Privacy Policy

1. Introduction

This Privacy Policy explains how Quality Mark Europe ("we," "us," or "our") collects, uses, discloses, and protects information in connection with our anti-counterfeit solution and product authentication platform (the "Service"). This Service is provided to our business clients ("Manufacturers" or "Clients") who use unique QR codes on their products.

2. Information We Collect

a) Information from Our Manufacturer Clients

When a business signs up for our Service, we collect:

• Business name, address, and tax ID.
• Authorized user contact details (name, email, phone number).
• Billing and payment information.
• Product information and serialization data.

b) Information from Product QR Code Scans

When an end consumer scans a QR code, we process the following on behalf of the Client:

• The Unique Serial Code embedded in the QR code.
• Scan Metadata (Date, time, and approximate geographic location).
• Device Information (Type, OS, and browser type).

3. How We Use Information

We use the collected information for three primary purposes:

• Service Maintenance: Managing accounts, billing, and generating unique codes.
• Authentication & Fraud Detection: Verifying product authenticity and alerting clients to suspicious scan patterns.
• Analytics: Providing clients with supply chain insights and consumer engagement data.

4. Legal Basis for Processing

For individuals in the EEA/UK, we process Client Data based on contractual necessity. Consumer Scan Data is processed as a processor based on the legal grounds established by the Manufacturer (typically legitimate interest or consent).

5. How We Share Information

We do not sell personal data. We share information only with:

• Manufacturer Clients: Data is shared solely with the specific client whose product was scanned.
• Trusted Sub-processors: Third-party providers for hosting and payment processing.
• Legal Authorities: When required by law or legal process.

6. Data Security

We implement robust technical and organizational measures including encryption and access controls. While we strive for absolute security, no system is 100% immune to risks.

7. Data Retention

Account data is retained as long as the account is active. Serialization data is kept for the lifetime of the product, while scan data retention follows the specific schedule agreed upon in our Data Processing Agreement (DPA).

8. Your Rights and Choices

Manufacturers can update their info via the dashboard. End Consumers should contact the Manufacturer whose product they scanned, as they are the Data Controller responsible for handling access or deletion requests.

9. International Data Transfers

We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place when transferring data from the EEA, UK, or Switzerland to other jurisdictions.