ETA LONDON

Privacy Policy

Effective Date: January 25th 2025

This Privacy Policy applies to ETA London and any of our services that link directly to this Privacy Policy (collectively, “we,” “our,” or “us”). ETA London is operated by J AND RAYS LTD, Company number 10529073. Our registered office address is 29 St. Nicholas Place, Leicester, England, LE1 4LD. We are committed to delivering outstanding service to our clients. As part of this commitment, we value the trust our customers and website visitors place in us. We understand it is our duty to inform you of how we collect personal information through this Privacy Policy. Our Privacy Policy explains:

The Personal Information We Collect
How Personal Information Is Used
How We May Disclose and Transfer Personal Information
Cookies and Tracking Technologies
Your Choice
Privacy Notice for California Consumers
Other State Privacy Rights
Security
Data Retention
How to Opt-Out of Further Communication
Links to Other Websites
Personal Information from Children
Additional Information for Individuals Located in the EEA/UK
How to Contact Us
China Addendum
Canada Addendum

We reserve the right to modify this Privacy Policy at any time. If we make any revisions that affect how we collect, use, or share personal information, we will update this Privacy Policy to reflect those changes. We encourage you to review this Privacy Policy periodically to stay informed of our most current policies and practices. The effective date of the latest version will be noted at the beginning of this Privacy Policy.

In some cases, we may be engaged directly by travel partners, corporations, or business groups, including your employer, to process personal information on their behalf. If this applies to you, please address any concerns about your personal information directly with the party with whom you have the primary relationship, where relevant.

If you are a resident of the UK, or another jurisdiction, you may have specific rights concerning your personal information. Please refer to the relevant section or addendum for your jurisdiction to learn more.

We have appointed a Privacy Officer who is responsible for overseeing our compliance with this Privacy Policy. The Privacy Officer can be contacted as detailed below in section 14.

1. The Personal Information We Collect.

Our suite of services includes Electronic Travel Authorisation (ETA) applications, visa assistance, passport services, travel protection and insurance, and related document and immigration services.

Personal Information We Collect Directly. By using our websites, apps, and/or services (“Services”), we may collect and request personal information, including your name, address, telephone number, date of birth, marital status, government-issued IDs (e.g., passport images or numbers), employment history, educational background, tax status, job title, email address, and payment information. This information may be collected directly from you (e.g., through online forms, surveys, or application submissions), or with your consent or when permitted by law, from other parties such as your travel agent, family, friends, travel companions, government agencies, service providers (e.g., accommodations, transportation services, travel insurance companies), or your employer. When required for the services, we may collect certain personal documents such as passport copies, educational records, CVs, visa copies, and birth certificates.

Personal Information We Collect Automatically. We may also collect information automatically from your device, which may be considered personal information under applicable laws in your jurisdiction. This can include:

Unique identifiers like cookies or advertising IDs;
Internet Protocol address (“IP address”);
Device information such as browser type, version, operating system, user-agent strings, and details from the use of apps on mobile devices;
Publicly available information about you.

Sensitive Personal Information. In some cases, such as when processing your visa or immigration application, additional information may be required by the relevant destination country’s application forms. This can include personal and family details, educational and employment history, travel history, and financial records. Depending on the application, sensitive information may include ethnicity, race, religion, trade union membership, health-related details, and criminal history, where legally permitted.

2. How Personal Information Is Used.

We may use your personal information in the following ways and for the following purposes, depending on the specific services you request or interact with us for, including:

Create an Account: You may create an account for our services, including on our websites and apps. The personal information we collect typically includes your name and contact details.
Providing Our Services, Including Visa Services: When you or your agent request services from us, such as applying for an ETA or other immigration services, we collect your name, billing and contact details, email address, phone number, payment information (processed through our payment processor), and any relevant service details. The collection and use of your personal information depend on the requirements of the destination country.
When You Book with Us: If you book travel-related services through us, we collect and process the necessary personal information to complete your booking and provide additional support. This includes transferring your details to service providers such as accommodation or transport providers.
When You Upload Photos: For services like visa applications or other travel purposes, we may need to collect images of you. These images are used as part of providing our services.
Sign Up for Information or Marketing: If you sign up to receive information or marketing from us, we collect your name and contact information.
Post to Our Services or Social Media Pages: You may share content, such as photos or reviews, on our platforms, or allow us to post them on your behalf.
Communicate with You: We collect personal information when you communicate with us, for example, through subscribing to newsletters or sending inquiries. We may also use your email to send reminders related to your travel documents. If you wish to opt out, please see the “How to Opt-out of Further Communication” section. Calls to our call center may be recorded for quality, security, and training purposes.
Participate in Promotions: If you enter a promotion or sweepstakes, we collect the information you provide as part of your entry. Additional privacy notices may apply to certain promotions, which we will disclose at the time of collection.
Interact at Events: If you attend a virtual or in-person event, we collect the personal information you choose to provide, such as contact details and information about services you may be interested in.
Administration: We use personal information for administrative purposes, such as managing our services, improving security, maintaining service quality, and enforcing this Privacy Policy and other terms.
Research and Development/Analytical Purposes: We use personal information for research and development to enhance our services, products, and customer experience, and to analyze customer demographics and service popularity.
Legal Compliance: We may use your information to comply with legal obligations, respond to subpoenas, cooperate with investigations, or participate in legal proceedings.
Protection of You, Us, and Others: To protect you, us, and others, including preventing fraud and responding to security incidents, we may use your personal information.
Work with Our Service Providers: We may collaborate with third parties, such as travel agencies or accommodation providers, to offer services to their customers. You should refer to their privacy policies for their practices.
Follow-Up Services: For services like visa extensions or changes in residency or employment status, we may use previously collected information to provide necessary follow-up services.
Other Uses: We may use your information for any other purposes you consent to or that we notify you about.

3. How We May Disclose and Transfer Personal Information.

We may disclose and transfer personal information we collect for the purposes described above, and to service providers and third parties as follows:

Affiliates and Subsidiaries: To support and provide our services, including processing ETA applications, completing immigration or document legalization requests, or assisting with visa processes for you and your family. This may include sharing sensitive data with visa application centers, logistics companies, or translators/solicitors as required. We may also disclose certain information to improve our products and services, provide superior customer service, and identify market opportunities.
Vendors and Service Providers: To third-party service providers and processors who perform functions on our behalf, such as IT service providers, help desk providers, chatbots, analytics providers, and consultants. We may also share images you upload with image review vendors to facilitate efficient processing for travel and visa services.
Trip Providers: To help you book accommodation, travel, tourist attractions, and tours, and to facilitate entry requirements, including providing invitation letters for visa applications or entry-related requirements, and background check providers as needed by the destination country.
Business Partners and Third Parties, Including Third-Party Platforms: To understand how users access and use our services and for research and analytical purposes, such as improving our offerings. This also includes sharing information to provide or enhance specific features of our services, and, with your consent where required, sharing certain information (e.g., browsing data) with third parties for marketing, advertising, and campaign purposes.
Travel Companions (e.g., Friends and Family): To facilitate services such as group trips or family bookings.
Government Entities: To support services, including visa applications, immigration services, and logistics. Sensitive data may be disclosed when required.
Customers and Clients: To provide services when working on behalf of businesses or organizations.
To Others as Required by Law: We may disclose personal data to third parties as permitted by applicable law, including regulators, government entities, and law enforcement, in accordance with legal obligations.

We may also disclose your personal information in the following circumstances:

In Support of Business Transfers: If ETA London or its affiliates are acquired, merged, or involved in another corporate transaction such as bankruptcy or restructuring, personal information may be transferred as part of that process. This may also include disclosures to lenders, auditors, attorneys, or consultants before the completion of such a transaction.
Compliance and Legal Obligations: To comply with legal obligations, including responding to subpoenas, court orders, or other lawful requests, or as required by national security or law enforcement authorities.
Security and Protection of Rights: To protect the services, rights, and property of ETA London, and the rights, property, and safety of others. This includes preventing, detecting, and responding to fraud, unauthorized access, or legal claims.
Aggregate and De-identified Information: We may, where permitted by law, use, disclose, and process aggregate or de-identified information for quality control, analytics, research, and other business purposes.
Other Disclosures: We may disclose personal information in other ways as required or permitted by law. If necessary, we will notify you and obtain your consent where required.

4. Cookies and Tracking Technologies.

ETA London and our service providers use cookies, pixel tags, and similar tracking technologies to automatically collect certain personal information, such as browsing activity, device type, and usage information when you interact with our services. We use this information to understand how users access and use our services; to detect and resolve bugs; to enhance security and optimise performance; for marketing and advertising purposes; and to personalise your experience. We may also aggregate this data to help analyse trends and gather broad demographic insights.

Cookies:
Cookies are small alphanumeric text files stored on your device by your browser. Some are essential for basic functionality and user navigation, while others help to speed up login, enhance security, and track usage and engagement with our services.

Pixel Tags:
Pixel tags (also known as web beacons or clear GIFs) are small, invisible graphics embedded in web content or emails. They function similarly to cookies and help us track user activity, compile usage statistics, and monitor the effectiveness of email communications (e.g., whether an email was opened or forwarded).

Third-Party Analytics:
We use tools like Google Analytics to evaluate the performance and usage of our website and services. These services may use cookies, tags, and other technologies to collect data, which helps us improve the user experience.
You can read more about Google’s practices at: Google Privacy Policy
To opt out of Google Analytics tracking, you can install the browser add-on: Google Analytics Opt-out

Cross-Device Tracking:
We and our providers may use collected data to identify and link the different devices you use (e.g., phone, tablet, laptop) to engage with our services, in order to offer a consistent experience across platforms.

Third-Party Advertising:
We partner with advertising networks and analytics services to personalise content and manage our advertising across third-party platforms. These partners may use cookies and other identifiers (e.g., advertising IDs, IP addresses) to deliver tailored ads and analyse the success of campaigns on both our site and third-party services.

Do Not Track:
Our website does not currently respond to “Do Not Track” browser signals. However, you can manage tracking preferences through your browser settings, such as disabling cookies or using tracking protection features.

Development and Improvement of Technology:
We process data—mainly in pseudonymised or aggregated form—for the development and improvement of technologies such as machine learning, artificial intelligence, and deep learning. This allows us to continuously enhance our services while maintaining high standards of data protection and security.

5. Your Choices.

You have several rights and options in relation to how your personal information is collected and used by ETA London. These include:

Opting Out of Promotional Communications
If you no longer wish to receive promotional emails from us, you may opt out at any time by clicking the unsubscribe link provided in such emails. You may also contact us directly at privacy@etalondon.com to request removal from marketing communications. Please note, however, that we may still send you important service or transactional emails related to your account or services you have requested.

Interest-Based Advertising
We may partner with third-party advertising networks that deliver advertisements tailored to your interests based on your browsing activity (also known as “interest-based advertising”). These partners may use cookies and similar technologies to track your online activity.

You can manage Google advertising preferences by visiting:
www.google.com/settings/ads/onweb/optout?hl=en

You may also opt out of interest-based advertising from participating networks through the following industry platforms:

European users: www.youronlinechoices.eu (European Interactive Digital Advertising Alliance)
U.S. users: www.aboutads.info/choices (Digital Advertising Alliance)
Canadian users: www.youradchoices.ca/choices
Japanese users: www.ddai.info/optout

Please note that opting out does not mean you will no longer see advertising; it means the ads you see may no longer be tailored to your interests. You will continue to receive general advertising based on factors like your location, device, or browsing activity.

Mobile Device Settings
Some features of our mobile or web applications may include third-party advertising and analytics services. You can limit tracking for interest-based advertising through your mobile device settings:

iOS: Go to Settings > Privacy > Tracking and turn off Allow Apps to Request to Track
Android: Go to Settings > Privacy > Ads and toggle on Opt out of Ads Personalization

Some of our apps may also offer in-app settings for managing data collection and personalised ads. These can usually be found in the app’s main settings menu.

6. Your Rights Under UK Data Protection Laws.

ETA London is committed to protecting your privacy and ensuring that your personal data is handled securely and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

You have the following rights regarding your personal data:

Right to Access – You have the right to request access to the personal data we hold about you.
Right to Rectification – You may request that we correct any inaccurate or incomplete information.
Right to Erasure – You can ask us to delete your personal data where there is no good reason for us to continue processing it.
Right to Restrict Processing – You may ask us to suspend the processing of your personal data under certain circumstances.
Right to Data Portability – You may request the transfer of your personal data to another party.
Right to Object – You can object to our processing of your personal data in certain cases, including for direct marketing.
Rights in Relation to Automated Decision Making and Profiling – You have rights concerning automated decisions made about you and profiling activities we may carry out.

To exercise any of these rights or if you have questions about your data.
Please contact us at
Email: Info@etalondon.co.uk

We may require you to verify your identity before we can process your request, in order to ensure your data is protected. Requests will be handled in accordance with the requirements of UK data protection law.

7. Additional UK Data Subject Rights.

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, individuals residing in the United Kingdom are entitled to certain rights with respect to their personal data. These rights may be subject to limitations and exemptions in accordance with applicable data protection law.

Your rights include:

Right of Access
You have the right to request confirmation as to whether your personal data is being processed, and where that is the case, to access that personal data. You may also obtain a copy of your personal data in a structured, commonly used, and machine-readable format, where technically feasible.

