Privacy Policy

1. Data Controller

The data controller responsible for processing your personal data is:

• Name: Kamocsai Péter e.v.
• Address: 9028 Győr, Tárogató utca 79., Hungary
• Tax number: 56282049-1-28
• Email: kamocsai.peter@octavoasis.com

2. What Personal Data We Collect

2.1. Account Data (Registered Users)

When an account is created for you, we store:

• Full name
• Email address
• Password (stored in hashed, non-reversible form)

Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).

2.2. QR Code Scan Data (End Users)

When someone scans a QR code created through our platform, we automatically collect:

• IP address — used to derive approximate geographic location (country, city) and to count unique visitors. IP addresses are stored for analytics purposes.
• User agent string — used to determine device type (mobile, desktop, tablet), browser, and operating system.
• Referral URL — the page from which the scan originated, if available.
• UTM parameters — campaign tracking tags (utm_source, utm_medium, utm_campaign, utm_term, utm_content) if present in the URL.
• Scan timestamp — the date and time of the scan.

Legal basis: Legitimate interest in providing analytics features to our users (GDPR Art. 6(1)(f)).

2.3. Uploaded Content

Users may upload logo images for QR code customization. These files are stored on our servers and are used solely for generating QR code images.

3. How We Use Your Data

We use collected data for the following purposes:

• Providing the Service: Managing your account, generating QR codes, redirecting scans to the correct destination.
• Analytics: Displaying scan statistics, trends, geographic distribution, and device breakdowns to QR code owners.
• Service improvement: Understanding usage patterns to improve platform performance and features.
• Communication: Sending essential service-related notifications to registered users.

4. Data Retention

• Account data: Retained for the duration of the service agreement plus 90 days after termination, unless you request earlier deletion.
• Scan analytics data: Retained for up to 3 years from the date of collection, after which it is automatically deleted.
• Uploaded files: Deleted when the associated QR code or account is removed.

5. Data Sharing

We do not sell, rent, or trade personal data. We may share data in the following limited circumstances:

• Hosting providers: Our servers are hosted by third-party infrastructure providers who process data on our behalf under appropriate data processing agreements.
• Legal obligations: We may disclose data if required by law, court order, or government authority.

We do not use any third-party analytics services (such as Google Analytics) and do not share scan data with advertising networks.

6. Cookies

Our platform uses only essential cookies required for the Service to function:

• Session cookie — Maintains your authenticated session while using the platform. Expires when the browser is closed or after the configured session lifetime.
• CSRF token cookie — Protects against cross-site request forgery attacks. Expires with the session.
• Cookie consent cookie — Remembers your cookie preference. Expires after 1 year.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

You can manage your cookie preferences at any time using the cookie settings button at the bottom of the page.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct inaccurate or incomplete data.
• Right to erasure: You can request deletion of your personal data ("right to be forgotten").
• Right to data portability: You can request your data in a structured, machine-readable format.
• Right to restrict processing: You can ask us to limit how we process your data.
• Right to object: You can object to processing based on legitimate interests.

To exercise any of these rights, contact us at kamocsai.peter@octavoasis.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• HTTPS encryption for all data in transit
• Hashed password storage using industry-standard algorithms
• Access controls limiting data access to authorized personnel only
• Regular software updates and security patches

9. International Data Transfers

Our servers are located within the European Union. If any data processing occurs outside the EU/EEA, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

10. Children's Privacy

The Service is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be published on this page with a revised "Last updated" date. We encourage you to review this page periodically.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

• Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
• Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
• Website: naih.hu
• Email: ugyfelszolgalat@naih.hu

13. Contact

For questions or requests regarding this Privacy Policy, contact us at:

• Email: kamocsai.peter@octavoasis.com
• Address: 9028 Győr, Tárogató utca 79., Hungary