f GDRP - соглашение об использовании данных
Registration/Login

Privacy Policy

Effective Date: [Date]
Last Updated: [Date]

Table of Contents

1. General Provisions

This Privacy Policy ("Policy") describes how Business QR Code ("we", "our", "us") collects, uses, stores and transfers personal data of users of the website www.business-qr-code.com ("Website") and our QR code creation service for collecting reviews and ratings ("Service").

Data Controller:
Business QR Code
Montenegro, Budva, 85310, Belastica 6, Itsales doo
Email: privacy@business-qr-code.com

2. What Data We Collect

2.1 Data you provide directly:

  • Registration data: name, email, password
  • Company profile: organization name, address, phone, business description
  • Payment information: bank card details (processed through secure payment systems)
  • Content: text and images uploaded for QR code creation

2.2 End user data (customers of your customers):

  • Reviews and ratings: text comments, numerical ratings
  • Contact details: name, email, phone (when voluntarily provided)
  • Metadata: IP address, review submission time, device

2.3 Automatically collected data:

  • Technical data: IP address, browser type, operating system
  • Usage data: website pages, visit time, clicks
  • Cookies according to our Cookie Usage Policy

3. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Consent (Article 6(1)(a) GDPR): for marketing communications and additional features
  • Contract performance (Article 6(1)(b) GDPR): for providing our services
  • Legitimate interests (Article 6(1)(f) GDPR): for service improvement and security
  • Legal obligations compliance (Article 6(1)(c) GDPR): for compliance with applicable law

4. Data Usage Purposes

4.1 Your data is used for:

  • Providing and supporting our Service
  • Creating and managing your account
  • Processing payments and billing
  • Technical support and problem resolution
  • Sending important Service notifications
  • Improving the quality of our services

4.2 End user data is used for:

  • Collecting and displaying reviews and ratings
  • Effectiveness analytics for our clients
  • Fraud and spam prevention
  • Legal compliance

5. Data Transfer to Third Parties

5.1 We may transfer your data to the following categories of recipients:

Business QR Code Service Clients:
  • Business owners using our service to collect reviews
  • Transfer of reviews and ratings collected for their business
  • Analytics data on the effectiveness of their review collection campaigns

Technical service providers:

  • Hosting providers for data placement
  • Cloud services for storage and processing
  • Email services for communications

Payment systems:

  • Payment processors for transaction processing
  • Banks and financial institutions

Analytics services:

  • Google Analytics for traffic analysis
  • Performance monitoring systems

5.2 Transfer of end user data:

IMPORTANT: Reviews and ratings collected through our Service are transferred to our clients (business owners) who requested this data. These clients are independent data controllers for the received information.

Transfer consent: By using forms to leave reviews, end users consent to the transfer of their data to the respective business.

6. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). In such cases, we ensure:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCC)
  • Privacy Shield certification (where applicable)
  • Other appropriate safeguards in accordance with GDPR

7. Data Storage

7.1 Storage periods:

  • Account data: until account deletion + 30 days
  • Reviews and ratings: for the time necessary to provide services to our clients
  • Payment data: in accordance with tax law requirements (usually 7 years)
  • Technical logs: up to 12 months

7.2 Criteria for determining storage periods:

  • Purpose for which data was collected
  • Legal requirements
  • Necessity for protecting our legitimate interests

8. Data Security

We apply appropriate technical and organizational measures to protect personal data:

Technical measures:

  • Data encryption during transmission and storage (SSL/TLS)
  • Regular backup
  • Security monitoring systems
  • Access restriction based on least privilege principle

Organizational measures:

  • Staff training on data protection issues
  • Confidentiality agreements with partners
  • Regular security audits
  • Breach notification procedures

9. Your Rights Under GDPR

In accordance with GDPR, you have the following rights:

9.1 Right of access (Article 15)

You have the right to obtain information about whether your personal data is being processed and to obtain a copy of this data.

9.2 Right to rectification (Article 16)

You may request correction of inaccurate personal data.

9.3 Right to erasure (Article 17)

You may request deletion of your personal data under certain circumstances.

9.4 Right to restriction of processing (Article 18)

You may request restriction of processing of your data in certain cases.

9.5 Right to data portability (Article 20)

You can obtain your data in a structured, commonly used format.

9.6 Right to object (Article 21)

You may object to data processing based on legitimate interests.

9.7 Right to withdraw consent

If processing is based on consent, you may withdraw it at any time.

9.8 How to exercise your rights:

Response time: we respond to requests within 30 days.

10. Cookies and Tracking Technologies

10.1 Types of cookies used:

  • Necessary: for website functionality
  • Functional: for improving user experience
  • Analytics: for analyzing website usage
  • Marketing: for advertising personalization (only with consent)

10.2 Cookie management:

You can manage cookie settings through your browser settings.

11. Protection of Minor's Data

Our Service is not intended for persons under 16 years of age. We do not intentionally collect personal data of children under 16. If we become aware of collecting data from a child under 16, we will delete such data.

12. Policy Changes

We may update this Policy from time to time. We will notify about significant changes by:

  • Sending email notifications
  • Through other appropriate communication channels

13. Contact Information and Complaints

13.1 Data protection contacts:

Data Protection Officer (if appointed):
Email: privacy@business-qr-code.com
Address: Montenegro, Budva, 85310, Belastica 6, Itsales doo

13.2 Filing complaints:

If you believe we violate your data protection rights, you can file a complaint with the supervisory authority:

For EU residents: to the national data protection authority of your country
Authority contacts: https://edpb.europa.eu/about-edpb/board/members_en

13.3 Our contacts:

Email: privacy@business-qr-code.com
Address: Montenegro, Budva, 85310, Belastica 6, Itsales doo
Working hours: 10:00 to 17:00
This Privacy Policy is drafted in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and other applicable data protection legislation.