I don't think the payer should try to force a service onto the seller. Just providing the private key should be enough. The seller's POS can then do whatever he wants with that private key: sweep it directly, send it to a online service like you described, etc... My opinion is that we should not use a URL on the QR code.
If the user has an app to scan this, such an app would disregard the URL portion anyway, so I don't think including it is a big deal. Providing the private key alone would be perfect in a world where everyone already had a suitable app on their phone ready to read this, an app which of course would exist for every phone on the market, including those whose app store owner forbids bitcoin apps on non-jailbroken phones.
The actual world is not perfect, and such a user would be only "using" the service long enough to initiate a transaction and collect their bitcoins, giving no personal information in the process. There is a big difference between being a "user" of a service versus a casual unregistered visitor - someone scanning a code would be no more a forced user of said service than me becoming a forced "user" of pastebin when I view something published there.