ME-QR General Data Protection Regulation (GDPR)
As a Data Controller, ME-QR is responsible for the way of collection, processing, and storing of customer data. To ensure compliance with the GDPR, ME-QR takes a number of measures to protect the information of the Data Subject.
Data controller requisites:
Among the information collected automatically are the user's IP address, operating system, browser type, country, date, and time of the request.
Also, with the help of cookies, preference data is collected for reuse and further analysis.
The data collected by ME-QR is used, among other things, to monitor and update the service, detect malfunctions and security vulnerabilities, malicious and illegal activities, with the possibility of transferring data to public security authorities as part of the investigation provided for by the current legislation of the country.
The email address may be used to send news feeds and promotional offers if the user consents to such use.
User data is stored from the moment of entering (automatically confirming consent to the terms and conditions of the site) until the user revokes the consent to their storage and use.
The data entered during the formation of the content of QR codes is stored from the moment of input until the code is transferred to the archive. At the same time, the QR code itself is saved without the information embedded in it.
ME-QR implements a number of user rights described in the GDPR. Among them:
The user has the right to receive data or access to them that were entered directly by him and also collected by the resource for further use, as well as the purpose of collection, storage time, data sources, and further transfer.
If the user cannot, for technical reasons, change the outdated information in his personal account, he may require the Data Controller to correct the relevant information.
The subject may request the deletion of data in the event of withdrawal of consent to their processing, in the event that the data is no longer needed for the purpose for which it was originally collected, but for some reason was not automatically deleted.
According to this article, the user may be granted the right to demand to temporarily stop processing some data about him, but not delete them from the system. The reasons may be, for example, challenging the accuracy of the data, and the need to store the data for use by the subject in legal claims.
This is the right to receive personal data in a structured machine-readable form for automatic transfer to another Information Controller, without his personal intervention, if such transfer is technically possible.
To exercise your personal data rights at any time send an email to: firstname.lastname@example.org, providing all the necessary information.
If you think that ME-QR cannot satisfy your rights to any extent, you can dispose of the Right to lodge a complaint with a supervisory authority (Art. 77 GDPR), according to which the subject has the right to demand protection from the supervisory authority at the place of residence, at the place of work, or at the place of the violation. The supervisory authority is obliged to consider the complaint and inform the complainant of the outcome of the proceedings. If the subject is not satisfied with the decision of the supervisory authority, he can appeal against it in court (Art. 78 GDPR).
We take reasonable measures to preserve and protect both personal and non-personal data. Sensitive data such as passwords or personal data such as IP addresses are stored in the database in encrypted form and cannot be read in plain text.
The connection and transmission of information between your device and our servers are made using encryption.
We perform permanent backups of our database to prevent data loss.
Also, we may provide necessary information to official authorities for legal proceedings and investigations.