We take the opportunity to create a stronger data protection basis for the benefit of all. We undertake that our platform will be GDPR compliant if the regulation becomes enforceable on May 25, 2018.
On this page you will find resources on the subject of data protection, where and how will apply this and prepare your data and that of your customers GDPR compliant.
When creating an account on our site, at least an e-mail address is required. With this unique identification, you can log in to your account and we can inform about changes in our terms and conditions. If you create a paid account, you can optionally enter your name, address, telephone number and VAT ID. We use this data exclusively for the purpose of issuing invoices.
In the first days you will receive onboarding e-mails that explain how to use the platform. You can unsubscribe at any time by clicking on the unsubscribe link in the mail.
You will receive newsletters separately only if you have given us your explicit consent. The consent can be revoked at any time.
We store all access to our servers in so-called log files. These include the IP address and which resource was accessed. The data in the log files are not linked to any persons. Only in case of a criminal act or attack on our infrastructure we use the log files to find a clue about the attack or forward the log data to the authorities. The logs will be deleted after one year.
For each user account or QR code created, the IP address is saved. In case the QR code points to a fraudulent site with illegal content, we are able to temporarily disable the QR code or the user account and to hand over the IP address to the authorities. If the account or the QR code is deleted, the stored IP address will also be deleted.
For the evaluation of visitors on our website we use Matomo. This helps us to understand how often and from where our website is visited. IP addresses are saved anonymously in Matomo. The last three digits of the IP address are omitted and thus no personal identification of visitors more possible.
You have the right to ask for confirmation as to whether personal data is being processed and for information about this data.
You have the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
You have the right to receive data that you have provided to us and to request their transmission to other persons responsible.
The new GDPR gives you the right to be forgotten. We have implemented this consistently and do not keep any of your data for longer than necessary.
Upon request, we will immediately delete all data you have created (QR codes, landing pages, statistics). If you have been a customer with us and have already received an invoice, we have to keep your billing data for the tax office for 7 years.
You can also delete your data yourself if you cancel your account. To do this, log in to your account and click in your account settings to "close account". Thereafter, all data will be deleted by you.
If your account has been deactivated, this will be 2 years from us archived for a possible restore. Thereafter, all data will be automatically deleted from your account.
The tracking of QR code scans is compliant with our service according to GDPR data protection, because no personal information is processed or stored.
We use the IP address to determine the country where the QR code was scanned. After the lookup, the IP is stored anonymously in the database. It is not possible to relate to a person using the anonymous IP address.
The GPS position can only be retrieved by explicit consent of the user in the browser. This security query was issued by W3 Consortium and is built into every browser. The query cannot be bypassed.
From the browser in which the target URL of the QR code is requested, only very limited information can be extracted. It is not possible to retrieve the device's phone number or any other contact information.
When a user sends personal information, you must request his consent, which is when he or she gives a statement of intent, i.e. the user marks the checkbox. Pre-checked boxes that use customer inaction to assume consent are not valid under GDPR.
All connections and communication between your computer and our servers is encrypted by using an SSL certificate signed by GlobalSign certified by WebTrust.
Sensitive data like passwords or personal data such as IP address are stored encrypted in the database and cannot be read in plain text.
We create daily backups of all databases with a retention period of up to 30 calendar days for the free recovery of data loss caused by us.
Through our products you have the opportunity to complete payment obligations subscriptions. Insofar as this is necessary for the performance of the contract, data is also sent to our payment service providers or hand over the bank responsible for the payment processing. The scope of the data is limited to the minimum required for the purpose of contract execution. Sensitive credit card information is never stored on our servers.
When paying by credit card or direct debit, the
payment is executed via Stripe from the payment service provider
Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Irland.
When paying with PayPal, payment are executed via
PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg
Our tax consulting company GEVEST Steuer- und BetriebsberatungsgmbH A-1070 Vienna, Schottenfeldgasse 40/8 receives all relevant billing data from us for the preparation of a tax return.gevest.at
For our Customer Relation Management we use the following services of
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Personal data required for the use of the application are stored in encrypted form in databases.
Individually created offers or files, which we receive from you for special customer projects, are stored on the OneDrive cloud.
To communicate with our customers, we use Exchange where contacts, e-mails and appointments and managed.
For you to make suggestions for new features or ideas, we use the following service of UserVoice, Inc., 121 2nd Street, 4th Floor, San Francisco, CA 94105uservoice.com
To directly contact anyone interested in our site via chat, we use the following service from tawk.to inc., 187 East Warm Springs Rd, Las Vegas, NV, 89119tawk.to
To show QR code scan positions on a map, we have included in our website maps from the service Google Maps by Google LLC via their API.google.com
<p> We create QR Codes with the QR Code Generator from qrd.by. qrd.by will not process or store any of your personal data. For more information, see <a href="https://qrd.by/gdpr" target="_blank">https://qrd.by/gdpr</a> </p>
By opening a paid account, we automatically create a DPA with your and our contact information. You can conclude the contract online and receive it as a PDF document for download.
You do not have to send us the DPA. The DPA serves for your safety that we as a partner are GDPR compliant and you can present the contract in the event of an inspection by the GDPR-authority.Download DPA Example