{"id":244,"date":"2022-04-28T12:50:15","date_gmt":"2022-04-28T11:50:15","guid":{"rendered":"https:\/\/cms.scantrust.com\/?page_id=244"},"modified":"2024-09-27T16:22:37","modified_gmt":"2024-09-27T15:22:37","slug":"privacy-policy","status":"publish","type":"page","link":"https:\/\/cms.scantrust.com\/privacy-policy\/","title":{"rendered":"Privacy Policy"},"content":{"rendered":"\n\n\n\n\n\n
\n\t
<\/div>\n\t\t\t
\n\t\t\t\t\n \n Privacy and compliance statement\n <\/h1>\n\n\n

Last update: August 30th, 2024<\/p>\n

This privacy notice informs you about how Scantrust collects, uses, and protects your personal data when you visit our website or make use of our solutions. We are committed to respecting your privacy and adhering to our obligations under the General Data Protection Regulation (GDPR).<\/p>\n

1. Who we are<\/h1>\n

Scantrust is a provider of cloud-based connected packaging solutions for anti-counterfeiting, EU digital wine labels, supply chain traceability, enterprise QR codes and digital product passports. We prioritise personal data protection and are committed to maintaining adequate standards of privacy and security.<\/p>\n

In this privacy notice, we outline how we collect, use, and safeguard your personal data when you interact with our website or make use of our solutions. We recognise the importance of transparency and trust in our relationship with you, and we are committed to ensuring that your personal data is handled responsibly and in accordance with applicable data protection laws and regulations.<\/p>\n

The data controller responsible for your personal data is:<\/b><\/p>\n

Scantrust S.A. <\/b>[\u201cwe\u201d, \u201cus\u201d, \u201cour\u201d]<\/p>\n

EPFL Innovation Park, PSE-D
\nCH-1015 LAUSANNE
\nSwitzerland<\/p>\n

contact@scantrust.com<\/a><\/p>\n

2. Scope of the privacy notice<\/h1>\n

This privacy notice applies to the following categories of people:<\/p>\n

    \n
  • Website visitors<\/li>\n
  • Staff of our customers<\/li>\n
  • End users of our solutions<\/li>\n
  • Staff of our partners<\/li>\n
  • Staff of our suppliers<\/li>\n
  • Newsletter subscribers<\/li>\n
  • Job applicants<\/li>\n
  • Participants of our trainings and webinars<\/li>\n
  • Investors<\/li>\n
  • Leads<\/li>\n<\/ul>\n

    This notice does not apply to employees of Scantrust.<\/p>\n

    3. How we use your personal data<\/h1>\n

    We use your personal data for the following purposes:<\/p>\n

     <\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
    Processing activity<\/b><\/th>\nGeneral description of purposes<\/b><\/th>\nLawful basis<\/b><\/th>\nCategories of data<\/b><\/th>\nRetention period<\/b><\/th>\n<\/tr>\n<\/thead>\n
    Website, analytics & marketing<\/b><\/td>\n<\/tr>\n
    Website analytics<\/td>\nWe analyse website traffic to determine how visitors use our site and in what ways we can improve.<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/td>\n

    		\n
      \n
    • IP address<\/li>\n
    • Country<\/li>\n
    • Type of browser<\/li>\n
    • Type of operating system<\/li>\n<\/ul>\n<\/td>\n
    		1 day<\/td>\n<\/tr>\n
    Use of cookies<\/td>\nWe make use of cookies and other tracking technologies to ensure that our website functions properly, remember user preferences, maintain sessions and track user behaviour across different sites.<\/td>\nConsent<\/p>\n

    Article 6(1)(a) of the GDPR<\/p>\n

    We rely on your consent for the use of non-essential cookies.<\/p>\n

    Legitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    When we make use of essential cookies, we rely on our legitimate interest to ensure that the website functions properly<\/td>\n

    		\n
      \n
    • IP address<\/li>\n
    • Time of request<\/li>\n
    • Mode of server request<\/li>\n
    • Country<\/li>\n
    • Type of browser<\/li>\n
    • Type of operating system<\/li>\n
    • Session duration<\/li>\n<\/ul>\n<\/td>\n
    		See section 4 for the retention period of the various cookies used<\/td>\n<\/tr>\n
    Receiving requests through website forms<\/td>\nWebsite forms allow us to receive and respond to demo requests from potential customers<\/td>\nConsent<\/p>\n

