TheScanBadge
À propos Contact Connexion

Security & Compliance Statement

Last updated: January 2026

TheScanBadge
Last updated: January 2026

1. Overview

TheScanBadge is committed to maintaining high standards of information security, data protection, and infrastructure resilience.

Our platform is designed around the principles of:

  • Security by design
  • Privacy by default
  • Data minimization
  • Least privilege access
  • European data sovereignty

2. Legal & Regulatory Framework

TheScanBadge operates in accordance with:

  • Regulation (EU) 2016/679 (GDPR)
  • Dutch Civil Code (Burgerlijk Wetboek)
  • Applicable EU consumer protection laws
  • Article 28 GDPR (Data Processing Agreements for B2B customers)

We provide:

  • Terms of Service
  • Privacy Policy
  • Data Processing Agreement (DPA)
  • Acceptable Use Policy

3. Data Hosting & Infrastructure

All core infrastructure is hosted within the European Economic Area (EEA).

Primary infrastructure locations include:

  • Rotterdam, Netherlands
  • Heerlen, Netherlands
  • Falkenstein, Germany
  • Eindhoven, Netherlands

Infrastructure is operated within GDPR-compliant data centers.

We do not intentionally transfer personal data outside the EEA unless appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

4. Technical Security Measures

TheScanBadge implements appropriate technical and organizational measures (TOMs) aligned with ISO/IEC 27001 principles.

4.1 Network Security

  • Encrypted communication (TLS)
  • Secure firewall configurations
  • Network segmentation where applicable

4.2 Access Control

  • Role-based access control (RBAC)
  • Least privilege enforcement
  • Multi-factor authentication for administrative access
  • Periodic access reviews

4.3 Application Security

  • Secure development lifecycle practices
  • Change management procedures
  • Version control and logging
  • API rate limiting and monitoring

4.4 Data Protection

  • Encrypted transmission
  • Secure credential storage
  • Controlled access to production systems
  • Logging of security-relevant events

5. Subprocessors

We work with carefully selected subprocessors, including:

  • Hetzner Online GmbH (EU hosting)
  • Mollie B.V. (payment processing)
  • Google Maps Platform (address lookup functionality)

All subprocessors are bound by GDPR-compliant agreements and security obligations.

6. Data Segregation

TheScanBadge operates a multi-tenant SaaS architecture with logical separation between customer environments.

Access to customer data is restricted and monitored.

7. Incident Response

We maintain internal procedures for handling security incidents.

In the event of a personal data breach:

  • Affected customers will be notified without undue delay
  • Relevant authorities will be informed where required under GDPR
  • Remediation steps will be documented

8. Business Continuity

We maintain:

  • Infrastructure redundancy
  • Backup procedures
  • Monitoring systems
  • Disaster recovery processes

Planned maintenance is conducted in a controlled manner.

9. Pet Tag & Public Badge Considerations

Because NFC badges and QR profiles may be publicly accessible:

  • Users are responsible for the information they publish
  • Medical information is user-supplied and not verified
  • TheScanBadge does not provide emergency services
  • Public visibility is configurable by users

10. Compliance & Audit Support

For B2B customers:

  • A Data Processing Agreement is available
  • Security documentation may be shared under NDA
  • Reasonable audit requests may be accommodated

11. Continuous Improvement

Security controls are reviewed periodically.

We reserve the right to enhance technical and organizational measures as threats evolve.

12. Contact

For security-related inquiries:

Legal inquiries: