QRBells Privacy Policy
Data Controller
Service operated by: QRBells
Server Location: European Union (Germany)
Data Protection Officer: privacy@qrbells.com
General Contact: support@qrbells.com
Website: https://qrbells.com
1. Introduction
QRBells ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.
2. Data We Collect
| Data Type | What We Collect | Purpose | Legal Basis (GDPR) |
|---|---|---|---|
| Location Data | GPS coordinates, precise location | Proximity verification, property matching | Consent, Contract performance |
| Visual Data | Photos for visitor identification | Security, visitor recognition | Consent |
| Device Information | Device ID, OS version, app version | Service provision, technical support | Legitimate interest |
| Communication Data | Audio/video messages, call metadata | Facilitating communication | Contract performance |
| Property Data | Addresses, QR codes, ownership info | Property management, notifications | Contract performance |
| Usage Data | App interactions, timestamps, features used | Service improvement, analytics | Legitimate interest |
| Contact Information | Phone numbers, email addresses | Account management, notifications | Contract performance |
3. How We Collect Data
3.1 Direct Collection
We collect data directly from you when you:
- Register for an account
- Set up properties and QR codes
- Grant app permissions (location, camera, microphone)
- Scan QR codes or receive visitors
- Send messages or make calls through the app
- Contact our support team
3.2 Automatic Collection
We automatically collect certain data when you use QRBells:
- Device and app usage information
- Location data (when permission granted)
- Technical logs and error reports
- Performance and security metrics
4. How We Use Your Data
4.1 Primary Purposes
- Service Delivery: Providing QRBells notification and communication services
- Proximity Verification: Ensuring visitors are physically present at properties
- Security: Visitor identification and property protection
- Communication: Facilitating audio/video calls and messages
- Account Management: Managing user accounts and preferences
4.2 Secondary Purposes
- Service Improvement: Analyzing usage to enhance functionality
- Technical Support: Troubleshooting and customer assistance
- Legal Compliance: Meeting legal and regulatory requirements
- Safety: Protecting users from harm and abuse
5. Data Sharing and Disclosure
5.1 We DO NOT sell your personal data
5.2 Limited Sharing
We may share your data only in these specific circumstances:
- Property Notifications: Visitor information shared with relevant property owners
- Service Providers: Trusted partners who help us operate QRBells (under strict data protection agreements)
- Legal Requirements: When required by law, court order, or to protect rights and safety
- Emergency Situations: To prevent harm or protect life and safety
5.3 Third-Party Services
We work with these categories of service providers:
- Cloud storage providers (EU-based)
- Push notification services
- Analytics and crash reporting (anonymized data only)
- Customer support platforms
6. Data Security
6.1 Security Measures
We protect your data with industry-standard security measures:
- Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
- Access Controls: Strict access permissions and authentication
- Regular Audits: Security assessments and vulnerability testing
- Privacy by Design: Built-in privacy protection from the ground up
- Data Minimization: Collecting only necessary data
- Anonymization: Removing personal identifiers when possible
6.2 Data Breach Response
In the unlikely event of a data breach:
- We will notify EU supervisory authorities within 72 hours
- Affected users will be informed promptly
- We will provide clear information about the breach and our response
- We will take immediate steps to secure the data and prevent further breaches
7. Your Privacy Rights (GDPR)
Under GDPR, you have the following rights:
- Right to Access: Request copies of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to data processing based on legitimate interest
- Right to Withdraw Consent: Withdraw consent at any time
- Right to Lodge a Complaint: File complaints with supervisory authorities
7.1 How to Exercise Your Rights
To exercise your privacy rights, contact us at:
- Email: privacy@qrbells.com
- Subject Line: "Privacy Rights Request"
- Include: Your name, email, and specific request
We will respond within 30 days (or 1 month as required by GDPR).
8. Data Retention
8.1 Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Until account deletion + 30 days | Service provision, legal compliance |
| Location Data | 30 days | Security, dispute resolution |
| Photos | 90 days or until deletion request | Security, visitor recognition |
| Messages/Calls | 30 days or until deletion request | Service quality, dispute resolution |
| Usage Analytics | 12 months (anonymized) | Service improvement |
| Support Records | 3 years | Legal compliance, dispute resolution |
8.2 Automatic Deletion
We automatically delete data when retention periods expire, unless legally required to keep it longer.
9. International Data Transfers
9.1 EU-Based Processing
Our primary servers are located in the European Union (Germany), ensuring GDPR compliance.
9.2 Transfers Outside EU
If we need to transfer data outside the EU, we ensure adequate protection through:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules
- Certification schemes
10. Children's Privacy
10.1 Age Restrictions
QRBells is designed for users aged 16 and older. In some jurisdictions, users aged 13-16 may use the service with parental consent.
10.2 Parental Controls
If you believe a child under 16 has provided personal data without consent, please contact us immediately for data removal.
11. Cookies and Tracking
11.1 Mobile App
Our mobile app does not use traditional web cookies but may use similar technologies:
- Device identifiers for service provision
- Local storage for app preferences
- Analytics SDKs for performance monitoring
11.2 Website
Our website uses essential cookies for functionality and optional cookies for analytics (with your consent).
12. Updates to This Privacy Policy
12.1 Policy Changes
We may update this Privacy Policy to reflect changes in:
- Legal requirements
- Business practices
- Technology improvements
- User feedback
12.2 Notification of Changes
Significant changes will be communicated through:
- In-app notifications
- Email notifications (if provided)
- Website announcements
13. Contact Information
Data Protection Contact
Data Protection Officer: privacy@qrbells.com
General Inquiries: support@qrbells.com
Legal Matters: legal@qrbells.com
EU Representative
For EU data protection matters, contact our Data Protection Officer at the email addresses above.
Supervisory Authorities
You have the right to lodge a complaint with your local data protection authority. For users in Germany, this is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).
14. Specific Rights by Jurisdiction
14.1 European Union (GDPR)
All rights outlined in Section 7 apply to EU residents.
14.2 California (CCPA)
California residents have additional rights under the California Consumer Privacy Act.
14.3 Other Jurisdictions
We respect local privacy laws and extend similar rights to all users regardless of location.
15. Technical Implementation
15.1 Privacy by Design
QRBells implements privacy protection through:
- Local Processing: Processing data on your device when possible
- Encryption: End-to-end encryption for sensitive communications
- Minimal Data Collection: Collecting only necessary information
- Purpose Limitation: Using data only for stated purposes
- User Control: Granular privacy controls in the app
15.2 Data Minimization Examples
- Location data rounded to reduce precision when exact coordinates aren't needed
- Photos processed locally for face detection when possible
- Audio messages stored locally with only metadata sent to servers
- Device identifiers hashed for privacy protection