Data Processing Agreement

For personal data processed by QuickResponseHub on Customer's behalf in connection with the Service, Customer is the Controller and QuickResponseHub is the Processor (as defined in the GDPR / UK GDPR).

Processing is limited to what is necessary to provide the Service for the duration of Customer's subscription, plus a 30-day post-termination retention window for export.

Data subjects include Customer's end users who scan QR codes hosted on the Service. Categories of data: IP address (truncated after 30 days), user agent, redirect timestamp, and the URL associated with the scanned code.

QuickResponseHub maintains a current list of sub-processors at privacy@quickresponsehub.com. We will notify Customer of new sub-processors at least 30 days in advance and Customer may object on reasonable grounds.

We implement the technical and organisational measures described in our Security page, including SOC 2 Type II controls, encryption in transit (TLS 1.3) and at rest (AES-256), MFA, and continuous monitoring.

Where personal data is transferred outside the EEA / UK, the parties enter into the EU Standard Contractual Clauses (Module 2) and the UK International Data Transfer Addendum, both of which are incorporated by reference.

We will assist Customer in responding to data subject requests within 7 days of receipt, including providing the necessary technical means to fulfil access, deletion, and portability requests.

We will notify Customer without undue delay (and in any event within 48 hours) of becoming aware of a personal data breach affecting Customer Data.

Customer may audit QuickResponseHub's compliance with this DPA once per year on 30 days' written notice. Our SOC 2 Type II report and ISO 27001 certificate satisfy this obligation for most customers.

On termination, Customer Data will be returned (via export) or permanently deleted within 30 days, except as required by law.

This DPA is automatically accepted by Customer's continued use of the Service. Enterprise customers may request a counter-signed copy from legal@quickresponsehub.com.