Privacy Policy

1. Overview of Data Protection

General Information: The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy below.

Responsible Body: The data processing on this website is carried out by 1a Visum Service oHG (see Legal Notice). We take the protection of your personal data very seriously and treat it confidentially and in accordance with the statutory data protection regulations and this privacy policy.

2. Data Collection on our Website

SSL/TLS Encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries or visa applications you send to us. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and by the lock icon in your browser line.

Server Log Files (Cloudflare)

We use the services of Cloudflare (Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA) as a Content Delivery Network (CDN) and security provider. Cloudflare automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: Browser type/version, operating system used, referrer URL, host name of the accessing computer, time of the server request, IP address. We have concluded a Data Processing Agreement (DPA) with Cloudflare.

3. Processing of Applicant Data

Purpose of Processing: We collect and process your personal data (Name, Passport Number, Nationality, Email Address) solely for the purpose of fulfilling the contract, i.e., procuring the Tourist Card (Visa Code) for Cuba. The legal basis for this processing is Art. 6 (1) (b) GDPR (Performance of a Contract).

Data Storage (Google Cloud / Make)

To process your application automatically and securely, we use the services of Make (formerly Integromat, by Celonis SE, Munich) for data workflow automation and Google Sheets/Cloud (Google Ireland Limited, Dublin) for temporary data storage necessary for processing. All data is encrypted during transmission and storage. Access is strictly limited to authorized personnel and automated systems required for visa generation.

4. Payment Processing (Mollie)

For payment processing, we use the service provider Mollie B.V. (Keizersgracht 126, 1015 CW Amsterdam, Netherlands). If you choose to pay via the payment methods offered (Credit Card, PayPal, SOFORT, etc.), payment data (e.g., amount, date, payment method) will be transmitted to Mollie. Your payment data is transmitted solely for the purpose of payment processing. Mollie is fully PCI-DSS certified and GDPR compliant.

5. Data Retention & Deletion

Your personal data will be stored only as long as necessary for the fulfillment of the contract (delivery of the visa code) or as required by statutory retention periods (e.g., tax and commercial law retention obligations in Germany, typically 10 years for invoices). Once these periods expire or the purpose of storage ceases to apply, your data will be securely deleted.

6. Your Rights (GDPR)

You have the following rights regarding your personal data:

• Right to information: You may request information about your stored data, its origin, recipients, and the purpose of its collection at any time.
• Right to correction: You may demand the correction of incorrect data.
• Right to deletion ("Right to be forgotten"): You may request the deletion of your data, provided there are no legal retention obligations.
• Right to restriction of processing: You may request the restriction of the processing of your personal data under certain circumstances.

To exercise these rights, please contact us at: [email protected]