Plattform im Aufbau: Registrierung funktioniert, Tarif-Abschluss & einige Funktionen sind noch nicht aktiv. — Fragen? info@ppwr-qrcode.de

PPWR QR-Code

Privacy Policy

pursuant to Art. 13/14 GDPR. This policy applies to the use of the platform (customer account). For the end-customer scan page at ppwr-qrcode.de/<slug> there is a separate policy (here).

1. Controller

Erik Eggerth · Schluttenbacher Digitalagentur · Lange Str. 22 · 76275 Ettlingen OT Schluttenbach
E-mail: info@ppwr-qrcode.de

2. Purposes and Legal Bases

  • Account & Profile: Art. 6(1)(b) GDPR (performance of a contract).
  • Security logs (login IP, user agent): Art. 6(1)(f) GDPR (legitimate interest in brute-force protection). Retention max. 90 days.
  • Invoicing & accounting: Art. 6(1)(c) GDPR (legal obligation — Sec. 147 AO, 10 years).
  • Marketing by e-mail: only with opt-in (Art. 6(1)(a) GDPR), revocable at any time via the account settings.

3. Recipients / Processors

  • Supabase (hosting of Postgres + Auth, EU-Frankfurt, data processing agreement in place)
  • Vercel (hosting of frontend + edge functions, EU-Frankfurt region, data processing agreement in place)
  • Stripe (payment processing, EU Standards of Care + SCC, separate privacy policy)
  • seven.io (SMS 2FA, German provider, data processing agreement in place)
  • sevDesk (invoicing, German provider, data processing agreement in place)
  • IONOS (e-mail dispatch, German provider)

4. Storage Period

Account data: until termination of the contract plus a 30-day reactivation period. Invoice-relevant data: 10 years (Sec. 147 AO). Login attempts: 90 days. Trusted devices: until expiry of the 30-day period or manual revocation.

5. Your Rights

Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), right to lodge a complaint with a supervisory authority (Art. 77). Competent authority: State Commissioner for Data Protection of Baden-Württemberg.

6. Cookies

We use exclusively technically necessary cookies (session, language setting, dark-mode preference, trusted device). No tracking, no advertising cookie. Consent is therefore not required (Sec. 25(2) No. 2 TTDSG).

7. Data Processing as Host

If, as a business customer, you process personal data (e.g. end-consumer scans of your packaging) via our platform, you are the controller and we are your processor. Upon conclusion of the contract you simultaneously enter into a data processing agreement pursuant to Art. 28 GDPR with us — full text: annex to the GTC.

8. Changes

We reserve the right to adapt this privacy policy to changes in the legal situation. The current version is always available at this URL.

As of: 02.06.2026