Privacy Policy

This Privacy Policy was last updated on May 9, 2024 .

What Does This Privacy Policy Mean?

This Privacy Policy (Privacy Policy) provides information on how the GlobalPass AG processes your personal data when you apply for a partnership, apply for vacancies, visit websites or make requests.

About the Data Controller

The GlobalPass AG (Data Controller or Company), corporate ID number CH-170-3043885-9, domiciled at Metallstrasse 8, 6300 Zug, Switzerland, is the data controller. You may contact our data protection officer at [email protected].

When providing the GlobalPass service to Clients, the company acts as a Data Processor.

What Is Personal Data?

Personal data is any information collected about a data subject by the Data Controller, which may be used for identifying the data subject. Personal data includes any information, including the data subject’s full name, surname, IP address, etc.

What Kind Personal Data Do We Process and Why?

The Data Controller process your personal data for the following purpose:

For concluding/executing and administrating contracts with Clients

For the purpose to conclude and execute contracts / transactions with legal entities, the Data Controller processes the following personal data: name, surname, contact information, content of correspondence, contract details, etc. These personal data are processed on the basis of a legitimate interest in carrying out the activity and stored for 10 (ten) years after the expiry of the contract.

For sending information regarding commercial offer

For the purpose to send information (notifications) regarding commercial offer the Data Controller processes the following personal data: name, surname, position, e-mail address, phone number. These personal data are processed on the basis of consent and stored for 3 (three) years after receiving the consent.

For carrying out requests/complaints

For the purpose of ensuring the proper handling of request or complaints, the Data Controller will process: name, surname and contact details. This personal data is processed on the basis of consent of data subject and is stored until the request is fulfilled.

For GlobalPass account setup and access to the platform

For the purpose of managing accounts and providing accesses, the Data Controller processes the following personal data of Clients: name, surname, position, contact details (email address, phone number). These personal data are processed on the basis of a contractual obligations and stored until the termination of the contract.

For recruitment of employees

For the purpose of hiring employees, the Data Controller processes the following personal data of the candidate to position: name, surname, email address, telephone number, skills description, education, experience, if candidate is foreign – nationality. This personal data is processed on the basis of consent of candidate and is stored until the end of the recruitment process or period that is written in data subjects consent to store this personal data after recruitment.

When you visit social media site “Linkedin” account

Information communicated to us when visiting our social media sites (including notifications, use of “Like” and “Follow” buttons and other communication) will be controlled by us jointly with social media managers as joint controllers.

Currently, we have the following account: Linkedin “GlobalPass AG”. If you have any questions about how your personal data are processed on that social media site, please read their privacy policy at and contact the service provider directly.

When Data Controller performs as Data Processor in relation to Clients

For the purpose of ensuring the performance of the Company’s activities and the fulfilment of its contracts with its Clients, the processing of personal data by the Company is set by the Terms of use or the Personal data processing agreements.

The responsibility for informing Data subjects about the processing of their personal data lies with the Client.

Our website and cookies used

When you visit our Website, we may place cookies on your device. Cookies are small, often encrypted text files which we place on your browser or hard disc on the basis of your consent. We use different cookies for different purposes as they help us to identify you among other Data Controller Website users. This allows us to make your experience of using our website far more pleasant and to improve it.

We use the following cookies:

Strictly necessary cookies

These cookies are essential for our website to operate. Such cookies process data on the basis of proper performance of the agreement when you visit the website, while we ensure the safety and quality of such visit. Cookies that allow you to log in to access secure areas of our website or to hold your items in your cart while shopping online, or to use electronic accounting systems are examples of strictly necessary cookies.

Analytical and/or performance cookies

They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users easily find what they are looking for. Data collected by these cookies is processed on the basis of your consent.

Functionality cookies

These cookies are used to remember choices you made in the past when you re-visit our website so as to provide you personalised or enhanced features that you select. Data collected by these cookies is processed on the basis of your consent.

You may find a detailed list of the cookies below:

Data processing purpose/
cookie use
Data used
cookie_To store user cookies settings1 yearFunctionalSelected cookie consent
_ga, _ga_*Google cookies to
recognise and distinguish
2 yearAnalyticalUnique Identification ID

How is your personal data processed?

Your personal data will be processed in accordance with the General Data Protection Regulation (GDPR) and other data protection law and soft law sources. We will manage your personal data responsibly and securely. When identifying the means of personal data processing and in the course of such processing, the Company undertakes to implement appropriate technical and organisational measures for protecting your personal data from accidental or unlawful destruction, damage, modification, loss, disclosure or any other kind of illegal handling and to adopt proper measures taking into account the risks around your personal data processing.

Who can we disclose your personal data to?

