Privacy Policy

1. Introduction and Applicable Law

This Privacy Policy describes how easyfreeqr.com (operated by TFB Beyond UG (i.G.), Germany) handles personal data of users accessing the website from Singapore. The operator is a foreign provider established in Germany. Processing is governed primarily by the EU General Data Protection Regulation (GDPR) and German law. To the extent it applies to a foreign provider, we also aim to honour the obligations of the Personal Data Protection Act 2012 of Singapore ("PDPA"), as administered by the Personal Data Protection Commission (pdpc.gov.sg).

2. Data Processing in the Browser

QR code generation on easyfreeqr.com takes place entirely in your browser (client-side, in JavaScript). The data you enter (URLs, text, Wi-Fi credentials, contact details, uploaded logos, etc.) is not transmitted to our servers; it is processed directly on your own device. We do not replace your link with a tracking URL — the QR code that is scanned contains exactly what you entered.

3. Server Logs (Hosting)

When you access the website, technical data (IP address, user agent, requested URL, timestamp, referrer) is recorded by our hosting provider — Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA — in standard server logs. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational security and abuse prevention). The data is deleted automatically after 7 days. Netlify is certified under the EU-US Data Privacy Framework. By accessing the website from Singapore, you acknowledge that limited technical data may be transferred outside Singapore for these purposes.

4. External CDNs (jsDelivr)

When the page loads, the following JavaScript libraries are fetched via the jsDelivr CDN (operated by Prospect One Sp. z o.o., delivered via Cloudflare and Fastly):

• qr-code-styling — for QR code generation
• jsPDF — for the PDF download
• Simple Icons — for official platform logos (only when "Social Media" is selected)

In the course of loading, your IP address, user agent and referrer are transmitted to jsDelivr / Cloudflare / Fastly. We use these CDNs for performance reasons (Art. 6(1)(f) GDPR). Transmission takes place only to data centres within the EU or to servers certified under the EU-US Data Privacy Framework. We use Subresource Integrity (SRI) to prevent tampering with the loaded scripts.

5. Cookies

We use the following only:

• Strictly necessary storage (browser localStorage): saves your cookie choice and theme/language preference. Legal basis: § 25(2) no. 2 TDDDG (Germany).
• Advertising cookies (Google AdSense) — only with your explicit consent. Legal basis: § 25(1) TDDDG read with Art. 6(1)(a) GDPR; consent within the meaning of section 13 PDPA.

You may withdraw your consent at any time via the "Cookie settings" button in the footer.

6. Google AdSense (Only After Consent)

This website uses Google AdSense (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to deliver advertisements. The AdSense script is only loaded after your explicit consent; until then, no data is transmitted to Google. Once loaded, Google uses cookies to deliver relevant advertisements. Personalised advertisements are served only after your consent (via Consent Mode v2). Further information: Google Privacy Policy.

7. Your Rights Under the PDPA

To the extent the Personal Data Protection Act 2012 of Singapore applies to a foreign provider, you have the following rights in respect of personal data we hold about you:

• Right of access — to be informed of personal data about you in our possession or under our control, and the ways in which it has been or may have been used or disclosed within the past year (section 21 PDPA).
• Right of correction — to request correction of an error or omission in personal data about you (section 22 PDPA).
• Right to withdraw consent — on giving reasonable notice (section 16 PDPA).
• Right to data portability — once the relevant provisions of the PDPA are in force.

Requests should be addressed to hello@schnelligkeitstest.de. We will respond within a reasonable time, typically within 30 days. A modest fee may be charged in accordance with the PDPA for access requests, of which you will be notified in advance.

8. Data Protection Officer / Grievance Contact

Pursuant to section 11(3) PDPA, the person responsible for compliance with the PDPA at our organisation is:

Goran Martinovic
Email: hello@schnelligkeitstest.de
TFB Beyond UG (i.G.), Blieschendorferweg 24, 23769 Fehmarn, Germany

If a grievance is not resolved to your satisfaction, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore at www.pdpc.gov.sg.

9. Your Rights Under the GDPR

In respect of the limited personal data we process (server logs, AdSense cookies after consent), you also have rights under the GDPR:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Lodge a complaint with a supervisory authority (Art. 77 GDPR)

10. Transfer Limitation

In accordance with section 26 PDPA, we ensure that any personal data transferred outside Singapore is afforded a standard of protection comparable to that under the PDPA. The website is hosted in the EU/EEA and (for technical purposes) on servers certified under the EU-US Data Privacy Framework, which together with the GDPR provide a high level of protection.

11. Amazon Associates Programme (Affiliate Links)

On the /empfehlungen/ page and on individual topic pages, we may link to products via the Amazon Associates Programme. Such links are labelled as "Ad" or "sponsored". If you click such a link and subsequently make a purchase on Amazon, we may receive a small commission — at no extra cost to you. A tracking cookie is then set by Amazon for attribution purposes. Legal basis: Art. 6(1)(a) GDPR and your consent within the meaning of the PDPA. You may prevent this at any time by disabling cookies in your browser or by not clicking such links.

Amazon privacy information: Amazon Privacy Policy.

12. Do Not Call Provisions

We do not engage in telemarketing in Singapore and do not send marketing messages to Singapore telephone numbers. The Do Not Call provisions of Parts 9 and 9A of the PDPA are therefore not engaged.

13. Children's Data

The website is not directed at children. We do not knowingly collect personal data of children. Under PDPC guidance, processing of personal data of minors below the age of 13 requires the consent of a parent or legal guardian.

14. Changes to this Policy

We may update this Privacy Policy from time to time. The current version is always available on this page, with the "Last updated" date shown at the top.

15. Responsible Party

Please see the Legal Notice for our full contact details.