NIS2 READY

Try For Free

Privacy policy

Data Controller

The data controller responsible for processing personal data is:

ITACON s.r.o., Kominárska 2, 831 04 Bratislava – city district Nové Mesto, Company ID (IČO): 50838563, Registered in the Commercial Register of the District Court Bratislava III, Section: Sro, Insert No. 118905/B.

For any questions related to personal data protection, please contact: tazilla@itacon.sk

ITACON s.r.o. acts as the data controller exclusively with regard to personal data processed for the purposes of user account management, ensuring the operation of the application, billing, and compliance with legal obligations.

The Customer acts as the data controller for all data entered into the Tazilla application. In this case, the Provider (ITACON s.r.o.) acts as a data processor pursuant to Article 28 of the GDPR and processes the data strictly on the basis of the Customer’s instructions under a Data Processing Agreement (DPA).

Personal Data We Process

When using the Tazilla application, we may process the following categories of personal data:

  • Identification data: user’s first and last name
  • Contact data: e-mail address, telephone number (if provided), job role or position
  • Organization data: name of the organization or institution
  • Billing and contractual data: applicable if the user upgrades to a paid version of the service
  • Communication data: messages or requests sent via e-mail or through the application

These data are processed as part of the operation of the service.

The Customer acts as the data controller for all data entered into the Tazilla application. In this case, the Provider (ITACON s.r.o.) acts as a data processor pursuant to Article 28 of the GDPR and processes the data within the following scope:

  • Technical and operational data: IP address, activity logs within the application, access time, records of activities within the application necessary for its use
  • User-provided data within the use of the service (e.g., information about users, assets, processes, or security events).

Processing consists of:

  • storing data in a database (storage),
  • retaining data on servers during the use of the service,
  • technical transmission of data within the system,
  • creating and maintaining backups,
  • logging events,
  • providing a software platform in which the Customer processes the data.

The Provider does not access the content of the data for the purpose of reading, interpreting, or reviewing it and does not process the data for its own purposes. The fact that the Provider does not actively read or substantively process the data does not affect the obligation to conclude a data processing agreement, as the GDPR considers even the mere storage and technical administration of data to constitute processing.

Purposes and Legal Bases for Processing

We process personal data for the following purposes:

Purpose of processing and legal basisCategories of personal dataNature of processingCategories of data subjects
Initial access credentials management based on consent or contractIdentification and contact data (first name, last name, e-mail, job role or position)Creation of an initial user account for the purpose of first access to the applicationEmployees and users of the Controller and/or other third parties defined by the Controller
Ensuring operation and development of the application based on contractIdentification and contact data (first name, last name, job role or position), organizational data, authorization data, user-provided data within the use of the service (e.g., information about users, assets, processes, security events, certificates of individuals, etc.)Technical processing of data as defined in Section 2.2 of these Privacy Policy, entered into the application by the userEmployees and users of the Controller and/or other third parties defined by the Controller
Accounting and invoicing based on legal obligationBilling and contractual dataMaintaining accounting records and issuing invoicesSelected employees and users of the Controller and/or other third parties defined by the Controller
Marketing communication based on consentIdentification and contact data (first name, last name, e-mail, job role or position)Contacting customers regarding new functionalities, improvements, pricing, etc.Selected employees and users of the Controller and/or other third parties defined by the Controller
Creation of an initial organization profile from publicly available sources as a basis for AI Functions (legitimate interest pursuant to Article 6(1)(f) GDPR).Information about the organization and publicly available professional or contact details of natural persons acting on behalf of the organization.Searching, aggregation, and automated processing of publicly available information for the purpose of generating supporting proposals or recommendations through AI Functions.Employees, statutory representatives, contact persons of the Customer, or other persons publicly associated with the organization.

Data Retention

  • Personal data are retained only for as long as necessary for the purpose for which they were collected.
  • Operational logs and application usage data: 12 months.
  • Billing and accounting data: 10 years (in accordance with legal requirements).
  • Data processed based on consent: until the consent is withdrawn.

Rights of Data Subjects

As a user, you have the right to:

  • access your personal data,
  • rectify inaccurate data,
  • request erasure (“right to be forgotten”),
  • restrict processing,
  • object to processing based on legitimate interests,
  • request data portability,
  • withdraw consent for marketing communications at any time.

You may exercise your rights by contacting us at: tazilla@itacon.sk

Disclosure of Personal Data to Third Parties

Personal data may be shared with:

  • providers of cloud infrastructure and technical operations,
  • providers of analytical tools (e.g. web analytics),
  • providers of accounting and invoicing services,
  • providers of artificial intelligence services used within the AI Functions of the Service, to the extent necessary for their provision.

Tazilla Service is hosted on servers located within the European Union, in data centers certified under ISO/IEC 27001.

Transfers of personal data outside the EU/EEA may occur when using AI Functions of the Service if such functions are provided through third-party services located outside the EU/EEA. Such transfers may concern data entered by the User into AI Functions or data necessary to ensure their functionality. The Provider carries out such transfers using appropriate safeguards in accordance with GDPR, in particular Standard Contractual Clauses, where required under GDPR.

Data Security

The Controller implements appropriate technical and organizational measures (TOMs) in accordance with the Statement of Applicability (SoA), including data backups performed at least once per day. Backups are retained for 30 calendar days and subsequently securely deleted.

In operating the Tazilla platform, the Provider relies on the services of a consortium partner that holds certification for Information Security Management System in accordance with ISO/IEC 27001 and certification for a Quality Management System under ISO 9001:2015.

Complaints

If you believe that your personal data are being processed in violation of the law, you have the right to lodge a complaint with:

Office for Personal Data Protection of the Slovak Republic
Námestie 1. mája 18, 811 06 Bratislava
Website: www.dataprotection.gov.sk

Effective Date

This Privacy Policy becomes effective on the date of its publication on www.tazilla.com – 04.06.2026.