myHandiQR : Inclusive disability tool: help others understand disability easily with a QR code myHandiQR
Log in Create your account
Who it's for
myHandiQR myHandiQR
Log in Create your account
Deutsch English Español Français

Privacy policy

Preamble

Sovereign code, European infrastructure, no transfer outside the EU.

myHandiQR places particular importance on protecting your privacy and your personal data. The platform is an inclusive tool that lets you make a disability known through a QR code, without having to repeat the explanations. The information entered in a profile is intended to be shared with the people that the creator or the holder of parental authority chooses, and only with them.

This policy describes the data I collect, the reasons why I process it, how long it is kept, the possible recipients and the rights available to you. It supplements the Terms of Use and Sale and applies to any user of the myhandiqr.com website.

myHandiQR is not a medical or diagnostic tool. The information shared through the platform constitutes personal data for inclusive communication and not structured medical data.

Data controller

The controller of the data collected through the myhandiqr.com website is :

  • myHandiQR, SASU with share capital of 5,000 €
  • Registered office: 59 rue de Ponthieu, Bureau 326, 75008 Paris, France
  • Paris Trade and Companies Register: 104 999 701
  • SIREN: 104 999 701
  • SIRET: 10499970100014
  • Legal representative: Jérôme Salanhac, President

For any request relating to your personal data or to this policy, you can contact us via the Contact page.

Data collected

Depending on how you interact with the site, I may collect the following categories of data :

Creator account data

  • Last name, first name, email address
  • Password (stored in encrypted form)
  • Billing details when taking out a paid subscription

Profile holder data

  • The holder's usage identity (first name or nickname, optional photo)
  • Description of the disability or disabilities, needs, behaviours, practical tips
  • Tailored explanations written by the creator for different reader profiles
  • In the case of a profile for a minor: the status of the holder of parental authority

Technical and usage data

  • IP address, connection logs, pages viewed
  • Device type, browser, language
  • Cookies strictly necessary for the service to work properly

QR code reader data

  • Declared age (numeric field)
  • Chosen relationship profile (parent, teacher, first responder, etc.)
  • No identifying data about the reader is collected. Viewing a profile is anonymous.

Purposes of processing

Your data is processed for the following purposes :

  • Enable the creation, editing and viewing of holder profiles
  • Generate the QR code and allow the profile to be displayed after scanning
  • Adapt the language level of the explanations to the reader's profile
  • Manage the creator account, authentication and security of the service
  • Manage the subscription, payment, renewal and billing of the subscription
  • Respond to requests sent via the Contact page and to customer service
  • Improve the quality, security and accessibility of the platform
  • Comply with my legal and regulatory obligations (accounting, retention of proof of consent, etc.)

The data is never used for advertising profiling or resold to third parties.

Legal bases for processing

In accordance with article 6 of Regulation (EU) 2016/679 (GDPR), each processing operation is based on an identified legal basis :

  • Performance of the contract: management of the account, the holder profile, the QR code, the subscription and customer service.
  • Explicit consent: processing of information relating to disability, which constitutes a special category of data within the meaning of article 9 of the GDPR. This consent is obtained when the profile is created and can be withdrawn at any time from your personal space.
  • Legal obligation: retention of invoices, proof of consent and any data required by regulations.
  • Legitimate interest: security of the service, fraud prevention, improvement of the platform, while respecting the rights and freedoms of the people concerned.

Recipients of the data

The data processed by myHandiQR is only accessible to people who strictly need to access it for the purposes described above, and in particular :

  • the creator of the profile, from their personal space ;
  • the people to whom the creator has given or shown the QR code (access limited to the profile, with no access to the account) ;
  • authorised myHandiQR staff, within the limits of their duties ;
  • myHandiQR's technical subprocessors (host, payment provider, transactional email provider), bound by contract and subject to equivalent obligations regarding confidentiality and data protection ;
  • administrative or judicial authorities where a legal obligation requires it.

myHandiQR does not transfer any data outside the European Union.

Retention periods

The retention periods applied are as follows :

  • Creator account and holder profile: for the entire duration of use of the service. If the subscription is not renewed, the QR code stops working but the account and the profile are kept so that use can be resumed later without loss of data.
  • Deletion on request: the data is deleted without delay after a request to delete the account is made from your personal space.
  • Billing data: kept for 10 years from the end of the accounting year, in accordance with legal obligations.
  • Technical and security logs: 12 months maximum.
  • Proof of consent: for the duration of the account, plus the limitation period for related actions.

Hosting and security

The data processed by myHandiQR is hosted within the European Union by :

  • OVHcloud SAS, 2 rue Kellermann, 59100 Roubaix, France

myHandiQR implements appropriate technical and organisational measures to ensure a level of security suited to the risk, and in particular :

  • encryption of communications (HTTPS/TLS) ;
  • encryption of passwords ;
  • strict management of access rights within the team ;
  • logging of access to sensitive data ;
  • regular backups and a business continuity plan ;
  • a notification procedure in the event of a data breach in accordance with articles 33 and 34 of the GDPR.

Profiles created for a minor

When a profile concerns a minor child, the account is created and managed exclusively by the holder of parental authority, who acts freely and in the child's interest.

The holder of parental authority can at any time :

  • edit the profile information ;
  • deactivate the QR code, which makes the profile inaccessible ;
  • request the deletion of the account and the associated data.

The child's opinion is sought, according to their age and maturity, on the information that concerns them and on the people to whom the QR code is shown.

Your rights

In accordance with Regulation (EU) 2016/679 (GDPR) and the amended French Data Protection Act, you have the following rights over your personal data :

  • Right of access: obtain confirmation that data concerning you is being processed and obtain a copy of it.
  • Right to rectification: correct or complete inaccurate or incomplete data.
  • Right to erasure: request the deletion of your data in the cases provided for by law.
  • Right to restriction of processing: suspend the processing of your data in certain situations.
  • Right to portability: retrieve your data in a structured, machine-readable format.
  • Right to object: object to the processing on grounds relating to your particular situation.
  • Right to withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
  • Right to set directives on what happens to your data after your death.

Most of these rights can be exercised directly from your personal space. For any further request, you can write to us via the Contact page. I undertake to respond within a maximum of one month from receipt of the request.

Proof of identity may be requested in the event of reasonable doubt about the identity of the person making the request.

Cookies and trackers

The myhandiqr.com website uses cookies and trackers strictly necessary for the service to work : authentication, session management, security, remembering your language preferences. In accordance with regulations, these cookies do not require your prior consent.

Other, optional cookies (anonymised audience measurement, for example) are only placed after obtaining your explicit consent via the information banner displayed on your first visit.

You can change your cookie choices at any time from the footer of the site.

Complaint to the CNIL

If, after contacting us, you consider that your rights over your data are not being respected, you can lodge a complaint with the CNIL (the French data protection authority) :

  • Address: 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
  • Phone: 01 53 73 22 22
  • Website: www.cnil.fr

Changes to the policy

This privacy policy may evolve to reflect changes in the service, in the applicable regulations or in good data protection practices.

Any substantial change is notified to creators by email or by an information message displayed when they log in to their personal space, within a reasonable time before it takes effect.

The date of the last update is shown at the bottom of the page.