- Trycon Technologies (parent company of product QR Batch) is fully-committed to protect the personal data of its customers and customer’s end-users
- From its customers, the company collects both personal information (email address, billing information, payment information, etc.) and non-personal information (browsing data, etc.). This information is solely used by the company or authorized third-party applications to serve the customers. This data is never used for unauthorized commercial gains in any way
- To use the products and services of QR Batch, the customer will share both personal information (e.g. contact information for Vcard QR Codes) and non-personal information (e.g., serial code for Simple Text QR Code). This information will be available to customers only and they have responsibility to make the data public (via QR Code campaigns) only if they own the data or have authorization to use the data
- The company shares both personal and non-personal information with third-party applications and service providers only after ensuring that they employ the best practices in data security, privacy policies, and regulatory compliance (including GDPR)
- The company employs the best-in-class data security strategies to ensure the protection of customers’ and end-users’ data. However, in cases of breaches, the company will inform the regulatory authorities and affected customers within 72 hours
- The company will retain the customers’ and end-users’ data for a maximum period of 26 months after the customer ceases to use the company’s applications. However, the customer will always have the right to either download all data or request permanent deletion
2. DATA COLLECTION, PROCESSING & PURPOSE
During the lifecycle of using its products and services, the company collects both Personally Identifiable Information (PII) and non-Personally Identifiable Information either directly or via a third-party application or service.
As part of the company’s commitment to be transparent to its customers and end-users, we are sharing details on what data points are collected, at what stage, and for what purpose:
2.1 CUSTOMER DATA
This section outlines the data collected on the customers of the company i.e. the users who create QR Code batch with QR Batch.
2.1.1 Website/App Browsing (Without Login)
a. Browsing/Events Tracking: If you are browsing the web pages of our website, we gather non-personally identifiable information—such as web request, Internet Protocol address, browser type, browser language, the date and time of your request, browser user agent, one or more cookies that may uniquely identify your browser, referring URL/domain, activity time, and clicking activity. All such data collected is processed at an aggregate level and can never be tied to an individual.
Purpose: This data is sent to the following tracking tools—Google Analytics, Mixpanel, and Mouseflow—to generate aggregate-level insights on customer behavior. These insights allow our product team to optimize the journey and experience of our customers. Given below are important links to these third-party applications:
b. Query Email: If you have a question related to our product or services, you can send us an email using the ‘Email Us’ option on the Support page. The data points that are collected are—Name, Email Address, Subject, and Message (Query)
Purpose: We require your name to personalize the conversation, email address to reach out to you with a response, and subject and message to understand your query thoroughly. This data is shared via email to authorized in-house customer support personnel only.
c. Query Chat: If you have a question related to our product or services, you can reach out to us via the chatbox option. If our customer support agents are unavailable, we request the user’s permission to collect the following data—Email Address
Purpose: The email address is used for follow-up responses. The chatbox and data are managed by a third-party application—Zendesk. The data collected by the application is used to serve our customer queries only and is never shared for any commercial gains.
As part of the registration of an account with QR Batch, the following data is collected and stored:
a. Valid Email Address
Purpose: A valid email address serves both as a Unique Username/Identifier as well as a point-of-contact to reach the customer for transactional notifications (e.g., introduction to dedicated support contact, purchase confirmation, batch progress alert, feature launch, feedback, activity reports, etc.)
b. Password (in case of Signup by Email)
Purpose: In case of signup by email method, we use the password (generated by the customer) to authorize access to the customer account and its data. The company or its employees will never ask for your password in an unsolicited phone call or email. However, you are responsible for maintaining the secrecy of your password and account information
c. Google Authorisation (in case of Signup by Google)
Purpose: In case of signup by Google, we will require authorization from a valid and logged Google account. Note that in case of Google authorization, we only receive the Email Address
2.1.3 Purchase of QR Code Batches
When you make a payment with QR Batch to create a batch of QR Codes, you are required to provide billing and payment information to complete the transaction:
a. Billing Information: Email address, phone number, physical contact information, transactional information, device ID, computer and connection information, IP address, standard web login information, etc.
Purpose: The billing information is required for the following purposes:
- To generate an official invoice complete with billing name and address as required by law
- To email the customer the invoice/sale receipt
- To maintain the sale records in case of any dispute (such as failure of batch progress)
- To aggregate data and generate internal reports for management, investors, and shareholders (e.g., monthly sales report, annual report, tax filing, etc.). As the company is a Private Limited, these reports are shared either privately with authorized personnel (management, investors, shareholders) or with regulatory authorities only
- To add the company logo on our website under “Our Customers” section if the company email address (i.e. with the domain name of the company) of the customer is used
b. Payment Information: Credit/Debit Card Number, Expiration Date, CVV Code
Purpose: The payment information is required to authorize a transaction with your bank/credit card account.
