Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Moritz Krawczyk
acting under the business name “Xenqr”
Eichendorffstrasse
58762 Altena
Germany

Email: privacy@xenqr.com

2. General Information on Data Processing

We process personal data in accordance with the provisions of the GDPR and applicable German data protection laws.

Personal data is any information relating to an identified or identifiable natural person.

Data processing takes place only insofar as this is necessary to provide a functional website and web application, to provide our services, or as required by law.

3. Hosting

Our website and web application are hosted on servers located exclusively in Germany.

The hosting provider is ISO/IEC 27001 certified and processes data on our behalf under a data processing agreement pursuant to Art. 28 GDPR.

The hosting provider processes personal data only to the extent necessary to fulfill its service obligations and in accordance with our instructions.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in secure and efficient provision of our online services)

4. Access Data and Server Log Files

When you visit our website, the following data is automatically collected:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Date and time of server request
  • IP address

This data is processed to ensure system security and stability.

Legal basis:
Art. 6(1)(f) GDPR

Log data is stored only as long as necessary for security purposes.

5. Account Registration

If you create an account in our web application, we process the following data:

  • Name
  • Email address
  • Account credentials
  • Billing information (if applicable)

This data is required to provide our contractual services.

Legal basis:
Art. 6(1)(b) GDPR (performance of a contract)

6. QR Code Scan Tracking & Analytics

When a QR code generated via Xenqr is scanned, we process the following data:

  • Date and time of scan
  • Device type (mobile, desktop, tablet)
  • Browser type
  • Operating system
  • Referrer URL
  • Approximate location (city and country based on IP geolocation)

The IP address is processed solely for geolocation purposes and is not stored permanently.

The collected data is aggregated and stored in a way that does not allow identification of individual persons.

Purpose of processing:

  • Usage analytics
  • Service improvement
  • Fraud prevention
  • Performance monitoring

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in analyzing QR code performance and ensuring service security)

7. Payments (Stripe)

For payment processing, we use:

Stripe Payments Europe Ltd.
1 Grand Canal Street Lower
Grand Canal Dock
Dublin
Ireland

Payment data is processed directly by Stripe. We do not store full payment details.

Legal basis:
Art. 6(1)(b) GDPR (contract performance)

Further information:
https://stripe.com/privacy

8. Data Retention

We store personal data only as long as necessary to fulfill contractual obligations or comply with legal retention requirements.

If you request deletion and no legal retention obligation exists, your data will be deleted.

9. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

The competent supervisory authority in North Rhine-Westphalia is:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW)

https://www.ldi.nrw.de