This Privacy Policy explains how Visa-Port (“we”, “us”, “our”) — a travel and immigration services agency registered in Lebanon, with offices at Riad El Solh Street, Saida — collects, uses, shares, and protects the personal data of our clients, prospective clients, travellers, website visitors, and other individuals whose information we process. It forms part of our Terms & Conditions.
Contents
1. Who we are
Visa-Port is a Lebanese-registered travel and immigration agency, established in Saida since 1995. We are the data controller for personal data processed in connection with the services we provide directly to you. The portal platform that powers our online application tracking (portal.visa-port.com) is operated by our technology partner Devign SAL under a Data Processing Agreement; Devign acts as our data processor, not as an independent controller of your file data.
2. What personal data we collect
Depending on the service you request, we may collect some or all of the following:
Identity & contact data
- Full name, date of birth, place of birth, gender, marital status, nationality.
- Passport number, passport issue/expiry dates, National Number (رقم هوية), civil-register extracts.
- Residential address, email, phone, WhatsApp, emergency contact.
- Passport photograph, identity scans, selfies for embassy submission.
Application-specific data
- Employment, profession, employer, income, bank statements where required by the destination embassy.
- Education records, language test results, professional certifications.
- Marital documents, family-book extracts, children’s records for family visas.
- Travel history, prior visas, prior refusals, criminal-record extracts where embassy-mandated.
- Medical documentation where required (e.g. tuberculosis screening for UK, X-ray for certain work permits).
- Insurance policy details, ticketing preferences, hotel preferences.
Financial & transactional data
- Invoices, receipts, payment amounts, payment method (cash / Whish / card), payer identity.
- We do not store full credit-card numbers. Card payments are processed by a PCI-DSS-compliant gateway (Stripe or equivalent) and we only receive a reference token.
Technical & communication data
- Emails, SMS, WhatsApp messages, call notes, portal chat messages.
- IP address, browser, device, pages viewed on our website.
3. Why we collect it
We process your data to:
- Prepare, review, submit, and follow up on visa, immigration, legalisation, translation, insurance, and travel applications on your behalf.
- Communicate with embassies, consulates, airlines, hotels, operators, underwriters, and notaries to deliver the service you requested.
- Issue invoices, receipts, and book-keeping records and meet our tax, accounting, and anti-money-laundering obligations.
- Authenticate you in our portal and protect against fraud and unauthorised access.
- Respond to your enquiries, complaints, and after-sales requests.
- Send service-related notifications (appointments, document requests, status updates) by email, SMS, or WhatsApp.
- Send, only with your prior consent, occasional marketing about promotions, new destinations, or seasonal offers.
- Comply with legal obligations, judicial orders, or lawful regulatory requests.
- Establish, exercise, or defend our legal rights.
4. Legal basis
We rely on one or more of the following bases, depending on context:
- Performance of a contract — to deliver the services you engaged us for.
- Explicit consent — for sensitive data, cross-border transfers, and marketing messages. You can withdraw consent at any time without affecting processing performed before the withdrawal.
- Legitimate interests — to secure our premises and systems, prevent fraud, develop our services, and manage the business.
- Legal obligation — to comply with Lebanese tax, commercial, and anti-money-laundering law.
5. Who we share your data with
We share strictly the data necessary with the following categories of recipient:
- Embassies, consulates, and immigration authorities of the destination country, to submit and support your application.
- Notaries, Ministry of Foreign Affairs, apostille authorities, and certified translators for legalisation work.
- Airlines, hotels, cruise operators, ground transporters, car-rental companies, and insurance underwriters to fulfil bookings you requested.
- Our technology partner Devign SAL (devignlb.com), which operates the portal platform under a Data Processing Agreement. Sub-processors used by Devign (Stripe, OpenAI, Contabo, etc.) are listed in the portal’s own privacy policy.
- Our bank and payment processors for settlement of card and Whish Money transactions.
- Our accountants, auditors, and legal counsel under a duty of professional confidentiality.
- Competent Lebanese or foreign authorities where disclosure is required by law, court order, or lawful regulatory request.
We do not sell your personal data. We do not share it for third-party advertising.
