PassPer
Pricing Platform Sign in

Legal

Privacy Policy

Effective date: 1 May 2026  ·  Last updated: 29 May 2026

PassPer is a brand of AutoNMS (Reg. No. HE477557), registered in Cyprus. We are committed to protecting your personal data and processing it in compliance with the General Data Protection Regulation (GDPR) and applicable EU privacy law.

1. Who we are

Data controller: AutoNMS (Reg. No. HE477557), Cyprus. Contact: privacy@passper.eu.

2. Data we collect

Account data

When you register, we collect your email address, name, and organisation details. This is necessary to provide the service.

Product passport data

We store the product data you upload to create Digital Product Passports. This data is processed on your behalf as a data processor. You are the data controller for that content.

Usage data

We collect logs of API calls, page views, and feature usage to operate, secure, and improve the platform. Logs are retained for 90 days.

Cookies

We use a single session cookie (dp_token) for authentication. We do not use third-party tracking or advertising cookies.

3. How we use your data

  • To provide and maintain the PassPer service
  • To send transactional emails (account verification, password reset, team invites, supplier requests)
  • To comply with our legal obligations under EU Battery Regulation 2023/1542 and ESPR
  • To detect and prevent fraud and abuse

We do not sell your data. We do not use your data for advertising.

4. Legal basis for processing

  • Contract performance — processing account data to deliver the service you signed up for
  • Legitimate interests — security monitoring, abuse prevention, product improvement
  • Legal obligation — retaining records required by EU regulation

5. Data storage and transfers

All data is stored on servers located within the European Union (Germany). We do not transfer personal data outside the EU/EEA unless required by law.

Sub-processors we use (all EU/EEA or adequate-country only): Hetzner (infrastructure), Postmark (transactional email, EU data residency), Stripe (payment processing, Privacy Shield successor SCCs).

6. Data retention

Account data is retained while your account is active and for 30 days after deletion. Product passport data (required by EU regulation) is retained for the battery's useful life plus the statutory post-end-of-life period, as mandated by Regulation 2023/1542. Billing records are retained for 7 years per applicable tax law.

7. Your rights

Under GDPR, you have the right to access, correct, delete, restrict, or port your data, and to object to processing. To exercise any right, email privacy@passper.eu. We will respond within 30 days. If you are unsatisfied, you may lodge a complaint with your national data protection authority.

8. Security

We use TLS 1.3 in transit, bcrypt password hashing, and row-level tenant isolation. Access to production data is restricted to authorised personnel. We perform regular security reviews.

9. Changes to this policy

We will notify registered users of material changes by email at least 30 days before they take effect.

10. Contact

Privacy enquiries: privacy@passper.eu
General: hello@passper.eu

© 2026 AutoNMS
Privacy Terms Contact