Right to Rectification
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure (“Right to be Forgotten”)
You may request that we delete your personal data under certain circumstances, such as where it is no longer necessary for the purpose it was collected, or where you withdraw consent and there is no other legal basis for processing.

Right to Restrict Processing
You may request that we restrict the processing of your personal data in certain cases, including while we assess the accuracy of the data or consider an objection to processing.

Right to Data Portability
Where our processing is based on your consent or is necessary to perform a contract with you, and the processing is carried out by automated means, you may request to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible.

Right to Object to Processing
You have the right to object to the processing of your personal data for direct marketing purposes at any time. You may also object to processing based on our legitimate interests or the performance of a task in the public interest, unless we can demonstrate compelling legitimate grounds to continue.

Right Not to Be Subject to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects, unless such processing is necessary for entering into or performing a contract, is authorised by law, or is based on your explicit consent.

Right to Withdraw Consent
Where we rely on your consent for processing your personal data, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to such withdrawal.

Right to Lodge a Complaint
If you believe that your data protection rights have been violated, you may file a complaint with the UK’s data protection authority, the Information Commissioner’s Office (ICO), at www.ico.org.uk.

How to Exercise Your Rights

You may submit a request to exercise your data rights by contacting us via the methods below:

Email: Info@etalondon.com
Postal Address:
ETA London (J AND RAYS LTD)
29 St. Nicholas Place,
Leicester, England, LE1 4LD

To protect your personal data, we may need to verify your identity before fulfilling your request. If we are unable to comply with your request, we will provide you with an explanation. If you are dissatisfied with our decision, you may request a review or escalate the matter to the ICO.

8. Security.

We implement a range of appropriate technical and organisational measures to protect the personal information we collect against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These safeguards are designed in accordance with industry standards and the requirements of the UK General Data Protection Regulation (UK GDPR).
Despite our efforts, no system or method of data transmission or storage can be guaranteed to be 100% secure.
We encourage you to take steps to protect your personal data as well. For example, select a strong, unique password for your use of our services, avoid reusing passwords across multiple sites or services, and do not share your login credentials.
If you believe your password or account has been compromised, we recommend resetting your password immediately and notifying us at: Info@etalondon.co.uk

9. Data Retention.

We retain and use your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy or as otherwise communicated at the time of collection.
This includes complying with our legal obligations, meeting regulatory and tax requirements, resolving disputes, and enforcing our agreements (including any contracts with our clients).
Where we no longer require your personal information for these purposes, we will securely delete or anonymise the data, in accordance with applicable law and our internal data retention policy.

10. How to Opt-Out of Further Communication.

You may choose to opt out of receiving marketing communications from ETA London at any time.
To do so, either:

Click the “unsubscribe” link at the bottom of our marketing emails, or
Contact us directly at: Info@etalondon.co.uk
Please note that even if you opt out of marketing communications, you may still receive important service-related messages, such as those related to your ETA application or account management.

11. Links to Other Websites.

Our website may include links to third-party websites for your convenience or reference.
Please note that we are not responsible for the privacy practices or content of these external websites. We encourage you to read the privacy policies of any site you visit before submitting any personal information.
Our website may also include interactive elements or social media features (e.g., “Like” or “Share” buttons). These features may collect information such as your IP address or which page you are visiting on our website, and may set cookies to enable functionality.
These features may be hosted by a third party or directly on our site. Your interactions with such tools are governed by the privacy policy of the respective third-party provider.

12. Personal Information from Children.

ETA London does not knowingly collect personal information from children under the age of 13.
Parents or guardians are advised not to allow their children to submit personal data via our website or services without their supervision and consent.
If we become aware that we have inadvertently collected personal data from a child, we will promptly delete such data from our records.
If you are a parent or guardian and believe that we may have collected your child’s information, please contact us at: Info@etalondon.co.uk

13. Additional Information for Individuals Located in the EEA/UK.

Lawful Basis for Collecting Personal Information
We collect and process personal information to fulfil your UK Electronic Travel Authorisation (ETA) application and to perform our contract with you. This is done in compliance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and the Swiss Federal Act on Data Protection, as applicable.
For individuals subject to these regulations, we process general personal information under the lawful basis of performance of a contract. Any additional sensitive personal information is processed on the basis of your explicit consent. By submitting your application and, where necessary, providing consent, you grant us the following rights:

The right to collect your personal information
The right to process your personal information
The right to share your personal information with relevant third parties and official entities, including UK Government Authorities, logistics partners, and any service providers directly related to processing your application.

