- WeAreQR Ltd is fully-committed to protecting the personal data of its customers and customer’s end-users
- From its customers, the company collects personal information (email address, billing information, payment information, etc.) This information is solely used by the company to serve the customers. This data is never used for unauthorized commercial gains in any way
- To use the products and services of WeAreQR Ltd, the customer will share both personal information (e.g. contact information for Vcard QR Codes, map coordinates for Google Maps QR Code) and non-personal information (e.g., serial code for Simple Text QR Code). This information will be available to customers only and they have the responsibility to make the data public (via QR Code campaigns) only if they own the data or have authorization to use the data
- From the end users (people who scan the QR Codes deployed by the customers), the company collects non-personal information (e.g., device used, scan time, date, city, country).
- The company employs the best-in-class data security strategies to ensure the protection of customers’ and end-users’ data. However, in cases of breaches, the company will inform the regulatory authorities and affected customers within 72 hours
- DATA COLLECTION, PROCESSING & PURPOSE
- During the lifecycle of using its products and services, the company collects both Personally Identifiable Information (PII) and non-Personally Identifiable Information.
- As part of the company’s commitment to be transparent to its customers and end-users, we are sharing details on what data points are collected, at what stage, and for what purpose:
2.1 CUSTOMER DATA
- This section outlines the data collected on the customers of the company i.e. the users who subscribe to the products and services of WeAreQR Ltd via any of the subscription plans.
2.1.1 Website/App Browsing (Without Login)
- Browsing/Events Tracking: If you are browsing the web pages of our website, we gather non-personally identifiable information—such as web request, Internet Protocol address, browser type, browser language, the date and time of your request, browser user agent, one or more cookies that may uniquely identify your browser, referring URL/domain, activity time, and clicking activity. All such data collected is processed at an aggregate level and can never be tied to an individual.
- Query Email: If you have a question related to our product or services, you can send us an email using the ‘Email Us’ option on the Support page. The data points that are collected are—Name, Email Address, Subject, and Message (Query)
- Purpose: We require your name to personalize the conversation, email address to reach out to you with a response, and subject and message to understand your query thoroughly. This data is shared via email to authorized in-house customer support personnel only
- As part of registration of an account with WeAreQR Ltd, the following data is collected and stored (As per GDPR compliance guideline, all stored and transferred data is first encrypted):
- First Name
- Purpose: The first name of the customer is used to personalize the email conversations between the customer and the company personnel (technical or non-technical)
- Valid Email Address (The company has employed security measures to ensure that only customers with valid email addresses can create an account. These security measures filter out low-quality email addresses from real users, keeping the overall health of the application high)
- Purpose: A valid email address serves both as a Unique Username/Identifier as well as a point-of-contact to reach the customer for transactional notifications (e.g., introduction to dedicated support contact, account expiry alert, purchase confirmation, feature launch, feedback, activity reports, etc.).
- Password (in case of Signup by Email)
- Purpose: In case of signup by email method, we use the password (generated by the customer) to authorize access to the customer account and its data. The company or its employees will never ask for your password in an unsolicited phone call or email. However, you are responsible for maintaining the secrecy of your password and account information
2.1.3 Purchase of Subscription Plan
- When you purchase one of our plane—Individual User, Starter, Advanced or Premium, you will be required to provide billing and payment information to complete the transaction:
- Billing Information: Country, Full Name, Address 1, Address 2, City, State/Province, Postal Code, Phone, Phone Extension, and Email Address
- Purpose: The billing information is required for the following purposes:
- To generate an official invoice complete with billing name and address as required by law
- To email the customer the invoice/sale receipt
- To maintain sale records in case of any dispute (subscription cancellation, refund, etc.)
- To aggregate data and generate internal reports for management, investors, and shareholders (e.g., monthly sales report, annual report, tax filing, etc.). As the company is a Private Limited, these reports are shared either privately with authorized personnel (management, investors, shareholders) or with regulatory authorities only
- To add the company logo on our website under “Our Customers” section if the company email address (i.e. with the domain name of the company) of the customer is used
- Payment Information: Credit/Debit Card Number, Expiration Date, CVV Code
- Purpose: The payment information is required to authorize a transaction with your bank/credit card account.
- Note that WeAreQR Ltd only receives an email copy of the invoice generated but never stores the payment information. Both billing and payment information is collected, managed, and stored by our payment gateway provider PayPal & Stripe.
- Note that ‘Recurring Payment or Auto-renewal’ option remains active by default but the customer is given the option to cancel recurring payment immediately after payment and/or anytime via the application dashboard. If the recurring payment option is enabled, PayPal will continue to store the payment information in a secure way and automatically process the payments at the renewal of period defined by the customer—monthly, quarterly, bi-annually, and annually. When the user cancels recurring payment (either immediately after payment or anytime later via the dashboard), the payment information is deleted forever by PayPal.
