Privacy Policy

At QRStuff.com, we know that you care about how your personal information is used and shared, and we take our responsibility for the security of your personal information seriously. Unless otherwise stated and for the purposes of all personal data processed by QRStuff.com, we are a Controller.

We are principally governed by the Data Protection Act 2018 of the Isle of Man (UK) and the General Data Protection Regulation (GDPR). We provide this notice to better help you understand our online information practices and policies.

The Information We Collect

We do not require you to provide us your Personal Data in order to access general information available on the Sites, although such activities may still be logged. However, we do receive and collect Personal Data from you in the ways listed below. We receive and collect this data as it is necessary for the adequate facilitation and performance of the contract between you and us, to provide you the Service, to secure our legitimate interests in analyzing the performance of our campaigns and Service, and to allow us to comply with our legal obligations.

  • QR Code Content: If you choose to create a QR code using QRStuff.com, we will collect and store on our server the information you enter into the QR code to facilitate the effective operation, delivery, and management of the QR code created. Some QR Code data types, such as the vCard, meCard, Digital Business Card, Phone Number, SMS, and Email QR code data types, require you to supply personally identifiable information to be encoded into the QR code, and this information will also be stored on our server.

  • Registered Users: If you choose to sign up as a paid subscriber of QRStuff.com, we will ask you to provide personally identifiable information and contact details sufficient to reasonably identify you as the authorized account holder, satisfy the identity requirements of PayPal (our payment service provider), and facilitate the effective operation of the services offered to you as a subscriber.

  • Email Information: If you choose to correspond with us via email, we may retain the content of your email messages together with your email address and our responses to you. We may send you information we think you might find useful (e.g., subscription renewal reminders and technical service updates), but if the email does not relate to your specific account (e.g., new features or promotion discounts), we will always give you the option to opt-out.

  • Automatically Collected Information: We use Google Analytics to measure and evaluate access to, and traffic on, the QRStuff.com website. Google is an independent third-party, and we have no control over the manner in which they may subsequently use the user and visitor activity information collected through our use of the Google Analytics service. We strongly suggest that you review Google’s Google Analytics Privacy and Data Sharing. To opt out of being monitored by Google Analytics, download and install the Google opt-out add-on for your current web browser.

  • Cookies: As you visit and browse the QRStuff.com website, cookies are used to differentiate your actions from those of other users for storing user preferences, tracking user trends, maintaining session log-ins, and monitoring the status of website processes. Cookies do not gather personal information about you, and we do not intentionally request or store any personal information that your browser may offer to us.

We do not store credit card information. All transactions are processed by PayPal, and your credit card details are stored by them. Please refer to the PayPal privacy policy for more information.

How We Use The Information We Collect

At QRStuff.com, we use the information we collect for conducting the day-to-day operation of our business activities, delivering products and services to you, processing payments received from you, monitoring the use of our website, and improving our website content, service offerings, and user interface to better meet the needs of our users.

The website aggregate usage data that we collect through our use of the Google Analytics service is used to resolve technical issues, administer the website, provide insights into website usability, and identify visitor preferences. This data is collected and stored in an anonymized and non-identifiable form, and we do not use any of this data to specifically identify website visitors or users.

Occasionally, we may use the user information that you provide to notify you about important changes to our website, new services, and special offers. You may unsubscribe directly from such email or notify us at any time by email if you do not wish to receive these notifications.

Lawful Basis for Processing

We process your personal data based on:

  • Consent: We process your data when you have given explicit consent for one or more specific purposes. You can withdraw your consent at any time by contacting us at info@qrstuff.com or using the opt-out mechanisms provided in our communications.

  • Contract: Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract.

  • Legal Obligation: We process your data to comply with legal obligations.

  • Vital Interests: Processing is necessary to protect your vital interests or those of another person.

  • Public Interest: Processing is necessary for tasks carried out in the public interest or in the exercise of official authority vested in us.

  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

We will demonstrate that consent has been given for processing and it can be withdrawn at any time by contacting us at info@qrstuff.com.

