T
TeamDay QR

Privacy Policy

Effective Date: September 1, 2025
Last Updated: September 1, 2025

TeamDayQR (“we,” “our,” or “us”) respects the privacy of your organisation and that of your employees, associates and team members and is committed to protecting your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, in compliance with applicable privacy laws, including:

  • Canada: PIPEDA and applicable provincial laws (e.g., Québec Law 25).
  • United States: CCPA/CPRA and other state-level privacy laws.
  • Europe: GDPR.

By using TeamDayQR, you agree to the practices described in this Privacy Policy.

1. Information We Collect

  • Basic Information: Company name, email, and contact details when setting up a TeamDayQR account and linking a cloud storage service.
  • Photo Uploads: Photos and files uploaded via QR codes. These are routed directly into the organizer’s cloud storage folder.
  • Usage Data: Device information, browser type, IP address, and activity logs (e.g., upload time, QR code used).
  • No Login Required: Participants uploading via QR codes do not need to create accounts. Minimal metadata (upload time, device type, IP address) may be recorded for security.
  • Cookies & Tracking: Cookies may be used to improve functionality, analytics, and user experience.

2. How We Use Your Information

  • Provide secure QR-based uploads to organizer folders.
  • Authenticate organizers via SSO (Google, Microsoft, etc.).
  • Ensure uploads are routed correctly and securely.
  • Monitor and improve service performance.
  • Provide technical support and respond to inquiries.
  • Comply with legal and regulatory obligations.

We do not access or scan the content of photos except as required for security, troubleshooting, or compliance.

3. Legal Bases for Processing (GDPR – EU/EEA)

  • Consent (when participants upload via QR codes).
  • Performance of a contract (providing the service to organizers).
  • Compliance with legal obligations.
  • Legitimate interests (ensuring service security and functionality).

4. Sharing and Disclosure of Information

  • Cloud Service Providers: (Google Drive, Microsoft OneDrive/SharePoint) as instructed by the organizer.
  • Service Providers: Vendors supporting our infrastructure, security, or analytics.
  • Legal Obligations: If required by law, regulation, or court order.
  • Business Transfers: In case of merger, acquisition, or sale of assets.

5. International Data Transfers

Your information may be processed in countries outside your residence. Where required, we use safeguards such as Standard Contractual Clauses (SCCs) to protect EU/EEA data.

6. Your Rights

  • Canada (PIPEDA): Access, correction, and challenge to handling of your personal information.
  • USA (CCPA/CPRA): Right to know, delete, and opt out of sale/sharing (we do not sell data).
  • EU/EEA (GDPR): Access, rectification, erasure, restriction, portability, objection.

To exercise these rights, contact us at info@teamdayqr.com

7. Making a Complaint

If you believe we have breached data protection law, email info@teamdayqr.com with details. We will investigate and respond in writing. You may also contact a regulatory authority.

8. Data Retention

  • Organizer account info retained as long as account is active.
  • Uploaded photos stored in organizer’s linked cloud account. We do not permanently store them.
  • Metadata may be retained up to 12 months for security/audit unless required longer by law.

9. Right to be Forgotten

You may request deletion of your data. We will erase all information we hold, except where retention is legally required.

10. Security

Data is stored with AWS (United States) with encryption at rest and in transit, strict access controls, continuous monitoring. AWS is certified under SOC, ISO, PCI DSS, and complies with GDPR, HIPAA, etc.

  • Password/SSO access to accounts.
  • Data stored with third-party providers with strong protections.
  • PCI DSS–compliant payment providers.
  • No storage of payment details by TeamDayQR.

11. Payment Security

Payments are processed by secure third-party providers. Your credit card number cannot be viewed by us. All transaction data is encrypted and handled by bank-grade providers, PCI DSS compliant.

12. Children’s Privacy

TeamDayQR is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children.

13. Cookies and How We Block Them

We use cookies to improve our services. Cookies may analyze traffic or marketing, do not harm your systems, and can be blocked in browser settings. Blocking all cookies may limit access.

14. Changes to this Policy

We may update this Privacy Policy periodically. Changes will be posted with a revised “Last Updated” date.

15. Contact Us

If you have questions, contact us at: info@teamdayqr.com