1. Definition of Terms in this Policy
data: Collectively all information that you submit to Onestep Visa via the website.
cookies: a small text file placed on your computer by this website when you visit certain parts of the website and/or when you use certain features of the website. Details of the cookies used by this website are set out in the clause below (cookies);
Onestep Visa, we, our or us: A&A Immigration Onestep Services Ltd., a company incorporated in Cyprus whose registered office is at 41-43 Spyrou Kyprianou, Patroclos Tower, 2nd Floor, P.C.6051, Larnaca, Cyprus;
EU Cookie Law: the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011;
EU-U.S. Privacy Shield: the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce;
User, you or your: any third party that accesses the website and is not either (i) employed by Onestep Visa and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to Onestep Visa and accessing the website in connection with the provision of such services; and
website: the website that you are currently using at https://www.onestop-visa.com, and any sub-domains of this site unless expressly excluded by their own terms and conditions.
domain: onestep-visa.com and www.onestep-visa.com
data controller: the data controller determines the purposes for which and the means by which personal data is processed. For purposes of the General Data protection Regulation, Onestep Visa is the “data controller”.
- the singular includes the plural and vice versa;
- a reference to a person includes firms, companies, government entities, trusts and partnerships;
- “including” is understood to mean “including without limitation”;
- reference to any statutory provision includes any modification or amendment of it;
2. Personal Data
a. What is personal data and why do we collect it?
Personal data is any information that allows us to identify who you are (e.g. your full name), or a combination of identification elements such as physical characteristics, pseudonyms, occupation, address etc. that, as a whole, points back to you. As a data controller we can identify you either from the data itself or from the data in conjunction with other information we already have about you (e.g. your country or operating system).
b. What Data do we collect?
For the smooth operation of this website and any service provided to you, we may collect the following data, which includes personal data, from you:
 Date of Birth
 Job Title
 Contact information such as email addresses and telephone numbers
 Demographic information such as post code, preferences and interests
 Financial information such as credit / debit card numbers
 IP address (automatically collected)
 Web browser type and version (automatically collected)
 Operating system (automatically collected)
 A list of URLs starting with a referring site, your activity on this website, and the site you exit to (automatically collected)
 Company contact and invoicing information
 Coordinates or google place ids for acting users
 Name and contact information for 3rd Party providers
c. How is the data we collect stored?
We store the data we collect in 128bit encrypted form in private, secured servers.
d. How do we use your personal data?
 We will retain any data you submit for up to 24 months
 Unless we are obliged or permitted by law to do so, and subject to any third party disclosures specifically set out in this policy, your data will not be disclosed to third parties. This includes our partners, affiliates and / or any other person.
 All personal data is stored securely. For more details on security see “Security & Encryption”
 Any or all of the above data may be required by us or our partners and affiliates on our behalf in order to provide you with the best possible service and experience when using our website. Specifically, data may be used by us for the following reasons:
- creating and maintaining your personal account
- contact for communication purposes which may be done using email, telephone, online chat, fax or mail.
- internal record keeping;
- improvement of our products / services;
- transmission by email of promotional materials that may be of interest to you;
e. Point of Contact
We have appointed a Data Protection Officer (the “DPO”) who can be contacted using the details set out below:
41-43 Spyrou Kyprianou
Patroclos Tower, 2nd Floor
P.C.6051, Larnaca, Cyprus
Alternatively you may click here to contact us via our Contact Form.
3. Your Rights
Before we collect any personal data from you we will require your consent on the time of the request.
b. The right to be forgotten
You maintain your right to ask us to delete your personal data from our servers at any time by contacting our DPO (see 2. e. Point of contact, above). However, in some cases this can make it impossible for us to continue to provide you with our services as some of that data is essential for the operation of those services (e.g. your name, billing information etc.). If this is the case we will notify you as soon as possible.
c. How can you access your data?
If you are a registered user you can download your data directly in .csv format through your account (please access our Help Centre to see how). Otherwise you may request a copy of any personal data you have either submitted or we that we have collected by contacting our DPO (see 2. e. Point of contact, above).
d. Moving your personal data to a new service provider
You have a right to move your personal data from Onestep Visa to another service provider at any given time. To do so you will need to contact our DPO (see 2. e. Point of contact, above) requesting a copy of your data, and subsequently send it to your new service provider according to their data insertion policy.
e. Object to decisions taken by automated processes
We collect information that may constitute personal data, through automated processes in order to provide you with our services effectively and problem-free (e.g. security verification, geolocation, website statistics etc.). The following information is collected by us through automated processes:
 IP address
 Web browser type and version
 Operating system
 Mobile device information (IMEI, coordinates, speed, altitude )
 A list of URLs starting with a referring site, your activity on this website, and the site you exit to.
You may object to any automated processes used on this website by contacting our DPO (see 2. e. Point of contact, above). However in some cases this can make it impossible for us to continue to provide you with our services as some of that data is essential for the operation of those services. If this is the case we will notify you as soon as possible.
4. Your Obligations
 Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
 This Agreement will be governed by and interpreted according to the law of Cyprus. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the Cypriot courts.
5. Our Obligations
 For your convenience we aim to review our privacy and security processes every 6 months. The review is currently carried out by our DPO, which you may contact directly with any concerns you may have (see 2. e. Point of contact, above).
 We are legally obliged to notify the data protection authorities of any personal data breaches within 72 hours. Should this affect your account or any services we provide you with on this website, we will contact you prior to notifying any third parties.
 All cookies used by this website are used in accordance with current EU Cookie Law.
 Before the website places cookies on your computer, you will be presented with a message bar requesting your consent to set those cookies. By giving your consent to the placing of cookies, you are enabling Onestep Visa to provide a better experience and service to you. You may, if you wish, deny consent to the placing of cookies; however certain features of the website may not function fully or as intended.
 This website may place the following cookies that may fall into one or more of the categories set below:
- Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies: They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Test Cookies: From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
 You can choose to enable or disable cookies in your internet browser. By default, most internet browsers accept cookies but this can be changed. For further details, please consult the help menu of your internet browser.
 You can choose to delete cookies at any time; however you may lose any information that enables you to access the website more quickly and efficiently including, but not limited to, personalisation settings.
 It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
7. Security & Encryption
All personal data is collected and stored securely in accordance with the principles of the General Data Protection Regulation (GDPR).
8. Other (third party) websites and services
 We may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the website. The providers of such services have access to certain personal data provided by users of this website.
9. Transfers outside the European Economic Area
 Data which we collect from you may be stored and processed in and transferred to countries outside of the European Economic Area (EEA). For example, this could occur if our servers are located in a country outside the EEA or one of our service providers is situated in a country outside the EEA. We also share information with our partners in order to effectively provide you with our services, some of which may be located outside the EEA. These countries may not have data protection laws equivalent to those in force in the EEA.
10. Changes of business ownership and control
 We may also disclose data to a prospective purchaser of our business or any part of it.
 In the above instances, we will take steps with the aim of ensuring your privacy is protected.