QR Code Maken – qrcodemaken.be
Last updated: 26 April 2026This privacy policy has been drafted in accordance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679), the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, and the Belgian Act of 13 June 2005 on electronic communications.
The data controller responsible for your personal data is:
| Detail | Information |
|---|---|
| Trading name | Sofie.be – Digital Solutions |
| Enterprise number | BE0823170308 |
| Address | Rauwakker 7, 1745 Mazenzele, Belgium (no visiting address) |
| Website | qrcodemaken.be |
| info@sofie.be | |
| Country | Belgium |
For all questions regarding the processing of your personal data, please contact us at the email address above.
We do not process special categories of personal data (such as health data, political beliefs or biometric data).
| Purpose | Legal basis (GDPR art. 6) |
|---|---|
| Creating and managing your account | Performance of a contract (art. 6.1.b) |
| Providing QR code services | Performance of a contract (art. 6.1.b) |
| Processing payments | Performance of a contract (art. 6.1.b) |
| Customer support and communication | Performance of a contract (art. 6.1.b) |
| Legal obligations (invoicing, taxes) | Legal obligation (art. 6.1.c) |
| Service analysis and improvement | Legitimate interest (art. 6.1.f) |
| Security and fraud prevention | Legitimate interest (art. 6.1.f) |
| Marketing communications (newsletter) | Consent (art. 6.1.a) |
| Cookies and tracking (non-essential) | Consent (art. 6.1.a) |
Where we rely on legitimate interest, we have carried out a balancing test between our interests and your rights and freedoms. You may object to such processing at any time.
| Category | Retention period |
|---|---|
| Account data (active account) | For the duration of the account + 30 days after deletion |
| Billing data | 10 years (Belgian Accounting Act of 17 July 1975) |
| QR code content (dynamic) | For as long as the QR code is active; max. 30 days after deletion |
| Scan statistics | Depending on your subscription plan (see plan details) |
| Contact form messages | 2 years after last contact |
| Technical logs (security purposes) | 90 days |
| Marketing (after unsubscribe) | Immediately removed from mailing list; proof of unsubscribe kept 3 years |
We never sell your personal data to third parties. We share data only in the following cases:
We may disclose your data to competent authorities (police, courts, regulators) where legally required or where necessary to protect our rights.
In the event of a merger, acquisition or sale of assets, personal data may be transferred. We will notify you before your data is transferred.
We aim to process your data within the European Economic Area (EEA). Where data is transferred outside the EEA, this is done exclusively on the basis of an adequacy decision by the European Commission, Standard Contractual Clauses (SCCs), or with your explicit consent.
We take appropriate technical and organisational measures to protect your personal data, including: encrypted connections (HTTPS/SSL), hashed password storage (bcrypt), need-to-know access control, regular security updates, and backup procedures. In the event of a data breach posing a risk to your rights and freedoms, we will notify you and the Belgian Data Protection Authority (GBA) in accordance with art. 33–34 GDPR.
| Right | Description |
|---|---|
| Right of access (art. 15) | You may request which personal data we process about you. |
| Right to rectification (art. 16) | You may have inaccurate or incomplete data corrected. |
| Right to erasure (art. 17) | You may in certain cases request deletion of your data ("right to be forgotten"). |
| Right to restriction (art. 18) | You may request restriction of processing in certain circumstances. |
| Right to data portability (art. 20) | You may request your data in a structured, machine-readable format. |
| Right to object (art. 21) | You may object to processing based on legitimate interest or direct marketing. |
| Rights re. automated decisions (art. 22) | You have the right not to be subject solely to automated decision-making. |
| Right to withdraw consent | You may withdraw consent at any time, without affecting the lawfulness of prior processing. |
To submit a request, contact us at info@sofie.be. We will respond within 30 calendar days.
Our services are not directed at persons under the age of 16. We do not knowingly collect personal data from minors. If you believe we may have inadvertently collected data from a child, please contact us at info@sofie.be.
We may update this privacy policy from time to time. The date of the last update is shown at the top of this document. For material changes, we will notify you by email or via a prominent notice on our website prior to the change taking effect.