A. QR Batch | Privacy Policy
The Privacy Policy of Trycon Technologies Private Limited (QR Batch) has been updated on Jan 09, 2020. In addition, see QR Batch’s Commitment towards GDPR Compliance.
NON-LEGALESE, SIMPLE ENGLISH PRIVACY POLICY
- Trycon Technologies (parent company of product QR Batch) is fully-committed to protect the personal data of its customers and customer’s end-users
- From its customers, the company collects both personal information (email address, billing information, payment information, etc.) and non-personal information (browsing data, etc.). This information is solely used by the company or authorized third-party applications to serve the customers. This data is never used for unauthorized commercial gains in any way
- To use the products and services of QR Batch, the customer will share both personal information (e.g. contact information for Vcard QR Codes) and non-personal information (e.g., serial code for Simple Text QR Code). This information will be available to customers only and they have responsibility to make the data public (via QR Code campaigns) only if they own the data or have authorization to use the data
- The company shares both personal and non-personal information with third-party applications and service providers only after ensuring that they employ the best practices in data security, privacy policies, and regulatory compliance (including GDPR)
- The company employs the best-in-class data security strategies to ensure the protection of customers’ and end-users’ data. However, in cases of breaches, the company will inform the regulatory authorities and affected customers within 72 hours
- The company will retain the customers’ and end-users’ data for a maximum period of 26 months after the customer ceases to use the company’s applications. However, the customer will always have the right to either download all data or request permanent deletion
LEGAL PRIVACY POLICY
1. INTRODUCTION
This Privacy Policy of Trycon Technologies Private Limited (hereafter referred to as ‘Company’) describes the privacy practices of the company explaining when and how Trycon Technologies collects “customer” (users who purchase products and services of QR Batch) and “end-users” (users who engage with the content generated by the customer) information, how we use such information, and the circumstances under which we may disclose such information to third-party businesses, institutions, or personnel.
This Privacy Policy includes the policies that Trycon Technologies observes for compliance with laws in the State of Uttar Pradesh, India and international laws such as the GDPR, European Union. The privacy of our customers and end-users is of paramount importance to the company and applies to all products and services offered by Trycon Technologies.
2. DATA COLLECTION, PROCESSING & PURPOSE
During the lifecycle of using its products and services, the company collects both Personally Identifiable Information (PII) and non-Personally Identifiable Information either directly or via a third-party application or service.
As part of the company’s commitment to be transparent to its customers and end-users, we are sharing details on what data points are collected, at what stage, and for what purpose:
2.1 CUSTOMER DATA
This section outlines the data collected on the customers of the company i.e. the users who create QR Code batch with QR Batch.
2.1.1 Website/App Browsing (Without Login)
a. Browsing/Events Tracking: If you are browsing the web pages of our website, we gather non-personally identifiable information—such as web request, Internet Protocol address, browser type, browser language, the date and time of your request, browser user agent, one or more cookies that may uniquely identify your browser, referring URL/domain, activity time, and clicking activity. All such data collected is processed at an aggregate level and can never be tied to an individual.
Purpose: This data is sent to the following tracking tools—Google Analytics, Mixpanel, and Mouseflow—to generate aggregate-level insights on customer behavior. These insights allow our product team to optimize the journey and experience of our customers. Given below are important links to these third-party applications:
- Google Analytics: Privacy Policy | GDPR Compliance
- Mixpanel: Privacy Policy | GDPR Compliance
- Mouseflow: Privacy Policy | GDPR Compliance
b. Query Email: If you have a question related to our product or services, you can send us an email using the ‘Email Us’ option on the Support page. The data points that are collected are—Name, Email Address, Subject, and Message (Query)
Purpose: We require your name to personalize the conversation, email address to reach out to you with a response, and subject and message to understand your query thoroughly. This data is shared via email to authorized in-house customer support personnel only.
c. Query Chat: If you have a question related to our product or services, you can reach out to us via the chatbox option. If our customer support agents are unavailable, we request the user’s permission to collect the following data—Email Address
Purpose: The email address is used for follow-up responses. The chatbox and data are managed by a third-party application—Zendesk. The data collected by the application is used to serve our customer queries only and is never shared for any commercial gains.
2.1.2 Registration
As part of the registration of an account with QR Batch, the following data is collected and stored:
a. Valid Email Address
Purpose: A valid email address serves both as a Unique Username/Identifier as well as a point-of-contact to reach the customer for transactional notifications (e.g., introduction to dedicated support contact, purchase confirmation, batch progress alert, feature launch, feedback, activity reports, etc.)
b. Password (in case of Signup by Email)
Purpose: In case of signup by email method, we use the password (generated by the customer) to authorize access to the customer account and its data. The company or its employees will never ask for your password in an unsolicited phone call or email. However, you are responsible for maintaining the secrecy of your password and account information
c. Google Authorisation (in case of Signup by Google)
Purpose: In case of signup by Google, we will require authorization from a valid and logged Google account. Note that in case of Google authorization, we only receive the Email Address
2.1.3 Purchase of QR Code Batches
When you make a payment with QR Batch to create a batch of QR Codes, you are required to provide billing and payment information to complete the transaction:
a. Billing Information: Email address, phone number, physical contact information, transactional information, device ID, computer and connection information, IP address, standard web login information, etc.
