Privacy Policy

Effective Date: 14.08.2025

ScanToVerify (“we”, “our”, “us”) is committed to protecting the privacy and personal data of all individuals who interact with our verification platform.
This Privacy Policy explains how we collect, process, store, and protect data in compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for the processing of your personal data is:

ScanToVerify
Email: info@scantoverify.org

2. Scope of This Policy

This policy applies to all processing activities related to the use of our ID verification platform, including:

Accessing our website after scanning a registered QR code.
Viewing verification results.
Submitting authorised requests for additional information.

3. Data We Process

We only process the minimum data necessary for verification purposes. Depending on the verification process, this may include:

Unique verification identifier or QR code reference.
Document authenticity status.
Limited holder reference details (if authorised).
Date, time, and IP address of the verification request (for security logging).

We do not process sensitive personal data unless explicitly authorised by the issuing authority and legally required.

4. Purpose and Legal Basis

We process data solely for:

Performing the verification of registered IDs.
Ensuring the security and integrity of our platform.
Complying with legal and regulatory obligations.

Legal bases for processing (Article 6 GDPR) include:

Performance of a task carried out in the public interest.
Legitimate interests in ensuring the security of identification processes.
Compliance with a legal obligation.

5. Data Retention

Verification logs are retained only for the minimum period necessary to fulfil their purpose and meet legal requirements.
After the retention period, logs are securely deleted.

6. Data Sharing and Disclosure

We do not sell or share personal data with third parties.
Data may only be disclosed to:

Authorised law enforcement or regulatory bodies, upon valid legal request.
The accredited issuer of the ID in question, if necessary for verification or investigation.

7. Security Measures

We apply technical and organisational measures to protect data, including:

End-to-end encryption for all data in transit.
Encryption and access control for data at rest.
Role-based access permissions and multi-factor authentication.
Continuous monitoring and logging of system activity.

8. International Data Transfers

All data is processed and stored in secure European data centres.
We do not transfer personal data outside the EU/EEA unless adequate protection measures are in place.

9. Data Subject Rights

Under GDPR, you have the right to:

Request access to your personal data.
Request correction of inaccurate data.
Request deletion of your personal data.
Restrict or object to processing.
Request data portability (where applicable).

All requests will be processed in cooperation with the relevant ID issuer and in accordance with legal requirements.

10. Cookies and Website Analytics

Our verification platform uses only essential cookies required for functionality.
We do not use tracking or marketing cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective Date” at the top will always reflect the most recent version.

12. Contact

For privacy-related questions or requests, please contact:

Email: info@scantoverify.org
Subject: “Data Protection Enquiry”