GDPR Compliance

At OrbitQR, we are fully committed to complying with the General Data Protection Regulation (GDPR). This regulation provides EU citizens with greater control over their personal data. We have implemented robust processes and security measures to protect the data of all our users, regardless of their location.

This page outlines our approach to GDPR, your rights, and how we handle your data responsibly.

Newtum Solutions Private Limited is the data controller for the personal data you provide to OrbitQR. If you have any questions about this privacy policy or our data protection practices, you can contact our Data Protection Officer.

We collect and process the following types of data:

• Identity and Contact Data: Name, email address, and password when you register for an account.
• Content Data: Information you provide to generate QR codes, such as URLs, text, contact details for vCards, and event information.
• Transaction Data: Details about payments and subscriptions if you upgrade to a paid plan.
• Analytics Data: Anonymized scan statistics for your QR codes, including time, country, device type, and browser. We do not track or store personal data of the people who scan your QR codes.
• Technical Data: IP address, browser type, and operating system for security and analytical purposes.

We use your data for the following purposes:

• To provide and maintain our service, including creating and managing your QR codes.
• To manage your account and subscriptions.
• To provide you with analytics on your QR code performance.
• To communicate with you about service updates, security alerts, and support messages.
• To improve our website, services, and marketing efforts.
• To prevent fraud and ensure the security of our platform.

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Account Data: Retained for as long as your account is active. If you delete your account, your data will be permanently deleted within 90 days.
• QR Code & Scan Data: Retained according to your subscription plan's data retention policy. Data for expired free or trial accounts may be deleted after a period of inactivity.

Under GDPR, you have several rights concerning your personal data.

• The Right to Access: You can request a copy of the personal data we hold about you.
• The Right to Rectification: You have the right to request correction of any inaccurate personal data.
• The Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data.
• The Right to Restrict Processing: You can ask us to suspend the processing of your personal data in certain scenarios.
• The Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format.
• The Right to Object: You have the right to object to our processing of your personal data where we are relying on a legitimate interest.

You can exercise your rights in the following ways:

• Most of your data can be accessed, updated, or deleted directly from your Dashboard Settings.
• To delete your account and all associated data, please use the account deletion option in your settings or contact our support team.
• For any other requests, please contact our Data Protection Officer through our contact page.

We take data security very seriously. We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.

• Encryption: All data is encrypted in transit (using TLS/SSL) and at rest.
• Access Control: We limit access to your personal data to employees and agents who have a business need to know.
• Data Centers: Our services are hosted on secure, GDPR-compliant cloud infrastructure provided by leading cloud vendors.
• Regular Audits: We conduct regular security assessments to identify and patch vulnerabilities.

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. We ensure that any such transfers comply with GDPR requirements by using Standard Contractual Clauses (SCCs) and other appropriate safeguards.

If you have any questions about our GDPR compliance or wish to exercise any of your data protection rights, please contact our Data Protection Officer.