Privacy policy

General information only; not legal advice. Have a British Columbia lawyer review and customize this for your business.

Site operator: ETA ONLINE SERVICES LTD.
BC address: 105-111 W Broadway
Vancouver, BC V5Y 1P4
Canada
Privacy contact: privacy@etaenlinea.com

1. Scope

This policy explains how we collect, use, disclose, and safeguard personal information when you use etaenlinea.com, related forms, and links to our client portal (for example, to submit an eTA or other services we offer). Embedded third-party tools (such as public calculators) are also governed by their own policies.

We help travellers apply for Canada’s Electronic Travel Authorization (eTA) and related services, including clients who are UK, Spanish, or French nationals or residents, or who are located elsewhere in the EEA. Processing in that context may include identity, passport, contact, payment, and application data as described here, including transfers to Canada and, where required, submission of information to IRCC or other authorities under the official process.

2. Canadian and BC framework

We operate from British Columbia, Canada. We handle personal information in accordance with applicable federal law, notably the Personal Information Protection and Electronic Documents Act (PIPEDA), and with provincial statutes as they apply, including British Columbia’s Personal Information Protection Act (BC PIPA) where relevant to our activities.

3. Information we may collect

  • Contact and account details: name, email, phone, language preference.
  • Service-related information: data you submit for travel or related applications (for example passport or itinerary details) as required by the forms you complete.
  • Technical data: IP address, browser type, pages viewed, timestamps; cookies or similar technologies where used.
  • Payments: payment data is typically processed by payment service providers; we do not store full card numbers when a certified processor handles the transaction.

Cookies and similar technologies

Where we use cookies or similar technologies, we distinguish those strictly needed to operate the site, portal, or security from optional ones (for example analytics or preference features). Where the law requires it—including for visitors in the EEA and UK, and under Canadian rules where applicable—we will seek prior consent for non-essential uses. You may withdraw or adjust choices where the site provides a tool for that purpose; otherwise you can use browser settings or contact the privacy email at the top of this policy.

4. Purposes

  • Delivering, coordinating, and billing requested services.
  • Responding to inquiries and support requests.
  • Meeting legal and regulatory obligations.
  • Improving the site, security, and fraud prevention.
  • With your consent where required, informational or promotional communications permitted by law.

5. Legal basis and consent

Where the law requires it, we will obtain clear consent (for example for non-essential cookies or optional marketing). Otherwise we may rely on performing a contract, legal compliance, or legitimate interests balanced against your rights.

6. Disclosure to third parties

We may share information with service providers that help us run the website and portal (hosting, email, analytics, payment gateways) under confidentiality and security obligations. Where an application must be submitted to IRCC or another authority, required information will be transmitted according to that process. We may also disclose information if required by law or to protect rights and safety.

7. Cross-border processing

Some processors may handle data outside Canada. Where that occurs, we use reasonable contractual and organizational safeguards consistent with Canadian privacy expectations, as permitted by law.

International transfers (summary)

Because of how the service works, your information is processed primarily in Canada, where the controller is located. Service providers in other countries (hosting, email, payments, analytics, etc.) may also process data in those locations. For individuals in the EEA or UK, where a transfer is subject to the GDPR or UK GDPR, we use the safeguards described in section 13 (for example standard contractual clauses or other recognized mechanisms) where required.

8. Retention

We keep information only as long as needed for the purposes above, to resolve disputes, and to meet legal, regulatory, or professional retention requirements (including accounting or immigration-related rules).

9. Security

We apply reasonable technical and organizational measures (access controls, encryption where appropriate, training). No method of transmission or storage is completely secure.

10. Your rights

Depending on applicable law, you may request access to or correction of your personal information, withdraw consent where that does not prevent us from meeting contractual or legal duties, and file a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC). Use the privacy contact above for requests.

11. Minors

Our services are not directed to children without a responsible adult. If you believe we have collected a minor’s information improperly, please contact us.

12. Changes

We may update this policy by posting a new version on this page with an effective date. Continued use of the site after material changes may constitute acceptance where permitted by law.

13. Visitors in the EEA, Switzerland, and the UK (including the UK, Spain, and France)

If you are in the European Economic Area, Switzerland, or the United Kingdom, the General Data Protection Regulation (GDPR) and related local laws may apply when we process personal data in connection with services offered to individuals in those regions. In the UK, the parallel regime is the UK GDPR together with applicable UK legislation.

If you use our services from the United Kingdom, Spain, France, or another EEA country, processing may include the categories of data described earlier in this policy (for example identity, passport, contact, and payment data) and transmission of your application to Canadian authorities where the process requires it. Purposes and legal bases are set out in sections 4 and 5.

In addition to the rights described elsewhere in this policy, you may have further rights (where applicable), including access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent where processing is based on consent. You may lodge a complaint with a data protection authority in your country or region.

Supervisory authorities (examples): United Kingdom — Information Commissioner’s Office (ICO); Spain — Agencia Española de Protección de Datos (AEPD), alongside applicable national law (including Spain’s data-protection organic law); France — Commission nationale de l’informatique et des libertés (CNIL). Other EEA countries have equivalent authorities.

Where personal data is transferred outside the EEA/UK, we use appropriate safeguards (such as standard contractual clauses or other approved mechanisms) when required by law. The controller for our services is the entity named at the top of this policy, located in Canada.

If we are required to appoint a representative in the EU or UK under applicable law, we will publish their contact details in this policy or provide them on request to the privacy email above.

To exercise rights under the GDPR, UK GDPR, or equivalent rules, contact us using the privacy email shown at the top of this policy.

14. Contact

For privacy questions, email the address at the top or use our contact page.

Last updated: April 10, 2026