TIGER FORM logo

Privacy Notice: TIGER FORM

Note: Upon creating an account, provide options for the Customer to separately check to agree on:

Protecting your personal data and respecting your privacy is at the core of our priorities. As such, it is important for us that you know the consequences and implications of your consent to the processing of your personal data, before we proceed with the said processing. We therefore encourage all visitors of our website, including the users of our service and the third-party respondents, to carefully read this Privacy Notice. It contains details about how we ensure the security, confidentiality, and privacy of your data, and explains how we collect, use, disclose, and protect your information, including your personal data as we provide you with our TIGER FORM QR Code Builder software (hereafter referred to as, services).

We designed this Privacy Notice as part of our endeavor to comply with global privacy laws, including but not limited to, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other state privacy laws in the United States.

INFORMATION ABOUT US

We are QRTIGER PTE LTD., doing business as QR TIGER (“QR TIGER,” “we,” “us,” or “our”), a company registered under the laws of Singapore. We operate the website https://www.form-qr-code-generator.com/ (“website”), and offer products and services, including the service described above.

If you have any questions or concerns about this Privacy Notice or any matter related to the processing of your personal data, please contact us at:

WHAT TYPES OF DATA DO WE PROCESS [Note that all references to “you” in this section apply only to our Customers]

Anonymized. We routinely collect and analyze the metadata about your use of our services in order to improve the quality of our services, and to create anonymized statistics for our marketing purposes.

Personal Data. Moreover, we may collect all or a combination of the following types of data: (i) personal data provided by you, as our customer; (ii) form data, or the information collected through the forms you generate using our platform; (iii) usage data, or the information about how you interact with our services, including but not limited to, IP addresses, browser type, operating system, and device information; (iv) QR Code Data, or the information embedded within the QR codes generated via our platform; and, (v) Cookies and Tracking Technologies.

In all, we rely on the following grounds to process personal data:

  • Consent: When you provide explicit consent to process your data.
  • Contractual Necessity: When data processing is necessary for the performance of an obligation with you, which is to provide the service in accordance with the features you have chosen.
  • Legal Obligation: When we need to comply with legal obligations.
  • Legitimate Interest: When we need to pursue legitimate interests, which is reasonably expected by the data subject under the circumstances.

We encourage you to read further about the Lawful Bases to process your data (and those of the third-party respondents), and the processing of Children’s Data and Sensitive personal data, as well as our collection of information through the use of cookies.

DATA SECURITY

We adhere to and have ISO27001 Certification. We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, use, disclosure, alteration, misuse, or destruction. Transfer and storage of these personal data are further discussed below. Considering, however, that no system can be completely secure, we cannot guarantee absolute security.

RIGHTS OF DATA SUBJECT

Depending on the privacy regulation that applies, data subjects may be able to exercise the following rights in relation to the processing of their personal data: access; correction; deletion; portability; opt out of sale of personal data; right against automated decision-making.

  • Right of Access: Data subjects generally have the ability to access specific personal data collected by us, or those shared with our providers, subject to their providing the specifics of the personal data they want access to.
  • Right to Correction: Data subjects may also have the right to correct inaccuracies in the personal data collected by us.
  • Right to Delete: Data subjects, in certain instances, may request for the deletion of their personal data that we hold, subject to the following exceptions:
    • When the personal data is being used for completing a transaction requested by the data subject
    • When the personal data is still being used in detecting or protecting against security incidents
    • When the personal data is being held to comply with out legal obligations
  • Right to Data Portability: Data subjects may have the right to obtain personal data in a readily usable format to facilitate the transfer of these data to another entity.
  • Right Against Automated Decision-Making: This right is in relation to the processing that results in decisions about the data subject (profiling)

DATA SHARING

For requests made by third-party respondents, the responsibility to make appropriate responses to their requests shall rest on the Customer as the data controller. However, we shall assist the said Customer in performing his/her/its obligations, as may be required by the applicable data privacy regulation.

