Privacy Policy

1. Data controller and applicable law

The data controller for the processing of personal data through easyfreeqr.com is TFB Beyond UG (i.G.), Blieschendorferweg 24, 23769 Fehmarn, Germany. For users in Kenya, this policy is intended to comply with the Data Protection Act 2019 (Kenya) and the General Data Protection Regulations 2021 (Kenya), including the Data Protection (General) Regulations 2021. The supervisory authority is the Office of the Data Protection Commissioner (ODPC): odpc.go.ke.

2. Data processing in the browser

QR code generation on easyfreeqr.com takes place entirely in the user's browser (client-side in JavaScript). The data you enter (URLs, texts, Wi-Fi credentials, contact details, uploaded logos, etc.) is never transmitted to our server, but is processed directly on your device. We do not replace your link with a tracking URL — the scanned QR code contains exactly the data you entered.

3. Principles of data protection under the Data Protection Act 2019

Where we do process limited personal data, we apply the principles set out in section 25 of the Data Protection Act 2019:

• processed in accordance with the right to privacy of the data subject;
• processed lawfully, fairly and in a transparent manner;
• collected for explicit, specified and legitimate purposes;
• adequate, relevant and limited to what is necessary in relation to the purposes;
• collected only where a valid explanation is provided whenever information relating to family or private affairs is required;
• accurate and, where necessary, kept up to date;
• kept in a form which identifies the data subject for no longer than is necessary;
• not transferred outside Kenya unless there is proof of adequate protection or consent (sections 48 and 49 of the Act, and Part VI of the General Data Protection Regulations 2021).

4. Server-side logs (hosting)

When you access the website, technical data (IP address, user agent, requested URL, timestamp, referrer) is stored by the hosting provider (Netlify Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA) in server logs as standard. Lawful basis under section 30(1)(b)(vi) of the Data Protection Act 2019: our legitimate interest in the operational security and integrity of the service. This data is automatically deleted after 7 days.

5. External CDNs (jsDelivr)

When you load the page, the following JavaScript libraries are loaded via the jsDelivr CDN (operated by Prospect One Sp. z o.o. via Cloudflare & Fastly):

• qr-code-styling — for the actual QR code generation
• jsPDF — for the PDF download
• Simple Icons — for official platform logos (only when "Social Media" is selected)

During loading, your IP address, user agent and referrer are transmitted to jsDelivr / Cloudflare / Fastly. We use these CDNs for performance reasons. We use Subresource Integrity (SRI) to prevent tampering with the loaded scripts.

6. Cookies

We use exclusively:

• Strictly necessary cookies (local in the browser, localStorage): stores your cookie choice.
• Advertising cookies (Google AdSense) — only with your explicit consent under section 30(1)(a) of the Data Protection Act 2019.

You may withdraw your consent at any time via the "Cookie settings" footer button.

7. Google AdSense (only after consent)

This website uses Google AdSense (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to deliver advertisements. The AdSense script is only loaded dynamically after your explicit consent — before that, no data is transferred to Google whatsoever. Personalised ads are only delivered after your consent. More information: Google Privacy Policy.

8. Your rights as a data subject

In accordance with section 26 of the Data Protection Act 2019 and Part IV of the General Data Protection Regulations 2021, you have the right to:

• be informed of the use to which your personal data is to be put;
• access your personal data in our custody;
• object to the processing of all or part of your personal data;
• correction of false or misleading personal data;
• deletion of false or misleading personal data;
• restriction of processing;
• data portability where technically feasible;
• withdraw consent at any time;
• lodge a complaint with the Office of the Data Protection Commissioner (odpc.go.ke).

To exercise these rights, please contact: hello@schnelligkeitstest.de.

9. Cross-border transfer of personal data

As we operate from Germany, personal data processed in server logs is processed in the European Union (Netlify regions) and may be transferred to the United States. Such transfers are carried out in accordance with sections 48 and 49 of the Data Protection Act 2019 and Part VI of the General Data Protection Regulations 2021, on the basis of appropriate safeguards including standard contractual clauses and certified frameworks of the recipient country.

10. Amazon Associates Programme (affiliate links)

On the recommendations page as well as on individual topic pages, we link to products via the Amazon Associates Programme. These links are labelled as "Ad" or "sponsored". If you click such a link and make a purchase, we receive a small commission — at no extra cost to you. A tracking cookie is set by Amazon to attribute the purchase. Legal basis: your consent through clicking. You may avoid this at any time by not clicking our affiliate links.

11. Data controller

See Legal Notice.