TheScanBadge

Subprocessor Transparency

Last updated: April 2026

TheScanBadge
Last updated: April 2026

1. Introduction

This page provides transparency regarding third-party service providers (“Subprocessors”) engaged by TheScanBadge for the delivery of its Services.

In accordance with Article 28 GDPR, TheScanBadge ensures that all subprocessors:

  • Are contractually bound to data protection obligations
  • Provide adequate technical and organizational measures
  • Process personal data only under documented instructions
  • Operate in compliance with applicable EU data protection laws

2. Technical Infrastructure & Operations

ItalianCloud

Role: Technical partner for infrastructure, development, and platform operations
Location: Germany (EU)

Purpose:

  • Platform infrastructure and system configurations
  • User-related data strictly required for development and support
  • Financial and operational data where necessary for business continuity and platform integrity

Safeguards & Obligations:

  • Access is limited to what is strictly necessary
  • Performed under strict confidentiality obligations
  • Governed by internal agreements and data protection policies
  • Processes data only on documented instructions
  • Implements appropriate technical and organizational measures
  • Operates in accordance with applicable European data protection laws, including the GDPR

3. Core Hosting & Infrastructure

Hetzner Online GmbH

Role: Infrastructure & Cloud Hosting Provider
Location: Germany (EU)

Purpose:

  • Secure hosting of platform infrastructure
  • Data storage
  • Network operations

Data processed:

  • Account data
  • Digital profile data
  • Reservation data
  • Technical logs

Legal safeguards:

  • GDPR-compliant data processing agreement
  • EU-based data centers
  • Standard Contractual Clauses (if applicable)

4. Payment Processing

Mollie B.V.

Role: Payment Service Provider
Location: Netherlands (EU)

Purpose:

  • Processing payments
  • Transaction handling
  • Fraud monitoring

Important: TheScanBadge does not store or process full payment card details. Payment data is processed directly by Mollie under its own privacy policy.

Legal safeguards:

  • Licensed EU payment provider
  • GDPR-compliant processing

5. API & External Service Providers

Google Maps Platform

Role: Address lookup functionality

Purpose:

  • Business and address auto-complete
  • Location search during onboarding

Usage characteristics:

  • Triggered only by user input
  • Transactional usage (no background tracking)
  • No profiling or marketing usage by TheScanBadge

Data processed:

  • IP address (technical necessity)
  • Address search queries

Safeguards:

  • Google EU data protection terms
  • Standard Contractual Clauses where applicable

6. Wallet Integrations

Apple Wallet (Apple Inc.)

Purpose: Provisioning of digital wallet passes

Processing:

  • Pass generation only
  • No access to Apple ID or payment data

Google Wallet

Purpose: Provisioning of digital wallet passes

Processing:

  • One-time pass generation
  • No access to payment or wallet transactions

Wallet integrations are initiated only upon explicit user request.

7. Shipping & Logistics

Sendcloud

Role: Shipping and fulfillment platform

Purpose:

  • Generating shipping labels
  • Package tracking

Entities & Locations:

  • Netherlands, Belgium, Spain, Rest of the World: Sendcloud B.V. (KvK 66572959) - Stadhuisplein 10, 5611 EM Eindhoven, Netherlands
  • Germany, Austria: Sendcloud GmbH (HRB 224901) - Fürstenrieder Str. 70, 80686 München, Germany
  • United Kingdom: Sendcloud Ltd. (12735708) - Unit 21 Elmdon Trading Estate, Bickenhill Ln, Marston Green, Birmingham B37 7HE, United Kingdom
  • France: Sendcloud SAS (83268221500039) - 4 Rue Jules Lefebvre, 75009 Paris, France
  • Italy: Sendcloud Srl (13613790966) - Via F.lli Gabba 1/A, 20121 Milan, Italy

8. Data Center Locations (Infrastructure)

Primary infrastructure is located within the European Economic Area (EEA), including:

  • Rotterdam, Netherlands
  • Heerlen, Netherlands
  • Falkenstein, Germany
  • Eindhoven, Netherlands

Data is not intentionally transferred outside the EEA unless legally required and protected by appropriate safeguards.

9. Subprocessor Updates

TheScanBadge may update this list as infrastructure evolves.

Material changes affecting personal data processing will be:

  • Reflected on this page
  • Communicated to business customers where required

10. Controller vs Processor Clarification

For B2C users, TheScanBadge acts as Data Controller.

For B2B customers, TheScanBadge acts as Data Processor in accordance with the applicable Data Processing Agreement.

11. Contact

For questions regarding subprocessors: