GDPR Compliance
Your data protection rights under the General Data Protection Regulation
Last updated: December 2024
Our Commitment to GDPR
Passpix is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have as a data subject.
The GDPR applies to all individuals within the European Union (EU) and the European Economic Area (EEA). If you are located in these regions, you have enhanced rights regarding your personal data.
Legal Basis for Processing
Under GDPR, we must have a legal basis for processing your personal data. We process your data based on:
Contract Performance
Processing necessary to provide our passport photo services, process payments, and fulfill our contractual obligations to you.
Legitimate Interest
Improving our services, fraud prevention, security measures, and direct marketing (where you haven't opted out).
Consent
Marketing communications, cookies (non-essential), and any other processing where we specifically ask for your consent.
Legal Obligation
Compliance with tax laws, anti-money laundering regulations, and other legal requirements.
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of all personal data we hold about you, including how it's being processed.
Right to Rectification
Correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request deletion of your personal data when it's no longer necessary or you withdraw consent.
Right to Restrict Processing
Limit how we process your data in certain circumstances, such as when accuracy is contested.
Right to Data Portability
Receive your personal data in a structured, machine-readable format for transfer to another service.
Right to Object
Object to processing based on legitimate interests, direct marketing, or profiling.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us using the information below. We will:
- Respond to your request within one month (extendable to three months for complex requests)
- Verify your identity before processing your request
- Provide information free of charge (unless requests are excessive or unfounded)
- Explain any reasons if we cannot fulfill your request
Contact Information for GDPR Requests
Email: gdpr@passpix.io
Subject Line: GDPR Request - [Type of Request]
Include: Your full name, email address, and specific request details
Data Processing Activities
We maintain records of our data processing activities as required by GDPR:
| Purpose | Data Categories | Legal Basis | Retention |
|---|---|---|---|
| Service Delivery | Photos, Contact Info | Contract | 30 days |
| Payment Processing | Payment Details | Contract | 7 years |
| Customer Support | Communications | Legitimate Interest | 3 years |
| Marketing | Email, Preferences | Consent | Until withdrawn |
International Data Transfers
Some of our service providers are located outside the EU/EEA. We ensure adequate protection through:
- Adequacy Decisions: Transfers to countries with adequate data protection
- Standard Contractual Clauses: EU-approved contracts with service providers
- Binding Corporate Rules: Internal data protection standards for multinational companies
- Certification Schemes: Providers certified under recognized data protection frameworks
You can request copies of the safeguards we use for international transfers by contacting us.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance:
DPO Email: dpo@passpix.io
Responsibilities:
- Monitor GDPR compliance
- Conduct privacy impact assessments
- Serve as contact point for supervisory authorities
- Provide data protection training and advice
Automated Decision Making
We use automated systems for:
- Photo Compliance Checking: AI algorithms verify passport photo requirements
- Fraud Detection: Automated systems identify suspicious transactions
- Customer Support: Chatbots provide initial assistance
You have the right to request human intervention, express your point of view, and contest automated decisions that significantly affect you.
Data Breach Procedures
In the event of a personal data breach, we will:
- Notify the relevant supervisory authority within 72 hours
- Inform affected individuals without undue delay if high risk to rights and freedoms
- Document all breaches and remedial actions taken
- Implement measures to prevent future breaches
We maintain an incident response plan and conduct regular security assessments to minimize breach risks.
Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. You can contact:
- The supervisory authority in your EU/EEA country of residence
- The supervisory authority where the alleged infringement occurred
- The supervisory authority where we have our main establishment
However, we encourage you to contact us first so we can try to resolve any concerns directly.
Updates to GDPR Compliance
We regularly review and update our GDPR compliance measures. Any significant changes will be communicated through our website and, where required, directly to affected individuals. We encourage you to review this page periodically for updates.
Contact Us
For any GDPR-related questions or to exercise your rights, please contact us:
General Inquiries: info@passpix.io
GDPR Requests: gdpr@passpix.io
Data Protection Officer: dpo@passpix.io
Phone: +1 307-441-3438
Address: PH Global Industries
30 N Gould St Ste R
Sheridan, WY 82801
United States