ME-QR General Data Protection Regulation (GDPR)

1. Data controller

As a Data Controller, ME-QR is responsible for the way of collection, processing, and storing of customer data. To ensure compliance with the GDPR, ME-QR takes a number of measures to protect the information of the Data Subject.

Data controller requisites:

Company Name: ME TEAM LTD
Address: 7 Bell Yard, London, United Kingdom
Postcode: WC2A 2JR
2. Ways of data obtaining

By accepting the terms of use of our site, users voluntarily provide us with information such as first name, last name, email address for registration (only the last one is required), and banking information in order to be able to purchase a Premium subscription. When registering through third-party social networks, your first and last name becomes part of the data we hold about you.

Among the information collected automatically are the user's IP address, operating system, browser type, country, date, and time of the request.

Also, with the help of cookies, preference data is collected for reuse and further analysis.

3. Using collected data

The data collected by ME-QR is used, among other things, to monitor and update the service, detect malfunctions and security vulnerabilities, malicious and illegal activities, with the possibility of transferring data to public security authorities as part of the investigation provided for by the current legislation of the country.

The email address may be used to send news feeds and promotional offers if the user consents to such use.

4. Data retention period

User data is stored from the moment of entering (automatically confirming consent to the terms and conditions of the site) until the user revokes the consent to their storage and use.

The data entered during the formation of the content of QR codes is stored from the moment of input until the code is transferred to the archive. At the same time, the QR code itself is saved without the information embedded in it.

5. User rights in relation to their personal data

ME-QR implements a number of user rights described in the GDPR. Among them:

Right of access (Art. 15 GDPR)

The user has the right to receive data or access to them that were entered directly by him and also collected by the resource for further use, as well as the purpose of collection, storage time, data sources, and further transfer.

Right to clarification (Art. 16 GDPR)

If the user cannot, for technical reasons, change the outdated information in his personal account, he may require the Data Controller to correct the relevant information.

Right to erasure (Art. 17 GDPR)

The subject may request the deletion of data in the event of withdrawal of consent to their processing, in the event that the data is no longer needed for the purpose for which it was originally collected, but for some reason was not automatically deleted.

Right to restriction of processing (Art. 18 GDPR)

According to this article, the user may be granted the right to demand to temporarily stop processing some data about him, but not delete them from the system. The reasons may be, for example, challenging the accuracy of the data, and the need to store the data for use by the subject in legal claims.

Right to data portability (Art. 20 GDPR)

This is the right to receive personal data in a structured machine-readable form for automatic transfer to another Information Controller, without his personal intervention, if such transfer is technically possible.

6. Exercise of personal data rights

To exercise your personal data rights at any time send an email to: [email protected], providing all the necessary information.

If you think that ME-QR cannot satisfy your rights to any extent, you can dispose of the Right to lodge a complaint with a supervisory authority (Art. 77 GDPR), according to which the subject has the right to demand protection from the supervisory authority at the place of residence, at the place of work, or at the place of the violation. The supervisory authority is obliged to consider the complaint and inform the complainant of the outcome of the proceedings. If the subject is not satisfied with the decision of the supervisory authority, he can appeal against it in court (Art. 78 GDPR).

7. Security measures

We take reasonable measures to preserve and protect both personal and non-personal data. Sensitive data such as passwords or personal data such as IP addresses are stored in the database in encrypted form and cannot be read in plain text.

The connection and transmission of information between your device and our servers are made using encryption.

We perform permanent backups of our database to prevent data loss.

8. Transfers of personal data

We do not transfer data, including international transfers. But for hosting our resources, web development, and analytics (including dynamic QR code analytics), we use third-party services that have their own Privacy Policy.

Also, we may provide necessary information to official authorities for legal proceedings and investigations.