Privacy Policy

As of: May 25, 2026

This privacy policy applies to Kernbrand AG and the website qrtool.ch operated by it, as well as the QRTool services.

1. Data Controller

The data controller responsible for data processing is:

Kernbrand AG
Wilerstrasse 73
9200 Gossau
Switzerland

Email: privacy@qrtool.ch
Authorized Representative: Management of Kernbrand AG

2. Legal Basis

We process personal data in accordance with Swiss data protection law, particularly the new Federal Act on Data Protection (nFADP) and the Data Protection Ordinance (DPO).

Processing is based on the following legal grounds:

  • Art. 31 Para. 1 nFADP: Consent of the data subject
  • Art. 31 Para. 2 lit. a nFADP: Processing directly related to the conclusion or performance of a contract
  • Art. 31 Para. 2 lit. b nFADP: Overriding private or public interests

3. Type, Scope and Purpose of Data Processing

3.1 When Visiting Our Website

The following data is automatically collected each time our website is accessed:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)
  • Pages accessed

Purpose: Ensuring functionality, security and optimization of our website.

Retention: Log files are automatically deleted after 7 days.

3.2 When Using QRTool Services

To provide our QR code services, we process:

  • Registration data (name, email, company)
  • Contract data (selected package, payment information)
  • QR code usage data (scan statistics, geographic origin at country level)
  • Technical data (API access, error logs)

Purpose: Contract fulfillment, customer support, provision of analytics, billing.

3.3 Contact Inquiries

When contacting us via our contact form or email, we process:

  • Name and contact details
  • Content of the inquiry
  • Time of contact

Purpose: Processing and responding to your inquiry.

3.4 Newsletter (if subscribed)

With your explicit consent, we will send you newsletters with information about:

  • New features
  • Service updates
  • Offers and promotions

You can unsubscribe from the newsletter at any time via the unsubscribe link or by email to privacy@qrtool.ch.

4. Disclosure of Personal Data

4.1 Within Switzerland

We only share personal data with third parties when necessary for contract fulfillment:

  • Payment service providers: For payment processing (PayPal, banks)
  • Hosting providers: For operating our servers and infrastructure
  • Email service providers: For sending transactional emails

4.2 Abroad

Data transfers abroad only occur to countries with an adequate level of data protection according to the FDPIC list or under appropriate safeguards (e.g., standard contractual clauses).

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • SSL/TLS encryption for all data transmissions
  • Encrypted storage of sensitive data
  • Access controls and authentication
  • Regular security updates
  • Firewalls and intrusion detection systems
  • Regular backups
  • Employee training

6. Retention Period

We process and store personal data only as long as necessary to fulfill our contractual and legal obligations:

  • Contract data: 10 years after contract termination (according to CO Art. 962)
  • Business correspondence: 10 years (according to CO Art. 962)
  • Usage data: 12 months, then anonymized
  • Log files: 7 days
  • Cookie data: Depending on cookie type, maximum 12 months

7. Cookies and Tracking Technologies

7.1 Essential Cookies

These cookies are strictly necessary for website operation:

  • Session cookies: For login and navigation
  • Security cookies: Protection against CSRF attacks
  • Language settings: Storing your language preference

7.2 Analytics Cookies

With your consent, we use analytics cookies to improve our services. These collect anonymized usage data.

7.3 Microsoft Clarity

We use Microsoft Clarity (provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA) to analyze user behavior on our website. Clarity records mouse movements, clicks, scroll behavior, and session recordings anonymously in order to improve usability. IP addresses are masked, and form-field input is automatically redacted.

Legal basis is your consent (Art. 31 para. 1 nFADP) and our legitimate interest in optimizing our web offering. Data transfer to the USA takes place under the EU-US Data Privacy Framework and the Swiss equivalent.

More information: clarity.microsoft.com ยท Microsoft Privacy Statement

8. Your Rights

Under the nFADP, you have the following rights regarding your personal data:

8.1 Right to Information (Art. 25 nFADP)

You can request information at any time, free of charge, about whether and what data we process about you.

8.2 Right to Rectification (Art. 32 nFADP)

You have the right to have incorrect personal data corrected.

8.3 Right to Deletion (Art. 32 nFADP)

You can request the deletion of your personal data, unless legal retention obligations apply.

8.4 Right to Data Portability (Art. 28 nFADP)

You have the right to receive your data in a common electronic format.

8.5 Right to Object (Art. 31 nFADP)

You can object to the processing of your personal data at any time.

8.6 Withdrawal of Consent

You can withdraw your consent at any time with effect for the future.

To exercise your rights, please contact us at privacy@qrtool.ch. We will respond to your request within 30 days.

9. Profiling and Automated Individual Decisions

We do not conduct high-risk profiling or make automated individual decisions that have legal effects on you or significantly affect you.

10. Data Protection for Minors

Our services are not directed at persons under 16 years of age. We do not knowingly collect personal data from minors without parental consent.

11. Changes to this Privacy Policy

We reserve the right to modify this privacy policy to adapt it to changed legal requirements or changes in our services. The current version is always available on our website.

We will notify you of material changes by email or through a prominent notice on our website.

12. Complaints to the Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority in Switzerland is:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
3003 Bern
Switzerland

Website: www.edoeb.admin.ch

13. Contact for Data Protection Matters

For questions about data protection or to exercise your rights, please contact us:

Email: privacy@qrtool.ch
Mail: Kernbrand AG, Data Protection, Wilerstrasse 73, 9200 Gossau, Switzerland

Version: 1.0 - nFADP compliant

Last updated: May 25, 2026