You have the right to withdraw consent at any time by emailing us at: Info@etalondon.co.uk

Your Data Protection Rights
You have several rights under UK and EU data protection laws, including:

Right to Correction, Amendment or Deletion: You may request correction or deletion of your personal information at any time. We will comply where legally permissible. You can also request deletion using this link: https://etalondon.co.uk/contact-us
After submission:
- We will acknowledge your request.
- Review its compliance based on your country of residence.
- Confirm either:
  - Your data has been removed from our systems, or
  - When we are legally allowed to delete your data, based on the nature of the data and applicable laws.
Right of Access: You may request a copy of the personal data we hold about you.
Right to Restrict Processing: If you contest the accuracy or lawfulness of our processing, you may ask us to restrict how your data is used.
Right to Data Portability: You may request your data in a structured, commonly-used, machine-readable format and transfer it to another organisation.
Right to Object: You may object to the processing of your personal data on grounds relating to your specific situation. You can also object to automated decision-making.
Right to Withdraw Consent: Where consent was provided, you may withdraw it at any time by emailing Info@etalondon.co.uk

These rights may be subject to exceptions where fulfilling them would conflict with another individual’s rights, or where we are legally required or entitled to retain certain data.

International Transfers of Personal Data
Your personal data may be transferred to and processed in countries outside your country of residence, including the United States. These jurisdictions may have different data protection laws than your own.
Some non-EEA countries have been deemed by the UK, EU, or Swiss authorities to provide adequate protection (see full list here). For all other transfers, we use appropriate safeguards such as standard contractual clauses approved by the relevant authorities.

Making a Complaint
If you believe your rights have been violated, you may file a complaint with a relevant supervisory authority:

UK: Information Commissioner’s Office (ICO)
EU: EU Data Protection Authorities
Switzerland: Swiss Federal Data Protection and Information Commissioner (FDPIC)

Data Sharing and Safeguards
Your data may be shared with other entities within our group or affiliated service providers to help fulfil your application and provide relevant services.
When data is transferred to third countries or service providers, we use safeguards such as European Commission-approved standard contractual clauses or equivalent protections under UK and Swiss law.

Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy. Once no longer needed, data will be securely deleted or anonymised.

How We Collect Personal Information
We may collect personal information through:

Direct Provision: When you supply data as part of the application process.
Cookies: These improve website performance and experience. Cookies identify you as a unique user and may be used by third-party partners for marketing and analytics. You can control cookie preferences through your browser settings.
Web Beacons: Used in HTML emails or pages to track interactions (e.g., clicking on links).
Web Server Logs: These logs record actions like page visits, search terms, IP addresses, and browser types.

Please note, while our website does not currently respond to “Do Not Track” signals, we continue to monitor legal updates and may adjust our approach accordingly.

14. How to Contact Us.

If you have any questions or concerns regarding this Privacy Policy or our handling of your personal data, you may contact our Data Protection Officer via email at Info@etalondon.co.uk or by post at:

J AND RAYS LTD
ATTN: Data Protection Officer
29 St. Nicholas Place
Leicester
England, LE1 4LD

15. International Data Transfers.

Your personal data may be transferred and stored outside the United Kingdom when necessary for the purposes described in this Privacy Policy, such as facilitating visa or travel authorisation services with overseas authorities. We ensure that such transfers are made in accordance with applicable UK data protection laws, including the UK General Data Protection Regulation (UK GDPR), and that appropriate safeguards are in place, such as:

Transfers to countries with an adequacy decision by the UK government; or
Standard contractual clauses approved by the UK Information Commissioner’s Office.

By using our services, you acknowledge that your personal data may be subject to lawful access by foreign courts, law enforcement or regulatory agencies in the destination countries.

16. Your Rights Under UK Data Protection Law.

Under the UK GDPR, you have the following rights with respect to your personal data:

Right to Access – You may request a copy of the personal data we hold about you.
Right to Rectification – You may request corrections to any incomplete or inaccurate information.
Right to Erasure – You may request the deletion of your personal data under certain conditions.
Right to Restrict Processing – You may request that we limit how we process your data in certain circumstances.
Right to Data Portability – You may request a copy of your data in a structured, commonly used format and request its transfer to another controller.
Right to Object – You may object to our processing of your personal data, particularly in cases of direct marketing.
Rights related to Automated Decision-Making and Profiling – You may object to decisions made solely by automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you.

To exercise any of these rights or for further assistance, please contact us at Info@etalondon.co.uk We may request verification of your identity before responding to your request.