Trycon Technologies (Scanova) is fully-committed to protect the personal data of its customers and customer’s end-users
From its customers, the company collects both personal information (email address, billing information, payment information, etc.) and non-personal information (browsing data, etc.). This information is solely used by the company or authorized third-party applications to serve the customers. This data is never used for unauthorized commercial gains in any way
To use the products and services of Scanova, the customer will share both personal information (e.g. contact information for Vcard QR Codes, map coordinates for Google Maps QR Code) and non-personal information (e.g., serial code for Simple Text QR Code). This information will be available to customers only and they have the responsibility to make the data public (via QR Code campaigns) only if they own the data or have authorization to use the data
From the end users (people who scan the QR Codes deployed by the customers), the company collects both personal information (in case lead generation feature is used) or non-personal information (e.g., scan time, date, city, country). This data will only be shared with the customer provided the customer has taken adequate consent from the end users
The company shares both personal and non-personal information with third-party applications and service providers only after ensuring that they employ the best practices in data security, privacy policies, and regulatory compliance (including GDPR)
The company employs the best-in-class data security strategies to ensure the protection of customers’ and end-users’ data. However, in cases of breaches, the company will inform the regulatory authorities and affected customers within 72 hours
The company will retain the customers’ and end-users’ data for a maximum period of 26 months after the customer ceases to use the company’s applications. However, the customer will always have the right to either download all data or request permanent deletion
2. DATA COLLECTION, PROCESSING & PURPOSE
During the lifecycle of using its products and services, the company collects both Personally Identifiable Information (PII) and non-Personally Identifiable Information either directly or via a third-party application or service.
As part of the company’s commitment to be transparent to its customers and end-users, we are sharing details on what data points are collected, at what stage, and for what purpose:
2.1 CUSTOMER DATA
This section outlines the data collected on the customers of the company i.e. the users who subscribe to the products and services of Scanova via any of the subscription plans—free or paid.
2.1.1 Website/App Browsing (Without Login)
Browsing/Events Tracking: If you are browsing the web pages of our website, we gather non-personally identifiable information—such as web request, Internet Protocol address, browser type, browser language, the date and time of your request, browser user agent, one or more cookies that may uniquely identify your browser, referring URL/domain, activity time, and clicking activity. All such data collected is processed at an aggregate level and can never be tied to an individual.
Purpose: This data is sent to the following tracking tools—Google Analytics, Mixpanel, and Mouseflow—to generate aggregate-level insights on customer behavior. These insights allow our product team to optimize the journey and experience of our customers. Given below are important links to these third-party applications:
Query Email: If you have a question related to our product or services, you can send us an email using the ‘Email Us’ option on the Support page. The data points that are collected are—Name, Email Address, Subject, and Message (Query)
Purpose: We require your name to personalize the conversation, email address to reach out to you with a response, and subject and message to understand your query thoroughly. This data is shared via email to authorized in-house customer support personnel only
Newsletter Subscription: If you are browsing the Scanova Blog, you have the option to share your email address with us via the Subscribe button or Subscription pop-up.
