GDPR Compliance

Last updated: 11/19/2025

Our Commitment to GDPR

QR Ninja is committed to protecting the privacy and data rights of all users, including those in the European Union. We comply with the General Data Protection Regulation (GDPR) and have implemented measures to ensure your data is handled lawfully, fairly, and transparently.

Your GDPR Rights

Under GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to certain types of data processing
  • Rights Related to Automated Decision Making: Not be subject to automated decisions without human intervention

How to Exercise Your Rights

You can exercise your GDPR rights by:

  1. Accessing your account settings to view, update, or delete your information
  2. Contacting our Data Protection Officer at privacy@qr-ninja.com
  3. Using our self-service data export and deletion tools in your account

We will respond to your request within 30 days.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: To provide our services and fulfill our contractual obligations
  • Consent: Where you have given explicit consent for specific processing activities
  • Legitimate Interest: To improve our services, prevent fraud, and ensure security
  • Legal Obligation: To comply with applicable laws and regulations

Data Protection Measures

We have implemented appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication measures
  • Data minimization and pseudonymization where possible
  • Employee training on data protection
  • Data processing agreements with third-party processors

International Data Transfers

Your data may be transferred and processed in countries outside the EU. We ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Hosting data in Azure data centers with appropriate safeguards
  • Ensuring third-party processors comply with GDPR standards

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected users without undue delay
  • Provide information about the nature of the breach and steps being taken

Contact Our Data Protection Officer

For any questions about our GDPR compliance or to exercise your rights, contact our Data Protection Officer:

Email: privacy@qr-ninja.com

You also have the right to lodge a complaint with your local supervisory authority if you believe we have not complied with GDPR requirements.