Hrefs.eu
Generate QR

Privacy Policy for HREFS.EU

Last Updated: 1 June 2025

1. Introduction

Welcome to HREFS.EU, an online service provided by Valentin Mirchev, a solopreneur based in São Domingos de Rana, Lisbon, Portugal ("we", "us", or "our"). We are committed to protecting the privacy of our users and their customers. This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with our website (hrefs.eu) and our QR code generation services.

As a service provider, we act as the Data Controller for the personal data of our direct users (the small businesses who sign up for our service) and, in some cases, as a Data Processor for data collected from the end-users who scan dynamic QR codes generated through our platform, acting on behalf of our users.

By using our services, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

We collect different types of personal data depending on your interaction with hrefs.eu:

a) Data Collected from Website Visitors (e.g., Browse hrefs.eu before signing up):

  • Usage Data: Information about how you access and use our website, such as your IP address, browser type, browser version, the pages you visit, the time and date of your visit, the time spent on those pages, and unique device identifiers.
  • Cookies: We may use cookies and similar tracking technologies to track activity on our website and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. (See Section 10 for more details on Cookies).

b) Data Collected from Our Users (The Small Businesses Who Sign Up for HREFS.EU):

  • Account Registration Data: When you create an account, we collect your name, email address, and password.
  • Billing Information: If you subscribe to a paid plan, we collect necessary billing details, which may include your billing address and payment card information (processed securely via our third-party payment processor, which does not store your full card details on our servers).
  • Service Usage Data: Information about how you use our application, including the types of QR codes you generate, settings you configure, and your interactions within the dashboard.
  • Communication Data: Records of any communications you have with us (e.g., support requests, feedback).

c) Data Collected from Scanners of Dynamic QR Codes generated by Our Users:

Static QR Codes: If our users generate static QR codes, we do not collect any data from the scans of these codes. The QR code directly embeds the destination URL, and no information passes through our servers for tracking.

Dynamic QR Codes: When an end-user scans a dynamic QR code generated through hrefs.eu:

  • IP Address: The IP address of the device used for scanning. This is collected to enable approximate geo-location and to identify unique scans.
  • User Agent: Information about the device (e.g., mobile phone, tablet), operating system (e.g., iOS, Android), and web browser (e.g., Chrome, Safari) used for scanning.
  • Timestamp: The exact date and time of the scan.
  • Approximate Geo-location: Derived from the IP address, providing a general region or city of the scan, not precise real-time location.
  • Referrer (if available): In some cases, information about the previous web page if the QR code was scanned from a digital source.
  • Destination URL: The URL to which the QR code redirects.

Important Note for Scanners: We collect this data on behalf of our users (the small businesses) to provide them with analytics on their QR code performance. Our users are the "Data Controllers" for this data and are responsible for informing you about their data collection practices.

3. How We Use Your Data (Purposes of Processing and Legal Basis)

We use the collected data for various purposes, based on the following legal bases under GDPR:

To Provide and Maintain Our Service (Contractual Necessity):

  • To operate and deliver the core functionality of hrefs.eu, including QR code generation, management, and redirection services.
  • To manage your account and provide you with access to your dashboard.
  • To process your subscriptions and payments.

To Provide Analytics for Dynamic QR Codes (Legitimate Interest):

For data collected from scanners of dynamic QR codes: to provide our users with essential analytics (e.g., total scans, unique scans, geographical distribution, device types) so they can understand the effectiveness of their QR codes and improve their marketing efforts. This processing is necessary for the legitimate interests of our users and does not override the fundamental rights and freedoms of the data subjects, given the limited and anonymized nature of the data.

To Improve and Personalize Our Service (Legitimate Interest):

  • To monitor the usage of our service and gather feedback.
  • To understand how our features are used to identify areas for improvement and develop new features.
  • To analyze trends and user behaviour to enhance the overall user experience.

For Communication with You (Contractual Necessity & Legitimate Interest):

  • To send you service-related notifications, updates, and security alerts.
  • To respond to your inquiries and provide customer support.
  • To inform you about new features or offers that might be relevant to your use of hrefs.eu (where legitimate interest applies or with your consent if required).

For Security and Fraud Prevention (Legal Obligation & Legitimate Interest):

  • To detect, prevent, and address technical issues, security incidents, or fraudulent activities.
  • To comply with legal obligations.

4. How We Share Your Data

We only share personal data in the following circumstances:

  • With Our Users: Data collected from the scans of dynamic QR codes (IP, User Agent, Timestamp, approximate geo-location) is shared with the respective HREFS.EU user (the small business) who generated that specific QR code, for their analytics purposes.
  • With Third-Party Service Providers: We may employ third-party companies and individuals to facilitate our service ("Service Providers"), to provide the service on our behalf, to perform service-related services, or to assist us in analyzing how our service is used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Examples include:
    • Hosting Providers: For hosting our website and application.
    • Payment Processors: To handle subscription payments securely.
    • Analytics Providers: For analyzing website usage (e.g., anonymized data for general traffic trends).
  • For Legal Reasons: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
  • Business Transfers: If Valentin Mirchev is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.

5. International Data Transfers

As we operate globally, your personal data may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

Specifically, as a company based in Portugal (EU), we ensure that any transfer of personal data outside the European Economic Area (EEA) is done in compliance with GDPR. This typically involves using standard contractual clauses approved by the European Commission, or relying on adequacy decisions.

6. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • User Account Data: Retained for the duration of your active account with HREFS.EU and for a limited period thereafter to allow for account recovery or to meet legal obligations.
  • Dynamic QR Code Scan Data: Retained for 12 months for analytics purposes, after which it may be anonymized or deleted.
  • Billing Data: Retained for 5 years to comply with tax and accounting laws.

7. Data Security

The security of your data is important to us. We implement appropriate technical and organizational measures designed to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, secure coding practices, regular security audits. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

8. Your Data Protection Rights Under GDPR

As a data subject under GDPR, you have the following rights concerning your personal data:

  • The Right to Access: You have the right to request copies of your personal data.
  • The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data, under certain conditions.
  • The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • The Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD).

To exercise any of these rights, please contact us at the details provided below. We will respond to your request within one month.

9. Links to Other Sites

Our service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

10. Cookies and Similar Technologies

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy. We will also inform you via email or a prominent notice on our Service prior to the change becoming effective.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise any of your data protection rights, please contact us:

  • By email: privacy@hrefs.eu