GDPR Privacy Policy

1. Scope

This policy applies to personal data of natural persons resident in the European Union, European Economic Area, or United Kingdom, processed by GlobePass Travel Documents Ltd. in connection with the GlobePass service. It supplements our general Privacy Policy.

2. Lawful bases for processing

We rely on the following lawful bases under GDPR Article 6:

• Article 6(1)(b) — contract: processing necessary to translate your license, ship your permit, and provide customer support.
• Article 6(1)(c) — legal obligation: processing to comply with tax, anti-money-laundering, and shipping export rules.
• Article 6(1)(f) — legitimate interests: fraud prevention, site analytics, and improving the service.
• Article 6(1)(a) — consent: marketing emails and optional cookies. Withdrawn at any time without penalty.

3. Special category data

We do not knowingly collect special category data (Article 9), and we ask that you do not upload documents containing health information, religious affiliation, or political opinions when applying. If you do, we will treat such data as if you had given explicit consent under Article 9(2)(a) only for the purpose of processing your application.

4. International transfers

Where personal data of EU residents is processed outside the EU/EEA — for example, by a translator working remotely from Egypt — we use the EU Commission's Standard Contractual Clauses (2021) and apply supplementary technical measures including end-to-end encryption.

5. Your GDPR rights

Under GDPR you have the right to:

• Access (Article 15) — receive a copy of all personal data we hold about you.
• Rectification (Article 16) — correct inaccurate or incomplete data.
• Erasure (Article 17) — request deletion, subject to legal retention requirements.
• Restriction (Article 18) — pause processing while a complaint is reviewed.
• Portability (Article 20) — receive your data in a machine-readable format.
• Object (Article 21) — to marketing and profiling at any time.
• Withdraw consent — at any time, without penalty.
• Lodge a complaint with your local supervisory authority.

Email dpo@globepass.example to exercise any right. We respond within 30 days; complex requests may take up to 90 days (you will be informed).

6. Automated decision-making

We do not make decisions about you using fully automated processing. Document verification uses machine-learning models to flag potential issues, but every flagged application is reviewed by a human before any decision affecting you is made.

7. EU representative

Our GDPR representative in the EU is GlobePass Privacy Services GmbH, Friedrichstraße 68, 10117 Berlin, Germany. Email eu-rep@globepass.example for any EU-specific matter.

8. UK representative

Our UK GDPR representative is GlobePass Privacy Services UK Ltd., 1 Finsbury Avenue, London EC2M 2PF, United Kingdom. Email uk-rep@globepass.example.