Privacy PassportScan

Privacy Policy

Last Updated: 01/01/2026

 

1. Introduction

This Privacy Policy explains how GlobeID Limited (“GlobeID”, “we”, “us”, or “our”)
collects, uses, stores, discloses, and safeguards personal data in connection with its
digital identity and guest registration solutions, including the PassportScan family of
products, websites, APIs, and related services (collectively, the “Services”).

PassportScan is a secure digital system that allows accommodation providers (such as
hotels, serviced apartments, and similar establishments) to capture, process, and manage
guest identity information as part of the guest check-in and regulatory reporting process.

This Policy applies to all personal data processed through the Services, including:

  • website visitors
  • users of the PassportScan Cloud and on-premise applications
  • individuals whose identity documents are scanned or whose data is collected during check-in
  • individuals who contact GlobeID via the website or apply for job positions

 

2. Data Protection Roles

2.1 GlobeID as Data Controller

GlobeID acts as a data controller for personal data it processes for its own internal
business purposes, such as:

  • managing website inquiries and registrations
  • enabling user accounts, billing, and subscriptions
  • recruiting and HR processes
  • direct communications related to GlobeID’s business

2.2 GlobeID as Data Processor

When PassportScan is used by accommodation providers to capture guest identity
information and comply with legal check-in and reporting obligations, GlobeID acts as
a data processor on behalf of the accommodation provider (the data controller in that
context).

In such cases, PassportScan processes personal data solely on documented instructions
from the customer. GlobeID’s processing in this role is governed by a separate Data
Processing Agreement (DPA) entered into with the customer.

 

3. Personal Data Collected

3.1 Identity and Guest Registration Data (Hospitality Use Case)

When used by accommodation providers, PassportScan captures and processes identity
information from travellers as part of check-in, including:

  • full name and date of birth
  • nationality and citizenship
  • identity document information (passports, ID cards, visas, driver’s licences)
  • digital images and scans of identity documents
  • data extracted from documents, including machine-readable zones (MRZ)

This may include data relating to all guests present, including minors, where required
for legal compliance.

3.2 Contact and Account Information

When individuals register for Services, contact GlobeID, or request information,
GlobeID may collect:

  • name
  • email address
  • telephone number
  • company or organisation name
  • billing and subscription information

3.3 Technical and Usage Data

When visiting the website or using the Services, GlobeID may collect technical and
usage data, including:

  • IP addresses and device information
  • browser and operating system details
  • log and access records
  • analytics and cookie data, where permitted by the user

3.4 Consent and Digital Signatures

PassportScan may collect digital signatures and consent records when individuals sign
privacy notices, check-in forms, or compliance documents during the check-in process.

 

4. Legal Basis for Processing

4.1 Legal Obligations

Personal data collected during guest check-in is processed to enable accommodation
providers to comply with applicable laws and regulatory requirements, including police
reporting, national statistics reporting, and border control obligations.

4.2 Contractual Necessity

Processing is necessary for the performance of contracts between GlobeID and its
customers, and between accommodation providers and their guests.

4.3 Consent

Where individuals provide consent for specific features (such as analytics cookies or
marketing communications), processing is based on explicit consent.

 

5. How Personal Data Is Used

PassportScan is used to:

  • capture and scan identity documents securely
  • transfer extracted guest data to Property Management Systems (PMS)
  • transmit required data to government or police reporting systems where mandated
  • enable digital check-in, self-check-in kiosks, and consent workflows
  • support guest experience and regulatory compliance

GlobeID, acting as data controller, may also use personal data for responding to
inquiries, account management, and service improvements.

 

6. Data Sharing and Disclosure

6.1 With Accommodation Providers

Processed guest data may be shared with the customer’s internal systems, such as
Property Management Systems or reporting interfaces.

6.2 Governmental and Regulatory Bodies

Where legally required, data may be transmitted to police, immigration authorities,
national statistics offices, or other authorised public bodies.

6.3 Service Providers

GlobeID may engage trusted third-party service providers for secure hosting,
infrastructure, encryption, and operational support. These providers act under
contractual data protection obligations.

6.4 Legal Compliance

Personal data may be disclosed to comply with legal obligations, respond to lawful
requests, or protect GlobeID’s legal rights.

PassportScan does not sell personal data to third parties.

 

7. Data Security and Retention

7.1 Security Measures

GlobeID implements appropriate technical and organisational safeguards, including
encryption in transit and at rest, to protect personal data from unauthorised access,
loss, alteration, or destruction.

7.2 Retention

Personal data is retained only for as long as necessary to fulfil the purposes defined
by the accommodation provider and in accordance with applicable law. Retention
periods may vary by jurisdiction.

 

8. Cookies and Similar Technologies

The website may use cookies and similar technologies to enhance user experience.
Where required by law, consent is requested for non-essential cookies. Users may
manage cookie preferences through browser settings or local controls.

 

9. Data Subject Rights

Individuals may have rights to access, correct, erase, restrict, object to processing,
request portability of their data, or withdraw consent where applicable.

Requests should be directed to the accommodation provider (where PassportScan is
used in that context) or to GlobeID for data processed as controller.

 

10. Children’s Data

PassportScan may process personal data relating to minors where required by law
during guest check-in. Such data is processed solely for legal compliance purposes.

 

11. International Data Transfers

Personal data may be transferred across borders. GlobeID ensures appropriate
safeguards are applied for international transfers in accordance with applicable data
protection laws.

 

12. Changes to This Policy

This Privacy Policy may be updated from time to time. Updated versions will be published on the website with a revised effective date. Continued use of the Services constitutes acceptance of the updated Policy.

13. Main Establishment and Supervisory Authority

For the purposes of Article 4(16) and Article 56 of the General Data Protection Regulation (GDPR), GlobeID has designated Spain as its main establishment for data protection decision-making within the European Union, given that decisions regarding the purposes and means of personal data processing are made from Spanish territory, as are the supervisory and advisory functions carried out by the appointed Data Protection Officer.

Consequently, the main supervisory authority responsible for cross-border processing activities is:

Spanish Data Protection Agency (AEPD)
C/ Jorge Juan 6
28001 Madrid
Spain
www.aepd.es

Data subjects have the right to lodge a complaint with their local supervisory authority in accordance with Article 77 of the GDPR.

“For contractual matters (including Terms & Conditions, DPA, SLA), the governing law is Ireland. For GDPR cross-border processing oversight, Spain has been designated as the main establishment.”

 

Passportscan