Privacy Policy – Now2Wallet

We take the protection of your personal data seriously. This policy explains what data we process, on what legal basis, and what rights you have under the EU General Data Protection Regulation (GDPR). Sections marked “Now2Wallet service” apply to the account area and pass-generation service; the public website itself sets no cookies and runs no tracking.

1. Controller

The controller responsible for data processing in connection with this website and the Now2Wallet service is:

Company: Odenwald IT Service UG (haftungsbeschränkt)
Address: Schefflenzer Str. 3, 74743 Seckach, Germany
E-Mail: info@now2wallet.com
Register: HRB 752480 (Local Court Mannheim)
VAT ID: DE400101287

2. Hosting

This website and the Now2Wallet service are hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4–6, 32339 Espelkamp, Germany. The provider processes data on our behalf based on a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR. All servers are located in Germany.

3. Data We Collect

3.1 Server log files

When you visit our website, our hosting provider automatically collects the following data, which your browser transmits:

IP address (anonymised after 7 days)
Date and time of the request
Requested URL and HTTP status code
Browser type, operating system, referrer URL

This data is required for technical operation, security and abuse prevention. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure operation). Storage period: 7 days.

3.2 Contact by e-mail

If you contact us by e-mail, we process the data you provide (e.g. name, e-mail address, message content) solely to handle your request. Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in answering enquiries). This data is deleted once it is no longer required and no statutory retention periods apply.

3.3 Now2Wallet account & pass service

When you register for a Now2Wallet account and connect your WooCommerce shop, we process:

Account data: name, e-mail address, company (optional), hashed password (never stored in plain text), API key and two-factor secret (if enabled)
Shop connection: shop URL and an encrypted API secret for authentication
Pass-generation data passed to us per ticket: ticket-holder name, ticket / order number, event data (name, date, venue, seat / section) and the QR / barcode value

Pass-generation data is processed on your behalf to create the requested Apple and Google Wallet passes. It is processed on German servers and is not used for any other purpose. Where you (the merchant) act as controller for this ticket-holder data, we act as your processor under a Data Processing Agreement (see our DPA). Legal basis: Art. 6 (1) (b) GDPR (contract performance). Storage: for the duration of the account / as required to provide the service.

3.4 Cookies / session

The public website (this landing page) sets no cookies at all — no tracking, no analytics, no third-party cookies, no cookie banner required (§ 25 (2) (2) TDDDG / ePrivacy). The Now2Wallet account area, once available, uses only strictly necessary session cookies, set with Secure (HTTPS only), HttpOnly (no JS access) and SameSite=Lax/Strict. Legal basis: Art. 6 (1) (f) GDPR.

3.5 External content / fonts

This website loads no external content from third parties. The fonts (Space Grotesk, Manrope, JetBrains Mono) are served exclusively from our own server in Germany — there is no connection to Google Fonts, Adobe Fonts or any other CDN. QR codes shown on the site are served locally and not requested from any third party.

4. Payments via PayPal (Now2Wallet service)

For paid subscriptions we use PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. When you choose to pay via PayPal, your data is transferred to PayPal. PayPal’s privacy policy: paypal.com/privacy. We receive transaction confirmations and subscription status from PayPal via webhooks. Legal basis: Art. 6 (1) (b) GDPR.

5. Wallet pass delivery (Apple & Google)

When a ticket holder adds a pass to their wallet, the pass is delivered through the wallet infrastructure of Apple Inc. (Apple Wallet) and Google Ireland Ltd. (Google Wallet). The data contained in the pass (event and ticket details, QR value) is transmitted to the respective wallet provider to display and update the pass. This processing is necessary to provide the requested function; legal basis: Art. 6 (1) (b) GDPR.

6. Transactional e-mails

We send transactional e-mails (registration confirmation, password reset, invoices, service notices) via SMTP from our hosting provider. No newsletter and no marketing mail without separate consent.

7. Your Rights (GDPR)

You have the right to:

Access (Art. 15): obtain a copy of your data
Rectification (Art. 16): correct inaccurate data
Erasure (Art. 17): delete your data
Restriction (Art. 18): limit processing
Portability (Art. 20): receive your data in a structured format
Objection (Art. 21): object to processing
Withdraw consent (Art. 7 (3)) at any time
Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at info@now2wallet.com.

8. SSL/TLS encryption

This site uses SSL/TLS encryption to protect the transmission of confidential content. You can recognise an encrypted connection by the lock icon in your browser’s address bar.

9. Changes to this policy

We reserve the right to amend this privacy policy to reflect changes in legal requirements or in the services we offer. The current version applies to your visit.