Privacy Policy

1. Introduction and Applicable Law

This Privacy Policy explains how easyfreeqr.com (operated by TFB Beyond UG (i.G.), Germany) handles personal data of users accessing the website from the Hong Kong Special Administrative Region. The operator is a foreign provider established in Germany. Processing is governed primarily by the EU General Data Protection Regulation (GDPR) and German law. To the extent it applies to a foreign data user, we also aim to honour the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"), as administered by the Office of the Privacy Commissioner for Personal Data, Hong Kong (pcpd.org.hk).

2. Data Processing in the Browser

QR code generation on easyfreeqr.com is performed entirely in your browser (client-side, in JavaScript). The data you enter (URLs, text, Wi-Fi credentials, contact details, uploaded logos, etc.) is not transmitted to our servers; it is processed directly on your own device. We do not replace your link with a tracking URL — the QR code that is scanned contains exactly what you entered.

3. Server Logs (Hosting)

When you access the website, technical data (IP address, user agent, requested URL, timestamp, referrer) is recorded by our hosting provider — Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA — in standard server logs. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational security and abuse prevention). The data is deleted automatically after 7 days. Netlify is certified under the EU-US Data Privacy Framework.

4. External CDNs (jsDelivr)

When the page loads, the following JavaScript libraries are fetched via the jsDelivr CDN (operated by Prospect One Sp. z o.o., delivered via Cloudflare and Fastly):

• qr-code-styling — for QR code generation
• jsPDF — for the PDF download
• Simple Icons — for official platform logos (only when "Social Media" is selected)

In the course of loading, your IP address, user agent and referrer are transmitted to jsDelivr / Cloudflare / Fastly. We use these CDNs for performance reasons (Art. 6(1)(f) GDPR). Transmission takes place only to data centres within the EU or to servers certified under the EU-US Data Privacy Framework. We use Subresource Integrity (SRI) to prevent tampering with the loaded scripts.

5. Cookies

We use only the following:

• Strictly necessary storage (browser localStorage): saves your cookie choice and theme/language preference.
• Advertising cookies (Google AdSense) — only with your explicit consent. Legal basis: Art. 6(1)(a) GDPR; prescribed consent under the PDPO.

You may withdraw your consent at any time via the "Cookie settings" button in the footer.

6. Google AdSense (Only After Consent)

This website uses Google AdSense (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to deliver advertisements. The AdSense script is only loaded after your explicit consent; until then, no data is transmitted to Google. Once loaded, Google uses cookies to deliver relevant advertisements. Personalised advertisements are served only after your consent (via Consent Mode v2). Further information: Google Privacy Policy.

7. The Six Data Protection Principles (DPPs) under the PDPO

To the extent the PDPO applies to our processing of personal data of users in Hong Kong, we adhere to the six Data Protection Principles set out in Schedule 1 of the Ordinance:

• DPP 1 – Purpose and manner of collection: we collect only the minimum personal data necessary (essentially server log information) and inform you of the purpose, in this Privacy Policy.
• DPP 2 – Accuracy and duration of retention: we take practicable steps to ensure that personal data is accurate, and we retain it only for as long as necessary.
• DPP 3 – Use of personal data: personal data is used only for the purposes for which it was collected, or a directly related purpose, unless you have given prescribed consent for any new purpose.
• DPP 4 – Security of personal data: we take practicable steps to safeguard personal data against unauthorised or accidental access, processing, erasure, loss or use.
• DPP 5 – Openness and transparency: this Privacy Policy and the Legal Notice make our policies and practices openly available.
• DPP 6 – Access to and correction of personal data: you may request access to and correction of your personal data, as described below.

8. Your Data Access and Correction Rights

Under sections 18, 22 and Data Protection Principle 6 of the PDPO, you have:

• The right to ascertain whether we hold personal data of which you are the data subject.
• The right of access to your personal data within a reasonable period.
• The right to request correction of personal data that is inaccurate.
• The right to be informed of our policies and practices in relation to personal data.

Please direct any data access request (DAR) or correction request to hello@schnelligkeitstest.de. We aim to respond within 40 days, in accordance with section 19 PDPO. A reasonable fee may be charged for compliance with a data access request.

9. Direct Marketing

We do not use personal data of Hong Kong users for direct marketing within the meaning of Part 6A of the PDPO and do not provide personal data to third parties for direct marketing. The Personal Data (Privacy) (Amendment) Ordinance 2012 obligations regarding direct marketing are therefore not engaged with respect to our use of your personal data.

10. Doxxing

We are aware of the anti-doxxing provisions added to the PDPO by the Personal Data (Privacy) (Amendment) Ordinance 2021 (sections 64 and 64A–64I). We do not engage in any disclosure of personal data without consent, intent or likelihood to cause specified harm.

11. Privacy Contact / Grievances

The person responsible for compliance with this Privacy Policy at our organisation is:

Goran Martinovic
Email: hello@schnelligkeitstest.de
TFB Beyond UG (i.G.), Blieschendorferweg 24, 23769 Fehmarn, Germany

If a grievance is not resolved to your satisfaction, you may lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD) of Hong Kong, at www.pcpd.org.hk.

12. Cross-Border Transfer of Personal Data

The website is operated from Germany. Any limited personal data we receive (in particular server logs) is processed within the European Union and/or in third countries that provide an adequate level of protection (such as recipients certified under the EU-US Data Privacy Framework). We note that section 33 of the PDPO has not yet come into operation; nevertheless, the EU/EEA legal framework and the GDPR provide a high level of protection for any cross-border transfer.

13. Your Rights Under the GDPR

For the limited personal data we process (server logs, AdSense cookies after consent), you also have rights under the GDPR:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Lodge a complaint with a supervisory authority (Art. 77 GDPR)

14. Amazon Associates Programme (Affiliate Links)

On the /empfehlungen/ page and on individual topic pages, we may link to products via the Amazon Associates Programme. Such links are labelled as "Ad" or "sponsored". If you click such a link and subsequently make a purchase on Amazon, we may receive a small commission — at no extra cost to you. A tracking cookie is then set by Amazon for attribution purposes. Legal basis: Art. 6(1)(a) GDPR. You may prevent this at any time by disabling cookies in your browser or by not clicking such links.

Amazon privacy information: Amazon Privacy Policy.

15. Children's Data

The website is not directed at children. We do not knowingly collect personal data of children. In line with PCPD guidance, processing of personal data of minors requires particular care; parents or guardians are responsible for supervising any use of the website by their children.

16. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in law (including further amendments to the PDPO or PCPD guidance) or in our practices. The current version is always available on this page with the "Last updated" date shown at the top.

17. Responsible Party

Please see the Legal Notice for our full contact details.