Privacy Policy

Effective Date: [Launch Date] · Last Updated: [Date]

Compliant with: Digital Personal Data Protection Act, 2023 (DPDPA) · Information Technology Act, 2000 · IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
Must be reviewed by a qualified Indian data protection lawyer before publishing.

1. Data Fiduciary Information

[Company Registered Name] is the Data Fiduciary as defined under Section 2(i) of the Digital Personal Data Protection Act, 2023 ("DPDPA").

Data Protection Officer: [Name]
Email: privacy@houseofvisas.com
Phone: +91-XXXX-XXXXXX
Address: [Registered Office Address]

2. Consent (DPDPA Section 6)

By using our Services and providing your personal data, you provide free, specific, informed, unconditional, and unambiguous consent under DPDPA Section 6 for us to process your personal data for the purposes stated in this Privacy Policy.

Right to withdraw consent: You may withdraw your consent at any time by emailing privacy@houseofvisas.com. Please note that withdrawal of consent may affect our ability to process your visa application or provide ongoing services. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

3. Personal Data We Collect

Identity data: Full name, date of birth, gender, nationality, marital status, photographs (passport-size and digital).

Travel documents: Passport scans (current and previous), visa history, travel itineraries, immigration stamps.

Financial data: Bank statements, salary slips, Income Tax Returns (ITR), fixed deposit certificates, mutual fund statements, property documents. Note: we do NOT store credit/debit card numbers — payment processing is handled by our PCI-DSS compliant gateway partner.

Employment data: Employer name, designation, date of joining, salary details, employer letterheads.

Contact data: Email address, phone number, WhatsApp number, postal address.

Technical data: IP address, browser type, device information, cookies, usage analytics (collected automatically when you visit our Website).

4. Purpose of Processing (DPDPA Section 4)

Your personal data is processed solely for the following specified purposes:

  • Preparing, reviewing, submitting, and tracking your visa application(s)
  • Communicating application status updates via email, SMS, and WhatsApp
  • Arranging travel insurance through our insurance partner
  • Coordinating courier delivery of passports
  • Providing customer support and responding to enquiries
  • Generating GST-compliant invoices and maintaining accounting records
  • Improving our services using anonymised and aggregated data
  • Complying with legal obligations under Indian law (tax reporting, regulatory compliance)

5. Data Sharing (DPDPA Section 8(3))

Your personal data is shared ONLY with the following categories of recipients, solely for the purpose of processing your visa application:

  • Embassy / Consulate / High Commission: The destination country's diplomatic mission (mandatory for visa processing)
  • VFS Global / BLS International: Visa application centres that handle biometric collection and document submission
  • Insurance provider: For arranging travel insurance (only data required by the insurer)
  • Courier partner: Name and delivery address only, for passport delivery
  • Payment gateway: Transaction processing (Razorpay/Stripe — PCI-DSS compliant)

We NEVER sell, rent, trade, lease, or share your personal data with advertisers, data brokers, marketing companies, or any third party for commercial purposes. No exceptions.

6. Data Retention (DPDPA Section 8(7))

  • Active applications: Retained during processing + 90 days after visa decision for quality review and support
  • Passport scans and financial documents: Permanently deleted within 90 days of visa decision
  • Basic contact information and application history: Retained for 3 years for re-application support and legal compliance
  • GST invoices and financial records: Retained for 8 years as required under the GST Act and Income Tax Act

You may request complete deletion of your personal data at any time (see Section 8). Deletion will be completed within 30 days, except where retention is required by law.

7. Data Security (DPDPA Section 8(4))

We implement reasonable security safeguards as required under DPDPA Section 8(4) and the IT (Reasonable Security) Rules, 2011:

  • Encryption in transit: TLS 1.3 for all data transmission
  • Encryption at rest: AES-256 for stored data
  • Access control: Your data is accessible only to your assigned case manager and their supervisor
  • Cloud infrastructure: Enterprise-grade cloud hosting with SOC 2 Type II certification
  • Regular security audits and vulnerability assessments
  • Employee training on data handling and confidentiality

8. Your Rights as Data Principal (DPDPA Sections 11–14)

Under the DPDPA 2023, you have the following rights:

  • Right to Access (Section 11): Request a summary of all personal data we hold about you and the processing activities performed
  • Right to Correction (Section 12): Request correction of inaccurate or misleading personal data, and completion of incomplete data
  • Right to Erasure (Section 12): Request complete deletion of your personal data (subject to legal retention requirements)
  • Right to Grievance Redressal (Section 13): File a complaint with our Data Protection Officer if you believe your data rights have been violated
  • Right to Nominate (Section 14): Nominate another individual to exercise your data rights in the event of your death or incapacity
  • Right to Complain to the Board: If unsatisfied with our response, you may file a complaint with the Data Protection Board of India established under DPDPA Section 18

To exercise any right: email privacy@houseofvisas.com with your full name and application tracking ID (if applicable). We will respond within 30 days.

9. Children's Data (DPDPA Section 9)

We do not knowingly process personal data of children under 18 years of age without verifiable consent from a parent or legal guardian, in compliance with DPDPA Section 9. Visa applications for minors must be submitted by a parent or legal guardian who provides consent on behalf of the child.

10. Cross-Border Data Transfer (DPDPA Section 16)

Your personal data may be transferred to embassies, consulates, and visa application centres located outside India, as this is necessary for the processing of your visa application. Such transfers are made in compliance with DPDPA Section 16 and any restrictions or conditions notified by the Central Government. We do not transfer personal data to any country that has been restricted by the Central Government under DPDPA.

11. Cookies and Tracking

Essential cookies: Required for website functionality (session management, security). Cannot be disabled.

Analytics cookies: Google Analytics for understanding website traffic patterns. Anonymised data only. You may disable these through your browser settings without affecting website functionality.

We do not use advertising cookies, tracking pixels, or any technology that profiles you for targeted advertising purposes.

12. Modifications

Material changes to this Privacy Policy will be communicated via email and prominently displayed on our Website at least 15 days before taking effect. Your continued use of our Services after notification constitutes acceptance.

13. Contact — Data Protection Officer

Data Protection Officer: [Full Name]
Email: privacy@houseofvisas.com
Phone: +91-XXXX-XXXXXX
Address: [Registered Office Address]