Privacy Policy

1. Introduction and Applicable Law

This Privacy Policy explains how easyfreeqr.com (operated by TFB Beyond UG (i.G.), Germany) handles personal data of users accessing the website from India. The operator is a foreign provider established in Germany. The processing described below is governed primarily by the EU General Data Protection Regulation (GDPR) and German law. To the extent applicable to a foreign provider, we also aim to honour the principles of the Digital Personal Data Protection Act, 2023 ("DPDP Act 2023") of India and the Information Technology Act, 2000 ("IT Act") together with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("IT Rules 2011" / "SPDI Rules").

2. Data Processing in the Browser

QR code generation on easyfreeqr.com takes place entirely in the user's browser (client-side, in JavaScript). The data you enter (URLs, text, Wi-Fi credentials, contact details, uploaded logos, etc.) is never transmitted to our servers; it is processed directly on your own device. We do not replace your link with a tracking URL — the QR code that is scanned contains exactly the data you entered.

3. Server-side Logs (Hosting)

When you access the website, technical data (IP address, user agent, requested URL, timestamp, referrer) is recorded by the hosting provider — Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA — in standard server logs. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational security and abuse prevention). Such data is automatically deleted after 7 days. Netlify is certified under the EU-US Data Privacy Framework. By using the website from India, you acknowledge that such limited technical data may be transferred to and stored on servers outside India.

4. External CDNs (jsDelivr)

When the page loads, the following JavaScript libraries are fetched via the jsDelivr CDN (operated by Prospect One Sp. z o.o., delivered via Cloudflare and Fastly):

• qr-code-styling — for the QR code generation itself
• jsPDF — for the PDF download
• Simple Icons — for official platform logos (Instagram, Facebook, etc.; only when "Social Media" is selected)

In the course of loading, your IP address, user agent, and referrer are transmitted to jsDelivr / Cloudflare / Fastly. We use these CDNs for performance reasons (Art. 6(1)(f) GDPR). Transmission takes place only to data centres within the EU or to servers certified under the EU-US Data Privacy Framework. We use Subresource Integrity (SRI) to prevent tampering with the loaded scripts.

5. Cookies

We use the following categories only:

• Strictly necessary storage (in localStorage of the browser): saves your cookie choice and your theme/language preference. Legal basis: § 25(2) no. 2 TDDDG (Germany).
• Advertising cookies (Google AdSense) — only with your explicit consent. Legal basis: § 25(1) TDDDG read with Art. 6(1)(a) GDPR.

You may withdraw your consent at any time via the "Cookie settings" button in the footer.

6. Google AdSense (Only After Consent)

This website uses Google AdSense (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to deliver advertisements. The AdSense script is only loaded dynamically after your explicit consent — until then, no data is transmitted to Google. Once loaded, Google uses cookies to deliver relevant advertisements. Personalised advertisements are only served after your consent (via Consent Mode v2). Further information: Google Privacy Policy.

7. Your Rights Under the DPDP Act, 2023 (India)

Once the relevant provisions are notified and operational in India, you as a Data Principal will, in respect of personal data processed about you, have the following statutory rights under the Digital Personal Data Protection Act, 2023:

• Right to access information about your personal data (Section 11)
• Right to correction and erasure of personal data (Section 12)
• Right of grievance redressal (Section 13)
• Right to nominate another person to exercise your rights in the event of death or incapacity (Section 14)

You may exercise these rights free of charge by writing to hello@schnelligkeitstest.de. We shall endeavour to respond within a reasonable timeframe.

8. Your Rights Under the IT Act 2000 and SPDI Rules 2011

To the extent the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 apply to a foreign provider, you have the right to review the personal information you have furnished, to request correction or amendment of inaccurate or deficient information, and to withdraw any consent previously given. We adopt reasonable security practices and procedures commensurate with the nature of the limited data we receive (essentially server logs).

9. Your Rights Under the GDPR

For the limited personal data we process (server logs, AdSense cookies after consent), you also have rights under the GDPR:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Lodge a complaint with a supervisory authority (Art. 77 GDPR)

10. Grievance Officer and Complaints

Pursuant to Section 13 of the DPDP Act, 2023 and Rule 5(9) of the SPDI Rules, 2011, please direct any grievance concerning the processing of your personal data to:

Grievance Contact: Goran Martinovic
Email: hello@schnelligkeitstest.de

If your grievance is not resolved to your satisfaction, you may, once it is constituted and operational, escalate the matter to the Data Protection Board of India established under Chapter V of the DPDP Act, 2023. You may also approach the competent grievance officer designated under the IT Rules, 2011 or the appropriate appellate authority.

11. Cross-Border Transfer of Personal Data

Because the website is operated from Germany, any limited personal data we receive (in particular server-log information) is processed within the European Union and/or in third countries that ensure an adequate level of protection (such as recipients certified under the EU-US Data Privacy Framework). The DPDP Act 2023 permits transfer of personal data outside India, subject to such restrictions as may be notified by the Central Government from time to time. We shall comply with any such notifications applicable to us.

12. Amazon Associates Programme (Affiliate Links)

On the /empfehlungen/ page and on individual topic pages, we may link to products via the Amazon Associates Programme. Such links are clearly labelled as "Ad" or "sponsored". If you click such a link and subsequently make a purchase on Amazon, we may receive a small commission — at no extra cost to you. When you click an affiliate link, a tracking cookie is set by Amazon for purposes of attribution. Legal basis: Art. 6(1)(a) GDPR (consent, by you actively clicking the link). You may prevent this at any time by disabling cookies in your browser or by not clicking such links.

Amazon privacy information: Amazon Privacy Policy.

13. Children's Data

The website is not intended for children below the age of 18. We do not knowingly collect personal data of children. Pursuant to Section 9 of the DPDP Act, 2023, processing of children's personal data requires verifiable parental consent. Where we become aware that such data has been provided without proper consent, we shall promptly delete it.

14. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in law (including notifications under the DPDP Act, 2023) or in our processing practices. The current version is always available on this page with the "Last updated" date shown at the top.

15. Responsible Party

Please see the Legal Notice for our full contact details.