrations) that the client can book through the portal. This also applies to the processing of your personal data. The parties have jointly defined the conditions for processing this data at each stage of the process. They are therefore joint controllers for the protection of your personal data within the process sections described below (Art. 26 DSGVO).
2. For which parts of the processing are we joint controllers?
We are joint controllers for the entire management of the portal and the processing of the data collected through it in order to provide the booked services.
3. What have the parties agreed?
As part of their joint control under data protection law, Business Visum and the IAC have agreed which of them will fulfil which obligations under the GDPR. This relates in particular to the exercise of the rights of the data subjects and the fulfilment of the information obligations under Articles 13 and 14 GDPR.
This agreement is necessary because personal data are processed in different process stages and systems when the portal is operated jointly.
4 What does this mean for data subjects?
Even if there is a joint control, the parties fulfil the data protection obligations in accordance with their respective responsibilities for the individual process sections as follows:
- The parties shall immediately inform each other of any legal positions asserted by data subjects. They shall provide each other with all the information necessary to respond to requests for access.
- Data protection rights can be asserted both with Business Visa and with the IAC. In principle, the data subjects receive the information from Business Visum.
If you use the Easy Access portal with the authorization of a customer of Business Visum GmbH (hereinafter Business Visum) or the IAC Unternehmensberatung GmbH (hereinafter IAC) under the conclusion of a framework agreement (e.g., your employer) the latter is the controller for processing your data in the portal within the meaning of the GDPR. In this case, Business Visum or IAC will only process your data according to the instructions of the controller for the fulfillment of the framework agreement and will not have its own right to use this data. Initially, only Business Visum, which operates the portal together with IAC, will have access to this data, as your account can be assigned to the respective customer of the framework agreement through the domain of your business email address. In individual cases, IAC gets access to your data, provided that certain travel documents (e.g. EU declarations) are requested. As subcontractors, IAC and Business Visum do not have their own right to use the data.
In the following, we would like to provide you with some information on data protection concerning the processing of your data in the Easy Access portal. For further information, please directly contact the controller who has authorized you to use the Easy Access portal under its framework agreement.
1. When registering in our portal
On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The following data is collected during the registration process:
- type of customer
- salutation, title, first name, last name
- phone number
- email address
- username and password
At the time of registration, the following data is also stored:
- the IP address of the user
- date and time of registration.
A user registration is required to use of the Easy Access portal.
As a user, you have the option to cancel the registration at any time. You can change the data stored about you at any time in the portal or have it changed by us. To do so, please contact firstname.lastname@example.org.
You can voluntarily enter additional data in the portal, which can facilitate the commissioning process. This data will only be stored with your consent, which you give by filling in these fields. You can change or erase the data at any time in the portal or through our customer service at email@example.com. The legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. a GDPR.
2. When commissioning us with a service
When you place an order with one of our services, in addition to the registration data (see under 1.), various data are requested according to the requirement of the travel country so that we can process your order. This information is stored until the order is completed. For the conclusion of the contract it is necessary that you provide us with the data required for the respective service.
Depending on the country of travel, it may also be necessary for you to provide personal data of third persons (e.g., spouse, parents, children, travel companion). In this case, you are only allowed to transmit the data if you have obtained the consent of this person beforehand.
In addition, some travel countries require you to submit particularly sensitive data such as health data. This data is only requested by the destination country for ordering the travel documents. We are given your consent by your entering the data and submitting the order. This serves as a legal basis for processing this particularly sensitive data. Without this data, we cannot fulfill your order. If you do not wish to transmit the data to us, you can request the travel documents directly from the relevant authority in the country of travel.
Your data is stored in the Easy Access portal as long as it is necessary for the fulfillment of contractual obligations. Subsequently, we continue to store the data for the duration of the statutory retention periods.
You may also consent to your personal data being stored for the purpose of requesting further travel documents. The special categories of personal data are expressly not stored and must be provided again each time travel documents are ordered. You can change or erase the data at any time in the portal or by contacting our customer service at firstname.lastname@example.org. The legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. a GDPR.