For children under 16, consent must be given or authorized by the holder of parental responsibility.

Special categories of personal data will only be processed under strict conditions, including explicit consent or as necessary for carrying out obligations and exercising specific rights.

Special categories of data include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a person’s sex life or sexual orientation.

The Right to Access, Correction, and Deletion

We respect your privacy rights and provide you with reasonable access to the personal data that you may have provided to us through your use of our services. If you wish to access or amend any personal data we hold about you, or to request that we delete or transfer any information about you, you may contact us as set forth in the “Questions and Feedback” section (below). At your request, we will have all references to you that do not affect the operation of your subscriber account deleted from our database.

You may update or correct your account information and preferences at any time by accessing the “My Account” section of your paid subscriber account dashboard. Please note that while any changes you make will be reflected in our active user database instantly, or within a reasonable period of time, we may retain all information that you submit for the purposes of backups, archiving, fraud and abuse prevention, analytics, the satisfaction of our legal and data protection obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

Please note that declining to share certain personal details with us may result in us not being able to provide some service features and website functionality.

At any time you may reasonably object to the processing or storage of your personal data, unless otherwise required by applicable law. If you believe that your right to privacy granted by applicable data protection laws has been infringed upon, please contact us at info@qrstuff.com.

This provision does not apply to personal data that has been intentionally encoded into a QR Code. The management of the privacy of QR Code contents is the responsibility of the creator of the QR code. Any request for access, correction, or deletion of personal data encoded into a QR code should be made to the user that created the QR code.

You have the right to request the erasure of your personal data without undue delay under certain conditions, such as:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

  • You withdraw consent on which the processing is based, and there is no other legal ground for processing.

  • You object to the processing and there are no overriding legitimate grounds for processing.

  • The personal data have been unlawfully processed.

  • The personal data have to be erased for compliance with a legal obligation.

  • The personal data have been collected in relation to the offer of information society services to a child.

If we have made your personal data public and are obliged to erase it, we will take reasonable steps, considering available technology and the cost of implementation, to inform other controllers processing the data of your erasure request.

To request erasure, kindly fill the form here.

Right to Restriction of Processing and Object

You have the right to request the restriction of processing of your personal data under certain circumstances. These include situations where you contest the accuracy of your data, allowing us time to verify it; when the processing is unlawful, and you prefer restriction over erasure; if we no longer need your data but you require it for legal claims; or if you have objected to processing pending verification of our legitimate grounds. During the restriction, your data will only be processed with your consent, for legal claims, to protect another person’s rights, or for important public interest reasons. We will inform you before lifting any restriction.

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on our legitimate interests or the performance of a task carried out in the public interest, including profiling based on those provisions. Unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims, we will no longer process your personal data.

Security Of Data

To safeguard the information we collect about you, we have put in place appropriate physical, electronic, technical, and management procedures and protocols to secure our servers against unauthorized access and to maintain the accuracy and integrity of the information and data so stored.

Please note that information we collect about you is stored and processed on our servers in Europe, and the laws pertaining to the storage, protection, and transfer of personal information in the United Kingdom specifically, and the European Union generally, may be more or less stringent than equivalent laws in your country. If you are not located in the European Union, by using the website you hereby consent to the transfer across international boundaries of the information we collect about you.

We store files to AWS S3 bucket. When someone uploads a file to add a logo in QR Code. It needs to be stored somewhere to process. We are storing this user uploaded image in secure AWS S3 bucket with multiple security layers.

We ensure that personal data shall be:

  • Processed lawfully, fairly, and transparently.

  • Collected for specified, legitimate purposes.

  • Adequate, relevant, and limited to what is necessary.

  • Accurate and kept up to date.

  • Retained only for as long as necessary.

  • Processed securely to ensure appropriate security of the data.

Transparent Information and Communication

We are committed to providing you with clear, transparent, and accessible information about how we handle your personal data. All communications regarding your rights will be concise and understandable.

