Privacy Policy

We process personal data (hereinafter mostly referred to as “data”) only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

Pursuant to Art. 4(1) of Regulation (EU) 2016/679, the General Data Protection Regulation (hereinafter “GDPR”), “processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following Privacy Policy, we inform you in particular about the type, scope, purpose, duration, and legal basis of the processing of personal data, insofar as we alone or jointly with others decide on the purposes and means of processing. We also inform you below about third-party components we use for optimisation purposes and to increase the quality of use, where third parties process data under their own responsibility.

Our Privacy Policy is structured as follows:

I. Information about us as the controller
II. Rights of users and data subjects
III. Information on data processing

I. Information about us as the Controller

The controller of this website within the meaning of data protection law is:

EJCON GmbH
Schwarzwaldstraße 61
79539 Lörrach
Germany

Email: hello@holyqrcode.com

Data Protection Officer at the provider: — (if appointed)

II. Rights of Users and Data Subjects

With regard to the data processing described in more detail below, users and data subjects have the right

Furthermore, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any rectification or erasure of data or restriction of processing carried out pursuant to Articles 16, 17(1), and 18 GDPR. This obligation does not apply if such notification proves impossible or involves disproportionate effort. Notwithstanding the foregoing, the user has the right to obtain information about these recipients.

Users and data subjects also have the right to object to the future processing of data concerning them pursuant to Art. 21 GDPR, insofar as the data are processed by the provider on the basis of Art. 6(1)(f) GDPR. In particular, an objection to processing for the purposes of direct marketing is permissible.

III. Information on Data Processing

Data processed when using our website will be erased or restricted as soon as the purpose of storage ceases to apply, there are no statutory retention obligations preventing erasure, and no different information on individual processing operations is provided below.

Cookies

a) Session Cookies

We use so-called cookies on our website. Cookies are small text files or other storage technologies that are placed and stored on your device by the internet browser you use. These cookies process certain information about you to an individual extent, such as your browser or location data or your IP address.

This processing makes our website more user-friendly, effective, and secure, for example by enabling the display of our website in different languages or providing a shopping-cart-like function.

The legal basis for this processing is Art. 6(1)(b) GDPR, insofar as such cookies process data for the initiation or performance of a contract.

If the processing does not serve the initiation or performance of a contract, our legitimate interest lies in improving the functionality of our website; the legal basis is then Art. 6(1)(f) GDPR.

These session cookies are deleted when you close your internet browser.

c) Options for Removal

You can prevent or restrict the installation of cookies by adjusting your internet browser settings. You can also delete cookies that have already been saved at any time. The steps and measures required depend on the specific internet browser you use. Please use your browser’s help function or documentation, or contact the manufacturer/support. Processing of so-called Flash cookies cannot be disabled via browser settings; instead, you must change the settings of your Flash player. The steps required depend on the Flash player you use.

If you prevent or restrict the installation of cookies, not all functions of our website may be fully usable.

Contact Requests / Contact Options

If you contact us by contact form or email, the data you provide will be used to process your request. Providing the data is necessary to process and answer your request—without it we may not be able to process your request or only to a limited extent.

Legal basis for this processing is Art. 6(1)(b) GDPR.

Your data will be deleted once your request has been conclusively answered and provided that there are no statutory retention obligations preventing deletion, such as in the event of subsequent contract processing.

Customer Account / Registration Function

If you create a customer account on our website, we will collect and store the data you enter during registration (e.g. your name, address, email address) exclusively for pre-contractual measures, performance of the contract, or for customer care purposes (e.g. to provide you with an overview of your previous orders or subscriptions). We also store the IP address and the date and time of your registration. These data are not shared with third parties unless there is a legal obligation to do so.

During the registration process, we obtain your consent to this processing and refer to this Privacy Policy. The data collected will be used exclusively to provide the customer account.

Where you consent to this processing, the legal basis is Art. 6(1)(a) GDPR. Where opening the customer account also serves pre-contractual measures or performance of the contract, the legal basis is Art. 6(1)(b) GDPR.

You may withdraw consent at any time with effect for the future pursuant to Art. 7(3) GDPR. The data collected will be erased as soon as the processing is no longer necessary. Statutory tax and commercial retention obligations remain unaffected.