2.2 DATA SHARED BY CUSTOMER DURING QR CODE MANAGEMENT
- When customers use WeAreQR Ltd product and services—QR Code Management Tool —they can design and generate QR Codes and Mobile Landing Pages. To generate these content pieces customers enter data in various fields. This section outlines how WeAreQR Ltd stores and processes this data.
2.2.1 QR Code Generation
- Using WeAreQR Ltd, it is possible to generate 17 types of QR Codes. To generate each of these QR Codes, customers are required to enter data for very specific fields. The open-ended nature of the content of the QR Codes means that the customer can add both PII and non-PII information for each category.
- Given below is the exhaustive list of QR Codes with the required datapoints:
- Website URL QR Code: URL
- Google Maps QR Code: Maps Location (Coordinates)
- PDF QR Code: PDF Document
- Image QR Code: Image
- Social Media QR Code: Facebook URL, Youtube URL, Twitter Handle, Google Plus Link, LinkedIn URL, Pinterest URL, Instagram URL, Website URL, WeChat ID, Custom URL
- VCard Profile QR Code: Profile Photo, Name, Company Name, Title, Facebook URL, Youtube URL, Twitter Handle, Google Plus Link, LinkedIn URL, Pinterest URL, Instagram URL, Work Phone, Mobile, Fax, Email, Secondary Email, Address Street, City, State, Zip/Postal Code, Country, Address Street 2, City 2, State 2, Zip/Postal Code 2, Country 2, Work Website URL, Personal Website URL, Additional Information (Unlimited)
- Rich Text QR Code: Text, images, or HTML-based information
- App Store QR Code: iOS URL, Google Play URL, Windows Store URL, BlackBerry URL
- Audio QR Code: Audio File
- Facebook QR Code: Facebook URL
- LinkedIn QR Code: LinkedIn URL
- Youtube QR Code: Youtube URL
- Email Address QR Code: Email Address
- Calendar Event QR Code: Event Name, Event Date & Timings, Timezone, Location, Description
- Simple VCard QR Code: Name, Company Name, Title, Email Address, Work Phone Number, Cell Phone Number, Fax, Website URL, Address Street, City, State, Postal Code, Country
- WiFi QR Code: Security Type, Network Name, Password
- Simple Text QR Code: Text-based data
- Purpose: In each of the cases above, the purpose of data collection is to allow the customer to share this information with end-users. No unnecessary datapoint is collected and in most cases, customers have the option to choose only the data points they need to share.
- In most cases, QR Codes are made public via promotional print/web material. This means that the content of the QR Code (PII or non-PII) is visible to all end-users who scan the QR Code, unless the QR Code is password-protected, which is a feature provided by WeAreQR Ltd.
- It is the responsibility of the customer to ensure that:
- The content encoded into the QR Code or its landing pages is owned by the customer OR
- The customer has the required authorization/consent to use the content encoded into the QR Code or its landing pages
2.2.2 QR Code Designing
- After generating the QR Codes, customers also have the option to design the QR Codes and save design templates (optional).
- Purpose: The feature to save design templates allows users to quickly redesign new QR Codes. Like QR Code data, the design parameters are also securely stored in our databases and are never shared with any third-party applications. In most cases, the design will be non-PII but in very specific cases the design elements can be PII (e.g. brand logo, profile photo, etc.).
- DATA SECURITY
- The company has implemented best-in-class security protocols to protect customer’s and end-user’s data. This data is maintained on the company servers from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
- Examples of these security mechanisms include:
- Hardware firewalls and server side firewalls with active brute force protection constantly protecting the server with SSL (HTTPS)
- The site itself has XSS scripting protection with nonces, brute force, re Captcha V3 on contact forms, file change monitoring and active virus checking.
- Staff access to data on a need basis only (e.g. ticket raised by customer, etc.)
- However, please keep in mind that no security system is impenetrable. It may be possible for third parties to intercept or access the company’s customer data or end-user’s data in spite of these measures.
- In case of data breaches, the company will inform the regulatory authorities and affected customers within 72 hours, as per GDPR guidelines.
- However, the company cannot guarantee complete security of your information and cannot be held responsible for unauthorized access to customer accounts. It is the responsibility of the customer to ensure that the account email address and password are not shared with any unauthorized personnel.
- DATA RETENTION, PORTABILITY & DELETION
- As per the company’s privacy policies, we will store all data (from Section 2) of non-subscribing customers (non-paying user of our product and services) and their end-users for a maximum period of 26 months from the last date of subscription.
- Purpose: The data will be retained to allow customers to reinstate their account and creations (e.g. QR Codes, mobile landing pages, etc.) within this period. However, the customer will have the right to:
- Request the download of all data at any time
- Request the deletion of all data at any time
- CONTACT INFORMATION
- To keep your personal data accurate, current, and complete, please contact us as specified below:
|Address:||Room 13, The Cross Community Centre. 1 High Street, Pontardawe. SA8 3BB|
- The terms and conditions along with privacy policies with all references constitutes the sole and entire agreement of the parties to this agreement with respect to the subject matter contained herein and supersedes all prior terms and conditions which were agreed by the Customer.