QRLinkManager
Log InStart Free Trial

Legal

Privacy Policy

Last updated: 02 Dec 2025

This Privacy Policy explains how QRLinkManager, a product developed and operated by EMLA Consulting SRL (“we”, “our”, “us”), processes and protects your personal data when you use our services. We are committed to complying with the General Data Protection Regulation (GDPR) and all applicable EU and Romanian data protection laws.

1. Who We Are

EMLA Consulting SRL

Registered in Romania

Email: [email protected]

Phone: +40 750 484 533

EMLA Consulting SRL is the data controller responsible for your personal data when using QRLinkManager.

2. What Data We Collect

We only collect the data necessary to operate the QRLinkManager platform, provide services, ensure security, and process billing.

2.1 Data You Provide Directly

  • Account information: name, email address, password (securely hashed)
  • Business details: business name, branding information, logo, colors
  • Subscription details: selected plan, billing preferences
  • Payment information: handled exclusively by Stripe (we do not store card data)
  • Support inquiries: messages sent via email or phone
  • Link data: URLs, social media identifiers, Google Places selections
  • Custom page content: descriptions, labels, colors, uploaded files

2.2 Data Generated Automatically

  • Analytics events: page views, link clicks
  • Device and technical data: browser type, IP address, approximate location (city-level), operating system
  • Log data: authentication logs, admin actions (for security)

2.3 Customer Feedback Collected via Review Guard

When your customers leave private feedback (1–4 stars), we collect:

  • Rating
  • Message
  • Timestamp

This data is visible only to the business owner and authorized administrators.

3. How We Use Personal Data

We use your personal data to:

  • Provide and operate the QRLinkManager service
  • Authenticate users and secure accounts
  • Manage subscriptions and billing through Stripe
  • Send important emails (trial notices, payment updates, system messages)
  • Display your public QR page and its content
  • Track analytics and performance
  • Provide support and improve the platform
  • Prevent abuse and enforce Terms of Service
  • Comply with legal obligations (accounting, auditing, tax requirements)

We do not sell personal data.

We do not use personal data for automated decision-making or profiling.

4. Legal Bases for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract (Art. 6(1)(b)) — to provide the service you signed up for
  • Legal obligation (Art. 6(1)(c)) — tax, accounting, fraud prevention
  • Legitimate interest (Art. 6(1)(f)) — security, service improvement, preventing abuse
  • Consent (Art. 6(1)(a)) — where explicitly requested (e.g., marketing emails)

5. How Long We Store Data

We retain data only as long as necessary for the purposes listed above:

  • Account & business information: As long as the account is active
  • Feedback submissions: Until deleted by the business owner or admin
  • Analytics data: Up to 24 months (aggregated thereafter)
  • Billing & invoicing records: Minimum 5 years (legal requirement)
  • Support communications: 24 months
  • Suspended/cancelled accounts: 6 months before permanent deletion

You may request deletion sooner (see Section 8).

6. Sharing Your Data

We share data only with trusted processors essential for providing the service:

  • Stripe (payments & subscriptions)
  • MongoDB Atlas (data storage)
  • AWS/S3-compatible storage (logo uploads)
  • Email providers (system notifications and password resets)
  • Analytics infrastructure (first-party only)

We ensure all processors comply with GDPR and have appropriate data protection agreements.

Personal data is never sold to third parties.

7. International Data Transfers

Some subprocessors may operate outside the EU/EEA. In such cases, we ensure protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Additional safeguards where necessary

8. Your Rights Under GDPR

As a data subject, you have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Delete your data (“right to be forgotten”)
  • Restrict processing
  • Object to certain types of processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Romanian Data Protection Authority (ANSPDCP)

To exercise your rights, contact us at [email protected].

9. Data Security

We apply modern security measures to protect your data, including:

  • Secure password hashing
  • HTTPS encryption
  • Role-based access control
  • Protection against brute force & suspicious login attempts
  • Isolated business data ownership
  • Daily data backups
  • Strict admin auditing

Despite industry-standard protection, no system can guarantee 100% security. We continuously monitor and improve our safeguards.

10. Children’s Data

QRLinkManager is not intended for individuals under 16 years old. We do not knowingly collect children’s personal data.

11. Updates to This Policy

We may update this Privacy Policy occasionally. When we do, we will:

  • Update the “Last updated” date
  • Notify users if the changes are significant

12. Contact

For privacy-related questions or GDPR requests:

EMLA Consulting SRL

Email: [email protected]

Phone: +40 750 484 533

We respond to all GDPR requests within 30 days.