PRIVACY POLICY

Last Updated: December 7, 2025

Welcome to QRSpace (hereinafter, "the Site", "we" or "our"). We take the protection of your privacy and personal data very seriously.

This Privacy Policy aims to inform you transparently about how we collect, process, share, and protect your personal information, complying with the most demanding international regulations, including the GDPR (Europe), the CCPA/CPRA (California, USA), and Habeas Data and LGPD laws (Latin America).

1. Identity of the Data Controller

The data controller for your personal data is:

• Name: QRSpace
• Address: Carrera 27B # 4B - 15
• City: Palmira
• Postal Code: 763533
• Country: Colombia
• Contact Email: qrspacelab@gmail.com

2. Information We Collect

We collect information to provide better services to all our users. The types of data vary depending on your interaction with us:

2.1. Data Provided Directly by You

• Identification and Contact Data: Name, surname, email, phone number, and postal address (if you make purchases).
• Transactional Data: If you purchase products or services, we process information about the order. Note: We do not store full credit/debit card data; these are processed directly by secure payment gateways (such as Stripe, PayPal, PayU).
• Communications: Information you send us through contact forms, support chat, or direct emails.

2.2. Data Collected Automatically

When you browse our site, we automatically collect certain technical data, even if you do not register:

• IP address and approximate location.
• Device type, browser, and operating system.
• Pages visited, session time, and links you click on.

This data is collected through Cookies and similar technologies (see our Cookie Policy for more details).

3. Purpose of Processing (Why do we use your data?)

We process your personal information for the following purposes:

• Service Provision: Manage your account, process orders, deliveries, and billing.
• Customer Service: Respond to your doubts, complaints, or requests.
• Security and Fraud Prevention: Detect unauthorized access and protect the integrity of the site.
• Site Improvement: Analyze browsing trends to optimize user experience (UX).
• Marketing and Advertising (With Consent): Send you newsletters, exclusive offers, or personalized advertising, provided you have previously authorized it.
• Legal Compliance: Comply with tax, accounting, and administrative obligations.

4. Legal Basis for Processing

Depending on your location and the purpose, the legal basis for processing your data is:

• Consent: You have explicitly accepted the processing (e.g., cookies, newsletter subscription).
• Contract Execution: Necessary to sell you a product or provide you with a service.
• Legitimate Interest: To guarantee the security of the site and improve it.
• Legal Obligation: When the law requires us to retain data (e.g., billing).

5. Recipients: Who do we share your data with?

We do not sell your personal information to third parties. We only share data with third parties necessary to operate our business ("Data Processors"), who are contractually obliged to protect your information:

• Web Hosting Providers: [e.g., AWS, SiteGround, Hostgator, Hostinger, etc.].
• Analytics Platforms: [e.g., Google Analytics].
• Payment Gateways: To process payments.
• Email Marketing Tools: [e.g., Mailchimp, ActiveCampaign].
• Authorities: Only if we are required by law or a court order.

6. International Data Transfers

Due to the global nature of the Internet, your data may be transferred and stored on servers located outside your country of residence (mainly in the United States).

We ensure that these transfers comply with appropriate legal guarantees:

• For transfers from the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCC) approved by the European Commission or current data privacy frameworks.

7. Conservation Period

We will keep your personal data only for the time necessary to fulfill the purposes for which they were collected:

• Customer Data: While the commercial relationship lasts and subsequently during mandatory legal periods.
• Subscriber/Marketing Data: Until you unsubscribe or withdraw your consent.

8. Privacy Rights by Region (Specific Provisions)

We recognize and respect the rights granted to you by local laws according to your location:

8.1. Users in Europe (GDPR)

If you reside in the EEA or the United Kingdom, you have the right to:

• Access your data.
• Request rectification or deletion (right to be forgotten).
• Limit the processing of your data.
• Object to processing.
• Request the portability of your data.
• Withdraw your consent at any time.
• File a claim with a supervisory authority (such as the AEPD in Spain).

8.2. Users in the United States (California - CCPA/CPRA)

If you are a resident of California:

• Right to Know: You can request what categories of personal information we have collected in the last 12 months.
• Right to Delete: You can request that we delete your personal information.
• No Sale of Data: We verify that we do not sell your personal information for money.
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Do Not Track: We respect "Do Not Track" signals from browsers.

8.3. Users in Latin America

• Colombia (Law 1581): We guarantee your Habeas Data right to know, update, and rectify your information, as well as revoke the authorization for processing.
• Brazil (LGPD): We guarantee facilitated access to information about the processing of your data and your right to anonymization or blocking of unnecessary data.
• Mexico (LFPDPPP) and rest of LATAM: We guarantee the exercise of your ARCO rights (Access, Rectification, Cancellation, and Opposition).

9. Data Security

We have implemented appropriate technical and organizational security measures (such as SSL encryption, firewalls, and access controls) to protect your personal data against loss, misuse, unauthorized access, and alteration.

10. Minors' Privacy

Our website and services are not directed at minors under [13/16/18] years (depending on the jurisdiction). We do not knowingly collect personal information from minors. If we detect that we have collected data from a minor without verified parental consent, we will proceed to delete it immediately.

11. Changes to the Privacy Policy

We reserve the right to update this policy at any time. Modifications will be effective immediately upon their publication on the website. We recommend reviewing this page periodically.

12. Contact and Exercise of Rights

To exercise any of your rights or if you have questions about this policy, please contact us at:

• Email: qrspacelab@gmail.com
• Subject: Data Privacy / [Your Country]