Privacy Policy

MYQRL ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by MYQRL.

This Privacy Policy applies to our website, myqrl.legitafri.com, and its associated subdomains (collectively, our "Service"). By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

We collect information about you in various ways when you use our Service:

Personal Information You Provide

We collect personal information you provide directly to us, such as when you create an account, use our services, or contact us for support:

• Account Information: Name, email address, password, and contact details
• Profile Information: Company name, website URL, and profile picture
• Billing Information: Payment method details and billing address for paid plans
• Communication Data: Messages and inquiries sent through our support channels

Information Collected Automatically

When you use our Service, we automatically collect certain information:

• Usage Data: How you interact with our Service, features used, and time spent
• Log Data: IP address, browser type, pages visited, and access times
• Device Information: Device type, operating system, and unique device identifiers
• QR Code Analytics: Scan locations, timestamps, device types, and referral sources

We use the information we collect for various business purposes:

Legal Bases for Processing

We process your personal information based on the following legal grounds:

Legal Basis	Purpose	Examples
Contractual Necessity	To provide our services to you	Account creation, QR code generation
Legitimate Interests	To improve and secure our services	Analytics, security monitoring
Legal Obligation	To comply with applicable laws	Tax reporting, legal requests
Consent	For optional features	Marketing communications

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: We share information with third-party vendors who provide services on our behalf, such as payment processing, data analysis, email delivery, and customer service.
• Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.
• Protection of Rights: We may share information when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.

We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Data Type	Retention Period	Reason for Retention
Account Information	While account is active + 2 years	Service provision and legal compliance
QR Code Analytics	24 months	Historical reporting and analysis
Billing Records	7 years	Tax and financial regulations
Support Communications	3 years	Customer service improvement

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and applicable legal requirements.

We use cookies and similar tracking technologies to track activity on our Service and hold certain information.

Types of Cookies We Use

Essential Cookies
Authentication	Session	Keep you logged in during your browsing session
Security	Persistent	Protect against cross-site request forgery
Analytics Cookies
Usage Analytics	Persistent (2 years)	Understand how visitors interact with our website
Performance	Session	Monitor website performance and speed
Functional Cookies
Preferences	Persistent (1 year)	Remember your language and region preferences

Managing Cookies

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process.

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption
• Access Controls: Strict access controls and authentication mechanisms
• Regular Audits: Security assessments and penetration testing
• Infrastructure Security: Secure cloud infrastructure with DDoS protection
• Employee Training: Regular security awareness training for all staff

While we have implemented safeguards, no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that information you supply won't be intercepted while being transmitted to us over the Internet.

Depending on your location, you may have the following rights regarding your personal information:

• Access: The right to request copies of your personal data
• Rectification: The right to request correction of inaccurate information
• Erasure: The right to request deletion of your personal data
• Restriction: The right to request limiting the processing of your data
• Data Portability: The right to receive your data in a structured format
• Objection: The right to object to our processing of your personal data
• Withdraw Consent: The right to withdraw your consent at any time

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section. We will respond to your request within 30 days.

Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside The Republic Of Zambia and choose to provide information to us, please note that we transfer the data, including personal data, to The Republic Of Zambia and process it there.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. For transfers of data from the European Economic Area (EEA), we use Standard Contractual Clauses approved by the European Commission.

Our Service is not intended for use by children under the age of 16 ("Children").

We do not knowingly collect personally identifiable information from children under 16. If you become aware that a child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If you have any questions about this Privacy Policy, please contact us:

• By email: privacymyqrl@legitafri.com
• By visiting this page on our website: Contact Us

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out above.