Privacy Policy

Privacy Policy (GDPR)

This Privacy Policy explains how scurt.icu (the “Platform”) collects, uses, and protects personal data in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and applicable Romanian/EU law.

1. Data Controller

The data controller is ANDIMA W.P. Solutions SRL (the “Controller”). For privacy-related requests, please use the contact details displayed on the website.

2. Scope

This policy applies to processing activities carried out through the Platform, including account creation, QR code / link generation and management, and subscription administration.

3. Categories of data we process

3.1 Data you provide

  • email address (required for your account);
  • name/company name (optional, if provided);
  • billing details (for subscriptions, as required by law);
  • support/contact messages you submit.

3.2 Data collected automatically

  • IP address and log data (date/time, actions, technical errors);
  • device/browser information (compatibility and security);
  • aggregated usage metrics for QR codes (e.g., scans/visits), without directly identifying end visitors.

4. Purposes of processing

  • creating and managing your account;
  • providing the SaaS services (QR generation, link shortening/management);
  • processing payments and managing subscriptions;
  • issuing invoices and meeting legal accounting obligations;
  • platform security, fraud/abuse prevention, and enforcement of terms;
  • administrative communications related to your account/subscription.

5. Legal bases (GDPR)

  • Art. 6(1)(b) – performance of a contract;
  • Art. 6(1)(c) – compliance with legal obligations;
  • Art. 6(1)(f) – legitimate interests (security, abuse prevention, legal claims);
  • Art. 6(1)(a) – consent (where applicable, e.g., optional cookies).

6. Subscriptions and payments

Payments may be processed by third-party payment providers. We do not intentionally store full card details; these are handled by authorized payment providers under their own policies and security standards.

7. Recipients / processors

We may share data only as necessary with:

  • hosting/infrastructure and security service providers;
  • payment processors;
  • technical support providers (if needed to resolve incidents);
  • public authorities where required by law or to protect our legal rights.

We do not sell personal data to third parties.

8. International transfers

If any IT services involve transfers outside the EEA, we will rely on appropriate safeguards (adequacy decisions, Standard Contractual Clauses, etc.) in accordance with GDPR.

9. Retention

  • account data: for as long as your account remains active;
  • billing data: as required by applicable law;
  • security logs: for a reasonable period necessary for security and incident investigation.

10. Your rights

You have the rights to:

  • access;
  • rectification;
  • erasure (subject to legal limits);
  • restriction;
  • data portability;
  • object;
  • withdraw consent (where applicable);
  • lodge a complaint with the supervisory authority.

11. Security

We implement reasonable technical and organizational measures. However, no online service can guarantee absolute security.

12. Illegal use and cooperation with authorities

In cases of suspected illegal use (e.g., fraud/scams, content harmful to minors, discrimination, etc.), we may suspend accounts and disable associated QR codes/links as permitted by our Terms, and cooperate with competent authorities where required or appropriate.

13. Changes

We may update this policy from time to time. The current version is the one published on the Platform.