1) Privacy Policy (GDPR)

Last updated: [21OCT 2025]

1. Who we are (Data Controller)

Website: evisa.reviews
Data Controller: Visa Summit Ltd
Address: London, UK
Email: info@evisa.reviews
If you are in the EU/EEA, “data controller” means we decide how and why your personal data is processed.

2. Scope

This Privacy Policy explains how we collect and use personal data when you:

browse evisa.reviews, contact us, subscribe to updates (if offered), interact with our content (e.g., comments, reports, forms).

3. What data we collect

We may collect:

A) Data you provide Contact details (e.g., name, email) and message content when you contact us. Any information you submit in reports (e.g., reporting a scam site).

B) Data collected automatically

Technical data: IP address, device type, browser, operating system, referral URL, pages viewed, time spent, approximate location derived from IP (country/city-level). Cookie data: identifiers and preferences (see Cookie Policy).

C) Data we do not want you to submit
Please do not send sensitive documents (passport scans, national IDs, visa documents) unless we explicitly request them. If you send them anyway, we will delete them where feasible.

4. Why we use your data (purposes)

We process personal data to:

operate and secure the website, understand usage and improve content, respond to enquiries and support requests, investigate reports about misleading or scam websites, comply with legal obligations.

5. Legal bases (GDPR Article 6)

We rely on the following lawful bases:

Consent (Art. 6(1)(a)) for non-essential cookies/analytics where required. Legitimate interests (Art. 6(1)(f)) to run, secure, and improve our website, prevent fraud/abuse, and respond to general enquiries (balanced against your rights). Contract / pre-contract steps (Art. 6(1)(b)) if you request a service that requires us to respond in a specific way (e.g., a paid product, if introduced). Legal obligation (Art. 6(1)(c)) where we must keep records or respond to lawful requests.

6. Cookies and similar technologies

We use cookies and similar technologies. Non-essential cookies are used only with your consent where required. See our Cookie Policy for details and how to manage preferences.

7. Who we share data with (processors/recipients)

We may share personal data with trusted service providers (“processors”) who help us run the website, such as:

hosting and infrastructure providers, analytics providers (if enabled with consent), email and customer support tools (if used), security and anti-abuse services (e.g., bot protection, firewall). We may also disclose data: to comply with law, court orders, or valid legal requests, to protect our rights, users, and the public.

8. International transfers (outside EU/EEA/UK)

Some providers may process data outside the EU/EEA/UK. When we transfer personal data internationally, we use recognised safeguards such as:

Standard Contractual Clauses (SCCs) (and UK IDTA/addendum where applicable), additional technical and organisational measures where needed.

9. How long we keep data (retention)

We keep personal data only as long as necessary:

Contact messages: typically up to [12–24 months] after resolution, then deleted or anonymised. Scam reports: up to [24 months] (or longer if needed for integrity and auditing). Server/security logs: typically [30–180 days]. Analytics data: per tool settings, typically [2–14 months] (or anonymised sooner).

You can request deletion earlier (see your rights below), unless we must keep data for legal reasons.

10. Your rights (GDPR)

Depending on your location, you may have the right to:

access your data, correct inaccurate data, delete your data, restrict processing, object to processing (especially where we rely on legitimate interests), data portability (where applicable), withdraw consent at any time (this doesn’t affect earlier lawful processing). To exercise rights, email [info@evisa.reviews]. We may ask for reasonable verification.

11. Complaints

If you are in the EU/EEA, you can complain to your local data protection authority. If you are in the UK, you can complain to the ICO.

12. Children

evisa.reviews is not intended for children under 16 (or the age required by local law). We do not knowingly collect children’s data.

13. Security

We use appropriate technical and organisational measures to protect data, including access controls, encryption in transit (HTTPS), and monitoring.

14. Changes to this policy

We may update this Privacy Policy. The “Last updated” date will change, and material changes may be highlighted on the site.

2) Cookie Policy (GDPR + ePrivacy)

Last updated: 21 OCT 2025

1. What cookies are

Cookies are small files stored on your device. Some are necessary for the website to function, others help us measure traffic or personalise content.

2. Cookie categories we use

A) Strictly necessary (no consent required)
Used to provide core website functions, security, and remember cookie preferences.

B) Analytics (consent required in the EU/EEA/UK)
Used to understand how visitors use the site (e.g., pages visited, time on site) so we can improve content.

C) Marketing (optional; consent required if used)
Used to show relevant advertising or measure campaign performance (only if you enable this and we actually use ad tech).

3. Managing cookies

You can change your cookie preferences at any time via Cookie Page. You can also control cookies through your browser settings.

4. Cookie list

Maintain a table on your site like:

Cookie name, Provider, Purpose, Category, Expiry

(If you tell me your exact tools, I’ll generate the exact cookie list.)

3) Cookie Banner text (EU/UK-friendly)

Banner:
“We use cookies to run the site and, with your permission, to measure traffic and improve content. You can accept, reject non-essential cookies, or manage your preferences at any time.”

Buttons: Accept all | Reject non-essential | Manage preferences

4) Data Subject Request (DSR) procedure (internal)

Use this internally (not necessarily public):

1. Log request date/time, requester contact, and request type.

2. Verify identity (reasonable checks).

3. Locate data across tools (email, forms, CRM, logs).

4. Respond within 1 month (extendable for complex requests with notice).

5. Complete action (export/delete/restrict) and document outcome.

5) Processor checklist (internal)

Sign a Data Processing Agreement (DPA) with hosting/analytics/email providers. Ensure sub-processors are listed. Ensure transfer safeguards for non-EU providers (SCCs/UK addendum).