QRillium

Privacy Policy

Welcome to QRillium!

Protecting your data is very important to us. Therefore, we would like to inform you transparently and, hopefully, in an understandable way about how we process your data when you use QRillium.

1. Controller

The controller responsible for the processing of personal data is:

Oliver Jumpertz
Königstr. 1b
41379 Brüggen

(hereinafter "we" or "us")

2. Processing of Personal Data

We process personal data when you access our website, use the application (QRillium), or contact us via email.

We process data in order to communicate with you and to provide you with our website and the application (QRillium).

3. Data Processing When Accessing Our Website and Using the Application (QRillium)

To ensure the secure operation and continuous optimization of the website and the application (QRillium), we collect only data on each visit that cannot be directly traced back to a person. Specifically, the following data is collected:

  • Your IP address
  • The current time
  • The source of the visit (referrer)
  • The current subpage (path)
  • The current page parameters (e.g., the QR code or a project you are currently editing. These are only IDs, not content) (query)
  • The previously visited subpage (previous path)
  • A randomly generated ID of your visit (this is not persisted and not linked to your user data) (visitId)
  • The country, region, and city of the request determined from your IP address.
  • The operating system and browser determined from the “User Agent” transmitted by your browser. We do not store your “User Agent”

If you merely access our website or use the application (QRillium), we do not store any personal data and deliberately refrain from user accounts or similar features.

We have deliberately designed our website and the application (QRillium) to function as much as possible offline. All project and QR code data are stored only locally on your device. We do not have access to this data at any time.

The legal basis for processing your data for the aforementioned purposes is Art. 6(1)(f) GDPR and Section 25(2) No. 2 TDDDG.

Our legitimate interest lies in the secure operation and continuous optimization of our website and the application (QRillium). The analysis of aggregated and non-personal data enables us to improve technical processes, identify weaknesses, and optimize the user experience.

4. Hosting and Technical Monitoring

Our website and the application (QRillium) are delivered to you by Cloudflare. To protect our website and the application (QRillium) against attacks and to identify, analyze, and resolve technical issues, Cloudflare logs technical parameters of your page requests that are not directly personally identifiable (server logs).

The data cannot be attributed to you as a person. This data is not enriched with additional data from any other data sources. The data is deleted by Cloudflare after 30 days.

The legal basis for processing your data for the aforementioned purposes is Art. 6(1)(f) GDPR and Section 25(2) No. 2 TDDDG.

Our legitimate interest lies in the proper operation of our website and the application (QRillium) as well as their optimization.

Details of Processing

Description of the service: Cloudflare provides the service for delivering our website and monitors technical parameters of page requests that are not directly personally identifiable. This serves to prevent attacks and to identify, analyze, and resolve technical problems.

Processing company: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA

We have concluded a data processing agreement with the provider. This obliges the provider to process data only in accordance with our instructions.

Purpose of processing: Protection of our website and application (QRillium) against attacks and technical disruptions (analysis, identification, and resolution of technical problems to ensure proper operation and continuous optimization of our offering on the basis of aggregated and non-personal technical data).

Collected data:

  • IP address
  • Information about system configuration
  • Name of the website
  • Date and time of the request
  • Name and URL of the retrieved file
  • Amount of data transferred
  • Status information
  • Device operating system
  • Referrer URL
  • Requesting provider
  • Device type
  • Time of the server request
  • Retrieved and transmitted content

(This data is not assigned to you as a person, and no enrichment with data from other sources takes place)

Place of processing: Worldwide, depending on the user's location.

Storage period: The anonymously collected data is deleted after 30 days.

Data from this processing may be transferred to the United States. Appropriate safeguards have been implemented through Standard Contractual Clauses (SCCs) (These Standard Contractual Clauses (SCCs) are model contracts recognized by the EU Commission that ensure an adequate level of data protection for transfers to non-EU countries).

You can find Cloudflare’s privacy policy here.

5. Communication via Email

Our email provider is Proton (ProtonMail).

If you contact us via email, your email address (and, if applicable, your real name if it is part of your email address) and your message will be processed by us as the operator of this website and application (QRillium) for the purpose of communicating with you. This data is stored only as long as necessary to clarify your request. As a rule, your emails are deleted immediately after receiving or sending the final response from us.

We have concluded a data processing agreement with the provider. This obliges the provider to process data only in accordance with our instructions.

The storage and use of the data contained in emails as well as your contact data takes place to the extent necessary based on our legitimate interest in handling communication with you (Art. 6(1)(f) GDPR). Without processing your personal data, it is not possible to process your request. The use of a general service email address is voluntary.

Details of Processing

Description of the service: ProtonMail provides the infrastructure required to send and receive emails.

Processing company: Proton AG, Route de la Galaise 32, 1228 Plan-les-Ouates, Geneva, Switzerland.

Purpose of processing: Conducting communication with you.