Purpose: The billing information is required for the following purposes:
- To generate an official invoice complete with billing name and address as required by law
- To email the customer the invoice/sale receipt
- To maintain the sale records in case of any dispute (such as failure of batch progress)
- To aggregate data and generate internal reports for management, investors, and shareholders (e.g., monthly sales report, annual report, tax filing, etc.). As the company is a Private Limited, these reports are shared either privately with authorized personnel (management, investors, shareholders) or with regulatory authorities only
- To add the company logo on our website under “Our Customers” section if the company email address (i.e. with the domain name of the company) of the customer is used
b. Payment Information: Credit/Debit Card Number, Expiration Date, CVV Code
Purpose: The payment information is required to authorize a transaction with your bank/credit card account.
Note that QR Batch only receives an email copy of the invoice generated but never stores the payment information. Both billing and payment information is collected, managed, and processed by our payment gateway provider—Paddle
2.2 DATA SHARED BY CUSTOMER DURING QR CODE MANAGEMENT
When customers use QR Batch’s product and services—they can design and generate QR Codes in bulk. To generate these content pieces customers enter data in a spreadsheet or enter the data using our dashboard (e.g., Serial Code QR Code). This section outlines how QR Batch stores and processes this data.
2.2.1 QR Code Generation
Using QR Batch, it is possible to generate five types of QR Codes. To generate each of these QR Codes, customers are required to enter data for very specific fields. The open-ended nature of the content of the QR Codes means that the customer can add both PII and non-PII information for each category.
Given below is the exhaustive list of QR Codes with the required data-points:
a. Website URL QR Code: Spreadsheet with ‘Filename’ as the first column and ‘URL’ as the second
b. Simple VCard QR Code: Spreadsheet with ‘Filename’ as the first column and name, Company Name, Title, Email Address, Work Phone Number, Cell Phone Number, Fax, Website URL, Address Street, City, State, Postal Code, Country as subsequent columns
c. Simple Text QR Code: Spreadsheet with ‘Filename’ as first column and ‘Text’ as second
d. Serial Code QR Code: Prefix, start value, increment value, and end value
e. Random Code QR Code: Number of QR Codes, number of characters, selection of character sets
Purpose: In each of the cases above, the purpose of data collection is to allow the customer to share this information with end-users. No unnecessary datapoint is collected and in most cases, customers have the option to choose only the data points they need to share.
In most cases, QR Codes are made public via promotional print/web material. This means that the content of the QR Code (PII or non-PII) is visible to all end-users who scan the QR Code.
It is the responsibility of the customer to ensure that:
- The content encoded into the QR Code is owned by the customer OR
- The customer has the required authorization/consent to use the content encoded into the QR Code
QR Batch stores and transfers this content in encrypted format via its online databases to ensure maximum security of the data. QR Batch’s databases are managed by a third-party application—Amazon Web Services.
2.2.2 QR Code Designing
After generating the QR Codes, customers also have the option to design the QR Code batch.
In most cases, the design will be non-PII but in very specific cases the design elements can be PII (e.g. brand logo).
2.3 END-USER DATA
When customers print Static QR Codes on promotional or operational print/web material, end-users have the option to scan the QR Code. QR Batch doesn’t collect any data from the end-users.
Because Trycon Technologies allows you to add its outputs (QR Codes, URLs) on your promotional material (Print advertisements, Websites, Online Ads, Packaging etc.), you must register for an account for the desired services. The registration process asks for your personal information such as but not limited to:
- Email Address
- Password
By the nature of our Service, Trycon Technologies will gather non-personally identifiable statistics about the usage of our outputs in your promotions and store that information.
3. DISCLOSURE OF INFORMATION TO THIRD PARTIES
We may share with third parties certain pieces of aggregated, non-personal information (e.g., browsing analytics with Google Analytics), and personal information (e.g., email address with MailChimp for sign-up alert).
In all cases, we will ensure that the third party:
- Has good reputation and trustworthy customers
- Has an approachable and responsive support team
- Has robust privacy policies that aim at data protection and security
- Has taken adequate measures to be GDPR compliant
Further, we restrict access to personal information to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
4. DATA SECURITY
The company has implemented best-in-class security protocols to protect customer’s and end-user’s data. This data is maintained on the company servers from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of these security mechanisms include:
- Encryption of transit data with SSL (HTTPS)
- Encryption of rent data via AES256 protocol
- Staff access to data on a need basis only (e.g. ticket raised by customer, etc.)
