MyQrWorld Logo

PRIVACY POLICY

GENERAL NOTICE AND MANDATORY

DESIGNATION OF THE RESPONSIBLE BODY

The responsible body for data processing on this website is:

Bourbon Studios
myqr.world
Marie-Elisabeth-Lüders-Weg 4
50354 Hürth
NRW Germany
E-Mail: [email protected]

The responsible body decides alone or jointly with others on the purposes and means of the processing of personal data (e.g. names, contact details, etc.).

REVOCATION OF YOUR CONSENT TO DATA PROCESSING

Some data processing operations are only possible with your express consent. A revocation of your already given consent is possible at any time. An informal communication by e-mail is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

RIGHT TO COMPLAIN TO THE COMPETENT SUPERVISORY AUTHORITY

As a concerned party, you have the right to file a complaint with the responsible supervisory authority in the event of a data protection violation. The responsible supervisory authority regarding data protection issues is the state data protection commissioner of the federal state in which our company's registered office is located. The following link provides a list of data protection officers and their contact details: BfDi NRW.

RIGHT TO DATA TRANSFER

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be carried out as far as technically possible.

RIGHT TO INFORMATION, CORRECTION, BLOCKING, DELETION

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, the origin of the data, their recipients and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the imprint.

SSL- RESP. TLS- ENCRYPTION

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This is to prevent third parties from reading the data that you transmit via this website. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line. The web server uses SSL certificates issued by Let's Encrypt, among other methods, and these certificates are renewed at least every 90 days.

SERVER-LOG-FILES

When you access this website and individual sub-pages, the browser on your end device automatically sends information to the server that operates this website. In the process, the following information is stored in log files (which may be common text files):

  • IP address of the requesting computer,

  • Date and time of access,

  • Name and URL of the file accessed,

  • Website from which the access is made (referrer URL),

  • Browser used and, if applicable, the operating system of your computer,

  • Status codes and amount of data transferred,

There is no merging of this data with other data sources. The data processing is based on Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. The data of the server logs are used for the evaluation of security abuses and implementation of security measures.

PURPOSE AND LEGAL BASIS

The legal basis for data processing is Art. 6 para. p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection outlined above.

  • Provision of the content including all functions and content.

  • Ensuring a smooth connection setup of the websites

  • Ensuring system security and stability

  • Disclosure to law enforcement authorities if an unlawful interference/attack on the operating or supporting system has occurred

  • Administrative purposes

STORAGE DURATION

The server log files are stored for at least 7 days. 

This depends strongly on the service used. We aim that log data is not kept longer than necessary.

CLOUDFLARE

For the operation of our frontend, the service Cloudflare Pages is used.

This is a service for deploying and scaling frontend applications like this website. Furthermore, Cloudflare is a Content Delivery Network (CDN), which is a network of servers in different data centers around the world.

 

When using a CDN, static content of your website (like images, videos, audios, documents or CSS, HTML or JavaScript files) are cached and stored on different servers around the world. These servers are called replica servers.

Processing company

Cloudflare Inc.101 Townsend St.San FranciscoCA 94107United States of America

USE OF CLOUDFLARE

Due to the described functionality of CDNs with worldwide replica servers, loading times and thus the performance factor of the website are improved. Since content from the website is cached on Cloudflare's servers during the process, Cloudflare qualifies as a service provider according to Article 1, Paragraph 1 of the German Telemedia Act (TMG).

TYPE AND SCOPE OF PROCESSING

  • IP address

  • System configuration information

  • Name of the website

  • Date and time of the request

  • Name and URL of the retrieved file

  • Amount of data transferred

  • Status information

  • Device operating system

  • Referrer URL

  • Requesting provider

  • Device type

  • Time of server request

Legal basis

The following is the required legal basis for the processing of data

  • Art. 6 para. 1 p. 1 lit. f DSGVO

Protection of your data

Cloudflare currently complies with the following requirements of various certifications: ISO 27001, ISO 27701, ISO 27018, SOC 2 Type II and PCI DSS Level 1 compliance. 

Amazon Web Services (AWS)

Currently, the following services are used by AWS:

  • AWS S3

  • AWS Lambda

AWS S3

AWS S3 is a service that allows any type of a file to be stored in Amazon's cloud. These files can be stored securely due to redundancy and mirroring.

AWS Lambda

Quote from AWS: "AWS Lambda is a serverless, event-driven computing service that lets you run code for virtually any type of application or backend service without provisioning or managing servers."

We use AWS Lambda to provide our interfaces in an optimized way, representing our "backend" of the software architecture.

The interface, like any other cloud service, collects the following data.

  • IP address

  • System configuration information

  • Name of the website

  • Date and time of the request

  • Name and URL of the retrieved file

  • Amount of data transferred

  • Status information

  • Device operating system

  • Referrer URL

  • Requesting provider

  • Device type

  • Time of the server request

  • Duration of the server request

NEON DB

NeonDB is a service offered by Neon, Inc. This service makes it possible to manage databases in the cloud. These are not operated by Neon, Inc. but by:Amazon Web Services, Inc.410 Terry Avenue North, SeattleWA 98109-5210, U.S.A.

Neon, Inc. provides a very user-friendly and secure database management interface. In addition, Neon, Inc. allows optimizing the performance of the application and keeping it at a constant level at all times.

UMAMI

TYPE AND EXTENT OF PROCESSING

We use the open source software tool Umami on our website to track activity on the website. The tool does not set cookies. It collects data using JavaScript and sends it to the interface we set up. Umami is operated by us on a VPS. The software runs exclusively on the servers of our company. A storage of your personal data only takes place there. The data is not passed on to third parties. The scope of tracking:

  • Two bytes of the IP address of the user's calling system (anonymized IP address).

  • The web page called up

  • The website from which the user accessed the accessed website (referrer)

  • The subpages accessed from the accessed website

  • The length of time spent on the web page

  • The frequency with which the web page is called up

  • The time of the loading duration

  • Browser resp. user agent

PURPOSE AND LEGAL BASIS

We process your data with the help of the analysis software Umami for the purpose of evaluating the use of individual components and contents of our website. There is no legal or contractual obligation to provide your data, as these cannot be assigned to a person after the data records have been stored, as the IP address is transmitted anonymously.

STORAGE DURATION

The concrete storage period of the processed data is not limited and can be stored permanently due to the anonymization of the IP.

E-MAIL TRAFFIC

For the management of the e-mail traffic, a web space (storage space on the web) was booked as part of a web hosting tariff with the following provider:

DomainFactory GmbHc/o WeWorkNeuturmstrasse 580331 Munich Germany Privacy policy DomainFactory GmbH

PURPOSE

Enable communication/contact via e-mail.

STORAGE DURATION

Until the purpose of the received email is fulfilled or request for deletion by the sender of the received email..

OTHER DATA PROCESSORS

The data processor or processor (EU-DSGVO) is: "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller" (source: Art. 4, para. 8, EU-DSGVO).

In order to provide the user of this website with a certain level of transparency as to where the user's data is processed, we offer a listing of the so-called data processors.

Sources:Privacy Configurator from Mein-Datenschutzbeauftragter.de