Privacy Policy

1. Introduction and Applicable Law

This Privacy Policy describes how TFB Beyond UG (i.G.) ("we", "us", or "our") collects, processes and protects personal data when you use easyfreeqr.com. As a service provider operating from within the European Union and offering the service to users in Malta, we process personal data in accordance with:

• The EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR");
• The Maltese Data Protection Act (Chapter 586 of the Laws of Malta);
• Subsidiary Legislation 586.01 — Processing of Personal Data (Secondary Processing) Regulations and related subsidiary legislation;
• The Electronic Communications (Regulation) Act (Chapter 399 of the Laws of Malta) and Subsidiary Legislation 440.01 governing electronic communications privacy and cookies (Malta's transposition of the EU ePrivacy Directive 2002/58/EC).

In Malta, the supervisory authority responsible for data protection is the Information and Data Protection Commissioner (IDPC).

2. Data Controller

The data controller responsible for the processing of personal data on this website is:

TFB Beyond UG (i.G.)
Blieschendorferweg 24
23769 Fehmarn, Germany
Email: hello@schnelligkeitstest.de

3. Data Processing in Your Browser

QR code generation on easyfreeqr.com takes place entirely in your browser (client-side, in JavaScript). The information you enter — URLs, text, Wi-Fi credentials, contact details, uploaded logos and similar — is never transmitted to our servers, but is processed exclusively on your own device. We do not substitute your link with a tracking URL: the scanned QR code contains exactly the data you entered, with nothing added or removed.

4. Server Logs and Hosting

When you access the website, certain technical data (IP address, browser user agent, requested URL, timestamp and HTTP referrer) is stored in standard server logs by our hosting provider, Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA. Although our servers are operated by a US-based provider, Netlify is certified under the EU-US Data Privacy Framework, which provides an adequate level of protection for personal data transferred from the European Union to the United States in line with the European Commission's adequacy decision of 10 July 2023.

Legal basis: Article 6(1)(f) GDPR (legitimate interests — operational security and the proper functioning of the website). Retention: server logs are automatically deleted after 7 days.

5. External Content Delivery Networks (jsDelivr)

When you load the page, the following JavaScript libraries are delivered via the jsDelivr CDN (operated by Prospect One Sp. z o.o. through Cloudflare and Fastly):

• qr-code-styling — for the actual QR code generation;
• jsPDF — for downloading the QR code as a PDF;
• Simple Icons — for official platform logos (Instagram, Facebook, etc.; only when "Social Media" is selected).

During loading, your IP address, browser user agent and HTTP referrer are transmitted to jsDelivr, Cloudflare and Fastly. We use these CDNs for performance and reliability reasons. Transmission takes place either to data centres within the European Union or to servers operated by organisations certified under the EU-US Data Privacy Framework. We employ Subresource Integrity (SRI) to prevent tampering with the loaded scripts. Legal basis: Article 6(1)(f) GDPR (legitimate interest in delivering a fast, reliable and secure service).

6. Cookies and Similar Technologies

Under the Electronic Communications (Regulation) Act (Cap. 399) and Subsidiary Legislation 440.01, storing information on, or accessing information stored in, your device requires your prior informed consent — except where strictly necessary to provide a service you have explicitly requested. easyfreeqr.com uses only the following:

• Strictly necessary cookies / local storage (kept in your browser via localStorage): used to remember your cookie preferences. No prior consent is required for these as they are essential to providing the service you requested.
• Advertising cookies (Google AdSense) — only set with your explicit, freely given and informed consent. Legal basis: Article 6(1)(a) GDPR (consent), in conjunction with Maltese ePrivacy rules.

You may withdraw your consent at any time, with effect for the future, by clicking the "Cookie settings" button in the footer. Withdrawing consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

7. Google AdSense (only after consent)

This website uses Google AdSense, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to display advertisements. The AdSense script is only loaded dynamically after you give explicit consent — before that, no data is transferred to Google. Once consent is given, Google may set cookies and process personal data (including your IP address, browser identifiers and ad interaction data) to deliver, measure and personalise advertisements.

