NIS2 READYData Controller
The data controller responsible for processing personal data is:
ITACON s.r.o., Kominárska 2, 831 04 Bratislava – city district Nové Mesto, Company ID (IČO): 50838563, Registered in the Commercial Register of the District Court Bratislava III, Section: Sro, Insert No. 118905/B.
For any questions related to personal data protection, please contact: tazilla@itacon.sk
ITACON s.r.o. acts as the data controller exclusively with regard to personal data processed for the purposes of user account management, ensuring the operation of the application, billing, and compliance with legal obligations.
The Customer acts as the data controller for all data entered into the Tazilla application. In this case, the Provider (ITACON s.r.o.) acts as a data processor pursuant to Article 28 of the GDPR and processes the data strictly on the basis of the Customer’s instructions under a Data Processing Agreement (DPA).
Personal Data We Process
When using the Tazilla application, we may process the following categories of personal data:
- Identification data: user’s first and last name
- Contact data: e-mail address, telephone number (if provided)
- Organization data: name of the organization or institution
- Billing and contractual data: applicable if the user upgrades to a paid version of the service
- Communication data: messages or requests sent via e-mail or through the application
These data are processed as part of the operation of the service.
The Customer acts as the data controller for all data entered into the Tazilla application. In this case, the Provider (ITACON s.r.o.) acts as a data processor pursuant to Article 28 of the GDPR and processes the data within the following scope:
- Technical and operational data: IP address, activity logs within the application, access time
- Communication data: messages or requests sent via e-mail or through the application
- User-provided data within the use of the service (e.g., information about assets, processes, or security events).
Processing consists of:
- storing data in a database (storage),
- retaining data on servers during the use of the service,
- technical transmission of data within the system,
- creating and maintaining backups,
- logging events,
- providing a software platform in which the Customer processes the data.
The Provider does not access the content of the data for the purpose of reading, interpreting, or reviewing it and does not process the data for its own purposes. The fact that the Provider does not actively read or substantively process the data does not affect the obligation to conclude a data processing agreement, as the GDPR considers even the mere storage and technical administration of data to constitute processing.
Purposes and Legal Bases for Processing
We process personal data for the following purposes:
- Providing access to the Tazilla application
Personal data are processed to create and manage user accounts, enable login, and ensure availability of the service.
Legal basis: Article 6(1)(b) GDPR – performance of a contract.
- Billing and accounting obligations
If the user upgrades to a paid plan, personal data may be processed for invoicing and compliance with accounting and tax legislation.
Legal basis: Article 6(1)(c) GDPR – legal obligation.
- Operation, security, and optimization of the service
Personal data may be processed to maintain and improve the functionality, reliability, and security of the Tazilla application, including audit logs and performance monitoring.
Legal basis: Article 6(1)(f) GDPR – legitimate interest.
- Improving user experience
We may analyze anonymized and aggregated data in order to enhance the usability and performance of the application.
Legal basis: Article 6(1)(f) GDPR – legitimate interest.
- Marketing communication (such as newsletters and product updates)
Personal data may be processed for sending optional marketing or informational communications.
Legal basis: Article 6(1)(a) GDPR – consent. The user may withdraw consent at any time.
Data Retention
- Personal data are retained only for as long as necessary for the purpose for which they were collected.
- Operational logs and application usage data: 12 months
- Billing and accounting data: 10 years (in accordance with legal requirements)
- Data processed based on consent: until the consent is withdrawn
- Data created during the testing phase may be automatically deleted within 30 days after the test period ends.
Rights of Data Subjects
As a user, you have the right to:
- access your personal data,
- rectify inaccurate data,
- request erasure (“right to be forgotten”),
- restrict processing,
- object to processing based on legitimate interests,
- request data portability,
- withdraw consent for marketing communications at any time.
You may exercise your rights by contacting us at: tazilla@itacon.sk
Disclosure of Personal Data to Third Parties
Personal data may be shared with:
- providers of cloud infrastructure and technical operations,
- providers of analytical tools,
- providers of accounting and invoicing services.
Tazilla is hosted on servers located within the European Union, in data centers certified under ISO/IEC 27001.
Transfers of data outside the EU/EEA occur only if explicitly activated by the user (e.g., through integrations) and solely under Standard Contractual Clauses (SCCs) in compliance with the GDPR.
Data Security
The Controller implements appropriate technical and organizational measures (TOMs) in accordance with the Statement of Applicability (SoA), including data backups performed at least once per day. Backups are retained for 30 calendar days and subsequently securely deleted.
In operating the Tazilla platform, the Provider relies on the services of a consortium partner that holds certification for Information Security Management System in accordance with ISO/IEC 27001 and certification for a Quality Management System under ISO 9001:2015.
Complaints
If you believe that your personal data are being processed in violation of the law, you have the right to lodge a complaint with:
Office for Personal Data Protection of the Slovak Republic
Námestie 1. mája 18, 811 06 Bratislava
Website: www.dataprotection.gov.sk
Effective Date
This Privacy Policy becomes effective on the date of its publication on www.tazilla.com – 09 February 2026.