ScanNRoll PRIVACY POLICY
[0001] Welcome to ScanNRoll Services, a B2B and B2C service package offered to and connecting companies and institutions across various industries and professions with each other and with their customers. The provider of the ScanNRoll Services is Eberlein Innovations Ltd, UIC204581940, Bulgaria, European Union.
A company or institution provided with ScanNRoll Services is hereinafter referred to as „Organization“. An individual provided with ScanNRoll Services including you is hereinafter referred to as „Individual“.
[0002] Capitalized terms used in this PRIVACY POLICY that are not specifically defined shall have the meanings given to the applicable capitalized terms in the ScanNRoll TERMS OF SERVICE. 
[0003] This PRIVACY POLICY addresses you as an Individual using the ScanNRoll application. Your privacy is important to us. This PRIVACY POLICY explains how we collect, store, use, disclose and otherwise process your personal data when you use the ScanNRoll Services, which include the ScanNRoll Software, data, media content, and processes accessible through its use, user interfaces, buttons, pop-ups, email messages and their attachments, generated and captured IDs to customize products, and all related players, widgets, tools, data, software, APIs and other services provided by ScanNRoll (the “Services”). This PRIVACY POLICY applies to any Service that refers to this PRIVACY POLICY, i.e. by linking to it. 
[0004] Please take some time to read this PRIVACY POLICY, along with our TERMS OF SERVICE, in order to ensure you understand and are comfortable with our use and disclosure of your personal data. If you do not agree to any of the provisions of this PRIVACY POLICY, you should not use the Services. If you have any questions or concerns about this PRIVACY POLICY, you can contact us at cs@scannroll.com. Please note that communicating with us requires sharing personal information with us which we otherwise do not have access to.For security reasons we communicate only with email accounts associated with trusted Email Providers and require that you provide your registered full name & address. We may request a phone number or other verification in such communication. 
[0005] We follow European law and the General Data Protection Regulation (GDPR), where applicable to ensure adequate protection of your personal data. As a matter of standardization and consistency, we globally apply GDPR to the maximum extent permitted by the legislation applicable to you. GDPR is a European Union regulation that unifies the rules for processing personal data by both private and public actors across the EU.
[0006] All the data handled by the application, including personal data, is stored on Microsoft Azure Cloud infrastructure, located in the European Union.
[0007] By default, the ScanNRoll application requires no sign-up to be used. Unless you choose to share your personal data with us, i.e. by contacting us, the application does not collect and does not provide to us any of your personal data.
[0008] When installing and maintaining ScanNRoll on your device the following data are stored and maintained by us: Device ID, Time stamp, device model and operating system, and data relating to application performance such as error and crash logs. Some of this data is collected via third-party analytics services such as Google's Firebase platform. The collection of this data is necessary for diagnosing technical errors and crashes, improving the user experience, ensuring ongoing compatibility with your device, and enabling features such as the ability to transfer your application data to another device.
[0009] When scanning a ScanNRoll ID which may be a QR code or NFC tag the following data are stored and maintained by us: Device ID, Time stamp, the specific ScanNRoll ID that was scanned, and, upon your explicit prior consent, your GPS location at the time of the scan. By scanning a ScanNRoll ID you agree that we share all of this collected data, including your GPS location if you have consented to its collection, with the Organization owning the scanned ID and providing you access to linked content and functionalities. This allows the Organization to receive analytics regarding customer engagement with its products and services.
[0010] When scanning a third party QR code or NFC tag which does not store a ScanNRoll ID and does not relate to the ScanNRoll Services the following data are stored and maintained by us for internal analytics and to monitor application stability: Device ID, Time stamp. By scanning a third party QR Code or NFC tag, you acknowledge that the application will direct you to external content or services not operated by us. Your device will interact directly with this third party. Unlike with ScanNRoll IDs, we do not share the data mentioned above (Device ID, Time stamp) with such third parties. Your device will, however, transmit standard connection data, such as your IP address, to the third party's server as part of this direct interaction. This process is subject to that third party’s own terms and privacy policy.
[0011] Product details linked to ScanNRoll IDs may contain certain personal information which relate to the product such as mentioning of authorship, copyright, or patent ownership. Please read our TERMS OF SERVICE when such information is permitted or required. If it comes to your attention that incorrect or not permitted or required personal information is present in product details please notify us immediately at cs@scannroll.com. We monitor compliance with our TERMS OF SERVICE upon such request and take appropriate action.
[0012] Media content linked to ScanNRoll IDs may contain certain personal information. Besides mentioning of authorship, copyright, patent ownership, or other rights ownership, persons and personal expressions may appear in media content, e.g. in a tutorial video or recording of a performed task. Please read our TERMS OF SERVICE when such information and content is permitted or required. If it comes to your attention that incorrect or not permitted or required personal information is present in media content please notify us immediately at cs@scannroll.com. We monitor compliance with our TERMS OF SERVICE upon such request and take appropriate action.
[0013] There is certain personal data that we collect automatically as the result of your use of ScanNRoll Services. This personal data generally includes 
a) Log data - Internet protocol (IP) address, access times and duration, access control changes, your browser type and operating system, device information (including available RAM and disk space, brand and model), device event information (e.g. crashes, logs), the interfaces of the ScanNRoll application or the pages of the ScanNRoll.com website which you have viewed or engaged with, analytics data about application usage (duration, frequency, timestamps). This limited personal data is essential for our service and is therefore either based on contractual purposes or on legitimate interest (e.g. improvement of user experience or further development of the Services). Please be aware that we need log data in order to fulfil our contractual and legal obligations.