Purpose: When you share your email address (via the Subscribe button or Subscription pop-up), you are added to list of our newsletter subscribers. Note that a double opt-in is required (via verification email) to be successfully added to the list. Newsletter subscribers receive on an average less than or equal to one email newsletter per week. We use a third-party emailing application—MailChimp—to send these emails. Given below are important links to these third-party applications:
Query Chat: If you have a question related to our product or services, you can reach out to us via the chatbox option. To use the chatbox, we collect the following data—Name and Email Address
Purpose: The name is used to personalize the chat conversation and email address is used for any follow-up responses. The chatbox and data are managed by third-party applications—LiveChat (when online) and Zendesk (when offline). The data collected by these applications is used to serve our customer queries only and are never shared for any commercial gains. Given below are important links to these third-party applications:
As part of registration of an account (free or paid) with Scanova, the following data is collected and stored (Data Security tip: As per GDPR compliance guideline, all stored and transferred data is first encrypted):
Purpose: The first name of the customer is used to personalize the email conversations between the customer and the company personnel (technical or non-technical)
Valid Email Address (Data Security Tip: The company has employed security measures to ensure that only customers with valid email addresses can create an account. These security measures filter out low-quality email addresses from real users, keeping the overall health of the application high)
Purpose: In case of signup by email method, we use the password (generated by the customer) to authorize access to the customer account and its data. The company or its employees will never ask for your password in an unsolicited phone call or email. However, you are responsible for maintaining the secrecy of your password and account information
Google/Facebook Authorization (in case of Signup by Google/Facebook)
Purpose: In case of signup by social login method (Google/Facebook), we will require authorization from a valid and logged in account of Google/Facebook. Note that in case of Google authorization, we only receive the following data—Name, User ID, and Email Address. In case of Facebook authorization, we only receive the following data—Name, Facebook ID
2.1.3 Purchase of Subscription Plan
When you upgrade from Scanova’s free trial to one of the premium plans—Lite, Standard, Pro, Started (API), Advanced (API), Pro (API), Advanced (Deprecated), Premium (Deprecated), Agency (Deprecated)—you will be required to provide billing and payment information to complete the transaction:
Billing Information: Country, Full Name, Address 1, Address 2, City, State/Province, Postal Code, Phone, Phone Extension, and Email Address
Purpose: The billing information is required for the following purposes:
To generate an official invoice complete with billing name and address as required by law
To email the customer the invoice/sale receipt
To maintain sale records in case of any dispute (subscription cancellation, refund, etc.)
To aggregate data and generate internal reports for management, investors, and shareholders (e.g., monthly sales report, annual report, tax filing, etc.). As the company is a Private Limited, these reports are shared either privately with authorized personnel (management, investors, shareholders) or with regulatory authorities only
To add the company logo on our website under “Our Customers” section if the company email address (i.e. with the domain name of the company) of the customer is used
Purpose: The payment information is required to authorize a transaction with your bank/credit card account.
Note that Scanova only receives an email copy of the invoice generated but never stores the payment information. Both billing and payment information is collected, managed, and stored by our payment gateway provider—2Checkout (2Checkout.com, Inc. 855 Grandview Avenue, Suite 110, Columbus, OH 43215, USA).
According to 2Checkout, “2Checkout is PCI Level 1 certified - the highest level certification possible. Our redundant data centers store and encrypt millions of credit card accounts so you can focus on your business and not on credit card security. 2Checkout is committed to protecting you, your business and your customers from fraudulent activities. We offer a three-tier defense strategy to identify fraudulent activity and keep fraud from impacting your operations. Our approach is rigorous and straightforward. We use statistical algorithms and data collection techniques to assess more than 300 variables in under 3 seconds to identify markers of fraud. Our algorithms are proprietary to our business and customized to different industries and geographies.”
Note that ‘Recurring Payment or Auto-renewal’ option remains active by default but the customer is given the option to cancel recurring payment immediately after payment and/or anytime via the application dashboard. If the recurring payment option is enabled, 2Checkout will continue to store the payment information in a secure way and automatically process the payments at the renewal of period defined by the customer—monthly, quarterly, bi-annually, and annually. When the user cancels recurring payment (either immediately after payment or anytime later via the dashboard), the payment information is deleted forever by 2Checkout.
Given below are important links to the third-party application:
2.2 DATA SHARED BY CUSTOMER DURING QR CODE MANAGEMENT
When customers use Scanova’s product and services—QR Code Management Tool, QR Code APIs, QR Code Batch Generation—they can design and generate QR Codes and Mobile Landing Pages. To generate these content pieces customers enter data in various fields. This section outlines how Scanova stores and processes this data.
2.2.1 QR Code Generation
Using Scanova, it is possible to generate 23 types of QR Codes. To generate each of these QR Codes, customers are required to enter data for very specific fields. The open-ended nature of the content of the QR Codes means that the customer can add both PII and non-PII information for each category.
