Privacy Policy

Who we are

This App is published by Shinetech Europe Limited, 8 Devonshire Square, London EC2M 4PL which is registered in England and Wales (Company number 07141834). When this policy talks about “we”, “our” and “us”, it means Shinetech Europe Limited.

We are an industry award winning Microsoft Gold Certified Partner and have been registered with the UK Information Commissioner’s Office (ICO) since November 2011.

What personal data we hold 

We use the following categories of personal data.

When you Create an Account on our App, you provide us with just 4 fields of information about yourself:

1. Your First Name
2. Your Last Name
3. Your E-mail Address
4. Your Password

When you use our App “Scan QR Code” feature, we store:

1. The Decoded QR Code
2. The Timestamp of your scan

Deleting your personal data

If you created an account on our App and wish to delete it, you can delete your account and all your App data permanently any time by Signing into our App, go to the App Settings > My Account page and click on “Delete your account” and re-enter your Password to confirm your account deletion.

To delete Decoded QR Code records which were not created by your organiser, on our App Class Records screen swipe left on the record to reveal a trash icon and click it to delete the record.

Your organiser (event host, charity, employer, university, etc.) is the Data Controller of your data under the General Data Protection Regulation (GDPR) and Data Protection Act (DPA).

If your organiser asked you to create a profile account that is linked to our App then your organiser is responsible for handling your data requests. You need to contact your organiser if you want your profile account data deleted.

If you no longer want to use our App, go to the App Settings > Sign Out and delete our App from your mobile device.

Please note that your organiser will have their own records retention policy, for example, NHS Records Management Code of Practice. Don't contact CATQR to update or delete your profile account data as this is the sole responsibility of your organiser.

What we use your personal data for

The purposes for which we use your personal data and the legal grounds on which we do so are as follows:

• We obtain and use your personal details in order to establish and deliver our products and services.
• We may use strictly anonymised information to improve our products and services.
• We may use your email address to contact you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time.
• If your organiser (event host, charity, employer, university, etc.) has asked you to use our App and asks you for other data, then your organiser is responsible for providing you with their instructions and privacy policy. We are not responsible for the actions of your organisers.
• When you register your attendance via our App “Scan QR Code” feature for a class event created by an organiser, you are giving your consent for the organiser to receive your information, for instance, your profile user identifier email address and the timestamp of your scan of the class event.
• Where necessary, we may need to share personal details for the purposes of account maintenance, fraud prevention and detection.
• Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to, for example, troubleshoot bugs within our App, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving our App so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.

Optional Geolocation feature

Our system features a unique 'Dynamic' Class QR Code, displayed during class, which expires every few seconds. This ensures that only those physically present can register their attendance, unlike other systems that rely on 'Static' QR Codes that don’t change. This feature prevents users from confirming their attendance before, during, or after the class period if they were not actually there. This mechanism effectively prevents someone from registering their attendance using a photo of the Class QR Code, as it would have already expired—a capability that sets our system apart from other systems.

Therefore, our unique 'Dynamic' Class QR Code eliminates the need for attendance monitoring via Geolocation. However, certain university attendance policies may require Geolocation evidence to comply with UK Visas & Immigration (UKVI) regulations. To address this, we have introduced a new optional Geolocation feature.

As an additional optional opt-in feature, our App can collect, store, and process the Latitude and Longitude GPS coordinates (“Geolocation data”) of the user’s mobile device only at the exact moment they scan a Class QR Code. This feature will only work if the user has enabled Location services on their App.

Here is an example of Latitude and Longitude GPS coordinates for Big Ben, which you can paste into Google Maps: 51.5007918663271, -0.12463236169582036

Administrators can utilise the Class Geolocation feature to set up a virtual geographic boundary, known as a Geofence, with a customisable radius (e.g. 50 meters).

When users scan the Class QR Code, our system can determine from their mobile device location whether they are in the Class Geofence. Only authorised administrators with specific access rights to our back-end system’s “Analytics – GPS” screen will be able to view the user’s GPS location. The system automatically shows a green indicator if the user is within the Geofence and a red indicator if they are not.

The UK GDPR sets a high standard for consent, which must be unambiguous and involve a clear affirmative action (opt-in). As a user of our App, you are required to give explicit consent at two separate points to allow us to collect, store, and process your Geolocation data.

Initial Consent: When you first install our App and use the “Scan QR Code” feature to scan a Class QR Code, the following pop-up message is displayed:

AND

Ongoing Consent: Each time you use the “Scan QR Code” feature to scan a Class QR Code, and only if you have allowed our App to use your location, the following message is always displayed in the App’s “Scan QR Code” screen as a check box. By default, the check box is UNCHECKED, so you need to give your explicit consent by checking the box:

You can also Deny ‘Location’ permission at any time from the device settings for the App.

Sharing your personal data with others

• We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.
• If your organiser (event host, charity, employer, university, etc.) has asked you to use our App and asks you for other data, then your organiser is responsible for providing you with their instructions and privacy policy. We are not responsible for the actions of your organisers.
• When you register your attendance via our App “Scan QR Code” feature for a class event created by an organiser, you are giving your consent for the organiser to receive your information, for instance, your profile user identifier email address and the timestamp of your scan of the class event.
• We may share with our commercial partners aggregated data that does not personally identify you, but which shows general trends, for example, the number of users of our products and service. 

Except as described above, we will never share your personal data with any other party without your consent.

Data storage, security and transfers

We store all your personal data on secure Microsoft Azure Data Centre servers located in the UK. Where you have chosen a password or profile user identifier email address that enables you to access our products, you are responsible for keeping this information up-to-date and confidential.

We ask you not to share your sign in information with anyone.

We encrypt data transmitted to and from our products. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.

If your organiser (event host, charity, employer, university, etc.) has asked you to use our App and asks you for other data, then your organiser is responsible for providing you with their instructions and privacy policy. We are not responsible for the actions of your organisers.

When you register your attendance via our App “Scan QR Code” feature for a class event created by an organiser, you are giving your consent for the organiser to receive your information, for instance, your profile user identifier email address and the timestamp of your scan of the class event.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

You are solely responsible for the QR codes that you scan. It is your responsibility to ensure that any links in the QR codes that you scan are safe. You are responsible for any third-party Personal Data that you obtain, publish or share through our products and services.

Your rights

You have specific rights under the General Data Protection Regulation (GDPR) and Data Protection Act (DPA) to:

1. Wherever we process data based on your consent, withdraw that consent at any time. If you created an account on our App and wish to delete it, you can delete your account and all your App data permanently any time by Signing into our App, go to the Settings > My Account page and click on “Delete your account” and re-enter your Password to confirm your account deletion.
2. Understand and request a copy of information we hold about you;
3. Ask us to rectify or erase information we hold about you; If your organiser (event host, charity, employer, university, etc.) has asked you to use our App and asks you for other data, then your organiser is responsible for providing you with their instructions and privacy policy. We are not responsible for the actions of your organisers.
4. Ask for your data to be provided on a portable basis.

Contact us

If you have any questions about how we process your data, please don't hesitate to Contact us.

Your organiser (event host, charity, employer, university, etc.) is the Data Controller of your data under the General Data Protection Regulation (GDPR) and Data Protection Act (DPA).

If your organiser asked you to create a profile account that is linked to our App then your organiser is responsible for handling your data requests. You need to contact your organiser if you want your profile account data deleted.

If you no longer want to use our App, go to the App Settings > Sign Out and delete our App from your mobile device.

Please note that your organiser will have their own records retention policy, for example, NHS Records Management Code of Practice. Don't contact CATQR to update or delete your profile account data as this is the sole responsibility of your organiser.