(b) Location data - When you use certain features of the ScanNRoll application we may collect location data. Each time you use such a feature, location information or device position data is explicitly requested. You may not provide location data by not inputing or selecting location information or by not accepting use of your device’s position data. In that case, we may not be able to provide features which depend on and process location data. Please control or disable the use of location services in the device’s settings. 
(c) Device Information - We collect data from and about the device you use, including how you interact with the ScanNRoll application, and information about the device itself, such as the hardware model, operating system, IP addresses, cookie information, device settings, mobile carrier information, mobile device identifiers, language, and local settings. This information allows us to monitor and ensure ScanNRoll’s compatibility and usability on your device, to discover and fix bugs, and to further improve your user experience.
[0014] ScanNRoll Services as a service package is proviced to Organizations and their customers. We do not sell to third parties or otherwise commercialize personal information. We do not collect or provide your Google Android’s Advertising ID („AAID“).
[0015] We may share your personal data in the following cases:
(a) Compliance with Laws - We may disclose your personal data to courts, law enforcement agencies, and governmental authorities (i) to comply with our legal obligations, (ii) to comply with legal process and to respond to claims asserted against the Provider of ScanNRoll services, (iii) to respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability, (iv) to enforce and administer our Terms of Use and other agreements with Users, or (v) to protect the rights, property or personal safety of the Provider, its employees, and members of the public. 
(b) Protecting our rights - We may disclose your personal data if we feel it is necessary in order to protect our legitimate rights and interests, or those of our Users, employees, directors, officers, or shareholders, and/or to ensure the safety and security of the ScanNRoll Services and Users of the Services.
(c) Change of control - We may also share your personal data as part of a sale, merger or change in control of the Provider, or in preparation for any of these events. Any other entity that buys us or part of our business will have the right to continue to use your personal data, but only in the manner set out in this PRIVACY POLICY.
[0016] You may exercise any of the rights described in this PRIVACY POLICY by contacting us at cs@scannroll.com. Please note that we may ask you or an Administrator of your Organization to verify your identity before taking further action on your request.
[0017] Data Access and Portability - You may be entitled to request copies of your personal data held by us.
[0018] We generally retain personal data for as long as is necessary to provide services to you under your Account, i.e. as long as the Account you are using has not been permanently deleted. In case any of your personal data are present in data or media linked to a ScanNRoll ID, such personal data will become inaccessible for all Users at the expiry data of that ID. We delete data and media linked only to expired IDs as part of regular system maintenance. Such deletion may be automated and not reversible. We may need to retain some of your personal data even after closure of your account and expiry of all the IDs linked to your personal data if reasonably necessary to comply with our legal obligations.
[0019] Objection to Processing - You have the right to object to processing your personal data on grounds relating to your particular situation at any time (in particular, where we don’t have to process the personal data to meet a contractual or other legal requirement, or where we are using the personal data on the basis of our legitimate interests). If you object to such processing, the Provider will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise or defense of legal claims or obligations. Where your personal data is processed for direct marketing purposes relating to ScanNRoll Servies, you have the right to object to such processing of your personal data at any time and ask the Provider to cease processing your data for these direct marketing purposes. However, please be aware that any objection to processing will not necessarily have an impact on the personal data processing before such objection was made, thus such processing will generally be deemed as permissible and will be subject to the usual retention and deletion periods.
[0020] Restriction of Processing - You have the right to restrict the processing of your personal data where one of the following applies: your personal data is not accurate anymore; the processing is unlawful and instead of erasing the personal data you request the restriction of use; the personal data is no longer needed by us but required by you for the establishment, exercise or defense of legal claims; you have objected to the use and the decision on the legitimate grounds for objection is pending.
[0021] Withdrawing consent - Where you provide consent to the processing of your personal data by the Provider, you may withdraw your consent at any time by changing your account settings or by sending a communication to the Provider specifying the specific consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such content before its withdrawal.
[0022] Lodging complaints - You have the right to lodge complaints about the data processing activities carried out by the Provider before a competent data protection authority. A list of EU data protection authorities is available here: https://ec.europa.eu/newsroom/article29/items/612080
[0023] We may revise this PRIVACY POLICY from time to time as appropriate. Any revisions will not be retroactive. The last version transmitted to your company will replace the previous version 30 days after the date of transmission, applicable to all users of your company. PRIVACY POLICY shall be deemed to have been transmitted to all Users of your Organization when there is a transmission confirmation confirming that an email or letter has been received by an Administrator of your Organization. This applies regardless of which version is displayed on the home screen of the ScanNRoll Mobile App. Except for changes involving new features or legal reasons, we will provide you with as much as 30 days' notice before any changes to these Terms become effective with respect to the rights and obligations of the parties. If you continue to access and use our Services after these changes become effective, you are agreeing on behalf of
and representing your Organization to be legally bound by the revised PRIVACY POLICY.
[0024] If you have any questions about this PRIVACY POLICY, please contact us at cs@scannroll.com, Attn. Data Protection Officer.

Last amended: July 17th, 2025