    Article 6(1)(a) of the GDPR<\/p>\n

    By filling out the website form and checking the consent box, you give us the permission to use the information you have provided in the form to handle your request, set up a demo account for your organisation and contact you to facilitate your request.<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n
    • Phone number<\/li>\n
    • Name of company<\/li>\n
    • Request message<\/li>\n
    • Location<\/li>\n<\/ul>\n<\/td>\n
    		Until deletion is requested<\/td>\n<\/tr>\n
    Organising events and webinars<\/td>\nWe sometimes organise events and host webinars to create brand awareness, to discuss product updates and latest industry topics<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    We host webinars in our legitimate interest to promote our brand and inform about our products and services<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n
    • Event to be attended<\/li>\n<\/ul>\n<\/td>\n
    		Until deletion is requested<\/td>\n<\/tr>\n
    Registering for an event or webinar<\/td>\nYou may sign up to attend an event or webinar that we have organised<\/td>\nConsent<\/p>\n

    Article 6(1)(a) of the GDPR<\/p>\n

    In order to sign you up for a webinar, we rely on your consent to provide the required information. We also request that you give additional optional consent to be invited in the future to similar events or webinars<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n
    • Event to be attended<\/li>\n<\/ul>\n<\/td>\n
    		2 years<\/td>\n<\/tr>\n
    Managing the Scantrust social media accounts (LinkedIn, Instagram and X)<\/td>\nWe operate an account on the stated social platforms to maintain a credible social and professional presence. When you engage with us on these platforms, we can see the details you have made available on your social profile.<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name (or username)<\/li>\n
    • Profile information (depending on the privacy settings of your account)<\/li>\n<\/ul>\n<\/td>\n
    		n\/a as we do not process this information further<\/td>\n<\/tr>\n
    Sharing customer reviews<\/td>\nOur customers often find our products satisfactory. When they do, we sometimes request a review from them. We share the reviews of satisfied customers to increase positive brand perception.<\/td>\nConsent<\/p>\n

    Article 6(1)(a) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Job title<\/li>\n
    • Name of organisation<\/li>\n
    • Review<\/li>\n<\/ul>\n<\/td>\n
    		Direct identifiers are retained until the end of the customer relationship. The reviews and case studies themselves remain on our website..0<\/td>\n<\/tr>\n
    Product and server security<\/b><\/td>\n<\/tr>\n
    Securing the Scantrust platform<\/td>\nWe are interested in ensuring that the Scantrust platform is a safe and secure environment for our customers.<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    We do this in our legitimate interest to ensure the security of the Scantrust platform and prevent system attack and abuse.<\/td>\n

    		\n
      \n
    • IP address<\/li>\n<\/ul>\n<\/td>\n
    		100 days<\/td>\n<\/tr>\n
    Maintaining server logs<\/td>\nWe store certain information in log files to prevent system attack and for fraud \/ abuse prevention, incident management, forensics and error investigation.<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    We maintain logs in our legitimate interest to secure our software environment and infrastructure.<\/td>\n

    		\n
      \n
    • Scan time<\/li>\n
    • Device \/ phone model<\/li>\n
    • Serial number<\/li>\n
    • Scan reason (to query or verify)<\/li>\n
    • IP address<\/li>\n<\/ul>\n<\/td>\n
    		100 days<\/td>\n<\/tr>\n
    Maintaining scan logs<\/td>\nIn order to provide our service to our customers and ensure that our products work correctly i.e QR codes display properly, we process technical information of devices constituting the scan log.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    We maintain scan logs to ensure the correct functioning of our products and generally fulfil the contract that our customers and end users have with us.<\/td>\n

