Privacy Policy

Last updated: March 2026 · Effective: March 2026

This Privacy Policy describes how VisitorPass ("we", "us", "our") collects, uses and protects personal data when you use our visitor management and workplace platform at www.visitorpass.eu and any subdomain such as your-domain.visitorpass.eu.

1. Who We Are

VisitorPass is operated by AurisTec and acts as a Data Processor on behalf of our customers (organisations that subscribe to VisitorPass). Our customers are the Data Controllers in respect of visitor and employee data held within their VisitorPass account.

For data relating to your use of this marketing website (www.visitorpass.eu), we act as Data Controller.

2. Data We Process

2.1 Visitor and Employee Data (within the platform)

Data is collected and stored on behalf of our customers. This may include:

Visitor: full name, email address, company, mobile number, visit date/time, host name.
Employee (TimeSheet): name, email, clock-in/out times, project codes.
Employee (Space Booking): name, email, resource bookings.
Fault Report: name, email, location, fault description and photo.

2.2 Marketing Website Data

When you visit www.visitorpass.eu we may collect:

Web server logs (IP address, browser type, pages visited, timestamp).
Contact form submissions (name, email, message) when you request a trial or demo.

3. Legal Bases for Processing

For visitor data we process as a Data Processor under the instructions of our customer (Data Controller). Our customer's legal bases typically include:

Legitimate interests — for security and building access management.
Contractual necessity — for TimeSheet and Space Booking.
Consent — where explicitly obtained during visitor registration.

For our own marketing website data, our legal basis is legitimate interests (website security and enquiry handling).

4. Data Retention

Visitor data is automatically anonymised after the retention period configured by the customer (default: 12 months). No manual clean-up is required. After anonymisation, only aggregate statistics (visit counts) are retained.

Customers can configure shorter retention periods, or delete individual records on demand, from the GDPR admin panel.

5. Data Transfers

All personal data is stored and processed on servers located within the European Union. We do not transfer personal data to third countries.

6. Data Subject Rights

Individuals whose data is held within VisitorPass have the following rights under GDPR:

Right of access (Article 15)
Right to rectification (Article 16)
Right to erasure ("right to be forgotten") (Article 17)
Right to restriction of processing (Article 18)
Right to data portability (Article 20)
Right to object (Article 21)

Requests relating to data held by a specific organisation should be directed to that organisation (the Data Controller). For data held on this marketing website, contact us at privacy@visitorpass.eu.

7. Security Measures

All data in transit is encrypted using TLS 1.2 or higher (HTTPS enforced).
Data at rest is encrypted on the database server level.
Access to production systems is restricted by role and requires multi-factor authentication.
Regular automated backups are taken and stored in a separate geographic zone within the EU.
Penetration testing is performed on a scheduled basis.

8. Cookies

This marketing website uses only essential, first-party cookies required for session management. We do not use advertising cookies or third-party analytics trackers. See our Cookie Policy for details.

9. Data Processing Agreement

A Data Processing Agreement (DPA) compliant with GDPR Article 28 is available to all VisitorPass customers. Contact legal@visitorpass.eu to request a copy.

10. Contact

For privacy-related enquiries:

Email: privacy@visitorpass.eu
Post: VisitorPass Privacy, AurisTec

You also have the right to lodge a complaint with your national supervisory authority.