Privacy Policy

1. Introduction

Passloom (“we”, “our”, or “us”) is committed to protecting your privacy while providing a secure, auditable Digital Product Passport (DPP) execution infrastructure.

This Privacy Policy explains how we collect, use, process, and safeguard information when you use our platform, services, and related applications (collectively, the “Services”).

2. Scope of This Policy

This Privacy Policy applies to:

• Users of the Passloom platform
• Business customers, partners, suppliers, and vendors
• Website visitors and service users

3. Information We Collect

We collect only the data necessary to deliver compliance execution, auditability, and system functionality.

3.1 Personal Information

• Name
• Email address
• Phone number
• Company name, role, and account credentials

3.2 Business & Operational Data

• Product data (e.g., SKU, materials, origin)
• Order and shipment data
• Supply chain and factory data
• Compliance-related data required for DPP generation

3.3 Evidence & Audit Data

• Documents, certifications, and supporting materials
• Images, timestamps, and process records
• Audit trails and verification records

👉 This data is used to construct verifiable, traceable compliance evidence chains.

3.4 Technical Data

• IP address
• Device and browser information
• System logs and usage analytics

3.5 Uploaded Content

• Files, images, certifications, and supporting materials submitted through the platform

4. How We Use Information

We use collected information solely to provide and improve our Services:

• Operate and maintain the Passloom platform
• Process compliance workflows and generate Digital Product Passports (DPP)
• Create structured, verifiable evidence chains and audit trails
• Enable integration with existing systems (ERP, PLM, MES, etc.)
• Communicate updates, tasks, and service notifications
• Ensure system security, integrity, and regulatory compliance

👉 We do not use your data for marketing purposes without explicit consent.

5. Legal Basis for Processing (GDPR)

Where applicable, we process personal data based on:

• Performance of a contract
• Legitimate business interests
• Compliance with legal obligations
• User consent (where required)

6. Data Sharing and Disclosure

We share data only in limited and controlled circumstances:

6.1 Service Providers

• Cloud hosting providers
• Infrastructure and data processing partners
• Technical service providers operating under contractual obligations

6.2 Authorized Business Participants

• Brands, suppliers, factories, and supply chain partners
• Only when required for execution of specific workflows

6.3 Regulatory or Legal Authorities

• When required by law, regulation, or official requests
• Including compliance audits and regulatory inspections

👉 We do not sell, rent, or trade personal data to third parties.

7. Data Ownership and Control

• You retain full ownership of your data
• Passloom acts as a processor of data on your behalf
• You may request access, export, or deletion of your data at any time (subject to legal retention requirements)

8. Data Storage and Security

We implement appropriate technical and organizational measures, including:

• Encryption in transit and at rest
• Access control and authentication mechanisms
• Audit logging and monitoring

For compliance purposes:

• Evidence and audit records may be structured to be tamper-resistant
• System logs maintain traceability of actions and data changes

9. Data Retention

We retain data only as long as necessary for:

• Service delivery and platform functionality
• Compliance and audit requirements
• Legal obligations

Retention periods vary depending on data type and regulatory requirements.

10. International Data Transfers

Your data may be transferred and processed outside your jurisdiction.

We ensure appropriate safeguards, including:

• Standard Contractual Clauses (SCCs)
• Secure transfer mechanisms and contractual protections

11. User Rights

Depending on applicable laws, you may have the right to:

• Access your data
• Correct inaccurate data
• Request deletion
• Restrict or object to processing
• Request data portability

To exercise these rights, contact us at privacy@passloom.co

12. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Ensure platform functionality
• Ensure platform functionality
• Enhance user experience

You may manage cookie preferences through your browser or consent settings.

13. Third-Party Links

Our Services may contain links to third-party websites or services.

We are not responsible for their privacy practices.

14. Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated via the platform or email.

The updated version will include a revised “Effective Date.”