QrBarKit

GDPR Compliance Statement

GDPR Compliance Statement for QrBarKit
dic. 22, 2025

GDPR Compliance Statement

Last Updated: December 22, 2025

At qrbarkit, we are committed to protecting the data privacy and security of our users. We fully support the General Data Protection Regulation (GDPR), which sets the standard for data protection for citizens of the European Union (EU) and the European Economic Area (EEA).

This document outlines our approach to GDPR compliance and explains your rights regarding your personal data.

1. Our Role

Under the GDPR, qrbarkit acts as:

  • Data Controller: For the personal information you provide to us directly when creating an account, making a payment, or contacting support (e.g., your email, name, billing details).
  • Data Processor: For the data generated when end-users scan the QR codes you create (e.g., scan timestamps, approximate location, device type). We process this data on your behalf to provide analytics.

2. Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so, including:

  • Contractual Necessity: To provide the services you subscribed to (e.g., generating QR codes, maintaining your account).
  • Legitimate Interests: To improve our services, prevent fraud, and ensure the security of our platform.
  • Consent: For non-essential cookies and marketing communications (which you can withdraw at any time).
  • Legal Obligation: To comply with tax, accounting, and other legal requirements.

3. Your Rights Under GDPR

If you are a resident of the EU/EEA, you have the following rights regarding your personal data:

  1. Right to Access: You have the right to request copies of your personal data that we hold.
  2. Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  3. Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data, under certain conditions (e.g., if you close your account).
  4. Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
  5. Right to Object: You have the right to object to our processing of your personal data (e.g., for direct marketing).
  6. Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured, machine-readable format.

4. Data Collection via QR Codes

For the dynamic QR codes generated on our platform:

  • We collect Usage Data such as IP addresses (often anonymized), device type, operating system, and time of scan.
  • This data is used solely for the purpose of providing analytics and performance statistics to our users.
  • We do not use this data to build personal profiles of the individuals scanning the QR codes for third-party advertising purposes.

5. International Data Transfers

qrbarkit operates globally. Your data may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as using Standard Contractual Clauses (SCCs) approved by the European Commission or relying on service providers who adhere to international security standards.

6. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. This includes:

  • Encryption of data in transit (SSL/TLS).
  • Secure access controls and authentication.
  • Regular security assessments.

In the unlikely event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

7. Third-Party Sub-processors

We engage trusted third-party service providers (Sub-processors) to assist in operating our Service (e.g., payment processing, cloud hosting, email delivery). We ensure that all Sub-processors are GDPR compliant and are bound by confidentiality agreements.

8. Contact Our Data Protection Officer

If you have any questions about this GDPR Compliance Statement, or if you wish to exercise any of your rights mentioned above, please contact us. We will respond to your request within one month.