TheScanBadge
About Contact Login

Privacy Policy

Last updated: January 2026

At TheScanBadge, we value your privacy and take the protection of personal data seriously. This Privacy Policy explains how we collect, use, secure, and process personal data when you use our website, services, NFC badges, digital profiles, APIs, and related platforms (collectively, the “Services”).

This Privacy Policy is drafted in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
  • ISO/IEC 27001-aligned information security principles
  • Applicable EU and German data protection standards

1. Data Controller

TheScanBadge

Lagerstraat 9, 6061 CS Posterholt, Netherlands

Privacy contact:

2. Personal Data We Process

Depending on how you use our Services, we may process the following categories of personal data:

  • Identification data (name, company name)
  • Contact data (email address, phone number)
  • Account and authentication data
  • Badge-related data (badge ID, status, usage metadata)
  • Information you voluntarily publish on a badge or digital profile
  • Technical data (IP address, device type, browser type, system logs)
  • Support and communication data

We do not intentionally collect special categories of personal data as defined in Article 9 GDPR.

3. Purposes of Processing

Personal data is processed only for specific and legitimate purposes, including:

  • Providing and maintaining the Services
  • Creating, managing, and securing user accounts
  • Provisioning NFC badges and digital wallet passes
  • Handling support requests and customer communication
  • Fulfilling legal and contractual obligations
  • Ensuring platform security, stability, and improvement

We do not use personal data for profiling or automated decision-making with legal or similarly significant effects.

4. Legal Basis for Processing

Personal data is processed on the basis of one or more of the following legal grounds under GDPR:

  • Performance of a contract (Article 6(1)(b))
  • Compliance with a legal obligation (Article 6(1)(c))
  • Legitimate interests (Article 6(1)(f)), such as platform security
  • Consent (Article 6(1)(a)), where required

Where processing is based on consent, consent may be withdrawn at any time.

5. Use of Third-Party APIs & Services

To deliver specific functionality, TheScanBadge uses third-party APIs. These services are used only when initiated by the user and primarily at the time of provisioning.

Google Maps Platform

The Google Maps API is used to enable convenient company and address lookups during onboarding and form completion.

  • Triggered solely by user input
  • Used on a one-time, transactional basis
  • No continuous tracking or background monitoring
  • Processed in accordance with Google’s API policies

Google Wallet

Google Wallet APIs are used exclusively to provision digital passes when a user explicitly requests adding a badge to Google Wallet.

  • Used only during pass creation
  • No ongoing access to wallet data
  • No access to payment or transaction information

Apple Wallet

Apple Wallet integration is handled via Apple Developer / PassKit APIs.

  • APIs are used only to generate and provision wallet passes
  • No persistent connection after provisioning
  • No access to Apple ID, Apple Pay, or payment data

Data Minimization: All third-party APIs are used in accordance with GDPR principles of data minimization, purpose limitation, and storage limitation. No APIs are used for profiling, analytics, or marketing purposes.

6. Hosting & Data Location

TheScanBadge’s core platform infrastructure is hosted in Germany, within the European Union.

Personal data is processed in data centers that comply with GDPR requirements, ISO/IEC 27001 standards, and ISO/IEC 27018.

Personal data is not intentionally transferred outside the European Economic Area (EEA), unless required to provide a requested service, and appropriate safeguards (such as Standard Contractual Clauses) are in place.

7. Information Security

TheScanBadge applies technical and organizational measures (TOMs) aligned with ISO/IEC 27001 principles to protect personal data, including:

  • Role-based access control and least-privilege enforcement
  • Encrypted data transmission (TLS)
  • Secure storage of credentials and cryptographic keys
  • Logging and monitoring of security-relevant events
  • Regular review of access permissions
  • Secure development, deployment, and change management processes

8. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. When personal data is no longer required, it is securely deleted or anonymized.

9. Data Sharing

We do not sell personal data. Personal data may be shared only with trusted service providers acting as data processors, authorities where legally required, and partners strictly necessary for service delivery. All processors are contractually bound to comply with GDPR requirements.

10. Your Rights

Under the GDPR, you have the right to:

Access your personal data
Rectify inaccurate data
Request erasure
Restrict/Object to processing
Data portability
Withdraw consent

Requests regarding your rights or personal data can be sent to:

11. Incident Management

Security incidents are handled in accordance with defined internal procedures aligned with ISO/IEC 27001 practices. Affected users and authorities will be notified where required by law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The most current version will always be published on our website and will include an updated “Last updated” date. Continued use of the Services after changes take effect constitutes acceptance of the revised Privacy Policy.

13. Contact

For all privacy-related questions, GDPR requests, or data protection matters, please contact:

TheScanBadge
Email: