Privacy Policy

1. Introduction and scope

This Privacy Policy explains how easyfreeqr.com (operated by TFB Beyond UG (i.G.), Germany — see Legal Notice) collects, uses and protects your personal data when you visit the en-gb version of this website. Our processing of personal data of users in the United Kingdom is governed by the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018) and the Privacy and Electronic Communications Regulations 2003 (PECR). As a service provider established in Germany, we also comply with the EU GDPR (Regulation (EU) 2016/679).

2. Data controller

The data controller for the purposes of the UK GDPR and the Data Protection Act 2018 is:

TFB Beyond UG (i.G.)
Blieschendorferweg 24, 23769 Fehmarn, Germany
Email: hello@schnelligkeitstest.de

3. Data processing in your browser

QR code generation on easyfreeqr.com takes place entirely in your browser (client-side in JavaScript). The data you enter (URLs, text, Wi-Fi credentials, contact details, uploaded logos and so on) is never transmitted to our server, but is processed directly on your device. We do not substitute your link with a tracking URL — the scanned QR code contains exactly the data you entered. No personal data is collected by us in connection with the QR code generation itself.

4. Server logs (hosting)

When you access this website, technical data (IP address, user agent, requested URL, timestamp, referrer) is automatically recorded in standard server logs by our hosting provider, Netlify Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA. Lawful basis under Art. 6 (1) (f) UK GDPR — legitimate interests in ensuring the security, integrity and stable operation of the website. This data is automatically deleted after 7 days. Netlify is certified under the UK Extension to the EU-US Data Privacy Framework, providing an adequate level of protection for international transfers.

5. External content delivery networks (jsDelivr)

When you load the page, the following JavaScript libraries are loaded via the jsDelivr CDN (operated by Prospect One Sp. z o.o. via Cloudflare & Fastly):

• qr-code-styling — for the QR code generation itself
• jsPDF — for the PDF download function
• Simple Icons — for official platform logos (Instagram, Facebook, etc., only when "Social Media" is selected)

During loading, your IP address, user agent and referrer are transmitted to jsDelivr, Cloudflare and Fastly. We use these CDNs for performance and reliability reasons (lawful basis: Art. 6 (1) (f) UK GDPR — legitimate interests). Transmission only takes place to data centres within the EU/UK or to servers certified under the UK Extension to the EU-US Data Privacy Framework. We use Subresource Integrity (SRI) hashes to prevent any tampering with the loaded scripts.

6. Cookies and similar technologies

Under the UK Privacy and Electronic Communications Regulations 2003 (PECR), we may only place cookies on your device with your consent, except where strictly necessary for the operation of the service you have requested. We use the following categories:

• Strictly necessary cookies (local in the browser, localStorage): stores your cookie preference choice. Lawful basis: PECR, Regulation 6 (4) — strictly necessary; no consent required.
• Advertising cookies (Google AdSense) — only set after you give explicit, informed consent. Lawful basis: PECR, Regulation 6 (1) together with Art. 6 (1) (a) UK GDPR (consent).

You may withdraw your consent at any time via the "Cookie settings" button in the footer. Withdrawal does not affect the lawfulness of any processing carried out before withdrawal.

7. Google AdSense (only after consent)

This website uses Google AdSense, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to display advertisements. The AdSense script is loaded dynamically only after your explicit consent — before that, no data is transferred to Google. Once consent is given, Google may use cookies and similar identifiers to deliver relevant advertising. Personalised advertising is only delivered after your consent has been signalled via Consent Mode v2. Further information can be found in the Google Privacy Policy. Lawful basis: Art. 6 (1) (a) UK GDPR (consent).

8. International data transfers

Where personal data is transferred outside the United Kingdom (for example to the United States via our hosting provider or our CDN partners), we ensure that appropriate safeguards under Article 46 UK GDPR are in place. These include adequacy regulations made by the UK Secretary of State (in particular the UK Extension to the EU-US Data Privacy Framework) and, where applicable, the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses.

9. Your rights under the UK GDPR

As a data subject, you have the following rights under the UK GDPR and the Data Protection Act 2018:

• Right to be informed about how your personal data is used (Art. 13, 14)
• Right of access to your personal data (Art. 15)
• Right to rectification of inaccurate personal data (Art. 16)
• Right to erasure (the "right to be forgotten") (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object to processing (Art. 21)
• Rights in relation to automated decision-making and profiling (Art. 22)
• Right to withdraw consent at any time, where processing is based on consent
• Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise any of these rights, please contact us at: hello@schnelligkeitstest.de. We will respond within one month, as required by the UK GDPR.

10. Right to complain to the ICO

If you are not satisfied with the way we handle your personal data, you have the right to lodge a complaint with the United Kingdom's supervisory authority, the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Helpline: 0303 123 1113
Website: ico.org.uk

We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so please consider contacting us first.

11. Data retention

We keep personal data only for as long as is necessary for the purposes set out in this Privacy Policy or as required by applicable law. Server logs are automatically deleted after 7 days. Cookie preferences are stored locally in your browser until you clear them. We do not retain any of the data you input into the QR code generator.

12. Amazon Associates Programme (affiliate links)

On the recommendations page and on individual topic pages, we link to products via the Amazon Associates Programme (Amazon EU S.à r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg). These links are clearly labelled as "Ad" or "sponsored", in accordance with the UK Consumer Protection from Unfair Trading Regulations 2008 and the Advertising Standards Authority (ASA) Code (CAP Code).

If you click such a link and then make a purchase on Amazon, we receive a small commission — at no extra cost to you. When you click an affiliate link, a tracking cookie is set by Amazon so that the purchase can be attributed to the commission. Lawful basis: Art. 6 (1) (a) UK GDPR (consent — you actively decide by clicking the link). You can prevent this at any time by disabling cookies in your browser or by not clicking our affiliate links. Amazon's privacy information: Amazon UK Privacy Notice.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, in the services we offer or in the legal landscape. The version in force is always the one published on this page, with the date of the most recent update shown at the top.

14. Responsible party

See Legal Notice.