Last updated: 05 June 2026
1. Controller
Varga-Tech – Attila Varga
Leipziger Str. 3
37085 Göttingen
Germany
Email: vargatech@attila-varga.eu
Website: https://digital-vcf.de
2. Scope
This privacy policy explains which personal data is processed when using digital-vcf.de. The platform enables users to create, test, activate and share digital business cards with QR code, personal URL, vCard download, visitor statistics and review function.
3. Website access and server data
When the website is accessed, technically necessary access data is processed, especially IP address or pseudonymized IP identifier, date and time, requested URL, referrer URL, browser type, operating system, transferred data volume and status codes. This data is required to deliver the website, detect attacks, analyze errors and ensure secure operation.
Legal basis: Art. 6(1)(f) GDPR. The legitimate interest is the secure and stable operation of the website.
4. Creation and management of digital business cards
When you create a digital business card, the data you enter is stored. This may include name, position, company, description, email address, telephone number, website, avatar URL, social media links, accent color, card slug, payment status, activation and expiry date as well as technical timestamps.
This data is used to provide your digital business card, create the public card URL, offer QR code and vCard download, manage activation status and operate the service technically.
Legal basis: Art. 6(1)(b) GDPR where processing is required for contract performance or pre-contractual measures; additionally Art. 6(1)(f) GDPR for secure technical operation.
5. Public content of your card
Activated digital business cards are publicly accessible via their card URL. Contact details, links and voluntary information displayed on the card can therefore be viewed, saved or imported into an address book by third parties via the vCard download. Only enter data that may be displayed publicly.
6. QR code and vCard download
A QR code can be generated for each card and points to the public card URL. The vCard download provides the contact data stored on the card as a file. The download is triggered only by user action.
7. Visitor statistics
Card views are counted to provide visitor statistics. IP addresses are not stored in plain text for analytics purposes, but are pseudonymized or hashed. The statistics are used to provide the advertised feature and to monitor the performance of each card.
Legal basis: Art. 6(1)(f) GDPR. The legitimate interest is providing the statistics feature and protecting the service against misuse.
8. Reviews and comments
Users may rate cards and optionally leave comments. Rating, comment, timestamp and technically necessary abuse-prevention data are processed. Comments may be visible on the respective card. Please do not enter sensitive personal data in comments.
Legal basis: Art. 6(1)(f) GDPR; for voluntary entries additionally Art. 6(1)(a) GDPR.
9. Payment and activation via PayPal
Creating a digital business card is free of charge. After creation, a 24-hour test phase is available. Activation and public use of a digital business card costs 10 € per year and card.
Payments are processed using PayPal. PayPal is only loaded when you explicitly start the payment. From that point, data such as payment amount, order number, technical connection data and payment information required by PayPal may be transferred to PayPal. PayPal's own privacy policy also applies.
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
Open PayPal privacy policy
Legal basis: Art. 6(1)(b) GDPR for payment processing and contract performance; Art. 6(1)(f) GDPR for secure payment integration.
10. Contact
If you contact us by email, phone or another contact option, the information you provide is processed to handle your request. This may include name, email address, phone number, message content and technical metadata.
Legal basis: Art. 6(1)(b) GDPR if the request is related to a contract; otherwise Art. 6(1)(f) GDPR.
11. Cookies, local storage and external services
digital-vcf.de does not use tracking cookies or advertising analytics cookies. The browser may locally store whether the privacy/cookie notice has been confirmed and whether PayPal has already been enabled for a payment. This storage is required to respect the user's decision and avoid unnecessary repeated prompts.
External payment services such as PayPal are only loaded after explicit user action. PayPal may then set its own cookies or similar technologies.
12. Hosting and service providers
The website is operated on servers in Germany or within the European Union. Where required, data processing agreements pursuant to Art. 28 GDPR are concluded with service providers. Data is transferred to third parties only where necessary to provide the service, process payments, enforce legal claims or comply with legal obligations.
13. Retention
Personal data is stored only as long as required for the respective purposes. Card data is generally stored for the duration of use or activation. Payment and accounting-related information is retained according to statutory retention obligations. Technical log and security data is stored only as long as required for error analysis, security and abuse prevention.
14. Security
Data is transmitted via HTTPS/TLS. Technical and organizational measures are used to protect data against loss, misuse, unauthorized access and manipulation. Please note that publicly displayed card data is intentionally accessible by third parties.
15. Your rights
Under the GDPR, you have the right to access, rectification, erasure, restriction of processing, data portability and objection to certain processing activities. Where processing is based on consent, you may withdraw consent at any time with effect for the future.
To exercise your rights, send a message to vargatech@attila-varga.eu.
16. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority may be the State Commissioner for Data Protection of Lower Saxony.
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
https://lfd.niedersachsen.de
17. No automated decision-making
Automated decision-making including profiling within the meaning of Art. 22 GDPR does not take place.
18. Changes
This privacy policy may be updated if functions, legal requirements or technical processes change. The version available on digital-vcf.de applies.