< Back to Privacy Corner

Index

Privacy Notice Vendors

Introduction

At VFS Global, we’re committed to protect and respect your privacy.

This Privacy Notice explains how VFS Global and its worldwide companies & subsidiaries (“VFS Global,” “we,” or “us”) handles your personal information.

We may change this Privacy Notice from time to time. We will always make the latest Privacy Notice available to you via this page. Any changes to this privacy policy will apply to you and your data immediately.

Who are we? (VFS Global)

VFS Global is the leader in trusted technology services, empowering secure mobility for governments and citizens.

VFS Global manages the administrative and non-judgmental tasks related to visa, passport, travel documents, identity management and other citizen services such as passport renewals for its client governments and diplomatic missions. This enables them to focus entirely on the critical task of judgemental assessment and decision making.

VFS Global only provides certain logistic support to visa/ permit or travel document applications on behalf of its client governments and in accordance with the respective contracts with them regarding such services/ support.

Apart from the visa/ permit or travel document application processing services and citizen services, VFS Global also provides additional services called Valued Added Services (VAS).

Contact Information of Data Controllers

VFS Global responsible for processing the personal data you provide as part of your vendor relationship with us.

The contact information for Data Controller (VFS Global) is:
VF Worldwide Holdings Ltd.
Unit No: 1804 Preatoni Tower,
Plot No: JLT-PH1-L2A
Jumeirah Lakes Towers
Dubai
United Arab Emirates

How do we collect your personal information?

We collect information about you as our vendor during your engagement with VFS.

We will obtain addition information from a third-party due diligence service provider concerning you and the directors of the company and the company itself.

Please note; it is not mandatory to provide your personal data, however, without providing the required personal data, we will not be able to complete your onboarding process as a vendor in our systems and as a consequence of that we will not be able to pay your invoices.

What information do we collect?

VFS Global processes the following listed information provided by you in order to onboard you as one of our vendors. Please note that not all of this information may be regarded as "Personal Information" however in the spirit of transparency we are notifying you of the information that will be collected.

Details of Vendor which includes:

  • Full Name
  • Father's Full Name
  • Contact Number
  • Gender (Male / Female)
  • Date of Birth
  • National ID
  • No. or Passport No.
  • A Government issued valid Identity Proof document e.g. Passport / Driving Licence / PAN /Aadhar or equivalent document.
  • Country of Location / Residence
  • Place of Birth
  • Nationality
  • Email Address

Complete Postal Address of Registered Office:

  • City & Country
  • Contact Numbers
  • Email Address
  • Type of Company
  • Company Registration / Tax Numbers:
  • PAN / TIN / GST / VAT / INN CIN / OGRN
  • Any Other Registration Numbers (If available)

BANK DETAILS

  • Bank Name
  • Bank Address
  • Bank Account Number

Details of all main Partners / Owners / Shareholders which includes:

  • Full Name
  • Father's Full Name
  • Contact Number
  • Gender (Male / Female)
  • Date of Birth (DD / MM / YYYY)
  • National ID No. or Passport No.
  • Country of Location / Residence
  • Place of Birth
  • Nationality
  • Email Address
  • A Government issued valid Identity Proof document e.g. Passport / Driving Licence / PAN / Aadhar or equivalent document.

For Companies:

  • Certificate of Registration or equivalent document PAN Card or Tax registration document
  • Following information may be requested is to be provided, only if the annual contract value is more than 10,000CHF:
    1. Latest year’s turnover
    2. Details of Directors / Key Controllers:
      • Full Name
      • Contact Number
      • Father's Full Name
      • Gender
      • Date of Birth
      • National ID No. or Passport No.
      • Country of Location / Residence
      • Place of Birth
      • Nationality
      • Email Address
    3. Details of Business References of existing clients:
      • Full Name of Company
      • Name of Contact person
      • Complete Address
      • Article of Association/List of Shareholders or equivalent documents
      • Last year’s Audited Balance Sheet
      • List of Top Customers

Lawful basis for processing your personal data

Where permitted under applicable data protection law, we process your personal data on the basis of our legitimate interests, in particular to engage with you as a vendor, manage the contractual relationship, conduct due diligence, and ensure efficient business operations, provided that such interests are not overridden by your fundamental rights and freedoms.

Where the processing of personal data is necessary to comply with legal obligations, including anti-money laundering (AML), know-your-customer (KYC), and tax reporting requirements, we process your personal data on the basis of legal obligation.

In jurisdictions where legitimate interests are not recognized as a lawful basis for the relevant processing activities, or where consent is otherwise required under applicable data protection law, we will rely on your consent as the lawful basis for processing your personal data. Where consent is used, you may withdraw it at any time, subject to applicable legal or contractual restrictions.

How is your information used?

Your personal data will be used only for the following purposes, as permitted under applicable data protection law :

  • To register you, your company, and (where applicable) company directors and beneficial owners in our vendor management and finance systems.
  • To carry out due diligence, background checks, and verification activities, including anti-money laundering (AML) and know-your-customer (KYC) checks, and to assess compliance with sanctions, fraud prevention, and financial-crime prevention requirements.
  • To draft, manage, and administer contractual arrangements between VFS Global and your company.
  • To perform reconciliations of services or products provided under the contractual relationship.
  • To receive, validate, and process invoices and related financial documentation.
  • To make payments and transfer funds to your designated bank account(s).
  • To comply with mandatory legal, tax, accounting, and financial reporting obligations, including tax reporting, statutory audits, and regulatory disclosures required under applicable laws.

How long do we hold your data for?

