GDPR & Data Protection

1. Data Controller

The data controller for processing carried out through permitgoworldwide.com is PERMIT GO WORLDWIDE, operated in partnership with SASU SWAP CHAIN (SIRET 10432020500016, VAT FR21104320205, RCS Briey), 3 Rue de la Taye, 54240 Jœuf, France. You can reach our data protection contact at contact@permitgoworldwide.com.

2. Scope

This policy applies to personal data we collect when you visit our website, request a quote, place an order, contact our support team, subscribe to communications, or otherwise interact with our services.

3. Lawful Bases for Processing

We only process personal data when we have a valid legal basis under Article 6 of the GDPR, namely:

• Performance of a contract (Art. 6(1)(b)) — to process your order and deliver the service you purchased.
• Compliance with a legal obligation (Art. 6(1)(c)) — to retain billing records, tax documentation and respond to legitimate requests from authorities.
• Legitimate interest (Art. 6(1)(f)) — to operate, secure and improve our services, prevent fraud and respond to customer inquiries.
• Consent (Art. 6(1)(a)) — for non-essential cookies, marketing communications and optional features.

4. Categories of Data

• Identity data: full name, date of birth, nationality.
• Contact data: email, phone number, postal address.
• License data: license number, country of issue, issue and expiry dates, scanned copies of your license and identity photo.
• Order data: selected plan, destinations, shipping option, order status, tracking code.
• Payment data: processed directly by Stripe; we do not store full card numbers.
• Technical data: IP address, device, browser, language, pages viewed, timestamps.

5. Processing Purposes

• Creating and fulfilling your order.
• Translating and preparing your International Driving Document.
• Shipping and tracking printed deliveries.
• Customer service and post-order support.
• Fraud prevention, security monitoring and abuse detection.
• Compliance with accounting, tax and other legal obligations.
• Service improvement and aggregated analytics.
• With your consent: marketing emails and optional cookies.

6. Retention Periods

• Order and license documents: for the validity period of the document plus 12 months, then archived in anonymised form.
• Accounting records: 10 years (French Commercial Code).
• Account / contact data: 3 years from last interaction.
• Marketing data: until you withdraw consent.
• Cookies: see our Cookie Policy.

7. International Transfers

Some of our processors (e.g. hosting, payment, email) may operate outside the European Economic Area. Where this is the case, transfers are framed by appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and supplementary technical measures.

8. Your Rights

Under the GDPR you have the right to:

• Access the personal data we hold about you (Art. 15).
• Request rectification of inaccurate data (Art. 16).
• Request erasure where applicable (Art. 17).
• Restrict processing in certain circumstances (Art. 18).
• Receive your data in a portable format (Art. 20).
• Object to processing based on legitimate interest (Art. 21).
• Withdraw consent at any time, without affecting prior lawful processing.
• Define directives concerning the use of your data after death (French Data Protection Act).

9. Exercising Your Rights

Send a written request to contact@permitgoworldwide.com with the subject "GDPR request". For security reasons we may ask for proof of identity. We respond within one (1) month, extendable by two (2) months for complex requests.

10. Lodging a Complaint

If you believe your rights are not respected, you may lodge a complaint with the French data protection authority (CNIL) at www.cnil.fr or with the supervisory authority of your EU country of residence.

11. Security Measures

We apply industry-standard technical and organisational measures: encryption in transit (TLS), access controls, least-privilege permissions, secure document storage, regular backups, monitoring and confidentiality obligations for staff and subprocessors.

12. Updates

This page may evolve to reflect regulatory changes or improvements to our processing activities. The "Last updated" date at the top of the page indicates the most recent revision.