Privacy policy

Business Visum GmbH (hereinafter: Business Visum) and the IAC Unternehmensberatung GmbH (hereinafter: IAC) are pleased about your visit of our portal and the linked interest in our services. The protection of personal data when being processed and during the entire business process is a very important issue for us and we want to give you a secure feeling when visiting our portal.

Hereinafter we explain which information is collected during your visit of our portal, how it is used and how Business Visum and the IAC in general comply with the data protection regulations.  

1. Name and contact data of the joint controllers

This privacy policy applies to the data processing executed by:

Business Visum GmbH, Rheinaustraße 134, 53225 Bonn, Germany, email: portal[at], phone: +49 228 71 00 23-0 or fax: +49 30 26 39 30-199

The responsible data protection officer of BV is resident at dhpg IT-Services GmbH, Bunsenstr. 10a, 51647 Gummersbach, attn. Dr. Christian Lenz, resp. available at datenschutz[at] or +49 22 61 81 95 0


IAC Unternehmensberatung GmbH, Spohrstraße 9, 34117 Kassel, Germany, email: info[at], phone: +49 561 703 453-0 or Fax: +49 561 703 453-19
The IAC is not legally obliged to appoint a data protection officer and has therefore not appointed one. Please contact the IAC directly as a data controller.

2. Rights of data subjects

You have the right:
  • pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. Insofar as we process your data you may request information especially about the processing purpose, the categories of personal data, the recipients of your disclosed personal data, especially recipients in third countries, the planned storage period or the criteria of determination, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if it was not collected by us as well as the existence of an automated decision-making including profiling and, if applicable, meaningful detailed information.
  • pursuant to Art. 16 GDPR, to obtain the immediate rectification of incorrect or incomplete of your personal data stored with us;
  • pursuant to Art. 17 GDPR, to obtain the erasure of the personal data stored with us, unless the processing is required to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • pursuant to Art. 18 GDPR, to obtain the restriction of processing of your personal data, if the correctness of data is disputable, the processing is unlawful, but you refuse its erasure and we do not need the data anymore. On the other hand, you might need it to assert, exercise or defend legal claims or you have lodged an objection against the processing pursuant to art. 21 GDPR and it is not yet clear whether our legitimate reasons prevail your interests.  
  • Pursuant to Art. 20 GDPR, to obtain your personal data which you provided us, in a structured, common and machine-readable format or to demand the transfer to any other responsible person, insofar as the processing is based on your consent or a contract and the processing is made by means of automated procedures;   
  • pursuant to Art. 7 para. 3 GDPR, to revoke your uniquely given consent at any time. This entails that a continued processing of your personal data is prohibited and    
  • pursuant to Art. 77 GDPR, to lodge a complaint with the supervisory authority. As a rule, you can address to the supervisory authority at your usual place of residence or workplace or at our company headquarter.  

3. Right of objection

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 seq. 1 sent. 1 lit. e or f GDPR, you have the right, pursuant to Art. 21 GDPR, to appeal against processing your personal data insofar as there are reasons resulting from your particular situation or which are directed against direct advertising.

In the first case, we will no longer process your data unless we can prove compelling reasons that prevail your interests, liberties and rights or our processing serves to assert, exercise or defend legal claims.

In the latter case you have a general right of objection which is realized by us without indicating a particular situation.

If you want to make use of your right of revocation or objection, an email to will be sufficient.

4. Data transfer

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
  • you have expressly given your consent pursuant to Art. 6 seq. 1 sent. 1 lit. a GDPR  
  • the transfer pursuant to Art. 6 seq. 1 sent. 1 lit. f GDPR is required for the assertion, exercise or defence of legal claims and there is no reason to assume that you have a prevailing legitimate interest in not transferring your data,
  • in the event that there is a legal obligation to transfer data pursuant to Art. 6 seq. 1 sent. 1 lit. c GDPR, and  
  • this is required by law and pursuant to Art. 6 seq. 1 sent. 1 lit. b GDPR for the execution of contractual relationships with you.
In addition, your personal data are processed by our order processors in compliance with instructions, insofar as this is necessary for the fulfilment of the order. Our contract processors do not have an own right to use your data.  

5. Data security

We use the common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the representation of the closed bowl or lock symbol or by the use of "https" in front of the address of our (sub)website. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in accordance with technological development.

6. Third countries

Data will be transmitted by us to third countries exclusively in accordance with the statutory regulations. Insofar as we fulfil our contract with you, data are made available to third parties.

Appropriate safeguards pursuant to Art. 46 GDPR or an adequacy decision pursuant to Art. 45 GDPR are not necessary.

If you have not consented to the data transfer, if the data transfer does not serve the fulfilment of the contract or if the transfer is necessary for the assertion, exercise or defence of legal claims, the data are only transferred by us if there are suitable safeguards or an adequacy decision.

A suitable safeguard exists, for example, if the EU standard contractual clauses issued by the EU Commission have been concluded or if certification by means of a "Privacy Shield" has been obtained.

The legal basis is Art. 45 and 46 GDPR.

