Privacy Policy
How QR Digital Label collects, uses, and protects your personal data.
1. Data Controller
QR Digital Label, operated via qrdigitallabel.com, is the data controller responsible for the processing of your personal data as described in this Privacy Policy. If you have questions about data processing, you can reach us at privacy@qrdigitallabel.com.
2. What Data We Collect
We collect the following categories of personal data:
2.1 Account Information
- Name, email address, and password (hashed) when you create an account.
- Company name, billing address, and VAT number for paid subscriptions.
2.2 Label and Product Data
- Product information, ingredients, nutritional data, allergens, and other content you enter into your digital labels.
- Images and logos you upload for use in labels and QR codes.
2.3 Usage and Analytics Data
- Pages visited, features used, session duration, and interaction patterns.
- IP address, browser type, operating system, and device information.
2.4 Cookies and Similar Technologies
- Essential cookies required for authentication and session management.
- Analytics cookies (only with your explicit consent) to help us understand how the platform is used.
3. Why We Process Your Data (Purposes and Legal Basis)
We process your personal data under the following legal bases as defined in Article 6 of the General Data Protection Regulation (GDPR):
| Purpose | Legal Basis (Art. 6 GDPR) |
|---|---|
| Providing and maintaining the service | Performance of a contract (Art. 6(1)(b)) |
| Account creation and authentication | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and invoicing | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional emails (e.g., password resets) | Performance of a contract (Art. 6(1)(b)) |
| Platform analytics and improvement | Legitimate interest (Art. 6(1)(f)) |
| Analytics cookies | Consent (Art. 6(1)(a)) |
| Compliance with legal obligations (e.g., tax records) | Legal obligation (Art. 6(1)(c)) |
| Responding to support requests | Legitimate interest (Art. 6(1)(f)) |
4. Cookies
We use the following types of cookies:
- Essential cookies: Required for the platform to function (authentication, session management, locale preferences). These do not require consent.
- Analytics cookies: Used to collect anonymised usage statistics via Google Analytics. These are only placed after you provide explicit consent through our cookie banner.
You can withdraw your cookie consent at any time through the cookie settings accessible in the platform footer.
5. Data Processors
We share your personal data with the following third-party processors, each bound by data processing agreements:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database hosting, authentication, file storage | EU (Frankfurt) |
| Netlify | Web application hosting and CDN | Global (EU processing) |
| Google Analytics | Anonymised usage analytics (with consent) | EU/US (with EU data controls) |
| Stripe | Payment processing | EU/US |
We do not sell your personal data to any third party.
6. International Data Transfers
Our primary database is hosted by Supabase in the EU (Frankfurt region). Where data is transferred outside the European Economic Area (e.g., to US-based sub-processors), we ensure adequate safeguards are in place, including EU Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions by the European Commission.
7. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes described in this policy:
- Account data: Retained for the duration of your account. Upon account deletion, personal data is erased within 30 days, except where retention is required by law.
- Billing and invoice data: Retained for 7 years to comply with tax and accounting obligations.
- Analytics data: Anonymised and aggregated; no personally identifiable data is retained beyond 26 months.
- Label content: Retained for the duration of your account and deleted upon account closure.
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15) — Request a copy of the data we hold about you.
- Right to rectification (Art. 16) — Request correction of inaccurate data.
- Right to erasure (Art. 17) — Request deletion of your data ("right to be forgotten").
- Right to restrict processing (Art. 18) — Request that we limit how we use your data.
- Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — Object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7(3)) — Withdraw consent for analytics cookies at any time.
- Right to lodge a complaint — You may file a complaint with your local Data Protection Authority (DPA).
To exercise any of these rights, contact us at privacy@qrdigitallabel.com. We will respond within 30 days.
9. Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), encryption at rest, row-level security policies in our database, and regular security reviews.
10. Children
Our service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us so we can delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Each version is identified by a version number and effective date at the top of this document. When we make material changes, we will notify you via email or an in-app notification. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.
12. Contact
For any questions about this Privacy Policy or your personal data, contact us at:
QR Digital Label Email: privacy@qrdigitallabel.com Website: https://qrdigitallabel.com