Given below is the exhaustive list of QR Codes with the required datapoints:
Website URL QR Code: URL
Google Maps QR Code: Maps Location (Coordinates)
PDF QR Code: PDF Document
Image QR Code: Image
Social Media QR Code: Facebook URL, Youtube URL, Twitter Handle, Google Plus Link, LinkedIn URL, Pinterest URL, Instagram URL, Website URL, WeChat ID, Custom URL
VCard Profile QR Code: Profile Photo, Name, Company Name, Title, Facebook URL, Youtube URL, Twitter Handle, Google Plus Link, LinkedIn URL, Pinterest URL, Instagram URL, Work Phone, Mobile, Fax, Email, Secondary Email, Address Street, City, State, Zip/Postal Code, Country, Address Street 2, City 2, State 2, Zip/Postal Code 2, Country 2, Work Website URL, Personal Website URL, Additional Information (Unlimited)
Rich Text QR Code: Text, images, or HTML-based information
App Store QR Code: iOS URL, Google Play URL, Windows Store URL, BlackBerry URL
Audio QR Code: Audio File
Facebook QR Code: Facebook URL
LinkedIn QR Code: LinkedIn URL
Youtube QR Code: Youtube URL
Tweet QR Code: Tweet Text (including hashtags, mentions, URLs, etc. limited to 140 characters)
Phone Number QR Code: Phone Number
Email Address QR Code: Email Address
Calendar Event QR Code: Event Name, Event Date & Timings, Timezone, Location, Description
Simple VCard QR Code: Name, Company Name, Title, Email Address, Work Phone Number, Cell Phone Number, Fax, Website URL, Address Street, City, State, Postal Code, Country
WiFi QR Code: Security Type, Network Name, Password
Purpose: In each of the cases above, the purpose of data collection is to allow the customer to share this information with end-users. No unnecessary datapoint is collected and in most cases, customers have the option to choose only the data points they need to share.
In most cases, QR Codes are made public via promotional print/web material. This means that the content of the QR Code (PII or non-PII) is visible to all end-users who scan the QR Code, unless the QR Code is password-protected, which is a feature provided by Scanova.
It is the responsibility of the customer to ensure that:
The content encoded into the QR Code or its landing pages is owned by the customer OR
The customer has the required authorization/consent to use the content encoded into the QR Code or its landing pages
Scanova stores and transfers this content in encrypted format via its online databases to ensure maximum security of the data. Scanova’s databases are managed by third-party applications—Amazon Web Services and Digital Ocean. Given below are important links to the third-party applications:
After generating the QR Codes, customers also have the option to design the QR Codes and save design templates (optional).
Purpose: The feature to save design templates allows users to quickly redesign new QR Codes. Like QR Code data, the design parameters are also securely stored in our databases and are never shared with any third-party applications. In most cases, the design will be non-PII but in very specific cases the design elements can be PII (e.g. brand logo, profile photo, etc.).
2.3 END-USER DATA
When customers print Dynamic QR Codes on promotional or operational print/web material, end-users have the option to scan the QR Code. Depending on whether customers have enabled lead generation feature, here is how data collection can vary:
2.3.1 End-user Data Without Lead Generation Feature
When end-users scan QR Codes (without lead generation feature), Scanova collects the following non-PII:
IP Address: The IP Address of the scanning device is shared with a third-party application API—MaxMind—to determine the city and country of the scanning device
Purpose: The IP Address data is aggregated and allows the customer to gain insights on the geographical distribution of the end-users who are scanning the QR Code. Given below are important links to the third-party applications:
Device Family: This includes type of device (e.g., Mobile, Tablet, PC, Bot, etc.) and type of handset (e.g., iPhone 7, Samsung Galaxy S6, etc.)
Purpose: The Device Family data is aggregated and allows the customer to gain insights on the type of devices the end-users are using to scan the QR Codes
Browser Family: This includes type of browser with version (e.g., Chrome, Safari, Opera Mini, etc.) and type of operating system with version (e.g., iOS, Android, etc.)