    		\n
      \n
    • Scan time<\/li>\n
    • Unique scan ID<\/li>\n
    • User ID<\/li>\n
    • Country and city<\/li>\n
    • Device \/ phone model<\/li>\n
    • Serial number<\/li>\n
    • Scan application (Scantrust App or otherwise)<\/li>\n
    • Scan reason (to query or verify)<\/li>\n
    • Location (GPS when scanning with the App and when scanning without the App if the GPS popup is accepted)<\/li>\n
    • First 3 bytes of the IP address (when scanning without the App)<\/li>\n
    • Product scanned<\/li>\n<\/ul>\n<\/td>\n
    		100 days<\/td>\n<\/tr>\n
    Acquiring statistical data<\/td>\nWe derive aggregate information on usage based on log files to gain insight into product usage and for product improvement<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    We acquire statistical data in our interest to derive aggregate information on usage and continuously improve our products<\/td>\n

    		\n
      \n
    • Scan time<\/li>\n
    • Unique scan ID<\/li>\n
    • User ID<\/li>\n
    • Country and city<\/li>\n
    • Device \/ phone model<\/li>\n
    • Serial number<\/li>\n
    • Scan application (Scantrust App or otherwise)<\/li>\n
    • Scan reason (to query or verify)<\/li>\n
    • Location (GPS when scanning with the App and when scanning without the App if the GPS popup is accepted)<\/li>\n
    • First 3 bytes of the IP address (when scanning without the App)<\/li>\n<\/ul>\n<\/td>\n
    		100 days<\/td>\n<\/tr>\n
    Granting access to our staging environment<\/td>\nWe sometimes allow customers access to the Scantrust staging environment. We do this to enable them to experience a mirror implementation of how the platform functions.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    Access to our staging environment occurs in line with the agreement entered into with customers or as a pre-contractual step towards concluding a contract with potential customers.<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n
    • Job title<\/li>\n
    • Name of organisation<\/li>\n
    • Phone numbers<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Receiving suspected counterfeiting reports<\/td>\nThis allows us to receive user-initiated suspected counterfeit reports and communicate the same to our customers.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    As part of our service contract with customers, we are obliged to enable this function within our products and communicate counterfeit reports to customers.<\/td>\n

    		\n
      \n
    • Name<\/li>\n
    • Email address<\/li>\n
    • Location<\/li>\n
    • Counterfeit report \/ message<\/li>\n<\/ul>\n<\/td>\n
    		Counterfeit reports are maintained as long as, and until the end of the customer relationship<\/td>\n<\/tr>\n
    Product verification on the Scantrust Apps (public and enterprise)<\/td>\nWhen you scan a QR code, we process technical information to authenticate and verify the codes and to detect counterfeits<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    As part of our service contract with customers and the individuals who use the Scantrust App, we are obliged to enable this function for product verification.<\/td>\n

    		\n
      \n
    • GPS Location<\/li>\n
    • Device information for compatibility check (QR code scanner, Authenticate Secure Graphic and GPS location)<\/li>\n<\/ul>\n<\/td>\n
    		100 days<\/td>\n<\/tr>\n
    Logging in to the Scantrust enterprise App<\/td>\nCustomers who make use of the Scantrust platform are able to also use the Scantrust enterprise App on the go. We require login credentials to secure customers’ enterprise accounts.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    We are obliged to secure enterprise accounts of our customers from unlawful and unauthorised access even when accessed from the Scantrust enterprise App<\/td>\n

    		\n
      \n
    • Email address<\/li>\n
    • Password<\/li>\n
    • Name of organisation<\/li>\n
    • Role<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Project management<\/b><\/td>\n<\/tr>\n
    Setting up customer accounts<\/td>\nWhen we enter into a contract with our customers, we enable the set up of their account on the Scantrust platform for the efficient use of the service<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    This is done in line with the terms of the customer contract.<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n
    • Job title<\/li>\n
    • Title (mr.\/ms.)<\/li>\n
    • Company name<\/li>\n
    • Password<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Scheduling and hosting meetings with customers<\/td>\nWe sometimes organise meetings with customers to understand their unique needs, their use of the platform as well as the project scope.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    This is done in order to be able to understand customer needs and fulfil the terms of the customer contract.<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Training customers on the use of the Scantrust platform<\/td>\nWe train customers on the use of the Scantrust platform to help customers get started and harness the full capacities of the platform<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    This is done in line with the terms of the customer contract.<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Collaborating with printing partners<\/td>\nThis collaboration is aimed at enabling customers and their printing partners\u2019 systems to integrate with the Scantrust platform.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    This is done in line with the terms of the customer contract.<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n
    • Job title (optional)<\/li>\n
    • Title (mr.\/ms.)<\/li>\n
    • Company name<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Training printing partners<\/td>\nWe train printing partners to ensure that they are able to correctly obtain, download and print QR codes from the Scantrust platform.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    This is done in line with the terms of the customer contract to ensure seamless printing of customer QR codes.<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n
    • Company name<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Managing customer projects until the platform is live<\/td>\nWe manage customer projects to support our customers, especially in the staging environment, until they are ready to go live on the Scantrust platform.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    This is done in line with the terms of the customer contract.<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n
    • Company name<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Finance, Accounting and Reporting<\/b><\/td>\n<\/tr>\n
    Paying invoices<\/td>\nWe settle invoices in order to pay vendors for the service supplied and fulfil the terms of the service agreement.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    This is done in line with the terms of the supplier contract.<\/td>\n