Newsletter

If you sign up for our free newsletter, the data requested for this purpose—your email address and, optionally, your name and address—will be transmitted to us. We also store the IP address as well as the date and time of your registration. We obtain your consent to send the newsletter; you can withdraw this consent at any time with effect for the future pursuant to Art. 7(3) GDPR (unsubscribe link in each newsletter).

Legal basis: Art. 6(1)(a) GDPR.

Online Job Applications / Job Postings

You can apply to us via our website. In the case of digital applications, your applicant and application data will be collected and processed electronically for the purpose of handling the application process.

Legal basis: Section 26(1) sentence 1 BDSG in conjunction with Art. 88(1) GDPR.

If an employment contract is concluded after the application process, we will store the data you transmitted in your personnel file for the purpose of the usual organisational and administrative processes (subject to further legal obligations).

If an application is rejected, the transmitted data will be deleted two months after notification of the decision, unless legal provisions (e.g. obligations to preserve evidence under the AGG) require longer storage. In that case, the legal basis may be Art. 6(1)(f) GDPR (legal defence).

Contract Processing

Data transmitted by you for the use of our goods and/or services are processed for the purpose of contract processing. Without the provision of your data, conclusion and performance of the contract are not possible.

Legal basis: Art. 6(1)(b) GDPR.

In the context of contract processing, we pass on your data to the transport company commissioned with the delivery or to the payment service provider, insofar as the transfer is necessary for service provision or payment purposes (Art. 6(1)(b) GDPR).

Holy QR Code

Introduction

We, EJCON GmbH, take the protection of your personal data very seriously. This Privacy Policy informs you about the collection, processing, and storage of your personal data when using our QR code platform “Holy QR Code”.

“Holy QR Code” enables the creation and management of QR codes (e.g. for web links, contact or document content) and—optionally—usage analytics (e.g. scan counter, timestamp, approximate region). Personal data are processed only to the extent necessary for provision, operation, security, and billing.

Controller

Controller for data processing:

EJCON GmbH
Schwarzwaldstraße 61
79539 Lörrach
Germany
Email: hello@holyqrcode.com

Purposes of Processing

We process personal data in connection with the use of “Holy QR Code” for the following purposes:

Stored Data

The following data may be processed when using “Holy QR Code”:

Data are only shared with third parties where necessary for service provision (e.g. hosting, payment processing) or where there is a legal obligation.

Data Retention

We store your data only as long as necessary to provide our services or where statutory obligations apply. After retention periods expire, the data will be deleted or anonymised.

Your Rights

Under the GDPR you have, in particular, rights to access, rectification, erasure, restriction, data portability, and objection. Please contact hello@holyqrcode.com to exercise your rights.

Security Measures

We use technical and organisational measures (including TLS/SSL encryption) to protect your data against loss, misuse, and unauthorised access.

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect legal requirements or changes to our services. The current version is always available on our website.

MailChimp – Newsletter

We use “MailChimp”, a service of The Rocket Science Group LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA, for newsletter distribution. Privacy information: http://mailchimp.com/legal/privacy/. The newsletter may contain tracking pixels/web beacons to analyse opens and clicks (legal basis: Art. 6(1)(a) GDPR; you may withdraw consent at any time via the unsubscribe link).

Facebook

We maintain a company presence on Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) under joint controllership. DPO contact: https://www.facebook.com/help/contact/540977946302970
Joint-Controller Addendum: https://www.facebook.com/legal/terms/page_controller_addendum
Privacy information: https://www.facebook.com/privacy/explanation

YouTube

We maintain an online presence on YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Privacy information: https://policies.google.com/privacy. Processing outside the EU (in particular the USA) may occur.

Use of Stripe as a Payment Method

For payments, we may use Stripe (Stripe, ℅ Legal Process, 510 Townsend St., San Francisco, CA 94103) (legitimate interest in efficient and secure payment processing, Art. 6(1)(f) GDPR; additionally Art. 6(1)(b) GDPR for contract performance). Depending on the payment method, Stripe may transmit data to credit agencies. Privacy information and opt-out options: https://stripe.com/privacy-center/legal. International data transfers are based on EU Standard Contractual Clauses (SCCs).