TaktMaster Pro is committed to protecting your personal data and ensuring full compliance with the General Data Protection Regulation (GDPR) and other privacy laws.
We process personal data lawfully, fairly, and in a transparent manner. You always know what data we collect and why.
We only collect data for specified, explicit, and legitimate purposes. No data is used beyond its original purpose.
We collect only the data that is adequate, relevant, and limited to what is necessary for our services.
We keep personal data accurate and up to date, and take reasonable steps to rectify inaccurate data.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.
We implement appropriate technical and organizational measures to protect personal data against unauthorized processing.
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed.
What you can do: Request a copy of all personal data we hold about you
You have the right to have inaccurate personal data corrected and incomplete data completed.
What you can do: Update your account information or request corrections
You have the right to request the deletion of your personal data under certain circumstances.
What you can do: Request complete deletion of your account and associated data
You have the right to restrict the processing of your personal data under certain circumstances.
What you can do: Limit how we use your data while maintaining your account
You have the right to receive your personal data in a structured, commonly used format.
What you can do: Export your data in a machine-readable format
You have the right to object to the processing of your personal data for certain purposes.
What you can do: Opt out of marketing communications or analytics tracking
Under GDPR, we must have a lawful basis for processing your personal data. Here are the legal bases we rely on:
Processing necessary for the performance of a contract with you
Processing necessary for our legitimate interests (balanced against your rights)
Processing based on your explicit consent
Processing necessary to comply with legal obligations
In the unlikely event of a data breach that affects your personal data, we will notify you without undue delay, and in any case within 72 hours of becoming aware of the breach (where feasible).
We will provide you with clear information about what happened, what data may have been affected, and what steps we're taking to address the situation.
We use the following trusted partners who process data on our behalf. All processors have signed Data Processing Agreements (DPAs) requiring GDPR Article 28 compliance.
| Partner | Purpose | Location | Safeguards |
|---|---|---|---|
| Supabase | Database & Authentication | USA/EU | EU-US DPF certified, DPA signed |
| Stripe | Payment processing | USA/Ireland | PCI DSS Level 1, DPA signed |
| Vercel | Website hosting | USA | SCCs in place |
| Resend | Transactional email | USA | DPA signed |
| Google Analytics | Website analytics | USA | EU-US DPF certified |
Your data may be transferred to and processed in the United States and other countries outside the UK/European Economic Area (EEA). We ensure appropriate safeguards are in place to protect your personal data in accordance with GDPR requirements.
EU-US Data Privacy Framework (DPF)
Our US-based partners are certified under the EU-US Data Privacy Framework
Standard Contractual Clauses (SCCs)
We use EU Commission-approved Standard Contractual Clauses with all processors
Adequacy Decisions
We rely on adequacy decisions where applicable for data transfers
Your Rights: You can request copies of the safeguards we use to protect your data during international transfers by contacting privacy@taktmasterpro.com
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes.
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Account data | Until account deletion or 3 years inactive | Contract performance |
| Audit logs | 7 years | Legal obligation (business records) |
| Support tickets | 7 years | Legal obligation |
| Usage analytics | 26 months | Legitimate interest |
| Security logs | 90 days | Legitimate interest |
| Payment records | 7 years | Legal obligation (tax/accounting) |
| Marketing data | Until consent withdrawn | Consent |
After Retention: Data is securely deleted or anonymized so it can no longer identify you.
As a small to medium-sized business, we are not required to appoint a dedicated Data Protection Officer under GDPR Article 37. However, data protection compliance is overseen by senior management.
Privacy Contact: privacy@taktmasterpro.com
Responsibility: Senior management oversees all data protection compliance matters
If you are unhappy with how we handle your personal data, you have the right to complain to the UK's supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk/make-a-complaint
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF
EU residents should contact their local Data Protection Authority:
European Data Protection Board
Find your DPA: edpb.europa.eu/about-edpb/board/members
Each EU member state has its own Data Protection Authority that handles complaints from residents.
We conduct Data Protection Impact Assessments when we introduce new technologies or processing activities that may pose a high risk to your rights and freedoms.
Request DPIA Information: You can request information about our DPIAs by contacting privacy@taktmasterpro.com