GDPR Compliance

Last updated: January 2025

Our Commitment to GDPR

iloveQR is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights as a data subject.

1. Data Controller Information

iloveQR acts as the data controller for personal data collected through our services. For any questions regarding data protection, you can contact us at:

  • Email: dpo@iloveqr.com
  • Address: [Company Address]

2. Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR Article 6:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: When processing is necessary for the performance of a contract with you.
  • Legal Obligation: When processing is necessary for compliance with a legal obligation.
  • Legitimate Interest: When processing is necessary for our legitimate interests, provided these do not override your fundamental rights.

3. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

3.1 Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you and information about how we process it.

3.2 Right to Rectification (Article 16)

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

3.3 Right to Erasure (Article 17)

You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected.

3.4 Right to Restrict Processing (Article 18)

You have the right to request that we limit the processing of your personal data in certain circumstances.

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

3.6 Right to Object (Article 21)

You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes.

3.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing that significantly affects you.

4. Data Processing Activities

We process the following categories of personal data:

  • Account information (name, email, password)
  • Usage data (QR code creations, scans, analytics)
  • Payment information (processed by secure third parties)
  • Communication records (support tickets, emails)
  • Technical data (IP address, browser type, device information)

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Our retention periods are:

  • Account data: Duration of account plus 30 days after deletion
  • Analytics data: 2 years
  • Payment records: 7 years (legal requirement)
  • Support communications: 3 years

6. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable

7. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures

8. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

9. Exercising Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer:

  • Email: dpo@iloveqr.com
  • Subject line: "GDPR Request - [Your Request Type]"

We will respond to your request within 30 days. In complex cases, this may be extended by an additional 60 days with notification.

10. Supervisory Authority

If you are not satisfied with how we handle your request or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with your local data protection authority.

Try our QR code generator for 7 days free.

No credit card required. Cancel anytime.

QR Code preview
4.9/5