Generate The QR Code

GDPR & Data Protection

Last updated: 11/26/2025

Our Commitment to Data Protection

Complying with the European Union's General Data Protection Regulation (GDPR) and all applicable data privacy regulations is a top priority at Security Web Solutions LLC (doing business as Generate The QR Code). We are committed to ensuring that your personal data is protected and handled in accordance with the highest standards of data protection and privacy.

This page provides information about our GDPR compliance, your rights under data protection laws, and how we process and protect your personal information. For complete details on how we collect, use, and protect your data, please review our Privacy Policy. Our comprehensive GDPR terms and Data Processing Agreement are also included in our Terms of Service.

Data Processing Agreement

Our Data Processing Agreement (DPA) is included as Appendix A in our Terms of Service. The DPA outlines the terms and conditions under which we process personal data on behalf of our customers and ensures compliance with GDPR, UK GDPR, CCPA, and other applicable data protection laws.

If you are a business customer who needs to execute a formal Data Processing Agreement for compliance purposes, you may request a DPA by contacting us at support@generatetheqrcode.com.

Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that came into effect on May 25, 2018. It sets strict requirements for how organizations collect, store, process, and protect personal data of individuals in the EU and European Economic Area (EEA).

Even though Security Web Solutions is based in the United States (Rockford, Illinois), we recognize the importance of GDPR compliance for our European users and customers. We apply GDPR principles to protect all users' data, regardless of their location.

Your Rights Under GDPR

Under GDPR and similar data protection laws, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request copies of your personal data that we hold about you.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • Right to Object: You have the right to object to our processing of your personal data, under certain conditions.
  • Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us at support@generatetheqrcode.com. We will respond to your request within one month, as required by GDPR.

Legal Basis for Processing Your Data

We process personal data only when we have a valid legal basis to do so. The legal bases we rely on include:

  • Consent: When you have explicitly agreed to the processing of your personal data for one or more specific purposes (e.g., marketing communications, analytics cookies).
  • Contract Performance: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract (e.g., providing our QR code generation services).
  • Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax reporting, responding to law enforcement requests).
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided that those interests do not override your fundamental rights and freedoms (e.g., fraud prevention, network security, improving our services).

Data Protection Measures

We take the security of your personal data seriously and implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Our security measures include:

  • Encryption: We use industry-standard encryption to protect personal data both in transit and at rest.
  • Access Controls: We implement strict access controls and authentication mechanisms to ensure that only authorized personnel can access personal data.
  • Regular Security Assessments: We conduct regular security audits and vulnerability assessments to identify and address potential security risks.
  • Staff Training: Our team members receive regular training on data protection principles, security best practices, and GDPR compliance.
  • Data Minimization: We collect and process only the personal data that is necessary for the specific purposes for which it is collected.
  • Secure Infrastructure: Our services are hosted on secure, industry-leading cloud infrastructure with robust physical and technical security measures.

International Data Transfers

Our servers and operations are located in the United States. When you use our services, your personal data may be transferred to, stored, and processed in the United States and potentially other countries outside the European Economic Area (EEA).

When we transfer personal data from the EEA to countries outside the EEA (including the United States), we ensure appropriate safeguards are in place to protect your data. These safeguards may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions issued by the European Commission
  • Other legally approved data transfer mechanisms

For more information about our international data transfer practices, please refer to the Data Processing Agreement in our Terms of Service or contact us at support@generatetheqrcode.com.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. When we no longer need to retain your personal data, we will securely delete or anonymize it.

Specific retention periods vary depending on the type of data and the purpose for which it was collected. For more information about our data retention practices, please see our Privacy Policy.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Our data breach response procedures include:

  • Immediate investigation and assessment of the breach
  • Containment and remediation measures
  • Documentation of the breach and response actions
  • Notification to relevant authorities and affected individuals as required
  • Review and improvement of security measures to prevent future breaches

Third-Party Data Processors

We may engage third-party service providers to process personal data on our behalf (for example, payment processors, analytics providers, hosting providers). When we do so, we ensure that:

  • We have appropriate contracts in place that comply with GDPR requirements
  • The third parties provide sufficient guarantees regarding data protection and security
  • The third parties only process personal data according to our documented instructions
  • We maintain a list of our subprocessors, which is available upon request

Supervisory Authority

If you are located in the EEA and believe that we have not adequately addressed your concerns regarding the processing of your personal data, you have the right to lodge a complaint with your local data protection supervisory authority.

You can find your local supervisory authority contact information at the European Data Protection Board website.

Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at support@generatetheqrcode.com, and we will take steps to delete such information.

Updates to This Page

We may update this GDPR & Data Protection page from time to time to reflect changes in our practices, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last Updated" date.

Contact Us

If you have any questions about our GDPR compliance, data protection practices, or if you wish to exercise your data protection rights, please contact us:

Security Web Solutions LLC
DBA Generate The QR Code
Email: support@generatetheqrcode.com
Location: Rockford, IL 61108, United States

We will respond to all requests within one month as required by GDPR. In some cases, we may extend this period by an additional two months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

Need Help?

If you have any questions about these terms, please contact us:

Email: support@generatetheqrcode.com

Phone/WhatsApp: +1 (779) 238-7630

Address: Rockford, IL 61108, United States