Specific privacy information for data processing operations on the portal  

1. When visiting the website

When visiting our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the retrieved file
  • website allowing the access (referrer-URL),
  • used browser and the operating system of the computer as well as the name of your access provider.  
The mentioned data are processed by us for the following purposes:
  • to ensure a smooth connection to our website,  
  • to ensure a comfortable use of our website,
  • assessment of the system security and stability as well as  
  • for further administrative purposes. 
The legal basis for data processing is laid down in Art. 6 seq. 1 sent. 1 lit. f GDPR. Our legitimate interest lies in the operation of our website and the related presentation of our company.

Your data will be erased as soon as they are not needed any more for the indicated purposes, but after 6 months at the latest.

2. When registering on our portal

On our portal, we offer users the opportunity to register by providing personal data. The data are entered into a form and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected in the course of the registration process:
  • type of customer
  • company
  • salutation, title, first name, surname
  • address
  • phone number
  • email address
  • Username and password
The following data will also be stored at the time of registration:
  • the IP address of the user  
  • date and time of registration  
The legal basis for the processing of the data is Art. 6 seq. 1 sent. 1 lit. b GDPR.

A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.
The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. This applies to the data collected during the registration process if the registration on our website is cancelled or modified. As a user you have the possibility to cancel the registration at any time. The stored personal data can be changed at any time. In this case please contact
You voluntarily can enter further data in the portal, what might facilitate our assignment for you. We only store these data with your consent, which you give us by filling in these fields. You can change the data at any time in the portal or through our customer service at The legal basis for the processing of this data is laid down in Art. 6 seq. 1 sent. 1 lit. a GDPR.

3. For the assignment of a service

When you place an order for one of our services, various data will be requested in addition to the registration data (see 5.) for the conclusion of the contract, in accordance with the requirements of the country of destination, so that we can process your order. This information is stored until the order is completed. For the conclusion of the contract it is necessary that you provide us with the data required for the respective service.

Depending on the destination country, it may also be necessary for you to provide personal data of third parties (e.g. spouse, parents, children, travel companions). In this case, you may only transmit the data to us if you have previously obtained the consent of this person.

The legal basis for data processing is Art. 6 seq. 1 sent. 1 lit. a, b GDPR.

We store your data as long as this is necessary for the fulfilment of the contractual obligations. Subsequently, we store the data for the duration of the statutory retention periods.

4.  Cookies

We use cookies on our site. These are small files which your browser automatically creates, and which are stored on your terminal device (laptop, tablet, smartphone, etc.). Cookies do not cause any damage to your terminal device and do not contain viruses, trojans or other malware. The cookie is used to store information that arises in connection with the specific terminal device used. However, this does not mean that we will immediately become aware of your identity.  

Required cookies

The use of our necessary cookies serves on the one hand to make the use of our range more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically erased after leaving our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain period of time. If you visit our site again in order to use our services, it automatically recognizes that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

These data will be deleted after 6 months at the latest.

We process your data on the basis of our justified interest in the external presentation of our company via the website you have called up and to promote user friendliness. The legal basis for the processing is Art. 6 seq. 1 sent. 1 lit. f GDPR.

Most browsers automatically accept these cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before such a cookie is generated. However, if cookies are completely deactivated, the website may not be displayed correctly, or you may not be able to use all the functions of our website.

5. Currency and changes of the privacy statement

This privacy statement is currently valid as of April 2020. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to amend this data protection declaration. You can retrieve and print out the current data protection declaration at any time on the website

Information on joint controllers according to Art. 26 seq. 2 sent. 2 GDPR

1. What is the reason for joint controllers?

Business Visum and the IAC work closely together in providing the services (e.g. visas, A1 certificates, EU registrations) that the client can book through the portal. This also applies to the processing of your personal data. The parties have jointly defined the conditions for processing this data at each stage of the process. They are therefore joint controllers for the protection of your personal data within the process sections described below (Art. 26 DSGVO).

2. For which parts of the processing are we joint controllers?

We are joint controllers for the entire management of the portal and the processing of the data collected through it in order to provide the booked services.

3. What have the parties agreed?

As part of their joint control under data protection law, Business Visum and the IAC have agreed which of them will fulfil which obligations under the GDPR. This relates in particular to the exercise of the rights of the data subjects and the fulfilment of the information obligations under Articles 13 and 14 GDPR.

This agreement is necessary because personal data are processed in different process stages and systems when the portal is operated jointly.

4 What does this mean for data subjects?

Even if there is a joint control, the parties fulfil the data protection obligations in accordance with their respective responsibilities for the individual process sections as follows:
  • With this privacy policy, Business Visum and the IAC make the information required under Art. 13 and 14 GDPR available to the data subjects free of charge in a precise, transparent, comprehensible and easily accessible form in clear and simple language.
  • The parties shall immediately inform each other of any legal positions asserted by data subjects. They shall provide each other with all the information necessary to respond to requests for access.
  • Data protection rights can be asserted both with Business Visa and with the IAC. In principle, the data subjects receive the information from Business Visum.