What data QRTudo collects when someone scans your QR Code
When a person scans a dynamic QR code created in QRTudo, our system automatically records some technical information:
| Data collected | Purpose | Lawful basis (GDPR) | Retention |
|---|---|---|---|
| Device IP address | Approximate location for analytics | Legitimate Interest — Art. 6(1)(f) | 18 months |
| Device type | Analytics reporting (mobile/desktop) | Legitimate Interest — Art. 6(1)(f) | 18 months |
| Operating system | Analytics reporting | Legitimate Interest — Art. 6(1)(f) | 18 months |
| Timestamp | Peak-time analytics | Legitimate Interest — Art. 6(1)(f) | 18 months |
| QR Code ID | Link scan to customer campaign | Contract performance — Art. 6(1)(b) | Contract term + 6 months |
| UTM parameters | Campaign attribution | Legitimate Interest — Art. 6(1)(f) | 18 months |
Your rights under GDPR
| Right | What it means |
|---|---|
| Right to Access | Request a copy of all personal data QRTudo holds about you. |
| Right to Rectification | Correct inaccurate or incomplete personal data. |
| Right to Erasure | Request deletion of your personal data ("right to be forgotten"). |
| Data Portability | Receive your data in a structured, machine-readable format. |
| Right to Object | Object to processing based on legitimate interest. |
| Restriction | Request restriction of processing in certain circumstances. |
International data transfers
QRTudo is hosted on Hostinger, a company headquartered in Lithuania (European Union). Our infrastructure operates within the EU, meaning your data does not leave the European Economic Area for our primary hosting.
We use ip-api.com (US-based) to derive approximate geographic location from IP addresses for analytics. This constitutes a transfer to a third country. We are monitoring the EU-US Data Privacy Framework for applicability and will update this page as our compliance position evolves.
Data Protection Contact
DPO: Marc Martins — [email protected]. Response time: within 30 days (GDPR requirement).