PRIVACY AND PERSONAL DATA PROTECTION POLICY

1. Introduction and Applicable Legislation

1.1. This Privacy Policy (hereinafter referred to as the "Policy") defines the procedure for processing and protecting the personal data of users of the "MyVisa.World" service (hereinafter referred to as the "Service"), which is owned and operated by the company MTTA PTE LTD, registered in Singapore (hereinafter referred to as the "Company", "Operator", "We").

1.2. The Company provides services to clients worldwide and strives to comply with applicable data protection legislation in relevant jurisdictions. In our activities, we consider the requirements of the following regulations:

    — For citizens and residents of the Russian Federation: Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" and the regulatory legal acts adopted in accordance with it.

    — For citizens and residents of countries of the European Economic Area (EEA): General Data Protection Regulation (GDPR).

    — For users from Singapore and in general: Singapore's Personal Data Protection Act (PDPA).

1.3. Key concepts such as "personal data" and "processing" within this Policy are understood in the meanings defined by the aforementioned laws.

2. What Data We Process

2.1. We process only those personal data that are necessary for providing the visa support services you have ordered and for fulfilling the contract. These include:

    — Identification and biographical data: Full name, date and place of birth, gender, citizenship.

    — Identity document data: Type, number, validity period, issuing authority of the passport or other document.

    — Contact details: Email address, phone number, residential address.

    — Data required for the visa application: Travel information (purpose, itinerary, dates), professional activity and employment, financial information (to confirm financial capacity), marital status, invitations, booking information.

    — Photographs and document scans, including biometric photo.

    — Technical data: IP address, device and browser data, Service visit history (collected using cookies and similar technologies).

2.2. In accordance with Russian legislation, information about racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, or intimate life constitutes special categories of personal data, the processing of which requires special protection measures and, as a rule, explicit written consent. The processing of biometric data (e.g., visa photos) is also carried out only with your separate consent.

3. Legal Bases and Purposes of Data Processing

3.1. The processing of your personal data is carried out on lawful and fair grounds.

3.2. The main legal basis is the necessity for the performance of a contract with you (Art. 6(1)(b) GDPR, Art. 6(1) Part 1 of 152-FZ), i.e., for the preparation and submission of your visa application to the authorized state bodies (consulates, visa centers).

3.3. Additional grounds may be:

    — Your voluntary consent, obtained in explicit form (e.g., for marketing communications).

    — Legitimate interests of the Company (Art. 6(1)(f) GDPR), such as ensuring the security of the Service, protection against fraud, improving service quality.

    — Fulfillment of obligations stipulated by law (e.g., data retention for accounting purposes).

3.4. Specific processing purposes:

    — Provision of visa support services, consulting, document verification, form filling.

    — Communication with you regarding the provision of services, informing about the status of the application.

    — Ensuring the security and operability of the Service, analyzing its use.

    — Fulfilling the requirements of the legislation of the Russian Federation, Singapore, and other countries.

4. Consent to Data Processing and Your Rights

4.1. Consent. By using the Service and providing us with data for visa processing, you confirm your consent to their processing for the stated purposes. For special categories of data or additional purposes (e.g., marketing), we request separate, informed, specific, and explicit consent.

4.2. Rights of Data Subjects. Depending on the legislation applicable to you, you have the right to:

    — Right of Access: Request confirmation of the fact of processing and information about the conditions of processing your data.

    — Right to Rectification: Demand clarification or correction of inaccurate or incomplete data.

    — Right to Erasure ("Right to be Forgotten"): Demand the erasure of your data if they are no longer necessary for the stated purposes, upon withdrawal of consent, or in case of unauthorized processing.

    — Right to Withdraw Consent: Withdraw previously given consent to processing at any time, which does not affect the lawfulness of processing based on consent before its withdrawal.

    — Right to Restriction of Processing: Demand temporary suspension of processing in certain cases (e.g., when contesting the accuracy of data).

    — Right to Object/Lodge a Complaint: Submit appeals and complaints to the authorized body for the protection of the rights of personal data subjects (in the Russian Federation — Roskomnadzor).

4.3. How to Exercise Your Rights. To exercise your rights, as well as to withdraw consent, send a relevant request to our email: docs@myvisa.world. We will consider your request within the period established by applicable law (usually 30 days).

5. Data Transfer to Third Parties and Cross-Border Transfer

5.1. We do not sell or rent your personal data.

5.2. We transfer your data strictly to the extent necessary for the provision of services to the following recipients:

    — Authorized State Bodies: Consulates, embassies, visa centers, immigration services of the destination country of the visa. This is a necessary part of the service.

    — Our Subcontractors (Processors): Reliable service providers, such as cloud hosting providers, project management platforms, courier services. We enter into agreements with them obliging them to ensure data confidentiality and security.

5.3. Cross-Border Transfer. Your data may be transferred and stored on servers located outside your country of residence (e.g., in Singapore, where our Company is located, or in the country of the requested visa). When transferring data from the Russian Federation to foreign states that do not ensure adequate protection, we ensure compliance with the requirements of the legislation of the Russian Federation.

6. Data Retention and Protection

6.1. Retention Period. We retain your personal data no longer than is necessary for the purposes specified in Section 3, or for the period established by law (e.g., for tax accounting purposes). Typically, a client dossier is stored for 24 months from the completion of work on the application. After this, the data is securely deleted or anonymized.

6.2. Protection Measures. We apply necessary and sufficient organizational and technical measures to protect data from unlawful or accidental access, destruction, modification, blocking, copying, dissemination. The measures include but are not limited to: determining data protection levels, using certified information security tools (ISI) in accordance with the requirements of Russian regulators (FSTEC, FSB), encryption, strict access control, and regular system audits.

7. Notification of Data Breaches

7.1. In the event of a security incident that may lead to a breach of your personal data, we undertake:

    — In accordance with GDPR: Notify the supervisory authority within 72 hours of discovery, and you — without undue delay if the breach creates a high risk to your rights and freedoms.

    — In accordance with the legislation of the Russian Federation: Notify Roskomnadzor within the period established by law.

    — Immediately take all possible measures to eliminate the consequences of the incident.

8. Contact Information and Supervisory Authorities

8.1. For all questions related to the processing of your personal data and the exercise of your rights, please contact:

    — Email: docs@myvisa.world

    — Mailing Address: MTTA PTE LTD, 5 Napier Road, Republic of Singapore

8.2. You also have the right to file complaints with the authorized supervisory authorities:

    — In Russia: Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor).

    — In the EU: The relevant national data protection regulator of your country of residence.

    — In Singapore: Personal Data Protection Commission (PDPC).

9. Final Provisions

9.1. This Policy is an integral part of the Public Offer Agreement for the provision of services by the "MyVisa.World" Service.

9.2. We reserve the right to make changes to the Policy. The new version comes into force from the moment it is published on this page. In case of significant changes, we will notify you by available means.

Version 2.0 as of January 13, 2026