- Staff access to third-party apps via multi-factor authentication only
However, please keep in mind that no security system is impenetrable. It may be possible for third parties to intercept or access the company’s customer data or end-user’s data in spite of these measures.
In case of data breaches, the company will inform the regulatory authorities and affected customers within 72 hours, as per GDPR guidelines.
However, the company cannot guarantee complete security of your information and cannot be held responsible for unauthorized access to customer accounts. It is the responsibility of the customer to ensure that the account email address and password are not shared with any unauthorized personnel.
5. DATA RETENTION, PORTABILITY & DELETION
As per the company’s privacy policy, we will store all data (from Section 2) of non-subscribing customers (non-paying user of our product and services) and their end-users for a maximum period of 26 months from the last date of subscription.
Purpose: The data will be retained to allow customers to reinstate their account and creations (QR Codes) within this period.
6. CHANGES TO THIS PRIVACY POLICY
The company retains the discretion to amend or modify this Privacy Policy from time to time. If we make material changes to the way we collect, use or disclose Personally Identifiable Information, we will notify you by posting a clear and prominent announcement on QR Batch Website/Application or through a direct communication to your QR Batch account.
7. CONTACT INFORMATION
To keep your personal data accurate, current, and complete, please contact us as specified below:
Trycon Technologies Private Limited
Address: 2, Rail Vihar, Sector 33, Noida, Uttar Pradesh, India 201301
Email: qrbatch.support@scanova.io
Phone: +1-855-440-7400
The terms and conditions along with privacy policies with all references constitute the sole and entire agreement of the parties to this agreement concerning the subject matter contained herein and supersedes all prior terms and conditions which were agreed by the Customer.
B. QR Batch | GDPR Compliance Commitment
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. The regulation outlines that EU residents will now have greater control over how their personal data is stored, processed, and used by organizations within or outside the EU or EEA. All organizations that process data of EU residents come under the purview of this regulation, irrespective of their location.
This regulation came into effect on May 25, 2018.
For more information on GDPR, see EU GDPR Official Website.
QR Batch’s Commitment
Trycon Technologies Private Limited (parent company of the product QR Batch) has always been committed to protect the data of its customers and users both through robust internal security processes and technological tools, irrespective of the location of our customers and end-users across the globe. But with GDPR coming in effect, the company will take extra measures to ensure that the QR Batch product is GDPR compliant.
QR Batch's GDPR Compliance
As a Data Controller, QR Batch is responsible for the way it collects, processes, and stores customer data. To ensure GDPR compliance, we have taken a series of measures to ensure that Data Subjects not only have full control over data they share but also to ensure that their data is extremely protected in every way.
Here is what QR Batch is doing to be GDPR compliant:
1. Full Transparency
To honor the ‘Right to be informed’ principle of GDPR, we have:
- Revamped our application interface to ensure that the customer understands in a clear and concise way at each stage what data is required and for what purpose
- Ensured that no Personally Identifiable Information (PII) of the customer can be collected without the explicit consent of the customer
- Updated our Privacy Policy in such a way that the customer can understand in detail how each datapoint in used, stored, or transferred to a trusted third-party application
2. Data Control
To honor the ‘Right of Access’, ‘Right to Rectification’, ‘Right to erasure’, ‘Right to restrict processing’, and ‘Right to Data Portability’ principles of GDPR, we have:
- Setup processes that allow customers to request a download of all data connected with them and serving such requests in a timely manner. Within a short period of time, we will be adding this feature to our application interface to make it easy for our customers to take this action on their own, without any delay
- Setup processes that allow customers to easily edit personal information (if any) anytime
- Setup processes that allow customers to request deletion of all data connected with them and serving such requests in a timely manner. Within a short period of time, we will be adding this feature to our application interface to make it easy for our customers to take this action on their own, without any delay
- Within a short period of time, we will be adding the feature that allows customers to control how often they receive transaction alerts, notifications, reports, and other content via email communication
- Ensured data minimization to ensure that we collect the exact data points we need to serve our customers in the best way possible and to eliminate all unnecessary data points
Setup processes to ensure that we retain data for a maximum period of 26 months after the customer has ceased to use our products and services through the method of non-subscription (compared to the case of ‘account delete’ where all data is erased immediately)
3. Data Security
As part of our GDPR compliance strategy, we have laid special emphasis on data security measures. Specifically, we have:
- Ensured that all data—at rest or in-transit—is secured via encryption using methods such as AES256 and SSL
- Ensured that access to customers’ data is limited to select personnel only
- Ensured that access to servers and third-party applications are protected using multi-factor authentication to prevent unauthorised access
- Added a layer of registered email verification that ensures only real customers use our products and services
- Setup logging algorithms to our servers and apps to ensure investigation capabilities and accountability
- Setup processes to notify regulatory authorities and affected customers about data breaches within 72 hours
For any queries regarding our Privacy Policy or GDPR compliance, reach out to us at support@qrbatch.io.