Privacy Policy

1. Introduction and scope

This Privacy Policy explains how easyfreeqr.com (the "service"), operated by TFB Beyond UG (i.G.), Germany (the "operator", "we", "us"), handles personal data of users accessing the service from Pakistan. Pakistan does not yet have a comprehensive general data protection statute in force; the Personal Data Protection Bill has been under consideration / pending enactment for several years. Until such a law is enacted and brought into force, we voluntarily apply the principles of the proposed Bill, the privacy-relevant provisions of the Prevention of Electronic Crimes Act, 2016 (PECA), and internationally recognised data protection standards (such as the EU General Data Protection Regulation, "GDPR") as best practice.

2. Data processing in the browser

QR code generation on easyfreeqr.com takes place entirely in your browser (client-side in JavaScript). The data you enter (URLs, texts, Wi-Fi credentials, contact details, uploaded logos, etc.) is never transmitted to our servers; it is processed directly on your device. We do not replace your link with a tracking URL — the scanned QR code contains exactly the data you entered.

3. Server-side logs (hosting)

When you access the website, technical data (IP address, user agent, requested URL, timestamp, referrer) is stored by the hosting provider (Netlify Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA) in server logs as standard. This data is processed for operational security and to deliver the website to you, in line with our legitimate interests as operator. Logs are automatically deleted after 7 days.

4. External CDNs (jsDelivr)

The following JavaScript libraries are loaded via the jsDelivr CDN (operated by Prospect One Sp. z o.o., delivered through Cloudflare and Fastly):

• qr-code-styling — for QR code rendering
• jsPDF — for the PDF download
• Simple Icons — for official platform logos (Instagram, Facebook, etc.; only when "Social Media" is selected)

During loading, your IP address, user agent and referrer are transmitted to the CDN. We use these CDNs for performance reasons. We apply Subresource Integrity (SRI) to prevent tampering with the loaded scripts.

5. Cookies

We use only the following:

• Strictly necessary storage (local in the browser, localStorage): stores your cookie/consent choice so that we do not ask again on every visit.
• Advertising cookies (Google AdSense) — only after your explicit consent.

You may withdraw your consent at any time via the "Cookie settings" footer button.

6. Google AdSense (only after consent)

This website may display advertisements via Google AdSense (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The AdSense script is loaded dynamically only after your explicit consent — before that, no data is transferred to Google. Once loaded, Google may use cookies to serve relevant ads. Personalised advertising is delivered only when you have given consent via Consent Mode v2. More information: Google Privacy Policy.

7. Amazon Associates Programme (affiliate links)

On the recommendations page as well as on individual topic pages, we link to products through the Amazon Associates Programme. These links are labelled as "Ad" or "sponsored". If you click such a link and then make a purchase on Amazon, we receive a small commission — at no extra cost to you. When you click an affiliate link, a tracking cookie is set by Amazon to attribute the purchase. You can prevent this by disabling cookies in your browser or by not clicking our affiliate links. Amazon privacy information: Amazon Privacy Notice.

8. Your rights (best-practice rights based on the Personal Data Protection Bill and GDPR)

In line with the proposed Personal Data Protection Bill (Pakistan) and internationally recognised standards (GDPR), we offer the following rights to users:

• Right to be informed about how your personal data is being processed;
• Right of access to the personal data we hold about you;
• Right to rectification of inaccurate or incomplete data;
• Right to erasure of your personal data where the conditions for erasure are met;
• Right to restrict or object to processing in certain circumstances;
• Right to data portability for data you have provided to us;
• Right to withdraw consent at any time, without affecting the lawfulness of processing carried out beforehand;
• Right not to be subject to solely automated decisions producing legal or similarly significant effects.

To exercise any of these rights, please contact us at hello@schnelligkeitstest.de.

9. Prevention of Electronic Crimes Act, 2016 (PECA)

The Prevention of Electronic Crimes Act, 2016 (PECA) contains provisions on the protection of personal information and electronic communications, including offences relating to unauthorised access to or use of personal data, identity crimes, and electronic fraud. We process personal data in a manner that we believe is consistent with these provisions, and we do not knowingly engage in any activity that would constitute an offence under PECA. We may cooperate with lawful requests from competent authorities (such as the Federal Investigation Agency, FIA) where required by law.

10. Role of the Pakistan Telecommunication Authority (PTA)

Internet content and electronic communications in Pakistan are regulated, among others, by the Pakistan Telecommunication Authority (PTA). We respect lawful directions issued by the PTA in respect of unlawful content. Users acknowledge that their use of the service is also subject to applicable PTA regulations and any other Pakistani laws in force from time to time.

11. International data transfers

The operator is based in Germany. The hosting provider (Netlify) operates from the United States, and CDN providers operate global infrastructure. Where personal data is transferred outside Pakistan, we rely on contractual safeguards offered by these providers and, where applicable, internationally recognised data protection frameworks (such as the EU-US Data Privacy Framework and EU Standard Contractual Clauses).

12. Data security

We use TLS/HTTPS encryption for the website, Subresource Integrity (SRI) for third-party scripts, and we minimise data collection at the source by performing QR generation entirely in the user's browser. We rely on the security measures of our hosting and CDN providers in respect of the technical infrastructure.

13. Children's data

The service is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided personal data through our service, please contact us so that we can take appropriate steps.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our service or in applicable law (including the eventual enactment and entry into force of the Personal Data Protection Bill in Pakistan). The current version is always available on this page; the "Last updated" date at the top indicates the most recent revision.

15. Data controller / responsible party

See Legal Notice for full provider and contact details.