Privacy Policy

Last updated: January 1, 2025

1. Introduction

DPP Services ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you use our Digital Product Passport (DPP) compliance platform and related services.

2. Information We Collect

Personal Information

• Name and contact information (email, phone number)
• Company details and role information
• Account credentials and authentication data
• Payment and billing information

Product Data

• Product information uploaded for DPP generation
• GTIN numbers and product identifiers
• Compliance documentation and certifications
• Digital product passport data

Usage Information

• Platform usage analytics and performance metrics
• API usage logs and integration data
• Browser information and device identifiers
• IP addresses and location data

3. How We Use Your Information

• Provide and maintain our DPP compliance services
• Generate and manage digital product passports
• Process payments and manage subscriptions
• Provide customer support and technical assistance
• Ensure ESPR compliance and regulatory requirements
• Improve our platform and develop new features
• Send important service updates and notifications
• Prevent fraud and ensure platform security

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

• Contractual necessity: To provide our services and fulfill our contract with you
• Legitimate interests: To improve our services, prevent fraud, and ensure security
• Legal compliance: To meet ESPR and other regulatory requirements
• Consent: For marketing communications and optional features

5. Data Sharing and Disclosure

We may share your information with:

• EU regulatory authorities as required for ESPR compliance
• Trusted service providers and business partners
• Payment processors for billing and subscription management
• Legal authorities when required by law or to protect our rights

We never sell your personal data to third parties for marketing purposes.

6. Data Security

We implement industry-standard security measures including encryption, secure data centers, regular security audits, and access controls to protect your information. However, no method of transmission over the internet is 100% secure.

7. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

• Access your personal data
• Correct inaccurate or incomplete data
• Delete your personal data (right to erasure)
• Restrict or object to data processing
• Data portability
• Withdraw consent at any time
• File a complaint with supervisory authorities

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy, typically for the duration of your account plus 7 years for compliance and legal purposes. Product data may be retained longer to support ongoing ESPR compliance requirements.

9. International Transfers

Your data is primarily stored and processed within the European Union. Any international transfers are protected by appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

10. Changes to This Policy

We may update this privacy policy periodically. We will notify you of any material changes by email or through our platform. Your continued use of our services after such modifications constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy or wish to exercise your rights, contact us: