The code contains your name and date of birth. The photo is on your ID card/passport you show along with the QR code. So the person checking you can verify that the names and date of birth match, and that the photo in your ID could reasonably be you.

The PII is in there so you can verify against some kind of ID. The QR is not intended to be valid without also checking the accompanying ID.

They could've gone the lazy route and stored your SSN (or similar).

They verify it against the persons ID card which has a photo of them by matching up the name.