GDPR Compliance

Our commitment to EU data protection standards

GDPR Compliant Since Day One

BrandPassPro is built with privacy by design principles and fully complies with the General Data Protection Regulation (GDPR).

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations processing personal data of EU residents, regardless of the organization's location.

GDPR establishes strict guidelines for collecting, processing, and storing personal data, with significant penalties for non-compliance (up to 4% of annual global turnover or €20 million, whichever is higher).

Our GDPR Principles

Lawfulness, Fairness, and Transparency

We process data legally, fairly, and in a transparent manner. Our Privacy Policy clearly explains what data we collect and why.

Purpose Limitation

We collect data only for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.

Data Minimization

We collect only the minimum data necessary to provide our services. No excessive data collection.

Accuracy

We keep personal data accurate and up to date, with mechanisms for users to update their information.

Storage Limitation

We retain personal data only as long as necessary for the purposes it was collected.

Integrity and Confidentiality

We ensure appropriate security of personal data through technical and organizational measures.

Legal Basis for Processing

We process personal data based on the following legal grounds:

Legal Basis When We Use It Examples
Contract Processing necessary to fulfill our contract with you Creating passes, managing accounts, providing services
Legitimate Interests Processing necessary for our legitimate business interests Security monitoring, fraud prevention, service improvements
Consent You have given clear consent for processing Marketing communications, optional features
Legal Obligation Processing necessary to comply with law Tax records, legal disclosures

Your Rights Under GDPR

Right to Access

Request a copy of your personal data we hold

Request Data

Right to Rectification

Correct inaccurate or incomplete personal data

Update Data

Right to Erasure

Request deletion of your personal data

Request Deletion

Right to Restrict Processing

Limit how we use your personal data

Restrict Processing

Right to Data Portability

Receive your data in a portable format

Export Data

Right to Object

Object to certain types of processing

Object to Processing

To exercise any of these rights, contact our Data Protection Officer at dpo@brandpasspro.com. We will respond within 30 days.

Privacy by Design

BrandPassPro implements privacy by design principles:

  • Proactive not Reactive: We anticipate and prevent privacy invasions before they occur
  • Privacy as Default: Maximum privacy protection without requiring action from the user
  • Full Functionality: Privacy and functionality are not mutually exclusive
  • End-to-End Security: Secure data throughout its lifecycle
  • Visibility and Transparency: All stakeholders can verify our data practices
  • User Privacy Respect: User interests are prioritized
  • Privacy Embedded: Privacy considerations are integral to system design

Data Protection Measures

Data Protection Officer

Dedicated DPO overseeing compliance

Privacy Impact Assessments

Regular assessments for new features

Staff Training

Regular GDPR training for all employees

Vendor Management

GDPR-compliant data processors only

International Data Transfers

When we transfer personal data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms
  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Appropriate Safeguards: Technical and organizational measures
  • Your Consent: Where applicable and with clear information

Data Breach Response

In the unlikely event of a data breach:

72h

Regulatory Notification

We notify supervisory authorities within 72 hours

Immediate

User Notification

Affected users notified without undue delay if high risk

Ongoing

Mitigation

Immediate steps to contain and remediate

How We Help You Comply

BrandPassPro helps your organization maintain GDPR compliance:

  • Consent Management: Tools to obtain and document consent
  • Data Minimization: Collect only necessary pass recipient data
  • Access Controls: Role-based permissions for data access
  • Audit Trails: Comprehensive logs of data processing activities
  • Data Export: Easy export of all data for portability
  • Deletion Tools: Permanently delete data when requested
  • DPA Available: Data Processing Agreement for your compliance

Contact Our Data Protection Officer

For GDPR-related inquiries or to exercise your rights:

Data Protection Officer

Email: dpo@brandpasspro.com

Response time: Within 30 days

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.