Personalised advertising is only delivered after your consent, signalled via Google Consent Mode v2. Where Google transfers data outside the European Economic Area, it relies on Standard Contractual Clauses and its EU-US Data Privacy Framework certification. Legal basis: Article 6(1)(a) GDPR (consent). For full details, please consult the Google Privacy Policy.

8. Amazon Associates Programme (affiliate links)

On the recommendations page and on certain topic pages we include links to products through the Amazon Associates Programme (Amazon EU S.à r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg). Such links are clearly marked as "Ad" or "sponsored" in line with Maltese and EU consumer protection rules on commercial communications.

If you click such a link and subsequently make a purchase on Amazon, we receive a small commission — at no additional cost to you. When you click an affiliate link, Amazon sets a tracking cookie to attribute the purchase to our account. Legal basis: Article 6(1)(a) GDPR (consent — you actively decide by clicking the link). You may prevent this at any time by disabling cookies in your browser or by simply not clicking affiliate links.

Amazon's privacy information is available at: Amazon Privacy Policy.

9. International Data Transfers

Some of the service providers we rely on (notably Netlify, jsDelivr's CDN partners and Google) may process personal data outside the European Economic Area, including in the United States. Where this occurs, transfers are protected through one or more of the following safeguards under Chapter V of the GDPR:

• An adequacy decision of the European Commission (including the EU-US Data Privacy Framework);
• Standard Contractual Clauses approved by the European Commission;
• Other appropriate safeguards as permitted under Articles 46-49 GDPR.

10. Your Rights as a Data Subject

Under the GDPR and the Maltese Data Protection Act (Cap. 586), you have the following rights with respect to your personal data:

• Right of access (Article 15 GDPR) — to obtain confirmation of whether we process your personal data and a copy of that data;
• Right to rectification (Article 16 GDPR) — to have inaccurate personal data corrected or incomplete data completed;
• Right to erasure ("right to be forgotten", Article 17 GDPR);
• Right to restriction of processing (Article 18 GDPR);
• Right to data portability (Article 20 GDPR) — to receive your data in a structured, commonly used, machine-readable format;
• Right to object to processing (Article 21 GDPR), including objection to direct marketing;
• Right to withdraw consent at any time, where processing is based on consent (Article 7(3) GDPR);
• Right not to be subject to automated decision-making with legal or similarly significant effects (Article 22 GDPR).

To exercise any of these rights, please contact us by email at hello@schnelligkeitstest.de. We will respond to your request within 30 days (one month) in line with Article 12(3) GDPR. Where requests are complex or numerous, this period may be extended by a further two months; we will notify you in such a case. Exercising these rights is free of charge unless requests are manifestly unfounded or excessive.

11. Right to Lodge a Complaint with the IDPC

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (Article 77 GDPR), in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. In Malta, the competent supervisory authority is:

Information and Data Protection Commissioner (IDPC)
Floor 2, Airways House
High Street, Sliema SLM 1549, Malta
Email: idpc.info@idpc.org.mt
Website: idpc.org.mt

The IDPC operates a complaint procedure that allows individuals to submit complaints in writing, including via the online forms made available on the IDPC website. We would, however, appreciate the opportunity to address your concerns directly before you involve the IDPC — please feel free to contact us first.

12. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR. These include HTTPS/TLS encryption for all traffic to and from the website, Subresource Integrity (SRI) for third-party scripts, and the principle of data minimisation — most notably, the fact that the QR code generation itself happens entirely on your device and never reaches our servers.

13. Children's Privacy

easyfreeqr.com is a general-audience service and is not directed at children. In line with Article 8 GDPR as transposed in Malta, where consent is required for information society services offered directly to a child, the processing is only lawful if the child is at least 13 years old (the age set by Maltese law under Article 4 of Subsidiary Legislation 586.10). For users below this age, consent must be given or authorised by the holder of parental responsibility.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other reasons. The "Last updated" date at the top of this page will indicate when the policy was most recently revised. Where changes are material, we will take reasonable steps to bring them to your attention.

15. Contact and Further Information

For any questions about this Privacy Policy or our data processing practices, please see our Legal Notice or contact us at hello@schnelligkeitstest.de.