    		\n
      \n
    • Name of supplier staff (where applicable)<\/li>\n
    • Name of organisation (supplier name)<\/li>\n
    • Email address<\/li>\n
    • Address of supplier<\/li>\n
    • Phone number<\/li>\n
    • Payment details<\/li>\n<\/ul>\n<\/td>\n
    		As long as the supplier contract exists \/ 10 years thereafter<\/td>\n<\/tr>\n
    Authorising \/ keeping track of new customers<\/td>\nWe approve new customers to keep track of our customer list and track payments due from them.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    This is done in line with the terms of the customer contract.<\/td>\n

    		\n
      \n
    • Name of contact person for the customer<\/li>\n
    • Name of organisation<\/li>\n
    • Email address<\/li>\n
    • Billing address<\/li>\n
    • Billing items<\/li>\n<\/ul>\n<\/td>\n
    		As long as the customer contract exists \/ 10 years thereafter<\/td>\n<\/tr>\n
    Authorising \/ keeping track of new suppliers<\/td>\nWe approve new suppliers to keep track of our supplier list and track payments due to them.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    This is done in line with the terms of the supplier contract.<\/td>\n

    		\n
      \n
    • Name of contact person for the supplier<\/li>\n
    • Name of organisation (supplier name)<\/li>\n
    • Email address<\/li>\n<\/ul>\n<\/td>\n
    		As long as the customer contract exists \/ 10 years thereafter<\/td>\n<\/tr>\n
    Purchasing stock<\/td>\nWe make stock purchases to acquire the necessary stock for company use.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    This is done in line with the terms of the supplier contract.<\/td>\n

    		\n
      \n
    • Name of contact person for the supplier (where applicable)<\/li>\n
    • Email address<\/li>\n
    • Job title<\/li>\n
    • Team<\/li>\n
    • Name of organisation (name of supplier)<\/li>\n
    • Price of stock<\/li>\n
    • Bank details<\/li>\n<\/ul>\n<\/td>\n
    		10 years<\/td>\n<\/tr>\n
    Fundraising<\/td>\nAs a startup, we sometimes organise events to raise funds for operations from investors.<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    We conduct fundraising campaigns to attract and secure investment funding from investors in our interest to continue operating as a trusted anti-counterfeiting software provider.<\/td>\n

    		\n
      \n
    • Name of investor<\/li>\n
    • Passport details<\/li>\n
    • Name of company<\/li>\n
    • Address<\/li>\n<\/ul>\n<\/td>\n
    		As long as the investment continues<\/td>\n<\/tr>\n
    Reporting<\/td>\nWe present financial results to stakeholders such as investors and Board members.<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    We present financial results in our legitimate interest to ensure transparency and foster trust from stakeholders.<\/td>\n

    		\n
      \n
    • Email address<\/li>\n<\/ul>\n<\/td>\n
    		10 years<\/td>\n<\/tr>\n
    Financial reporting and annual auditing<\/td>\nWe provide periodic reports on the company\u2019s liquidity and capital status to comply with the law and carry out audits.<\/td>\nLegal obligation<\/p>\n

    Article 6(1)(C) of the GDPR<\/p>\n

    We conduct audits and provide period reports to comply with Article 725 of the Swiss Code of Obligations<\/td>\n

