Compliance & Security

Supporting your compliance needs

At VPass, we are committed to continually develop features that meet global standards and compliance strategies that assists you and helps make VPass a greater product. We understand the importance of compliance and the effects it has on your business and are involved in meeting different standards in countries all around the world.

EU General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a set of new regulations designed to harmonize data privacy laws across Europe and strengthen privacy regulations for citizens of the European Union. In addition to all organizations within the EU, GDPR also applies to organizations in other countries who offer goods or services to EU citizens.

Is VPass preparing for the GDPR?

We are committed to ensuring GDPR compliance and have implemented the following measures:

  • Identifying the Personally Identifiable Information (PII)/Personal Data that is being collected and making sure that it is handled in accordance with GDPR standards
  • Providing our users with appropriate control mechanisms over visitor and personal data
  • Reviewing our security and privacy processes currently in place in order to enhance them as needed, and providing the necessary documentation as per the GDPR requirements
  • Working with our partners to ensure GDPR compliance during data exchange
  • Training the responsible VPass employees in terms of GDPR regulations and procedures
  • Updating our Privacy Policy and Terms & Conditions agreements to bring them into full accordance with the new regulations… along with a Data Processing Addendum


Is VPass GDPR compliant?
Yes. In terms of a VPass customer’s management of visitor data, the following measures have been put in place:

  • Visitor data in the EU & UK VPass accounts is purged after 3 months
  • Visitor data elsewhere is purged after 12 months
  • A VPass account holder can delete data (between a date range) from their account as deemed necessary

Is my service going to change?
No, nothing changes in the scope of provided services.

Will I be able to use VPass in all regions around the world?
Yes, VPass will ensure you can continue running GDPR-compliant services around the world.

What do you use personal data for?
In terms of the VPass to customer relationship, we only use personal data as needed to run the service. This may have been provided to us via web site contact forms, email correspondence, online chat etc. We value your privacy and we’ll do everything we can to protect it. This data is only held for a period of 9 months.

How long is the data retained?
Personal Data: This is retained for the duration of your service and after that for up to 9 months in backup systems that automatically purge the data.

Visitor Data: When a visitor signs in on the VPass App, this data is only held in the EU for a period of 3 months. Elsewhere, data is retained for 12 months.

Are you processing data outside of EU?
ITWT P/L is an Australian company operating our services globally in more than 15 regions. Your data primarily stays in regions where you decide where your data will reside. Logs of search queries and operations can be processed outside of the EU but always stay in a system respecting privacy and security, ensured by VPass.