Privacy Policy

1. Introduction and Applicable Law

This Privacy Policy explains how easyfreeqr.com (operated by TFB Beyond UG (i.G.), Germany) handles personal data of users accessing the website from Malaysia. The operator is a foreign provider established in Germany. Processing of personal data is governed primarily by the EU General Data Protection Regulation (GDPR) and German law. To the extent it applies to a foreign provider, we also aim to honour the principles of the Personal Data Protection Act 2010 of Malaysia ("PDPA Malaysia"), as amended by the Personal Data Protection (Amendment) Act 2024, and as administered by the Personal Data Protection Department (Jabatan Perlindungan Data Peribadi, JPDP).

2. Data Processing in the Browser

QR code generation on easyfreeqr.com is performed entirely in your browser (client-side, in JavaScript). The data you enter (URLs, text, Wi-Fi credentials, contact details, uploaded logos, etc.) is not transmitted to our servers; it is processed directly on your own device. We do not replace your link with a tracking URL — the QR code that is scanned contains exactly the data you entered.

3. Server Logs (Hosting)

When you access the website, technical data (IP address, user agent, requested URL, timestamp, referrer) is recorded by our hosting provider — Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA — in standard server logs. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational security and abuse prevention). The data is deleted automatically after 7 days. Netlify is certified under the EU-US Data Privacy Framework.

4. External CDNs (jsDelivr)

When the page loads, the following JavaScript libraries are fetched via the jsDelivr CDN (operated by Prospect One Sp. z o.o., delivered via Cloudflare and Fastly):

• qr-code-styling — for QR code generation
• jsPDF — for the PDF download
• Simple Icons — for official platform logos (only when "Social Media" is selected)

In the course of loading, your IP address, user agent and referrer are transmitted to jsDelivr / Cloudflare / Fastly. We use these CDNs for performance reasons (Art. 6(1)(f) GDPR). Transmission takes place only to data centres within the EU or to servers certified under the EU-US Data Privacy Framework. We use Subresource Integrity (SRI) to prevent tampering with the loaded scripts.

5. Cookies

We use only the following:

• Strictly necessary storage (browser localStorage): saves your cookie choice and theme/language preference.
• Advertising cookies (Google AdSense) — only with your explicit consent. Legal basis: Art. 6(1)(a) GDPR and consent within the meaning of section 6(1) PDPA Malaysia.

You may withdraw your consent at any time via the "Cookie settings" button in the footer.

6. Google AdSense (Only After Consent)

This website uses Google AdSense (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to deliver advertisements. The AdSense script is only loaded after your explicit consent; until then, no data is transmitted to Google. Once loaded, Google uses cookies to deliver relevant advertisements. Personalised advertisements are served only after your consent (via Consent Mode v2). Further information: Google Privacy Policy.

7. PDPA Malaysia – Personal Data Protection Principles

To the extent the PDPA Malaysia applies to our processing in respect of users in Malaysia, we observe the seven Personal Data Protection Principles set out in Part II of the Act, namely:

• General Principle (lawful, consent-based processing)
• Notice and Choice Principle
• Disclosure Principle
• Security Principle
• Retention Principle
• Data Integrity Principle
• Access Principle

8. Your Rights as a Data Subject

Under the PDPA Malaysia you have the following statutory rights in respect of personal data we process about you:

• Right of access (section 30)
• Right of correction (section 34)
• Right to withdraw consent (section 38)
• Right to prevent processing likely to cause damage or distress (section 42)
• Right to prevent processing for direct marketing (section 43)
• Right to data portability — introduced by the Personal Data Protection (Amendment) Act 2024, subject to the operative provisions and any implementing regulations issued by the JPDP

Please direct any requests to hello@schnelligkeitstest.de. We aim to respond within 21 days, in line with section 31 PDPA. A modest fee may be charged in accordance with the PDPA for access requests, of which you will be informed in advance.

9. 2024 Amendments and Data Breach Notification

The Personal Data Protection (Amendment) Act 2024 introduced, among other things, an obligation of mandatory data-breach notification to the Personal Data Protection Commissioner and to affected data subjects, the appointment of a Data Protection Officer (DPO) for certain data users, and recognition of biometric data as sensitive personal data. Where these obligations apply to us, we will comply with the relevant thresholds and timelines stipulated under the JPDP guidelines.

10. Data Protection Officer / Grievance Contact

The person responsible for compliance with this Privacy Policy at our organisation is:

Goran Martinovic
Email: hello@schnelligkeitstest.de
TFB Beyond UG (i.G.), Blieschendorferweg 24, 23769 Fehmarn, Germany

If a grievance is not resolved to your satisfaction, you may lodge a complaint with the Personal Data Protection Department (JPDP) of Malaysia (Jabatan Perlindungan Data Peribadi).

11. Cross-Border Transfer of Personal Data

Because the website is operated from Germany, any limited personal data we receive (in particular server logs) is processed within the European Union and/or in third countries that provide an adequate level of protection (such as recipients certified under the EU-US Data Privacy Framework). We rely on the relevant cross-border transfer provisions of the PDPA Malaysia (section 129, as amended), in particular adequacy and the safeguards available within the EU/EEA.

12. Your Rights Under the GDPR

For the limited personal data we process (server logs, AdSense cookies after consent), you also have rights under the GDPR:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Lodge a complaint with a supervisory authority (Art. 77 GDPR)

13. Amazon Associates Programme (Affiliate Links)

On the /empfehlungen/ page and on individual topic pages, we may link to products via the Amazon Associates Programme. Such links are labelled as "Ad" or "sponsored". If you click such a link and subsequently make a purchase on Amazon, we may receive a small commission — at no extra cost to you. A tracking cookie is then set by Amazon for attribution purposes. Legal basis: Art. 6(1)(a) GDPR and consent within the meaning of the PDPA Malaysia. You may prevent this at any time by disabling cookies in your browser or by not clicking such links.

Amazon privacy information: Amazon Privacy Policy.

14. Children's Data

The website is not directed at children. We do not knowingly collect personal data of children. Processing of personal data of a person below the age of 18 in Malaysia requires the consent of a parent, guardian or person who has parental responsibility, in accordance with section 12 PDPA Malaysia.

15. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in law (including further amendments to the PDPA Malaysia or JPDP guidelines) or in our processing practices. The current version is always available on this page with the "Last updated" date shown at the top.

16. Responsible Party

Please see the Legal Notice for our full contact details.