NIS2 READY

Login
Try For Free

Privacy policy

Data Controller

The data controller responsible for processing personal data is:

ITACON s.r.o., Kominárska 2, 831 04 Bratislava – city district Nové Mesto, Company ID (IČO): 50838563, Registered in the Commercial Register of the Bratislava III District Court, Section: Sro, Insert No. 118905/B.

For any questions related to personal data protection, please contact: tazilla@itacon.sk

Personal Data We Process

When using the Tazilla application, we may process the following categories of personal data:

  • Identification data: user’s first and last name
  • Contact data: e-mail address, telephone number (if provided)
  • Organization data: name of the organization or institution
  • Billing and contractual data: applicable if the user upgrades to a paid version of the service
  • Technical and operational data: IP address, activity logs within the application, access time
  • Communication data: messages or requests sent via e-mail or through the application
  • User-provided data within the use of the service (e.g., information about assets, processes, or security events).

These data are processed as part of the operation of the service. The Customer is the data controller of all data inserted into Tazilla. The Provider (ITACON s.r.o.) acts as a data processor according to Article 28 GDPR and processes data solely based on the Customer’s instructions.

Purposes and Legal Bases for Processing

We process personal data for the following purposes:

  • Providing access to the Tazilla application

Personal data are processed to create and manage user accounts, enable login, and ensure availability of the service.

Legal basis: Article 6(1)(b) GDPR – performance of a contract.

  • Billing and accounting obligations

If the user upgrades to a paid plan, personal data may be processed for invoicing and compliance with accounting and tax legislation.

Legal basis: Article 6(1)(c) GDPR – legal obligation.

  • Operation, security, and optimization of the service

Personal data may be processed to maintain and improve the functionality, reliability, and security of the Tazilla application, including audit logs and performance monitoring.

Legal basis: Article 6(1)(f) GDPR – legitimate interest.

  • Improving user experience

We may analyze anonymized and aggregated data in order to enhance the usability and performance of the application.

Legal basis: Article 6(1)(f) GDPR – legitimate interest.

  • Marketing communication (such as newsletters and product updates)

Personal data may be processed for sending optional marketing or informational communications.

Legal basis: Article 6(1)(a) GDPR – consent. The user may withdraw consent at any time.

Data Retention

  • Personal data are retained only for as long as necessary for the purpose for which they were collected.
  • Operational logs and application usage data: 12 months
  • Billing and accounting data: 10 years (in accordance with legal requirements)
  • Data processed based on consent: until the consent is withdrawn
  • Data created during the testing phase may be automatically deleted within 30 days after the test period ends.

Rights of Data Subjects

As a user, you have the right to:

  • access your personal data,
  • rectify inaccurate data,
  • request erasure (“right to be forgotten”),
  • restrict processing,
  • object to processing based on legitimate interests,
  • request data portability,
  • withdraw consent for marketing communications at any time.

You may exercise your rights by contacting us at: tazilla@itacon.sk

Disclosure of Personal Data to Third Parties

Personal data may be shared with:

  • providers of cloud infrastructure and technical operations,
  • providers of analytical tools,
  • providers of accounting and invoicing services.

Tazilla is hosted on servers located within the European Union, in data centers certified under ISO/IEC 27001.

Transfers of data outside the EU/EEA occur only if explicitly activated by the user (e.g., through integrations) and solely under Standard Contractual Clauses (SCCs) in compliance with the GDPR.

Data Security

The Controller applies appropriate technical and organizational measures, including:

  • encryption of data in transit (TLS 1.3) and encryption of data at rest (AES-256)
  • role-based access control (RBAC),
  • audit logging of user activity,
  • regular security testing and monitoring.

Application data are backed up at least once per day. Backups are retained for 30 days and then securely deleted.

Complaints

If you believe that your personal data are being processed in violation of the law, you have the right to lodge a complaint with:

Office for Personal Data Protection of the Slovak Republic
Námestie 1. mája 18, 811 06 Bratislava
Website: www.dataprotection.gov.sk

Effective Date

This Privacy Policy becomes effective on the date of its publication on www.tazilla.com.