Last updated: 20 May 2026
Privacy Policy
This Privacy Policy explains how Vertex Battery Passport collects, uses, and protects your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and EU GDPR.
1. Who We Are
Vertex Battery Passport is a proprietary tool of AUTOVERTEX TECHNOLOGIES LTD ("we", "us", "our"), Company Number 16508617, registered at 15 Moorlands Avenue, Dewsbury, United Kingdom, WF13 2JZ. We operate the Digital Battery Passport compliance platform at vertexbatterypassport.com. We act as a data controller for account and usage data, and as a data processor for battery passport data submitted by our clients. For questions about this Privacy Policy or your data rights, contact us at support@vertexbatterypassport.com.
2. Data We Collect
We collect the following categories of personal data: Account data — name, email address, company name, VAT number, country, and password (hashed). Usage data — log files, IP addresses, browser type, pages visited, features used, and timestamps. Battery passport data — data about batteries submitted by clients, which may include manufacturer information. Payment data — billing address and payment method details processed via Stripe (we do not store card numbers). Communications — emails and support messages you send us. We do not collect special category data as defined under GDPR.
3. How We Use Your Data
We use your personal data to: provide and maintain the Service; process your subscription and payments; send transactional emails including account verification, invoices, and service notifications; respond to support requests; improve and develop the Service through anonymised analytics; comply with legal obligations; and prevent fraud and abuse. We do not use your data for targeted advertising or sell it to third parties.
4. Legal Basis for Processing
We process your personal data on the following legal bases: Contract — processing necessary to provide the Service you have subscribed to. Legitimate interests — improving our Service, fraud prevention, and security. Legal obligation — compliance with applicable laws including EU Regulation 2023/1542, which requires retention of battery passport data. Consent — where you have explicitly consented, such as marketing communications (you may withdraw consent at any time).
5. Data Retention
We retain personal data for as long as your account is active and for a period thereafter to comply with legal obligations. Account data is retained for the duration of your subscription plus 2 years. Battery passport data is retained for the lifetime of the battery plus 10 years as required by EU Regulation 2023/1542. Audit logs are retained for 10 years as required by the regulation. Payment records are retained for 7 years for tax and accounting purposes. You may request deletion of your account data at any time, subject to our legal retention obligations.
6. Data Sharing
We share your data only with: Service providers who help us operate the platform, including Render (cloud hosting, Frankfurt, EU), Vercel (frontend hosting), Stripe (payment processing), SendGrid (email delivery), and Cloudflare (file storage). We also use Google Ads for advertising measurement — Google may receive anonymised usage data subject to your cookie consent choices. These providers process data under contracts that comply with GDPR. We may also disclose data where required by law, court order, or regulatory authority. We do not sell personal data to third parties. In the event of a merger or acquisition, data may be transferred as part of the business assets, with notice provided to affected users.
7. International Data Transfers
Our primary infrastructure is located in Frankfurt, EU. Some service providers may process data outside the UK or EU. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or equivalent mechanisms under UK law. Stripe processes payment data in the United States under Standard Contractual Clauses. SendGrid may process email data in the United States under Standard Contractual Clauses.
8. Your Rights
Under UK GDPR and EU GDPR, you have the right to: access the personal data we hold about you; correct inaccurate or incomplete data; request deletion of your data (subject to legal retention obligations); restrict or object to processing in certain circumstances; data portability — receive your data in a structured, machine-readable format; and withdraw consent where processing is based on consent. To exercise any of these rights, contact us at support@vertexbatterypassport.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK or your national data protection authority in the EU.
9. Cookies & Advertising
We use the following types of cookies: Essential cookies — required to maintain your session and keep you logged in; these cannot be disabled. Analytical cookies — help us understand how the platform is used so we can improve it. Marketing cookies — we use Google Ads (Google tag AW-18181403660) to measure the effectiveness of our advertising. These cookies are only set with your explicit consent. When you first visit our site, a cookie consent banner will ask for your preferences. You can choose to accept all cookies, necessary cookies only, or customise your preferences. Your choice is saved and can be changed at any time by clearing your browser cookies and revisiting the site. We implement Google Consent Mode v2, which means Google Ads will only use personalised advertising cookies if you have consented. If you decline marketing cookies, Google may still use anonymised, non-personalised measurement. We do not sell your data to advertisers or use your data for targeted advertising beyond what you have consented to.
10. Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS 1.3) and at rest, hashed passwords using industry-standard algorithms, role-based access controls, regular security assessments, and immutable audit logging of all data access and changes. Despite our measures, no system is completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by GDPR.
11. Children's Privacy
The Service is intended for business use by adults aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately at support@vertexbatterypassport.com and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service at least 30 days before they take effect. We encourage you to review this Policy periodically. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: support@vertexbatterypassport.com. For UK GDPR complaints, you may contact the Information Commissioner's Office at ico.org.uk. For EU GDPR complaints, contact your national data protection authority.