GDPR & CCPA Compliance

Last updated: May 7, 2026

Stellar eVisa is committed to protecting the personal data of all users, regardless of location. This page explains how we comply with the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the United States.

Part 1: GDPR Compliance (European Union)

The General Data Protection Regulation (GDPR) applies to all users located in the European Union (EU) or European Economic Area (EEA). We comply fully with GDPR requirements.

1.1 Data Processing & Legal Basis

We process your personal data only on the following legal bases:

Contract Performance (Article 6(1)(b)): Processing necessary to provide visa assistance services you've requested
Legal Obligation (Article 6(1)(c)): Required by Vietnamese Immigration Department to process visa applications
Consent (Article 6(1)(a)): Processing for marketing communications — we obtain your explicit consent
Legitimate Interests (Article 6(1)(f)): Fraud prevention, security, and service improvement

1.2 Your GDPR Rights

You have the following rights regarding your personal data:

📋 Right to Access (Article 15)

You can request a copy of all personal data we hold about you. We will provide this within 30 days of your request, free of charge.

✏️ Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data. We will update your information within 30 days.

🗑️ Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data, except where:

Retention is necessary for the visa processing service
We have a legal obligation to retain the data
We need it for legal claims

We will respond within 30 days.

⛔ Right to Restrict Processing (Article 18)

You can request that we limit how we use your data while we verify its accuracy or pending deletion. We will restrict processing within 30 days.

📤 Right to Data Portability (Article 20)

You can request a copy of your data in a structured, machine-readable format (CSV, JSON, etc.) and transfer it to another service provider. We will provide this within 30 days.

🚫 Right to Object (Article 21)

You can object to processing based on legitimate interests or direct marketing. We will honor your objection within 30 days.

🤖 Right to Automated Decision-Making (Article 22)

We do not make any automated decisions that produce legal or similarly significant effects on you. All visa decisions are made by the Vietnamese Immigration Department, not by automated systems.

1.3 Data Protection Impact Assessment (DPIA)

Given the nature of our visa processing service, we conduct Data Protection Impact Assessments (DPIAs) to ensure compliance and minimize risks. Key areas assessed include:

Passport and personal identification data processing
Third-party data sharing with Vietnamese authorities
Payment processing and financial data security
Data retention and deletion procedures

1.4 Data Protection Officer (DPO)

While not mandated for our organization size, we maintain data protection best practices. For GDPR inquiries:

📧 dpo@stellarevisa.com

1.5 Data Transfers Outside EU

Important: Your data is transferred to Vietnam (outside EU) to process visa applications with the Vietnamese Immigration Department. This transfer is:

✅ Necessary for contract performance (visa processing)
✅ Based on Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs)
✅ Subject to adequate safeguards under GDPR Article 46

1.6 Supervisory Authority

If you believe we are not complying with GDPR, you have the right to lodge a complaint with your local Data Protection Authority:

EU Member States: Find Your National DPA
Ireland (our reference DPA): Data Protection Commission

Part 2: CCPA Compliance (California, USA)

The California Consumer Privacy Act (CCPA) applies to for-profit entities that collect personal information from California residents. We comply with CCPA requirements.

2.1 What Information We Collect

Under CCPA, we collect the following categories of personal information:

Identifiers: Name, email, phone number, IP address
Commercial Information: Transaction history, visa service purchases
Biometric Information: Passport photos, identification documents
Internet Activity: Website browsing history, cookies, analytics
Professional Information: Travel purpose, employment details (as provided)
Location Data: IP-derived location, travel destination
Sensitive Personal Information: Passport number, nationality

2.2 How We Use Your Information

We use personal information for:

Providing visa assistance services
Processing payments and transactions
Communicating with you about your application
Detecting fraud and ensuring security
Complying with legal obligations
Improving our services
Marketing communications (with consent)

2.3 Data Sharing & "Sale" of Personal Information

Under CCPA, a "sale" means sharing personal information for valuable consideration (money, services, etc.).

We share your information with:

Vietnamese Immigration Department: Essential for visa processing (NOT a "sale")
Payment processors: To process transactions securely (NOT a "sale")
Third-party service providers: Analytics, hosting, email services (NOT a "sale" — they act as service providers under contract)

We do NOT "sell" your personal information in the CCPA sense. We do not share data with third parties for their marketing or profit purposes.

2.4 Your CCPA Rights

As a California resident, you have the following rights:

🔍 Right to Know (CCPA § 1798.100)

You can request to know what personal information we collect, use, and share. We will provide this information within 45 days.

🗑️ Right to Delete (CCPA § 1798.105)

You can request deletion of personal information we hold, except where:

Information is necessary to complete your visa application
We have a legal obligation to retain it
We need it for security or fraud prevention

We will respond within 45 days.

🚫 Right to Opt-Out of "Sale" (CCPA § 1798.120)

You can opt out of the "sale" of personal information. Since we do not sell your information, this right is already satisfied. However, you can still submit an opt-out request for transparency purposes.

🚫 Right to Opt-Out of Profiling (CCPA § 1798.110)

You can opt out of automated decision-making used for profiling. We do not engage in automated profiling that produces legal or similarly significant effects.

⚖️ Right to Non-Discrimination (CCPA § 1798.125)

We will not discriminate against you for exercising your CCPA rights. You will receive the same service, pricing, and quality regardless of whether you exercise these rights.

2.5 How to Exercise Your CCPA Rights

To submit a request to access, delete, or opt-out:

Email: privacy@stellarevisa.com
Phone: +91 86553 47848 (with subject "CCPA Request")
Address: Unit No. S-11, Plot-19 to 22, Jimmy Tower - I, Sector-18, Kopar Khairane, Navi Mumbai, Thane, Maharashtra - 400709

Verification: We will verify your identity before processing your request (to prevent unauthorized access to your data).

Response Time: 45 days from verified request.

2.6 Shine the Light Law (California Civil Code § 1798.83)

California residents can also request information about third parties with whom we share personal information for their direct marketing purposes (once per calendar year).

Part 3: Additional Privacy Rights

3.1 Virginia, Colorado, Connecticut, and Utah Privacy Laws

We comply with similar privacy laws in other US states:

Virginia CDPA: Right to access, delete, correct, and opt-out of processing
Colorado CPA: Similar rights to CCPA
Connecticut CTDPA: Similar rights to CCPA
Utah UCPA: Similar rights to CCPA

3.2 Canada (PIPEDA)

If you are a Canadian resident, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).

3.3 India (DPDP Act)

We comply with India's Digital Personal Data Protection Act (DPDP) as our primary jurisdiction.

4. Contact for Privacy Inquiries

For any GDPR, CCPA, or other privacy-related questions:

📧 privacy@stellarevisa.com
📧 support@stellarevisa.com
📞 +91 86553 47848 / 47 / 49
📍 Unit No. S-11, Plot-19 to 22, Jimmy Tower - I, Sector-18, Kopar Khairane, Navi Mumbai, Thane, Maharashtra - 400709

5. Policy Updates

We may update this Compliance Statement as laws evolve. Changes are effective immediately upon posting.

6. Governing Law

This Compliance Statement is governed by the laws of India, with respect to all laws and regulations it references (GDPR, CCPA, etc.).