1. Roles and Responsibility
In the context of Veritag services:
- Veritag as Data Processor: We act as a processor for our business clients (manufacturers) who use our platform to manage their product authenticity.
- Manufacturer as Data Controller: Our clients are the controllers of the data they collect during the product verification journey (e.g., warranty registrations).
2. Data Subject Access Rights
We provide tools to our clients to ensure they can honor the following GDPR rights for their customers:
Right to Access
Instant exports of all data associated with a specific user ID.
Right to Erasure
Automated "Forget Me" requests that purge user-product associations.
Right to Portability
Standard JSON/CSV exports for easy data movement.
Right to Rectification
Simple interfaces for users to update their product registrations.
3. Data Collection Logic
Our verification technology is uniquely engineered to provide security without tracking. Here is our default data collection logic:
| Data Point | Collected? | Purpose |
|---|---|---|
| IP Address | Temporary | Fraud detection & Rate limiting only |
| Geo-Location | Coarse | Regional authenticity heatmaps (City-level) |
| User Identity | No | Verification works without an account |
| Browser Specs | Yes | Optimizing the mobile scan interface |
4. Approved Sub-processors
To deliver our service, we use a limited number of sub-processors who meet our strict security standards:
- Google Cloud (Belgium/Germany) Infrastructure & Hosting
- Postmark (EU Instance) Transactional Email
- Cloudflare CDN & WAF Security
Contact our DPO
Our dedicated Data Protection Officer is available to handle any privacy-related inquiries or data requests.
privacy@veritag.com