Your personal information is retained by us for the duration of our commercial relationship and for 10 years after the termination date of the commercial relationship.

We are legally required to hold some types of information to fulfil our statutory obligations (for example; invoices for taxation legislation).

Who do we share your information with?

We may share your personal data with other entities within the VFS group of companies, where such sharing is necessary for vendor onboarding, due diligence, compliance, finance, accounting, audit, and internal reporting purposes, and only to the extent permitted under applicable data protection law.

We may also share your personal data with trusted third-party service providers that support us in meeting our due diligence, anti-money laundering (AML), know-your-customer (KYC), fraud prevention, and regulatory compliance obligations, including providers of screening, verification, and risk-assessment services.

All group entities and third-party service providers receiving personal data are required to apply appropriate technical and organizational measures to protect personal data and to process it only for the purposes described above, in accordance with applicable data protection laws and contractual safeguards.

We may further disclose personal data to competent public authorities, regulators, law enforcement bodies, or tax authorities where such disclosure is required by applicable law, regulation, or a valid and binding legal request, including a court order.

Transferring your personal information offshore

Your personal data may be transferred to, stored in, or accessed from countries outside your country of residence where this is necessary for the purposes described in this notice. This may include transfers:

  • within our corporate group, where personal data is processed by group entities as part of centralized business management, governance, compliance, finance, risk management, vendor administration, or IT support functions;
  • to trusted third-party service providers that support vendor management, due diligence activities (including AML and KYC checks), financial operations, tax and accounting reporting, or other support services.

Where personal data is transferred internationally, we ensure that such transfers are carried out in accordance with applicable data protection laws and are subject to appropriate safeguards. These safeguards may include:

  • transfers to countries that are subject to an adequacy decision by the relevant data protection authority;
  • the use of standard contractual clauses or other approved transfer mechanisms recognized under applicable data protection law; or
  • transfers otherwise permitted under applicable law, including where necessary to comply with legal or regulatory obligations.

We take reasonable steps to ensure that personal data transferred offshore is protected by appropriate technical and organizational measures designed to maintain an adequate level of data protection.

Your rights

Under many data protection laws, you have rights with regard how your personal information is handled. These privacy rights vary from country to country, however in VFS Global we enable you to exercise a full range of data protection rights depending on the applicable jurisdiction, subject to any legal limitations or exemptions. Depending on the applicable law, your rights may include:

  • The right to be informed about how your personal data is collected and used.
  • The right of access to your personal data and to receive a copy of it.
  • The right to rectification of inaccurate or incomplete personal data.
  • The right to erasure of your personal data, where permitted by law.
  • The right to restrict the processing of your personal data in certain circumstances.
  • The right to data portability, where applicable.
  • The right to object to the processing of your personal data, in certain circumstances.
  • Rights in relation to automated decision-making and profiling, where applicable.
  • The right to lodge a complaint or raise a concern about the handling of your personal data.

You may exercise your data protection rights, or submit a request relating to your personal data, by contacting VFS Global at:

DATA SUBJECT ACCESS RIGHTS FORM

a. Accessing your information: Authentication.
In order to protect your privacy and to authenticate that the request is genuinely from you and not from anyone else masquerading as you, we might request some additional details of your last interaction with VFS Global, some details that nobody else would know about.

This is to ensure that it is really you who is making the request and not someone else. We will only request enough information to enable us to identify you.

How VFS Global protects your information

When you give us personal information, we take steps to ensure that it is treated securely. Any sensitive information is encrypted and protected.

On our websites when you are on a secure page, a lock icon will appear in the address bar of most web browsers. This means the transfer of information from your browser to our web servers is encrypted to keep it safe.

Please bear in mind that emails may be transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, do not include personal information in an email when you communicate with us, if you do, you do so at your own risk.

Monitoring

To ensure the safety and security of our staff, customers, visitors, and premises, VFS Global uses closed-circuit television (CCTV) systems at certain locations, including visa application centres (VACs) and offices, where permitted by applicable law.

CCTV cameras are used solely for security, safety, incident prevention, and investigation purposes. Clear and visible signage is displayed at the entrances and within monitored areas to inform individuals that CCTV recording is taking place.

CCTV footage is retained for a limited period, in accordance with applicable local laws and, where relevant, the requirements of our client governments or diplomatic missions, unless a longer retention period is required for the investigation of a specific incident or to comply with legal obligations.

Technology

a. Use of cookies.
VFS Global websites use cookies and similar technologies to ensure the proper functioning of the website, enhance user experience, and, where permitted, to collect statistical information about website usage.

Cookies may be used to:
• enable core website functionality;
• remember your language or preference settings;
• collect aggregated statistical information about website usage.

Where required by applicable law, you are given the choice to accept or refuse non-essential cookies, and you may change your cookie preferences at any time using the cookie settings available on our website.

Please note that disabling certain cookies may affect the functionality of the website.

b. Links to other websites.
Our websites may contain links to external websites operated by third parties. This Privacy Notice applies only to VFS Global websites.

If you follow a link to a third-party website, please note that we are not responsible for the content, security, or privacy practices of those websites. We encourage you to review the privacy notices of any third-party websites you visit.

While we take reasonable steps to review external links before publishing them, we do not control and cannot guarantee the ongoing compliance of third-party websites.

Contact us.

We understand that you may have questions about our privacy practices. Please feel free to contact us by using our SAR form or by contacting dpo@vfsglobal.com.

In case you remain dissatisfied, you can raise complaints on the processing of personal data by contacting the supervisory data protection authority available in your country.