Purpose: The Browser Family data is aggregated and allows the customer to gain insights on the type of browsers and operating systems end-users are using to scan the QR Codes
Creation Date: This includes the date and time of the scan
Purpose: The date and time data is aggregated and allows the customer to gain insights on time distribution of scanning activity of QR Codes by end-users
The customer has the option to share this information with a third-party application—Google Analytics to view Scanova Analytics within Google Analytics dashboard. Given below are important links on the third-party application:
If a customer generates a Dynamic QR Code and enables the Lead Generation feature, the customer gets the option to generate a pre-content survey with any number of custom fields (typically Name, Email, and Phone Number). This survey or Lead Generation form is shown prior to the actual content specified by the customer.
In addition to the data specified in Section 2.3.1, Scanova can also collect Lead Generation data as specified by the customer, however, the consent of the end-user is mandatory. Only if the end-user willingly enters this information, we can collect it. There is no way to collect this data automatically. In most cases, this data is PII of the end-users.
Purpose: This data is collected by the customers to get contact information of the end-users who are engaging with the content of the QR Code. Customers can download a copy of this data in CSV/Excel format anytime. This data can then be used by the customer for any purpose including remarketing.
It is the responsibility of the customer to ensure that they inform the end-user about the purpose of the data they wish to collect and take necessary consent as required by law. Scanova will provide the required capabilities in its application to make it easy for the customers to take consent and share purpose information.
All end-user data, included leads data, is stored securely in Scanova’s encrypted databases. Only the customer and authorized personnel of Scanova have access to this data.
Because Trycon Technologies allows you to add its outputs (QR Codes, URLs) on your promotional material (Print advertisements, Websites, Online Ads, Packaging etc.), you must register for an account for the desired services. The registration process asks for your personal information such as but not limited to:
First Name, Last Name
By the nature of our Service, Trycon Technologies will gather non-personally identifiable statistics about the usage of our outputs in your promotions and store that information.
3. DISCLOSURE OF INFORMATION TO THIRD PARTIES
We may share with third parties certain pieces of aggregated, non-personal information (e.g., browsing analytics with Google Analytics), and personal information (e.g., email address with mailboxlayer for verification).
In all cases, we will ensure that the third party:
Has good reputation and trustworthy customers
Has an approachable and responsive support team
Has robust privacy policies that aim at data protection and security
Has taken adequate measures to be GDPR compliant
Further, we restrict access to personal information to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
4. DATA SECURITY
The company has implemented best-in-class security protocols to protect customer’s and end-user’s data. This data is maintained on the company servers from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of these security mechanisms include:
Encryption of rest data with AES256 and transit data with SSL (HTTPS)
Staff access to data on a need basis only (e.g. ticket raised by customer, etc.)
Staff access to third-party apps via multi-factor authentication only
However, please keep in mind that no security system is impenetrable. It may be possible for third parties to intercept or access the company’s customer data or end-user’s data in spite of these measures.
In case of data breaches, the company will inform the regulatory authorities and affected customers within 72 hours, as per GDPR guidelines.
However, the company cannot guarantee complete security of your information and cannot be held responsible for unauthorized access to customer accounts. It is the responsibility of the customer to ensure that the account email address and password are not shared with any unauthorized personnel.
5. DATA RETENTION, PORTABILITY & DELETION
As per the company’s privacy policies, we will store all data (from Section 2) of non-subscribing customers (non-paying user of our product and services) and their end-users for a maximum period of 26 months from the last date of subscription.
Purpose: The data will be retained to allow customers to reinstate their account and creations (e.g. QR Codes, mobile landing pages, etc.) within this period. However, the customer will have the right to:
Request the download of all data at any time
Request the deletion of all data at any time
7. CONTACT INFORMATION
To keep your personal data accurate, current, and complete, please contact us as specified below:
The terms and conditions along with privacy policies with all references constitutes the sole and entire agreement of the parties to this agreement with respect to the subject matter contained herein and supersedes all prior terms and conditions which were agreed by the Customer.