Note that QR Batch only receives an email copy of the invoice generated but never stores the payment information. Both billing and payment information is collected, managed, and processed by our payment gateway provider—Paddle
2.2 DATA SHARED BY CUSTOMER DURING QR CODE MANAGEMENT
When customers use QR Batch’s product and services—they can design and generate QR Codes in bulk. To generate these content pieces customers enter data in a spreadsheet or enter the data using our dashboard (e.g., Serial Code QR Code). This section outlines how QR Batch stores and processes this data.
2.2.1 QR Code Generation
Using QR Batch, it is possible to generate five types of QR Codes. To generate each of these QR Codes, customers are required to enter data for very specific fields. The open-ended nature of the content of the QR Codes means that the customer can add both PII and non-PII information for each category.
Given below is the exhaustive list of QR Codes with the required data-points:
a. Website URL QR Code: Spreadsheet with ‘Filename’ as the first column and ‘URL’ as the second
b. Simple VCard QR Code: Spreadsheet with ‘Filename’ as the first column and name, Company Name, Title, Email Address, Work Phone Number, Cell Phone Number, Fax, Website URL, Address Street, City, State, Postal Code, Country as subsequent columns
c. Simple Text QR Code: Spreadsheet with ‘Filename’ as first column and ‘Text’ as second
d. Serial Code QR Code: Prefix, start value, increment value, and end value
e. Random Code QR Code: Number of QR Codes, number of characters, selection of character sets
Purpose: In each of the cases above, the purpose of data collection is to allow the customer to share this information with end-users. No unnecessary datapoint is collected and in most cases, customers have the option to choose only the data points they need to share.
In most cases, QR Codes are made public via promotional print/web material. This means that the content of the QR Code (PII or non-PII) is visible to all end-users who scan the QR Code.
It is the responsibility of the customer to ensure that:
- The content encoded into the QR Code is owned by the customer OR
- The customer has the required authorization/consent to use the content encoded into the QR Code
QR Batch stores and transfers this content in encrypted format via its online databases to ensure maximum security of the data. QR Batch’s databases are managed by a third-party application—Amazon Web Services.
2.2.2 QR Code Designing
After generating the QR Codes, customers also have the option to design the QR Code batch.
In most cases, the design will be non-PII but in very specific cases the design elements can be PII (e.g. brand logo).
2.3 END-USER DATA
When customers print Static QR Codes on promotional or operational print/web material, end-users have the option to scan the QR Code. QR Batch doesn’t collect any data from the end-users.
Because Trycon Technologies allows you to add its outputs (QR Codes, URLs) on your promotional material (Print advertisements, Websites, Online Ads, Packaging etc.), you must register for an account for the desired services. The registration process asks for your personal information such as but not limited to:
- Email Address
By the nature of our Service, Trycon Technologies will gather non-personally identifiable statistics about the usage of our outputs in your promotions and store that information.
3. DISCLOSURE OF INFORMATION TO THIRD PARTIES
We may share with third parties certain pieces of aggregated, non-personal information (e.g., browsing analytics with Google Analytics), and personal information (e.g., email address with MailChimp for sign-up alert).
In all cases, we will ensure that the third party:
- Has good reputation and trustworthy customers
- Has an approachable and responsive support team
- Has robust privacy policies that aim at data protection and security
- Has taken adequate measures to be GDPR compliant
Further, we restrict access to personal information to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
4. DATA SECURITY
The company has implemented best-in-class security protocols to protect customer’s and end-user’s data. This data is maintained on the company servers from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of these security mechanisms include:
- Encryption of transit data with SSL (HTTPS)
- Encryption of rent data via AES256 protocol
- Staff access to data on a need basis only (e.g. ticket raised by customer, etc.)
- Staff access to third-party apps via multi-factor authentication only
However, please keep in mind that no security system is impenetrable. It may be possible for third parties to intercept or access the company’s customer data or end-user’s data in spite of these measures.
In case of data breaches, the company will inform the regulatory authorities and affected customers within 72 hours, as per GDPR guidelines.
However, the company cannot guarantee complete security of your information and cannot be held responsible for unauthorized access to customer accounts. It is the responsibility of the customer to ensure that the account email address and password are not shared with any unauthorized personnel.
5. DATA RETENTION, PORTABILITY & DELETION
Purpose: The data will be retained to allow customers to reinstate their account and creations (QR Codes) within this period.
7. CONTACT INFORMATION
To keep your personal data accurate, current, and complete, please contact us as specified below:
Trycon Technologies Private Limited
Address: 2, Rail Vihar, Sector 33, Noida, Uttar Pradesh, India 201301
The terms and conditions along with privacy policies with all references constitutes the sole and entire agreement of the parties to this agreement with respect to the subject matter contained herein and supersedes all prior terms and conditions which were agreed by the Customer.