Collected data:

  • IP address
  • Email address
  • If applicable, your real name if it is included in your email address
  • Reply-To address (this is the email address to which replies should be sent when you contact us. It may differ from your actual email address)
  • Return-Path (this is an email address to which so-called non-delivery reports are sent)
  • Date and time of emails
  • Message-ID (a unique identification code for each email)
  • Subject line
  • Information about the email client used

ProtonMail uses end-to-end encryption and cannot access the content of your emails.

Place of processing: Switzerland and Germany.

Storage period: Data possibly logged by Proton as well as deleted emails are permanently deleted after 30 days. We store your emails and the associated data as long as necessary for communication and delete them immediately after the process is completed.

You can find Proton’s and ProtonMail’s privacy policies here and here.

6. Use of External Services

Within the application (QRillium), we use various external services that serve to provide the full functionality of the application (QRillium).

Currently, these are two services that we use to provide location functionality. These are:

  1. OpenStreetMap (provides the map material for QR codes that work with location data)
  2. Photon by Komoot (enables address search for QR codes that work with location data)

In order to provide you with the location functionality, the following data is collected or transmitted to the external service provider:

  • The source of the visit (referrer)
  • The requested resource (path, e.g., the requested map material)
  • The requested page parameters (query, e.g., the address you searched for)
  • The operating system and browser determined from the “User Agent” transmitted by your browser

The legal basis for processing your data for the aforementioned purposes is Art. 6(1)(f) GDPR and Section 25(2) No. 2 TDDDG.

Our legitimate interest lies in providing functionality that is essential for creating QR codes with location functionality.

Both services are only contacted when you explicitly create a QR code with location functionality. Before that, no contact with these services takes place.

Details of Processing by OpenStreetMap

Description of the service: OpenStreetMap provides the map material. This enables you, when creating a QR code for locations or events, to see exactly which location you are specifying.

Processing company: OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.

Purpose of processing: Displaying interactive maps.

Collected data:

  • IP address
  • Information about system configuration
  • Name of the website
  • Date and time of the request
  • Name and URL of the retrieved file
  • Amount of data transferred
  • Status information
  • Device operating system
  • Referrer URL
  • Requesting provider
  • Device type
  • Time of the server request
  • Retrieved and transmitted content

Place of processing: United Kingdom, Netherlands, Ireland, possibly worldwide based on the user's location (Content Delivery Network).

Storage period: OpenStreetMap may store IP addresses for up to 180 days under certain circumstances (according to the OpenStreetMap Foundation’s own statement). The remaining data is stored only as long as necessary for the smooth operation of the service.

You can find OpenStreetMap’s privacy policy here.

Details of Processing by Photon

Description of the service: Photon provides functionality for geolocating addresses. This enables you to search specifically for an address so that it can be correctly encoded in your QR codes.

Processing company: komoot GmbH, Kienberger Allee 4, 12529 Schönefeld, Germany.

Purpose of processing: Address search for localization on interactive maps.

Collected data:

  • IP address
  • Information about system configuration
  • Name of the website
  • Date and time of the request
  • Name and URL of the retrieved file
  • Amount of data transferred
  • Status information
  • Device operating system
  • Referrer URL
  • Requesting provider
  • Device type
  • Time of the server request
  • Retrieved and transmitted content

Place of processing: Germany.

Storage period: The data is stored only as long as necessary for the smooth operation of the service.

You can find Photon’s (komoot’s) privacy policy here.

7. Cookies

Our website and the application (QRillium) currently do not use cookies.

8. Your Rights

Right of Access

You have the right at any time to obtain information about the data stored about you.

Right to Rectification

If data about you is incorrect or no longer up to date, you can request its correction.

Right to Erasure and Restriction

You also have the right to request the deletion or restriction of the processing of your data.

Right to Data Portability

You have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format. This data can be transmitted to another controller. We can also transfer this data directly to another controller if this is technically feasible and requested by you.

Right to Withdraw Consent

If you have given us consent to process your personal data for specific purposes, you can withdraw this consent at any time with effect for the future by sending an email to hey@qrillium.com. The lawfulness of the processing of your data until the withdrawal remains unaffected.

Right to Object

You also have the right at any time to object to the processing of your data that is based on a balancing of interests (Art. 6(1)(f) GDPR) or carried out in the public interest, if there are reasons arising from your particular situation. If you object to such processing, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

If you wish to exercise your rights or have general questions about data protection regarding QRillium, you can contact us at any time (hey@qrillium.com).

9. Right to Lodge a Complaint with a Supervisory Authority

You have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is not lawful.

The authority responsible for us is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf. However, you can also contact the data protection authority responsible for your place of residence, which will forward your request to the competent authority.

10. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy at any time if legal or other reasons (such as changes to our website and application (QRillium)) make this necessary.

The current version of this Privacy Policy can always be found on this website.

Status: May 2026