This DPA supplements the Terms and Privacy Policy for GDPR-relevant customers.
1. Roles
Customer is Controller. QRTool.org is Processor.
2. Scope
We process personal data to provide QR creation, redirect, and analytics services under customer instructions.
3. Processor Duties
Process on instructions, maintain confidentiality, implement security, support rights requests, and delete/return data at end of service.
4. Sub-Processors
We may use vendors for auth, database, payments, hosting, and messaging with contractual safeguards.
5. Breach Notice
We notify affected customers without undue delay after confirming a personal data breach.
6. Transfers and Audits
Cross-border transfers use legal safeguards (such as SCCs). Reasonable compliance evidence is available on request.
7. Contact
dpo@qrtool.org