    		\n
      \n
    • Auditor signature<\/li>\n
    • Contact name<\/li>\n
    • Contact email address<\/li>\n
    • Name of organisation (name of auditor)<\/li>\n
    • Address of organisation<\/li>\n<\/ul>\n<\/td>\n
    		10 years<\/td>\n<\/tr>\n
    Sales<\/b><\/td>\n<\/tr>\n
    Collecting contact information at trade shows<\/td>\nWe attend or organise trade shows where we collect contact information of potential customers to follow-up with them in the future.<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    We do this in our legitimate interest to increase brand awareness and potentially meet new customers.<\/td>\n

    		\n
      \n
    • First and last name of contact person<\/li>\n
    • Email address<\/li>\n
    • Mobile number<\/li>\n
    • Job title<\/li>\n
    • Name of organisation<\/li>\n
    • Address of organisation<\/li>\n<\/ul>\n<\/td>\n
    		Until the recipient unsubscribes<\/td>\n<\/tr>\n
    Communicating with leads and managing contact details of leads interested<\/b> in Scantrust products<\/td>\nWe manage the contact details of leads to be able to contact them for follow up discussions, understand their needs and expectations in relation to our products<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    We do this in our legitimate interest to convert leads to customers and keep operations ongoing<\/td>\n

    		\n
      \n
    • First and last name of contact person<\/li>\n
    • Email address<\/li>\n
    • Mobile number<\/li>\n
    • Name of organisation (name of Lead)<\/li>\n
    • Job title of contact person<\/li>\n
    • Address of organisation<\/li>\n<\/ul>\n<\/td>\n
    		Until opt-out<\/td>\n<\/tr>\n
    Managing lead lifecycle<\/td>\nWe do this to categorise and manage leads progression through the sales pipeline e.g Sales qualified lead, Sales qualified lead with meeting occurred, Opportunity.<\/i><\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    We do this in our legitimate interest to measure sale strategy success and convert leads to customers<\/td>\n

    		\n
      \n
    • Full name of contact person for Lead<\/li>\n
    • Email address<\/li>\n
    • Name of organisation (name of Lead)<\/li>\n
    • Job title<\/li>\n
    • Mobile number<\/li>\n
    • Lead status<\/li>\n
    • Lifecycle stage<\/li>\n
    • Date of communication<\/li>\n
    • Location<\/li>\n<\/ul>\n<\/td>\n
    		Deleted immediately the lead opts out or 3 years, whichever is earlier.<\/td>\n<\/tr>\n
    Onboarding customers<\/td>\nWe support in customer onboarding to enable customers register to the e-label product<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name of contact person for customer<\/li>\n
    • Email address<\/li>\n
    • Mobile number<\/li>\n
    • Name of organisation<\/li>\n
    • Address of organisation<\/li>\n<\/ul>\n<\/td>\n
    		Until the customer contract ends<\/td>\n<\/tr>\n
    \n
      \n
    • Sorting registrations for the free version of our products<\/li>\n
    • Migrating customers to the free version with access to only 3 e-labels<\/li>\n<\/ul>\n<\/td>\n
    		\n
      \n
    • We assess free version requests to determine the order of priority.<\/li>\n
    • Based on request or payment status, we are able to upgrade or downgrade customer accounts from the paid to the free version of the u-label<\/li>\n<\/ul>\n<\/td>\n
    		Performance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • Full name of contact person for customer<\/li>\n
    • Email address<\/li>\n
    • Company name<\/li>\n
    • Country<\/li>\n
    • Company website<\/li>\n
    • Number of employees<\/li>\n<\/ul>\n<\/td>\n
    		Until the customer contract ends<\/td>\n<\/tr>\n
    Offboarding customers<\/td>\nWe offboard customers to terminate their subscription based on request or in accordance with clause 7C of the e-label Terms of Service.<\/a><\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name of contact person for customer<\/li>\n
    • Email address<\/li>\n
    • Name of organisation<\/li>\n
    • Billing address<\/li>\n
    • Billing contact<\/li>\n
    • Billing phone<\/li>\n
    • Billing email<\/li>\n<\/ul>\n<\/td>\n
    		Until the customer contract ends and the offboarding process is complete<\/td>\n<\/tr>\n
    Negotiating, contracting and closing deals with customers<\/td>\nWe do this to negotiate, enter into contracts and close deals with leads, converting them to customers.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name of contact person<\/li>\n
    • Email address<\/li>\n
    • Name of organisation<\/li>\n
    • Billing address<\/li>\n
    • Billing contact<\/li>\n
    • Billing phone<\/li>\n
    • Billing email<\/li>\n<\/ul>\n<\/td>\n
    		Until the customer contract ends<\/td>\n<\/tr>\n
    Managing customer relationships<\/td>\nWe manage customer relationships to ensure customer satisfaction and efficient management of customer lifecycle.<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    The interest pursued is customer satisfaction.<\/td>\n

