📋 Overview
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives you control over your personal data. At Taystify, we are fully committed to GDPR compliance and protecting your privacy rights.
GDPR Compliance
We process your personal data lawfully, fairly, and transparently. You have the right to access, correct, delete, and control how your data is used. We implement appropriate technical and organizational measures to protect your information.
🏢 Data Controller & Contact Details
Taystify is the data controller responsible for your personal data. This means we determine how and why your data is processed.
Contact Information:
- Company: Taystify ApS
- Email: support@taystify.com
- Data Protection Officer: support@taystify.com
- Address: Copenhagen, Denmark
⚖️ Lawful Bases for Processing
Under GDPR, we must have a lawful basis to process your personal data. Here are the legal grounds we rely on.
Contract Performance:
- Creating and managing your account
- Providing app features and services
- Processing payments for premium features
- Customer support and communication
Legitimate Interest:
- Improving and personalizing our services
- Preventing fraud and ensuring security
- Analytics and business intelligence
- Marketing our services (with opt-out option)
Consent:
- Location tracking for restaurant discovery
- Marketing communications (you can withdraw anytime)
- Cookies and similar technologies
Legal Obligation:
- Complying with tax and accounting requirements
- Responding to legal requests and court orders
- Preventing illegal activity
✅ Your GDPR Rights
Under GDPR, you have several important rights regarding your personal data. Here's what you can do and how to exercise these rights.
Right of Access:
- Request a copy of all personal data we hold about you
- Understand how we process your data
- Receive data in a structured, commonly used format
- We respond within 30 days of your request
Right to Rectification:
- Correct inaccurate personal data
- Complete incomplete data
- Update your profile information anytime in app settings
Right to Erasure (Right to be Forgotten):
- Request deletion of your personal data
- Delete your account and all associated data
- We will erase data unless we have a legal obligation to retain it
- Some data may be retained for legal or security purposes
Right to Restriction:
- Limit how we use your data while we verify accuracy
- Restrict processing if you object to our use
- Keep data but not actively process it
Right to Data Portability:
- Receive your data in a machine-readable format
- Transfer your data to another service
- Export your content and profile information
Right to Object:
- Object to processing based on legitimate interest
- Opt out of marketing communications
- Stop profiling for marketing purposes
How to Exercise Your Rights
To exercise any of these rights, contact us at support@taystify.com or use the data management tools in your account settings. We will respond to your request within 30 days. There is no fee for most requests, but we may charge a reasonable fee for excessive or repetitive requests.
🗄️ Data Retention
We only keep your personal data for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations.
Retention Periods:
- Active account data: Retained while your account is active
- Deleted account data: Erased within 30 days of deletion request
- Payment records: Retained for 7 years for tax/accounting purposes
- Support communications: Retained for 3 years
- Security logs: Retained for 90 days
- Marketing data: Deleted immediately upon opt-out
Inactive Accounts
If your account is inactive for more than 3 years, we will contact you to confirm whether you want to keep it. If we don't hear from you, we may delete your account and associated data after providing reasonable notice.
🌍 International Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place.
How We Protect International Transfers:
- We use Standard Contractual Clauses (SCCs) approved by the EU Commission
- We work with service providers certified under adequacy decisions
- We implement additional security measures for data transfers
- Primary data storage is within the EEA when possible
- We regularly review and update our transfer mechanisms
🤖 Automated Decision-Making
We use some automated processing to personalize your experience, but we do not make decisions that significantly affect you based solely on automated processing.
Automated Processing We Use:
- Content recommendations based on your preferences
- Restaurant suggestions based on location and history
- Spam and abuse detection
- Personalized feed ordering
Your Rights:
- You can opt out of personalized recommendations
- You can request human review of automated decisions
- You can challenge decisions that affect you
📢 Complaints & Supervisory Authority
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with a supervisory authority.
Contact Us First:
- We encourage you to contact us first at support@taystify.com
- We will investigate and respond to your concerns
- Most issues can be resolved directly with us
Supervisory Authority:
- Denmark: Datatilsynet (Danish Data Protection Agency)
- Website: datatilsynet.dk
- You can also contact the authority in your EU country
- Complaints are free of charge
We Take Complaints Seriously
Your privacy concerns are important to us. We are committed to resolving any issues quickly and transparently. Lodging a complaint with us or a supervisory authority does not affect your other legal rights.
🔄 Changes to This Policy
We may update this Data Protection & GDPR policy from time to time to reflect changes in our practices or legal requirements.
How We Notify You:
- We will notify you of significant changes via email
- We will display a notice in the app
- The updated policy will be posted on our website
- We will update the "Last Updated" date at the bottom