Privacy notice
This notice describes how the Veridyn product passport service (the Service) processes personal data, in accordance with Regulation (EU) 2016/679 (GDPR) and Act CXII of 2011 (the Hungarian Info Act).
1. The data controller
Name: [CÉGNÉV]
Registered seat: [SZÉKHELY]
Company registration / registry number: [CÉGJEGYZÉKSZÁM]
Tax number: [ADÓSZÁM]
Representative: [KÉPVISELŐ]
Email: hello@veridyn.eu
Phone: [TELEFON]
Appointing a data protection officer is not mandatory; you can reach us at the email address above with any data protection questions.
2. Scope and roles
This notice applies to visitors of the veridyn.eu website, registered users and those who contact us.
Roles: the Provider is the data controller for account and billing data. As regards the data users upload into product passports – to the extent it contains personal data – the user is the data controller, while the Service acts as a data processor under the separate Data Processing Agreement (DPA) (see also the Terms of Service).
3. Data processed, purposes and legal bases
| Data category | Purpose | Legal basis | Retention |
|---|---|---|---|
| Account data: name / company name, email, password (in "hash" form) | Account, login, providing the Service | Contract – Art. 6(1)(b) | For the account's lifetime + [30 days] |
| Product passport data (entered by the user) | Producing public, multilingual passports and QR codes | Contract – Art. 6(1)(b) | Until the product / account is deleted (or statutory retention) |
| Contact form: name, email, company, message | Responding to the enquiry | Legitimate interest – Art. 6(1)(f) | [e.g. 1 year] |
| Password reset token | Securely resetting the password | Contract / legitimate interest | 1 hour (single use) |
| Scan log (timestamp, IP hash) | Analytics, operation, abuse prevention | Legitimate interest – Art. 6(1)(f) | [e.g. 12 months] |
The [...] retention periods are finalised by the data controller in line with its actual practice.
4. DPP-specific processing
- Public product passport: product passports are PUBLICLY accessible (anyone can view them via the QR code or a link). If the user (data controller) enters personal data into the passport (e.g. the name or email of the economic operator's contact), it appears on the public passport; the user ensures its legal basis and necessity.
- Scan analytics: we log passport views in aggregate; the IP address is stored not in identifiable form but as an irreversible hash (the visitor cannot be identified), and bot traffic is filtered. Legal basis: legitimate interest.
- Tiered access: the user may issue an expiring link to an authority or a party with legitimate interest to view the non-public fields.
- EU DPP registry: on the user's behalf, we may transmit the product passport identifiers to the central EU registry once it becomes available.
5. Data processors
We use the following data processors to operate the Service:
- Hosting provider: [TÁRHELYSZOLGÁLTATÓ NEVE ÉS SZÉKHELYE] – hosting of the website and the database.
- Email delivery: smtp2go (Help Monkey Limited; EU delivery server: mail-eu.smtp2go.com) – transactional emails (welcome, password reset, notifications).
- Payment provider: [FIZETÉSI SZOLGÁLTATÓ] – processing subscription fees (once payment is introduced).
6. Data transfers, third countries
We transfer personal data to third parties only through the data processors listed above, for the stated purposes. Where a data processor processes data outside the EEA, the transfer takes place with appropriate safeguards (e.g. the European Commission's Standard Contractual Clauses, SCC). We do not disclose or sell data for marketing purposes.
7. Rights of the data subject
The data subject has the right of access (Art. 15), rectification (16), erasure ("right to be forgotten", 17), restriction of processing (18), data portability (20), and the right to object (21) to processing based on legitimate interest. Where processing is based on consent, it may be withdrawn at any time (this does not affect the lawfulness of processing before withdrawal).
You can exercise your rights at hello@veridyn.eu; we fulfil your request without undue delay, and no later than within 1 month.
8. Cookies
The website uses cookies necessary for its operation. Details in the Cookie Policy.
9. Data security
We store passwords solely in a secure, one-way "hash" form; API keys are also hashed; communication is encrypted over HTTPS; the interface is protected by CSRF and session safeguards. We access the data only to the extent necessary to perform the task.
10. Children
The Service is aimed at businesses, not children. We do not knowingly collect data from persons under the age of 16.
11. Legal remedies
You may lodge a complaint about data processing with the supervisory authority:
National Authority for Data Protection and Freedom of Information (NAIH)
1055 Budapest, Falk Miksa utca 9–11. · naih.hu · ugyfelszolgalat@naih.hu
If your rights are infringed, you may also turn to a court.
12. Amendment of this notice
We may amend this notice as needed; the version in force at any given time is available on this page, with the date of the update.