    		\n
      \n
    • First and last name of contact person for customer<\/li>\n
    • Email address<\/li>\n
    • Name of organisation<\/li>\n
    • Address of organisation<\/li>\n<\/ul>\n<\/td>\n
    		Until the customer contract ends<\/td>\n<\/tr>\n
    Managing referral programs<\/td>\nThis enables Scantrust to offer to partners, 10% of the revenue generated by partner referrals<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name of contact person<\/li>\n
    • Email address<\/li>\n
    • Name of organisation<\/li>\n
    • Address of organisation<\/li>\n
    • Signature (Referral Agreement)<\/li>\n
    • Job title<\/li>\n<\/ul>\n<\/td>\n
    		As long as the referral agreement is valid<\/td>\n<\/tr>\n
    Offering and enabling the use of discount codes for e-labels<\/td>\nBy enabling the use of discount codes, we are able to honour coupon codes issued to partners and customers aimed at increasing sales and boosting profit margin.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n
    • Name of organisation<\/li>\n
    • Address of organisation<\/li>\n
    • Coupon code<\/li>\n<\/ul>\n<\/td>\n
    		As long as the referral agreement is valid<\/td>\n<\/tr>\n
    Conducting email campaigns<\/td>\nWe conduct email campaign to drive brand awareness for our wine label solution<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    The interest pursued is increased brand awareness and lead-to-customer conversion<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n
    • Name of organisation<\/li>\n<\/ul>\n<\/td>\n
    		Until email recipient opts out \/ unsubscribes<\/td>\n<\/tr>\n
    Sending invitations to prospects to register for webinars and the free u-label version<\/td>\nScantrust invites potential customers to webinars to discuss anti-counterfeiting solutions, drive brand awareness and increase sales.<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    The interest pursued is increased brand awareness and lead-to-customer conversion<\/td>\n

    		\n
      \n
    • First and last name<\/li>\n
    • Email address<\/li>\n
    • Name of organisation<\/li>\n<\/ul>\n<\/td>\n
    		Until the recipient requests deletion<\/td>\n<\/tr>\n
    Recruitment<\/b><\/td>\n<\/tr>\n
    Receiving job applications and conducting interviews<\/td>\nAs job positions become vacant, we advertise them and receive applications from candidates to fill the vacant positions based on our assessment of their skills and qualification during interviews<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/p>\n

    Reviewing CVs and conducting interviews are pre-contractual steps necessary to conclude an employment contract with the successful candidate.<\/td>\n

    		\n
      \n
    • Name of job candidate<\/li>\n
    • Email address<\/li>\n
    • Mobile number<\/li>\n
    • Location<\/li>\n
    • Educational qualification<\/li>\n
    • Any other information contained in the CV \/ Application<\/li>\n<\/ul>\n<\/td>\n
    		Applications of unsuccessful candidates are deleted immediately after the end of the recruitment exercise.<\/td>\n<\/tr>\n
    Retaining applicant data from speculative applications<\/td>\nWe sometimes receive speculative applications from job applicants. If an applicant permits, we will retain this application to be able to contact the applicant when a suitable job position becomes vacant.<\/td>\nConsent<\/p>\n

    Article 6(1)(a) of the GDPR<\/td>\n

    		\n
      \n
    • Name of job candidate<\/li>\n
    • Email address<\/li>\n
    • Mobile number<\/li>\n
    • Location<\/li>\n
    • Educational qualification<\/li>\n
    • Any other information contained in the CV \/ Application<\/li>\n<\/ul>\n<\/td>\n
    		3 months<\/td>\n<\/tr>\n
    Conducting background checks<\/td>\nScantrust conducts background checks on the successful candidate to verify records and information provided.<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    As an anti-counterfeiting business, we conduct background checks in our interest to ensure that our employees have the minimum clearance level for the job and to ensure that referrals, qualifications and certificates are authentic.<\/td>\n

    		\n
      \n
    • Name<\/li>\n
    • Referees<\/li>\n
    • Social security record<\/li>\n
    • Previous employer referral<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the employment<\/td>\n<\/tr>\n
    Support<\/b><\/td>\n<\/tr>\n
    Receiving and responding to support requests from customers<\/td>\nWe receive and respond to support requests to ensure that our customers receive the help they request and are able to continue seamless use of Scantrust products.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name of contact person for customer<\/li>\n
    • Email address<\/li>\n
    • Name of company<\/li>\n
    • Type of enquiry (general, product feedback, billing, change request, onboarding\/training, etc.)<\/i><\/li>\n
    • Business impact (urgent, high, medium, low)<\/i><\/li>\n
    • Company plan (Scantrust enterprise, etc.)<\/i><\/li>\n
    • Support request message<\/li>\n
    • Attachments (file, image)<\/i><\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Meeting with customers<\/td>\nIn some cases, we schedule meetings with customers to discuss their support request in more detail and the solutions either via telephone or video conferencing.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name of contact person for customer<\/li>\n
    • Email address<\/li>\n
    • Phone number<\/li>\n
    • Meeting notes<\/li>\n
    • Name of organisation<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Analysing customer success<\/td>\nThis is to ensure that customers achieve their desired goals with Scantrust products<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    Ensuring customer success and satisfaction is in our interest to remain the leading provider of anti-counterfeiting software with high customer success rate<\/td>\n

    		\n
      \n
    • First and last name of contact person for customer<\/li>\n
    • Name of organisation<\/li>\n
    • Job title<\/li>\n
    • Email address<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Requesting customer feedback \/ review<\/td>\nWe want to let people know how effective our products are. This is why we request feedback and review from our customers.<\/td>\nLegitimate interest<\/p>\n

    Article 6(1)(f) of the GDPR<\/p>\n

    Customer feedback is one of the ways through which we improve and increase brand awareness by sharing positive reviews.<\/td>\n

    		\n
      \n
    • First and last name of contact person for customer<\/li>\n
    • Name of organisation<\/li>\n
    • Job title<\/li>\n
    • Email address<\/li>\n
    • Feedback \/ review<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Applying product discount for case studies<\/td>\nWe incentivise our customers to provide case studies to understand in detail, how our products have helped customers achieve their objectives and determine areas of improvement.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name of contact persons for customer<\/li>\n
    • Name of organisation<\/li>\n
    • Job title<\/li>\n
    • Email address<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Customer onboarding and training<\/td>\nWe onboard and train customers to enable them make effective use of Scantrust products.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name of contact person for customer<\/li>\n
    • Email address<\/li>\n
    • Name of organisation<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Receiving and sharing counterfeit reports<\/td>\nWe enable end users to share counterfeit reports within our products as part of the terms of our service. This helps customers investigate and potentially take action against counterfeits. It also helps to keep the end user safe.<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • Email address<\/li>\n
    • Phone number<\/li>\n
    • Address<\/li>\n
    • Choice to be contacted<\/li>\n
    • Additional information<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n
    Applying partnership discount to customers<\/td>\nScantrust offers partnership discounts to subscription customers<\/td>\nPerformance of a contract<\/p>\n

    Article 6(1)(b) of the GDPR<\/td>\n

    		\n
      \n
    • First and last name of contact persons for customer<\/li>\n
    • Name of organisation<\/li>\n
    • Job title<\/li>\n
    • Email address<\/li>\n<\/ul>\n<\/td>\n
    		Until the end of the customer relationship<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

