Privacy Policy

1. Introduction

Welcome to QREZ ("we," "our," or "us"), operated by Starcode Tech, vl. Karlo Starčević (OIB: 65564896109). We are committed to protecting your personal information and your right to privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital menu and QR code management platform ("Platform").

Data Controller: Starcode Tech, vl. Karlo Starčević

Contact: info@starcode.tech | +385 91 752 8675

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the platform. By using our Platform, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Personal Information You Disclose to Us

We collect personal information that you voluntarily provide to us when you register on the platform, including:

• Name and contact information (email address, phone number)
• Account credentials (username and password)
• Business information (restaurant name, address, business details)
• Payment information (processed securely through Stripe)
• Profile information and preferences

2.2 Information Automatically Collected

We automatically collect certain information when you visit, use, or navigate the platform:

• Log and usage data (IP address, browser type, operating system)
• Device information (device type, unique device identifiers)
• Analytics data (pages viewed, time spent, click patterns)
• Location data (general geographic location based on IP address)

2.3 Information Collected Through Google Analytics

We use Google Analytics to help us understand how our users interact with the platform. Google Analytics collects information such as how often users visit the platform, what pages they visit, and what other sites they used prior to coming to our platform. We use the information we get from Google Analytics to improve our platform and services.

Google Analytics collects only the IP address assigned to you on the date you visit the platform, rather than your name or other identifying information. For more information about how Google uses data, please visit Google's Privacy Policy.

3. How We Use Your Information and Legal Basis (GDPR Article 6)

We process your personal data only when we have a legal basis to do so under GDPR. Below are the purposes for which we use your data and the corresponding legal basis:

• Account creation and authentication - Legal Basis: Contractual necessity (Article 6(1)(b)) - necessary to perform our contract with you
• Provide and maintain our services - Legal Basis: Contractual necessity (Article 6(1)(b))
• Process transactions and manage subscriptions - Legal Basis: Contractual necessity (Article 6(1)(b))
• Send administrative information and updates - Legal Basis: Contractual necessity (Article 6(1)(b)) and legitimate interests (Article 6(1)(f))
• Respond to user inquiries and provide customer support - Legal Basis: Contractual necessity (Article 6(1)(b)) and legitimate interests (Article 6(1)(f))
• Improve and optimize our platform - Legal Basis: Legitimate interests (Article 6(1)(f)) - our legitimate interest in improving our services
• Monitor and analyze usage and trends (Analytics) - Legal Basis: Consent (Article 6(1)(a)) - we only use analytics cookies with your explicit consent
• Detect and prevent fraud and abuse - Legal Basis: Legitimate interests (Article 6(1)(f)) - our legitimate interest in protecting our platform and users
• Comply with legal obligations - Legal Basis: Legal obligation (Article 6(1)(c))

You have the right to object to processing based on legitimate interests. You can withdraw your consent for analytics cookies at any time through your cookie settings.

4. Sharing Your Information

We may share your information in the following situations:

• Service Providers: We share your information with third-party service providers who perform services on our behalf (e.g., Stripe for payment processing, Supabase for database hosting)
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition
• Legal Requirements: When required by law or to protect our rights
• With Your Consent: When you give us explicit permission to share your information

We do not sell your personal information to third parties.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies in accordance with GDPR and the ePrivacy Directive. Cookies are small text files stored on your device that help us provide and improve our services.

5.1 Types of Cookies We Use

• Strictly Necessary Cookies: These cookies are essential for the Platform to function and cannot be disabled. They include authentication cookies, security cookies, and session management cookies. No consent is required for these cookies.
• Analytics Cookies: We use Google Analytics to understand how visitors interact with our Platform. These cookies collect anonymized data about page visits, time spent, and user behavior. We only use analytics cookies with your explicit consent.
• Preference Cookies: These remember your settings and preferences (e.g., language selection, interface preferences). These cookies require your consent.

5.2 Your Cookie Choices

When you first visit our Platform, you will see a cookie consent banner that allows you to:

• Accept all cookies
• Reject non-essential cookies
• Customize your cookie preferences

You can change your cookie preferences at any time by clicking the "Cookie Settings" link in our footer or by clearing your browser cookies.

Important: If you reject cookies, some features of the Platform may not function properly. Strictly necessary cookies will still be used to ensure basic functionality.

For more detailed information about cookies, please see our Cookie Policy.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication requirements
• Secure payment processing through Stripe

7. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need your information, we will securely delete or anonymize it.

8. Your Privacy Rights (GDPR)

Under the General Data Protection Regulation (GDPR), if you are located in the European Economic Area (EEA), you have the following rights:

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, including information about how we process it.
• Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure (Article 17 - "Right to be Forgotten"): You have the right to request deletion of your personal data when it is no longer necessary, when you withdraw consent, or when you object to processing.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transfer it to another controller.
• Right to Object (Article 21): You have the right to object to processing of your personal data for direct marketing or based on legitimate interests.
• Right to Restriction of Processing (Article 18): You have the right to request restriction of processing in certain circumstances.
• Right to Withdraw Consent (Article 7): Where we rely on consent to process your data, you have the right to withdraw that consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe we have violated your data protection rights.

How to Exercise Your Rights

To exercise any of these rights, please contact us at info@starcode.tech. We will respond to your request within 30 days as required by GDPR. We may ask you to verify your identity before processing your request.

You may also contact the Croatian Data Protection Agency (Agencija za zaštitu osobnih podataka) if you have concerns about our data practices: https://azop.hr

9. Third-Party Services

Our platform integrates with the following third-party services:

• Stripe: Payment processing (see Stripe's Privacy Policy)
• Supabase: Database and authentication (see Supabase's Privacy Policy)
• Google Analytics: Analytics and tracking (see Google's Privacy Policy)

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.

10. Children's Privacy

Our platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

11. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using our platform, you consent to such transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when posted on this page.

13. Contact Us & Data Protection Officer

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your GDPR rights, please contact us:

Supervisory Authority: If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with the Croatian Data Protection Agency (Agencija za zaštitu osobnih podataka): https://azop.hr