Legal

Privacy Policy

We take the protection of your personal data seriously. This policy explains which data we process, on which legal basis, for which purpose and for how long — fully aligned with GDPR and the German TDDDG.

Last updated: June 2026 · Version 2.1

Contents12
  1. 01Overview
  2. 02Controller
  3. 03Data collected when visiting
  4. 04Contacting us
  5. 05Registration & account
  6. 06Payment processing
  7. 07Hosting & EU data location
  8. 08Processors
  9. 09Cookies & similar tech
  10. 10Retention periods
  11. 11Your rights
  12. 12Changes to this policy

Overview

BatteriePassWerk is a software-as-a-service platform for issuing digital battery passports under EU Regulation 2023/1542. We only process data that is necessary to operate the website, deliver the agreed service and meet our legal obligations.

All processing takes place on servers within the European Union. Personal data is in principle not transferred to third countries; where this is unavoidable, it is explicitly disclosed in this policy.

Controller under the GDPR

BatteriePassWerk
c/o GAM, Majid Goschka
Pappelallee 64, 10437 Berlin, Germany
Phone: 034203-449300
E-mail: support@batteriepasswerk.com

For privacy-related enquiries please contact compliance@batteriepasswerk.com. An external data protection officer is not legally required; the address above reaches our compliance function directly.

Data collected when visiting the website

When you visit our website your browser automatically sends information to our EU host which is stored temporarily in a server log file:

  • IP address of the requesting device (truncated after 7 days)
  • Date, time and time zone of the request
  • Name and URL of the requested file, HTTP status code and data volume
  • Browser type, version, operating system and language
  • Referrer URL, if transmitted by the browser

Legal basis is Article 6 (1) (f) GDPR. Our legitimate interest is stable operation, security against attacks and diagnosing technical faults. Log data is deleted or fully anonymised within 30 days.

Contacting us

When you contact us by e-mail, phone or via a form, we process your input (name, company, contact data, content of the enquiry) for the purpose of handling your request. Legal basis is Article 6 (1) (b) GDPR for pre-contractual enquiries, and Article 6 (1) (f) GDPR otherwise.

Your enquiry is deleted as soon as it has been fully handled and no statutory retention obligations (e.g. §§ 257 HGB, 147 AO) apply.

Registration and user account

Using the platform requires a user account. We process e-mail address, name, company, role and a hashed password. Legal basis is Article 6 (1) (b) GDPR. If you use single sign-on (e.g. Microsoft Entra), only the identifier provided by the identity provider is stored.

Payment processing

For paid plans, payments are processed by specialised EU-based payment service providers. Only the data necessary for the payment is transmitted to the respective provider. We do not store full card or bank account data. Invoice data is retained for ten years (§ 147 AO).

Hosting and EU data location

Hosting, databases, object storage and backups are operated in data centres within the European Union. We select hosting providers based on ISO 27001 certification, encryption in transit (TLS 1.2+) and encryption at rest (AES-256).

Processors

Data processing agreements pursuant to Article 28 GDPR are in place with all providers processing personal data on our behalf. A current and complete list of our processors — including purpose and location — is available on request.

Cookies and similar technologies

We exclusively use strictly necessary cookies (e.g. session ID, language preference, security tokens). These do not require consent under § 25 (2) (2) TDDDG. Optional analytics or marketing cookies are not set.

Detailed information about the cookies we use and how to manage your settings is available in our cookie settings.

Retention periods

Server logs
up to 30 days, IP truncated after 7 days
Contact enquiries
until fully handled, then 6 months
User account
for the duration of the contractual relationship
Invoices
10 years (§ 147 AO)

Your rights as a data subject

You have the right to:

  • access (Art. 15 GDPR)
  • rectification (Art. 16 GDPR)
  • erasure (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability in a structured format (Art. 20 GDPR)
  • objection to processing (Art. 21 GDPR)
  • withdrawal of consent with effect for the future (Art. 7 (3) GDPR)
  • complaint to a supervisory authority (Art. 77 GDPR)

The competent supervisory authority for our location is the Berlin Commissioner for Data Protection and Freedom of Information (Friedrichstr. 219, 10969 Berlin). Please send requests to us at compliance@batteriepasswerk.com. We respond within the statutory period of one month.

Changes to this privacy policy

We update this policy when legal or factual circumstances change. The current version is always available on this page; the date of the most recent update is shown above.