     <\/p>\n

    Where required, Scantrust will retain your details for a period of time to comply with a legal obligation, Article 6(1)(c) of the GDPR. For instance, when you opt out of emails about product updates and features, we process information necessary to implement your choice and ensure that we never contact you again to ensure compliance with Article 7(1) of the GDPR. Please note that if your information is processed for a different purpose, for instance, when a valid customer contract exists, we may contact you in the course of the normal customer relationship such as customer support and training.<\/p>\n

     <\/p>\n

    4. Cookies and tracking technologies<\/h1>\n

    Scantrust collects website and platform usage data to analyse how end users and customers use our products. We also analyse usage data to identify what areas of our website and products need improvement. We collect anonymous statistical data about the use of this website to optimise our online presence as well as for marketing and sales purposes. The data is collected on servers operated by AWS within Europe (Ireland) Region.<\/p>\n

     <\/p>\n

    We make use of cookies and other tracking technologies to gain insight into usage patterns. The table below highlights the cookies and trackers we make use of on our website and across our products<\/p>\n

     <\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
    Cookie or tracker name<\/b><\/th>\nPresence<\/b><\/th>\nProvider<\/b><\/th>\nType<\/b><\/th>\nCategorisation<\/b><\/th>\nDuration<\/b><\/th>\n<\/tr>\n<\/thead>\n
    Player<\/td>\nWebsite<\/td>\nVideo Vimeo<\/td>\nSession<\/td>\nFunctional<\/td>\n1 year<\/td>\n<\/tr>\n
    vuid<\/td>\nWebsite<\/td>\nVideo Vimeo<\/td>\nSession<\/td>\nFunctional<\/td>\n2 years<\/td>\n<\/tr>\n
    __hs_gpc_banner_dismiss<\/td>\nWebsite<\/td>\nHubspot<\/td>\nPersistent<\/td>\nAnalytics<\/td>\n6 months<\/td>\n<\/tr>\n
    __hssc<\/td>\nWebsite<\/td>\nHubspot<\/td>\nSession<\/td>\nAnalytics<\/td>\n30 minutes<\/td>\n<\/tr>\n
    __hssrc<\/td>\nWebsite<\/td>\nHubspot<\/td>\nSession<\/td>\nAnalytics<\/td>\ndeleted immediately after the session<\/td>\n<\/tr>\n
    __hstc<\/td>\nWebsite<\/td>\nHubspot<\/td>\nPersistent<\/td>\nAnalytics<\/td>\n2 years<\/td>\n<\/tr>\n
    hubspotutk<\/td>\nWebsite<\/td>\nHubspot<\/td>\nPersistent<\/td>\nAnalytics<\/td>\n2 years<\/td>\n<\/tr>\n
    messagesUtk<\/td>\nWebsite<\/td>\nHubspot<\/td>\nPersistent<\/td>\nAnalytics<\/td>\n2 years<\/td>\n<\/tr>\n
    Firebase<\/td>\nMobile App<\/td>\nGoogle<\/td>\nPersistent<\/td>\nFunctional<\/td>\nUntil device cache is cleared i.e as long as the tracker is retained on the device<\/td>\n<\/tr>\n
    Amplitude<\/td>\nMobile App<\/td>\nAmplitude<\/td>\nPersistent<\/td>\nAnalytics<\/td>\nUntil device cache is cleared i.e as long as the tracker is retained on the device<\/td>\n<\/tr>\n
    Google Analytics<\/td>\nPlatform<\/td>\nGoogle<\/td>\nPersistent<\/td>\nAnalytics<\/td>\nUntil device cache is cleared i.e as long as the tracker is retained on the device<\/td>\n<\/tr>\n
    Plausible<\/td>\nPlatform<\/td>\nPlausible<\/td>\nPersistent<\/td>\nAnalytics<\/td>\nUntil device cache is cleared i.e as long as the tracker is retained on the device<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

     <\/p>\n

    5. Data recipients and international data transfer<\/h1>\n

    We make use of third-party service providers in delivering some of our services or to fulfil our legal obligations for legal and tax purposes. Where service providers are located outside the EU, we will ensure to implement appropriate transfer safeguards as approved under the GDPR such as the use of standard contractual clauses or the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework.<\/p>\n

    We make use of the following services:<\/p>\n