Information We Collect and How We Use It

When we collect your personal data, we ensure transparency by providing the following information:

  • Purpose and Legal Basis: We collect and process data for specified purposes based on legal grounds like your consent, contract performance, legal obligations, vital interests, public interest tasks, or legitimate interests.

  • Recipients of Data: We may share your data with third-party service providers, ensuring they protect your data according to our instructions.

  • International Transfers: If we transfer your data outside the EEA, we ensure appropriate safeguards are in place.

  • Retention Period: We retain data only as long as necessary for its collected purpose or as required by law.

  • Complaints: You can lodge a complaint with a supervisory authority if you have concerns about our data practices.

  • Automated Decision-Making: If we use automated decision-making, we will inform you about the logic involved, the significance, and the potential consequences of such processing.

Third-Party Services

We use several third-party services to optimize our operations. These services include Sentry, Slack, Shopify, monday.com, and Google integrations. Below, we outline how we use these services and provide links to their respective privacy policies.

Sentry

We use Sentry for error tracking and monitoring the performance of our applications.

For more information, refer to the Sentry's Privacy Policy here.

Slack

We use Slack for the users to receive notifications about QR code scans, form submissions, and attendance tracking. We access their Slack workspace's channels so that they can select the channel in which they wish to receive the communication about scanning of QR Codes.

For more information, refer to the Slack's Privacy Policy here.

Shopify

We use Shopify to generate QR codes for products, coupons, orders, etc., in the store of a store owner and collect related information.

For more information, refer to the Shopify's Privacy Policy here.

Google Integrations

We use Google integrations for generating QR codes with its workspace add-ons, accessing files in Google Drive, and facilitating the creation of QR codes in Gmail to add to emails.

For more information, refer to the Google's Privacy Policy here.

monday.com

We use monday.com to generate bulk QR codes using the board and access the board of the customers for data.

For more information, refer to the monday.com's Privacy Policy here.

Refer to our Client ID for monday.com here.

How We Use Information from Third Parties

  • Error Identification and Performance Monitoring: Information collected by Sentry helps us identify and fix errors in our applications, improving your overall experience.

  • Notifications and Communication: Information collected by Slack enables us to provide timely notifications about QR code scans, form submissions, and attendance tracking, ensuring efficient communication.

  • E-commerce Management: Information collected by Shopify allows us to generate QR codes for products, coupons, orders, etc., manage customer data, and improve our online store.

  • QR Code Generation and Email Integration: Information collected by Google helps us generate QR codes with its workspace add-ons, access files in Google Drive, and create QR codes in Gmail to add to emails.

  • Bulk QR Code Generation: Information collected by Monday.com allows us to generate bulk QR codes and access relevant customer data from the boards.

Links To Other Websites

We have included links on the website for your use and reference and you should be aware that the privacy policies of these websites may differ from our own. We cannot, and will not, be held responsible, liable, or accountable for the way in which your personal information is managed, stored, or secured by these websites.

Children

We comply with the requirements of COPPA (Children’s Online Privacy Protection Act) and we do not intentionally or knowingly collect personally identifiable information from children under the age of 14.

As a general policy, we ask that minors do not submit personally identifiable information to us and only use our website with the permission of, and/or under the supervision of, a parent or guardian.

Acquisition or Changes in Ownership

In the event that the QRStuff.com website, the underlying business, or a substantial portion of its assets, is acquired by, sold to, or merged with another entity, the information that we have collected about you as a user of the QRStuff.com website will be considered an asset of the business and will be transferred into the ownership of said entity.

Seeking Judicial Remedy Against QRStuff

If you believe that your rights under this Regulation have been infringed due to the processing of your personal data in non-compliance with GDPR, you have the right to seek an effective judicial remedy against QRStuff.

Proceedings against QRStuff should be initiated in the courts of the Member State where QRStuff has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where you have your habitual residence, unless QRStuff is a public authority of a Member State acting in the exercise of its public powers.

Your Consent

By using our website, you consent to the collection and use of this information. We commit to notifying you of any changes to this privacy policy in a clear and timely manner.


Last updated 14-June-2024