QRpass Privacy Policy

1. Introduction

This Privacy Policy explains how Miltema OÜ (“we”, “us”, “our”) collects, uses, and protects personal data when you use QRpass — our digital ticketing and pass management platform available at https://qrpass.io and related domains.
We are committed to complying with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data Controller

Miltema OÜ

Reg. no: 10947918
EU VAT number: EE100827840
Address: Kandle 3, Tänassilma, Harju mk, Estonia
Email: info@qrpass.io

3. What Personal Data We Collect

We collect and process only the data necessary to provide and improve QRpass services.

1. Account and Authentication Data
   • Name, email address, password (encrypted)
   • Business name or company details
2. Transaction and Usage Data
   • Ticket purchase and validation records
   • Payment status (via Maksekeskus or other providers; we never store card numbers)
   • Event or service details related to your purchases
   • Log entries for login, logout, and API usage
3. Cookies and similar technologies (see Cookie Policy)

4. How We Use Your Data

We use personal data to:

• Operate and maintain the QRpass platform
• Process and confirm your purchases and bookings
• Provide customer support and respond to inquiries
• Send transactional and account-related messages
• Improve service reliability and security
• Comply with legal obligations (e.g. invoicing, tax)

5. Legal Basis for Processing

We process your personal data under one or more of the following legal grounds:

• Contractual necessity: to provide QRpass services you requested
• Legal obligation: to comply with tax or accounting requirements
• Legitimate interests: to improve service quality, detect abuse, or prevent fraud

6. Data Sharing and Processors

We share data only with trusted service providers that help operate QRpass, including:

• Maksekeskus AS – payment processing
• Contabo – cloud infrastructure
• Google Analytics / Tag Manager – anonymized usage analytics (only with consent)

7. Data Retention

We retain your data only for as long as needed to fulfill the purposes described above:

• Account and billing data: up to 7 years (for legal accounting retention)
• Ticket and transaction data: as long as your account remains active
• Logs and backups: typically 90–180 days

8. Your Rights (GDPR)

You have the following rights regarding your personal data:

• Access – request a copy of your data
• Rectification – correct inaccuracies
• Erasure (“right to be forgotten”)
• Restriction or objection to processing
• Data portability (receive your data in machine-readable format)
• Withdraw consent for optional processing (e.g. marketing)

9. International Transfers

All data is stored in the European Union or EEA-compliant data centers.

10. Cookies and Analytics

QRpass uses essential cookies for login sessions. We do not use optional analytics cookies. See our Cookie Policy for details.

11. Security Measures

We apply industry-standard security practices including:

• HTTPS encryption
• Hashed and salted passwords
• Role-based access controls
• Regular software updates and audits

12. Complaints and Contact Information

If you have questions about this Privacy Policy or your personal data, contact us at: 📧 info@qrpass.io
If you believe your rights are violated, you may also contact the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at https://www.aki.ee

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available at https://qrpass.io/en/privacy/. Substantial changes will be announced within the app or via email.