Privacy Policy for QRQ

1. Introduction

Welcome to QRQ.app ("we," "us," or "our"). We provide a queue management service (the "Service") and are committed to protecting the privacy of our users worldwide. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our Service.

This policy is designed to comply with applicable data privacy laws globally, including but not limited to the General Data Protection Regulation (GDPR) in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant regulations in jurisdictions where our Service is available.

By accessing or using our Service, you acknowledge that you have read and understood the terms outlined in this Privacy Policy.

2. Data We Collect

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("personal data"). The types of personal data we collect depend on how you interact with our Service and the requirements of the facilitator (the host of the queue — might be a store, bank, or other business you are visiting):

• Queue Information: If configured by the facilitator, we may collect information to manage your place in the queue: name, phone number, car plate number etc.
• Device Information: Information about the device you use to access our Service, such as:
  • Device type (e.g., mobile, desktop)
  • Operating system and version
  • Browser type and version
  • IP Address (potentially anonymized or truncated where feasible/required)
  • Language and timezone settings of the operatin system
• Usage Data: Information about your interaction with our Service, such as:
  • Screens visited within the Service
  • Features used
  • Date and time of access
  • Actions taken (e.g., joining a queue, receiving notifications)

3. How We Use Your Data

We use your personal data for the following purposes, based on the legal grounds described in Section 4:

• Providing the Service (Queue Management): To assign your place in the queue, provide queue status updates (including estimated wait times), notify you when it's your turn, and allow the facilitator (business) to manage the queue effectively.
• Communication: To send necessary Service-related communications, such as queue status via Push notifications.
• Service Improvement: To analyze usage patterns, troubleshoot issues, understand user needs, and enhance the functionality, performance, and user experience of our Service. We often use aggregated or anonymized data for this purpose.
• Security and Compliance: To maintain the security of our Service, prevent fraud, enforce our terms, and comply with applicable legal and regulatory obligations.

4. Legal Basis for Processing Personal Data

Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it, as well as applicable local laws. We generally rely on the following legal bases:

• Performance of a Contract: Processing necessary to provide the Service you requested (e.g., managing your place in the queue established between you and the facilitator business).
• Consent: Where required by law, or in specific situations (e.g., optional communications), we may rely on your explicit consent. You can withdraw your consent at any time where we rely on it.
• Legitimate Interests: We may process data based on our legitimate interests (or those of the facilitator business or a third party), such as improving and securing our Service, provided these interests are not overridden by your data protection rights and interests.
• Legal Obligation: Processing necessary to comply with our legal obligations (e.g., responding to lawful requests from authorities).

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing the Service, satisfying any legal, accounting, or reporting requirements, resolving disputes, and enforcing our agreements.

• Queue Information: Typically, personal data collected specifically for your place in a queue (like name, phone number) is retained only for the duration required to manage your session in that queue. It is generally deleted or anonymized shortly after you are served, leave the queue, or the queue session ends.
• Usage and Device Data: Aggregated or anonymized usage and device data may be retained for longer periods for internal analysis and service improvement. Identifiable usage/device data linked to a specific queue session follows the retention rules for Queue Information, unless needed longer for security or legal reasons.
• Other Data: Retention periods for other data types will depend on their purpose and legal requirements.

6. Data Storage, Security, and International Transfers

• Storage Location: Your personal data may be stored and processed in servers located in various regions, potentially including the European Union, the United States, or other locations depending on operational needs and the location of our service provider — Amazon Web Services (AWS) https://aws.amazon.com/compliance/gdpr-center/.
• Security Measures: We implement appropriate technical and organizational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, no internet transmission or electronic storage method is 100% secure, and we cannot guarantee absolute security.
• International Data Transfers: If we transfer your personal data outside of your jurisdiction (e.g., from the EEA to a country not deemed adequate by the European Commission), we will ensure appropriate safeguards are in place as required by applicable law. These may include using Standard Contractual Clauses (SCCs), obtaining your consent, relying on adequacy decisions, or other valid transfer mechanisms. You can request more information about the safeguards we use for international transfers.

7. Data Sharing and Disclosure

We do not sell your personal data (as "sell" is defined under laws like the CCPA/CPRA). We do not rent or trade your personal data with third parties for their marketing purposes. We may share your data in the following limited circumstances:

• With the Facilitator (Business): The business you are visiting uses our Service to manage its queue. They will have access to the Queue Information you provide to identify and serve you. Their use of your data is governed by their own privacy policy.
• Legal Requirements: If required by law, regulation, legal process, or governmental request (e.g., subpoena, court order), or to protect the rights, property, or safety of QRQ.app, our users, or others.
• Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your personal data may be transferred as part of that transaction, subject to standard confidentiality agreements.

8. Your Privacy Rights

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal data. These rights may include:

• Right to Know/Access: The right to request information about the categories and specific pieces of personal data we have collected about you, the sources of the data, the purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Rectification: The right to request correction of inaccurate or incomplete personal data we hold about you.
• Right to Erasure/Deletion: The right to request deletion of your personal data under certain conditions (e.g., when it's no longer necessary for the purposes collected, or you withdraw consent).
• Right to Restrict Processing: The right to request the restriction of processing your personal data under certain circumstances.
• Right to Data Portability: The right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to request transfer of that data to another controller where technically feasible.
• Right to Object: The right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Opt-Out of Sale/Sharing: The right to opt-out of the "sale" or "sharing" of your personal data (as defined by laws like CCPA/CPRA). (Note: As stated above, QRQ.app does not currently sell personal data).
• Right to Limit Use of Sensitive Personal Information: If we collect sensitive personal information (as defined by applicable law), you may have the right to limit its use and disclosure.
• Right Related to Automated Decision-Making: The right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects on you, except under certain conditions.
• Right to Withdraw Consent: Where processing is based on consent, the right to withdraw that consent at any time.
• Right to Non-Discrimination: The right not to be discriminated against for exercising your privacy rights.

How to Exercise Your Rights: To exercise any of these rights, please contact us using the details in the "Contact Us" section below. We will respond to your request in accordance with applicable law. We may need to verify your identity before processing your request. You may also have the right to lodge a complaint with a relevant supervisory authority.

9. Cookies and Tracking Technologies

Our Service uses minimal cookies and similar technologies that are essential for its basic functioning (e.g., session management). We do not use cookies for cross-site tracking or non-essential advertising purposes. Your browser settings may allow you to manage or disable cookies, but this might affect the functionality of the Service.

10. Third-Party Links

Our Service may contain links to websites or services operated by third parties (e.g., the website of the business you are visiting). This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party sites or services you visit.

11. Children's Privacy

Our Service is not intended for use by individuals under the age necessary to consent to the processing of their personal data in their jurisdiction without parental consent (e.g., under 16 in the EEA/UK, under 13 in the US under COPPA, under 14 in China, etc., unless a different age is set by local law). We do not knowingly collect personal data from children below this age threshold without verifiable parental consent where required. If you believe we have inadvertently collected information from a child below the applicable age of consent without parental permission, please contact us immediately so we can take appropriate steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post any changes on this page with an updated "Effective Date." We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after the Effective Date constitutes your acceptance of the revised Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Company: QRQ, LDA (NIPC 518816516)
• Email: dp@qrq.app
• Address: Portugal, 8200-593, Albufeira, rua das Amendoeiras 56