Last update: June 18th, 2024
This privacy notice informs you about how Scantrust collects, uses, and protects your personal data when you make use of the Scantrust enterprise and Scantrust (public) mobile applications.
The data controller responsible for your personal data is:
Scantrust S.A. [“we”, “us”, “our”]
EPFL Innovation Park, PSE-D
CH-1015 LAUSANNE
Switzerland
1. How we use your personal data
1.1 We use your personal data to enable you to log in to the Scantrust enterprise mobile app based on the settings and role designation assigned by the administrator of the Scantrust platform account associated with your login credentials. To log in, you will have to provide your email address and password, or your organisation ID for single sign-on. Please note that you cannot create an account on the Scantrust enterprise mobile app. To use this app, you must have an associated account on the Scantrust platform. We rely on the performance of a contract to process the information required for logging in. We will retain this information until the end of the customer relationship / contract.
No account creation or sign in is required when using the Scantrust (public) mobile application.
1.2 When you authenticate a product by scanning the QR code using the Scantrust (public) app, we process information to ensure that the scan works as designed and that the terms and conditions of our service are fulfilled. We rely on the performance of a contract for this purpose. Information processed for this purpose constitutes the scan log and includes: scan time, unique scan ID, user ID, country and city, device / phone model, serial number, scan reason (to query or verify), location (GPS) and product scanned. We will delete this information after 100 days.
1.3 We make use of tracking technologies to remember user preferences, maintain sessions and track user behaviour on our mobile applications. Unique identifiers, embedded scripts, e-tags and fingerprinting help us achieve this purpose. We process usage data such as IP address, time of request, mode of server request, country, type of browser, type of operating system and session duration. We retain this information for 100 days. We do this in our legitimate interest to gather usage data for continuous product improvement.
1.4 When you send a suspected counterfeit report, we process your name, email address, location, and the message associated with the counterfeit report. Counterfeit reports are voluntary and processed on your consent. Withdrawing your consent will not prejudice any processing or investigation commenced prior to the withdrawal.
1.5 When you send a counterfeit report, we enable the sharing of this report with the product / brand owner. This enables the concerned party to take action on the counterfeit report. We process the name, email address, location and the counterfeit report / message you provide. Counterfeit reports are retained until the end of our relationship with the product owner.
1.6 To ensure that our applications are compatible with the device on which they are downloaded and fit for use, we conduct a compatibility check. We process information about your device’s camera to determine if it can scan QR codes and verify / authenticate secure graphics. We process device information in our legitimate interest to ensure that our product can function properly on your device. For more accurate results, we will process your GPS location if you enable it. For this processing of your approximate location, we rely on your consent.
1.7 When you request help or support, we respond to ensure that you receive the help you have requested and that you are able to continue the seamless use of the Scantrust platform. In order to provide support, we process your name, email address, the name of your organisation, the type of enquiry (general, product feedback, billing, change request, onboarding/training, etc.), business impact (urgent, high, medium, low), company plan (Scantrust enterprise, etc.), the support request message and any attachments (file, image) you include in your message. We rely on the performance of a contract in providing the support you request. Information is deleted after the end of the customer relationship.
2. Cookies and tracking technologies
As stated in section 1.3, we make use of cookies and other tracking technologies to gain insight into usage patterns. The table below highlights the cookies / trackers we make use of on the Scantrust mobile apps:
Cookie or tracker | Provider | Type | Category | Duration |
---|---|---|---|---|
Firebase | Persistent | Functional | Until device cache is cleared i.e as long as the tracker is retained on the device | |
Amplitude | Amplitude | Persistent | Analytics | Until device cache is cleared i.e as long as the tracker is retained on the device |
When you make use of the Scantrust mobile applications, your personal data may be transferred to, and processed in, countries outside of the EU. These transfers are conducted in compliance with the GDPR. We take measures to safeguard your data by implementing appropriate safeguards, such as:
- Transferring data only to countries on the adequacy decision list approved by the European Commission or
- Entering into standard contractual clauses approved by the European Commission with the recipient of data
For a full list of the third parties we make use of, please see section 5 of the Scantrust privacy notice [link].
For a general description of the technical and organisational measures we implement to safeguard personal data, please see section 6 of the Scantrust privacy notice [link].
3. Data subject rights available to you
The following rights are available to you as provided under the GDPR:
A. The right of access
You have the right to obtain information about what data we process about you, the purpose(s) of the processing, the recipients of the data and the duration of storage.
B. The right to rectification
You have the right to request the rectification of inaccurate data or incomplete data.
C. The right to erasure
You have the right to request deletion of your data where:
- Data is no longer necessary
- You have objected to the processing under our legitimate interests and no convincing evidence was provided that these interests override your freedoms and liberties
- The processing takes place unlawfully
D. The right to restriction
You have the right to request that your data is restricted for further processing in the following cases:
- You contest the accuracy of the data;
- You believe the processing is unlawful;
- You believe your data is no longer needed in relation to the purpose of its collection.
E. The right to portability
You have the right to receive the personal data we process about you in a structured, commonly used, machine-readable format, and to request the direct transmission of that data to another organisation of your choice.
F. The right to object
You have the right to object to processing carried out in our legitimate interest. Processing will be ceased until we have been able to demonstrate compelling legitimate grounds overriding your rights and freedoms.
G. The right to lodge a complaint with a supervisory authority
You have the right to contact a data protection authority of your choice and formulate a complaint. We kindly request that you contact us first to mutually find a solution in case of any concerns.
4. Data Protection Officer (DPO) contact
Our Data protection Officer appointed by Scantrust B.V. in the Netherlands monitors and oversees data protection compliance in all Scantrust entities. We encourage you to contact us at DPO@scantrust.com to exercise your data subject rights or if you have any privacy related concerns. If you are not satisfied with the way that we have handled your request, you have the right to lodge a complaint with the supervisory authority.
The details of the responsible supervisory authority in Switzerland are:
The Dutch Personal Data Authority
Hoge Nieuwstraat 8
2514 EL The Hague
(+31) – (0)88 – 1805 250
https://autoriteitpersoonsgegevens.nl/
Postal address
PO Box 93374
2509 AJ The Hague
5. Changes to this privacy notice
This privacy notice may be modified at any time to keep up with updates to the Scantrust platform. The date of the last update is visible at the top of this page. Each visit or interaction with the platform is subject to the latest version of this privacy notice.