  • 3rd Party Service Providers: We may share data with third-party providers who assist us in operating the Service.

    You may click the links to know more about our third parties’ respective Privacy Policies.

  • Legal Requirements: When required by law or to protect our rights, we may disclose data to law enforcement or regulatory authorities.

These third parties are required to comply with data protection laws and only process personal data on our behalf.

Third-party applications, as well as third party computers, mobile devices, wearable devices, and other devices may be subject to additional and separate terms and conditions.

DATA STORAGE, TRANSMITTAL TO STORAGE, AND RETENTION

Our data center provider is DigitalOcean, in New York, USA. Data is encrypted while being transmitted to storage using SSL/TLS protocols.

We will retain the data collected throughout the period necessary to provide service to our Customer, unless a longer period of retention is required from us via a lawful request/order from the Customer’s government. Specifically, storage of personal data shall only be for as long as the user account of the Customer is active (i.e., there is an activity in which the personal data is being used). Should the account become inactive, (no activity for at least three months), all data under that account, including personal data, shall be deleted after one (1) year.

For the personal data of third-party respondents, Customers, as the data controllers, have the responsibility to disclose to their respective respondents the data retention period specified herein.

DATA TRANSFERS

The personal data processed while providing the services may be transferred to and processed in the U.S. or other jurisdictions. We ensure appropriate safeguards are in place to protect your data in accordance with applicable privacy laws.

BACKUP OF DATA

Contact our customer service (tiger-form@qrtiger.helpscoutapp.com) for concerns regarding litigation hold and portability requests, including costs associated with storage and related fees that may be collected from you, if applicable.

DATA BREACH

A personal data breach may refer to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to, personal data transmitted, stored or otherwise processed. (Guidelines 9/2022 on personal data breach notification under GDPR).

Breaches can be categorized according to the following three well-known information security principles: (i) Confidentiality breach, where there is an unauthorized or accidental disclosure of, or access to, personal data; (ii) Integrity breach, where there is an unauthorized or accidental alteration of personal data; and, (iii) availability breach, where there is an accidental or unauthorized loss of access to, or destruction of, personal data. It should also be noted that, depending on the circumstances, a breach can concern confidentiality, integrity and availability of personal data at the same time, as well as any combination of these.

Breaches may cause adverse effects to data subjects, which include physical, material, or non-material damage, ranging from loss of control over their personal data, limitation of their rights, discrimination, identity theft or fraud, financial loss, unauthorized reversal of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy, and any other significant economic or social disadvantage to those individuals.

For data breaches involving personal data of Customers, we will notify a breach to the competent supervisory authority, unless it is unlikely to result in a risk of adverse effects on our affected Customers. We will notify the affected customers if there is a likely high risk of these adverse effects occurring.

For data breaches involving personal data of Third Party Respondents, Customers, as the data controller, have the responsibility to take the appropriate steps mentioned above. However, as the processor of this data, we will assist the Customers in performing their obligations, as may be required by the applicable data privacy regulation.

Such notification shall be made in writing or via email as expediently as possible and without unreasonable delay, but not later than 30 days after determining the occurrence of such breach. We may also notify affected customers and/or third-party respondents indirectly through website information, posted notices, and media, if notifying them directly could cause further harm or there are no other means to contact them.

Do note that notification may be delayed for law enforcement purposes, such as when the breach appears to involve theft or other criminal activity. Subject to applicable privacy laws, we may not send a notification if an investigation determines that there is no reasonable likelihood of harm to affected customers.

We will endeavor to include a detailed explanation of the nature of such breach or suspected breach and the actions taken to remedy it.

CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time. Any changes will be posted on this page, and you will be notified via email or a notice on our website if they are significant. Should you have any questions or concerns about this Privacy Notice or our data practices, please contact us at tiger-form@qrtiger.helpscoutapp.com.