We may disclose information about you to our employees, intermediaries, service providers, such as debts administrators or debt recovery companies, archiving service providers, marketing services, IT service providers or subcontractors, if necessary for the purposes set forth in this Privacy Policy.
We may disclose your personal data to our data processors who provide us with services (perform work), i. e. IT service providers, auditors, lawyers, consultants, and process your data on behalf of Company as a data controller.

Data processors will be allowed to process your personal data solely based on our instructions and only to the extent necessary. We will take all necessary steps to ensure that our data processors implement the appropriate organizational and technical measures to ensure safety and confidentiality of your personal data.

Your data may also be transferred to public bodies or institutions or other persons who are statutorily entrusted with certain functions. In addition, we may disclose your information in the following cases:

  • If required to do so by law;
  • In order to protect our rights or interests (including the case when your personal data is disclosed to others for debt recovery purposes);
  • When intending to sell any of the Company’s business or assets, we are asked to disclose your personal data to potential buyers of such business or assets;

The list of recipients and their categories contained in this Privacy Policy are subject to change. Therefore, if you wish to be informed of any such change, please let us know by sending us an e-mail at the address given in this Privacy Policy saying that “I wish to be informed of any change of my personal data recipients” and giving your full name.

We do not transfer your personal data to any third country except as specified in this Privacy Policy. Depending on such third country, transfer of personal data may be made on the basis of an adequacy decision (Article 45.3 of the GDPR) or on the basis of your consent (Article 49.1(a) of the GDPR) or for the performance of a contract (Article 49.1(b) or (c) of the GDPR).

What are your rights?

This section gives information about your rights associated with the processing of your personal data by the Data Controller and about how such rights may be exercised. If you want more information about your rights or want to exercise them, please contact us at the e-mail address given in this Privacy Policy.

Right of access to your personal data

In order for you to understand how we use your personal data and to suffer no inconvenience on that account, you may contact us at any time to ask whether any of your personal data is processed by us. If your personal data is stored or used by us in whatever way, you have the right of access to such data. In order for you to exercise such right, please send us your written request at the e-mail address given in this Privacy Policy. We may ask you to confirm your identity in order to grant your request, which should be submitted by you acting reasonably and in good faith.

Right to withdraw consent

You have given us your explicit consent to process your personal data, which may be withdrawn by you at any time by sending us an e-mail at the address given in this Privacy Policy.

Additional rights

Below, please find information about your additional rights that may be exercised by you as follows:

  • You have the right to request us to correct any inaccuracy of your personal data. In that case, we may ask you to confirm the corrected information.
  • You have the right to request us to erase your personal data. This right may be implemented in the cases described in Article 17 of the GDPR.
  • You have the right to request us to restrict/refrain from processing your personal data.
  • You have the right to data portability if processing of such data is carried out by automated means and we have obtained such data from you based on your consent or for the purpose of concluding the agreement. If you opt to exercise this right, we will transmit at your request a copy of the data submitted by you.
  • You have the right to object to processing of your personal data pursuant to Article 21 of the GDPR.
  • Right to request more information.

We hope you understand that it is very difficult to discuss all possible ways how personal data may be collected and used. Therefore, we endeavour to provide as clear and complete information as possible and undertake to update this Privacy Policy if changes are made to the use of personal data. Nevertheless, if you have any questions regarding your personal data use, we will be happy to answer them or to provide you with further information that we are allowed to disclose. Please contact us if you have any specific questions or have not understood the information presented in this Privacy Policy.

How can you exercise your rights?

To enforce your rights, you may submit requests, complaints or claims to us in writing in any of the following ways:

  • By sending an e-mail to [email protected], or
  • By sending a letter to GlobalPass AG, Metallstrasse 8, 6300 Zug, Switzerland.

We will respond to your request, complaint or claim in writing in accordance with the applicable laws and will do our best to provide you with information within the shortest time possible but in no event later than within 30 (thirty) days after receiving your request.

If having received your request, complaint or claim we have doubts about your identity, we may ask for your identity document.

If we fail to provide you with the necessary information and/or should you have complaints about how your personal data are processed, you may approach your national Data Protection Authority (the list of authorities is available here) or Lithuanian State Data Protection Inspectorate ( by filing a complaint.


You are responsible for the confidentiality of your or your children’s data submitted and for ensuring that such data is accurate, correct and complete. You should inform us immediately by e-mail if changes are made to the data you have submitted. Therefore, we will not be held liable for damage resulting from your failure to provide correct or complete personal data or to give us notice of changes made to such data.

How will we inform about changes in our Privacy Policy?

We may update or amend this Privacy Policy at any time. Such updated or amended Privacy Policy will take effect from the date of being published on our website. You should check our website occasionally to make sure that you see the latest version of our Privacy Policy.

Each time our Privacy Policy is updated, we will inform you of all changes that we deem significant by posting them on the website. You may look at the “Update Date” listed at the bottom to find out when the Privacy Policy was last updated.