6. International transfers
By the nature of visa work, your data is transferred to embassies, consulates, airlines, and hotels located outside Lebanon. Where portal infrastructure is involved, data is stored on servers located in Germany (EEA). OpenAI-based AI consultation features (where you have opted in) transmit data briefly to the United States under a zero-retention agreement. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for such transfers.
7. How long we keep data
| Category | Retention |
|---|---|
| Active application file | For the duration of the engagement |
| Original passport & identity documents in our custody | Returned to the client promptly on conclusion of the embassy step |
| Digital copies of passport scans on the portal | Purged 30 days after file is marked approved / rejected / cancelled |
| Invoices, receipts, accounting records | 7 years (Lebanese tax and commercial law) |
| Anti-money-laundering records | 5 years after the end of the business relationship |
| Contracts, engagement letters | 10 years after termination |
| Marketing consent | Until you withdraw |
| Website log files | 12 months |
8. How we secure your data
We apply reasonable technical and organisational measures, including:
- Controlled physical access to our Saida premises and locked storage for paper files.
- Passwords, role-based access, and multi-factor authentication on the portal.
- TLS 1.3 encryption for all data transmitted between your device and the portal.
- AES-256 encryption of passport numbers and payment credentials at rest.
- Staff confidentiality obligations and data-protection training.
- Regular encrypted backups; rolling 30-day retention for backups.
- Prompt revocation of access for staff who leave the Agency.
No method of transmission or storage is perfectly secure. We cannot guarantee absolute security, but we commit to applying the measures described above and to notifying you of any incident likely to affect you (see Section 12).
9. Your rights
Subject to applicable law, you have the right to:
- Access a copy of the personal data we hold about you.
- Rectify data that is inaccurate or out of date.
- Erase data, subject to our legal retention obligations (tax, AML, accounting).
- Restrict processing in specific circumstances.
- Portability — receive your data in a structured, commonly-used format.
- Object to processing based on our legitimate interests or direct marketing.
- Withdraw consent at any time for processing based on consent.
- Complain to the competent supervisory authority (in Lebanon, the Ministry of Economy and Trade; in the EEA, the supervisory authority of your habitual residence).
To exercise any right, email info@visa-port.com with the subject “Data Protection”. We respond within thirty (30) days or the shorter period required by applicable law. We may ask for proof of identity before acting on an access or deletion request, to prevent unauthorised disclosure.
10. Cookies & analytics
This website uses only strictly-necessary cookies required to deliver the pages to your browser and to remember your language preference. We do not use third-party advertising cookies. We do not track you across other sites.
We use anonymised log files (IP, browser, page, timestamp) for traffic analysis and security monitoring. These logs are kept for twelve (12) months and then deleted or anonymised.
If, in future, we integrate a web-analytics tool (e.g. a privacy-friendly analytics solution) or embed any third-party scripts that set cookies, we will update this Policy and, where required, display a cookie banner allowing you to opt in or out of non-essential cookies.
11. Children
Our services are intended for adults. Where we process data about minors (for example, children included in a family-visa application), we rely on the consent of the parent or legal guardian who has engaged us. We apply the same safeguards to minors’ data as to adult data, and we delete such data as soon as retention is no longer required.
12. Breach notification
If we become aware of a personal-data breach likely to result in a risk to your rights and freedoms — in particular any breach affecting passport, identity, or payment data — we will notify you and the competent authority without undue delay, where required by law, and take all reasonable steps to contain and remediate the incident.
13. Changes to this Policy
We may update this Policy from time to time. The “effective” date at the top of the page tracks the current version. Material changes will be communicated to active clients by email. Please revisit this page periodically to stay informed.
14. Contact & complaints
For any data-protection enquiry, access request, correction request, deletion request, or complaint, please contact:
Visa-Port — Data Protection
Riad El Solh Street, near Al Jammal Trust Bank
Saida, Lebanon
Tel: +961 7 123 456
Email: info@visa-port.com (subject: Data Protection)
If we are unable to resolve your concern, you may lodge a complaint with the competent consumer-protection or data-protection authority in your jurisdiction.