Smart Battery Pass
Terms Privacy DPA Subprocessors Imprint
DE EN
Log in
DPA / Data Processing Addendum

Data Processing

This overview describes data processing for customer data in Smart Battery Pass and may serve as a basis for a separate data processing agreement.

1. Roles

The customer remains controller for personal data processed in Smart Battery Pass. Smart Battery Pass processes that data as processor under documented customer instructions. For its own website, lead, account and billing purposes, Smart Battery Pass acts as controller.

2. Subject matter, duration and purpose

The subject matter is operation of a B2B SaaS application for EU Battery Passport readiness: battery models, required fields, supplier requests, evidence documents, review/approval workflows, audit logs, passport previews, QR codes and reports.

3. Data types and data subjects

  • Data types: contact data, roles, login and security data, supplier contacts, comments, documents, audit events, technical metadata, billing and contract references.
  • Data subjects: customer employees, supplier contacts, auditors, prospect contacts and other business contacts entered by the customer.
  • Special categories of personal data are not intended and may be processed only under a separate agreement.

4. Customer instructions

Smart Battery Pass processes processor data only under documented customer instructions, including application use, configuration, support requests or written instructions. Obviously unlawful instructions may be paused for clarification.

5. Technical and organizational measures

  • Tenant separation through organizations and role-based access controls.
  • Private S3/Supabase file storage, signed downloads and access controls.
  • Supplier Portal with high-entropy token links, token hashing, expiry and rate limits.
  • Append-only audit logs with hash-chain verification.
  • HTTPS, secure cookies, security headers, Fail2ban/UFW on the server and monitoring.
  • Backup concept with local and offsite backups and restore procedure.
  • Virus scan workflow for uploads, quarantine status and blocked downloads for unverified files.

6. Subprocessors

The customer grants general authorization to use the subprocessors listed on the Subprocessors page. Smart Battery Pass will notify customers of material changes with reasonable notice.

7. Customer support

Smart Battery Pass supports the customer to a reasonable extent with data subject requests, data protection impact assessments, security incidents, records and audits where required for the processing.

8. Deletion and return

After contract end, Smart Battery Pass provides export or deletion options. Active product data is deleted or anonymized by default within 30 days unless retention duties or separate agreements apply. Backups are deleted through regular backup rotation.

9. Audit rights

Smart Battery Pass provides reasonable information on compliance with these rules upon request. Audits are coordinated in advance and generally performed through document review or external evidence.

We use necessary cookies for security, login and language. Optional Google Analytics runs only with your consent. Learn more