Privacy Notice - Taito.ai

Last updated: August 5, 2024

Introduction

Taito.hr respects privacy and commits to protecting personal data. This notice explains how data is collected, processed, and shared, plus your privacy rights.

The company provides automated feedback management, payroll processing, and HRIS data synchronization services (the “Service”). For product development purposes, Taito.hr operates as a data controller, while also serving as a processor for customer data where customers act as controllers.

Content Overview

1. Data Controller Information
2. Data Collection Methods
3. Processing Purposes & Legal Basis
4. Information Sharing Practices
5. Third-Country Transfers
6. Data Retention Periods
7. Exercising Data Protection Rights
8. Google API Services Disclosure
9. Policy Updates

1. Data Controller

Taito.hr Oy is the data controller. Contact: legal@taito.hr

For social media interactions on Facebook, Instagram, or other platforms, refer to those platforms’ privacy notices.

2. Data Collection

Types of Personal Data Collected:

• Personal Identification Information – Full name
• Contact Data – Email address
• Technical Data – IP address, login credentials, browser/app versions, timezone, operating system
• Behaviour Data – Service usage and interaction patterns
• Communication Data – Support team interactions

Data is collected directly when users access the Service.

3. Processing Purposes & Lawful Basis

Primary Purpose: Data analytics to improve service, business procedures, customer support, relationships, and marketing.

Lawful Basis: Legitimate interests—understanding service usage, developing features, ensuring technical performance and security, and improving overall experience. Non-essential cookies require explicit consent.

The organization conducts balancing tests to ensure legitimate interests don’t override individual rights and freedoms. Contact legal@taito.hr for details.

4. Information Sharing

Personal data may be disclosed to third parties when:

• Necessary for stated purposes
• Required by law (health, tax, law enforcement authorities)
• Transferring to entities acquiring business assets or merging
• Necessary to establish/defend legal rights, ensure safety, investigate fraud, or respond to government requests

Third-Party Service Providers: Data is shared with trusted vendors for hosting, IT maintenance, website administration, communications, customer support, and analytics. These providers cannot use data beyond contracted services. Data processing agreements are in place.

5. Third-Country Transfers

Data isn’t transferred outside EU/EEA without GDPR Chapter V compliance.

Some service providers operate outside the EEA (including the US). Adequate protections include:

• European Commission adequacy determinations, or
• Standard Contractual Clauses (EU-approved)

Request details about processors and safety measures at legal@taito.hr.

6. Data Retention

Personal data is retained for purposes outlined in Section 3. When legitimate need ceases or service use ends, data is deleted or anonymized.

Retention Periods:

• Personal Identification Data: 12 months
• Contact Data: 12 months
• Technical & Behaviour Data: 12 months
• Communication Data: 12 months

If purposes cease, deletion/anonymization occurs immediately. Longer retention applies if legally required or needed to establish, exercise, or defend legal claims.

Note: For customer-processed data, customers (as controllers) determine retention periods. Contact your data controller entity.

7. Data Protection Rights

Users may:

• Request access to held information
• Request correction of incomplete/inaccurate data
• Request erasure where retention isn’t justified
• Object to processing based on legitimate interests
• Request processing restrictions
• Request data portability
• Withdraw consent (when processing relies solely on consent)

Exercise Rights: Email requests to legal@taito.hr; the organization will respond per applicable laws.

Complaints: Unhappy with practices? Contact your local data protection authority. In Finland: Office of the Data Protection Ombudsman

8. Google API Services Usage

8.1 Limited Use

Taito.hr uses Google APIs for Google Calendar integration to enable automatic calendar-based features (meeting helpers). Use adheres to the Google API Services User Data Policy, including limited use requirements.

8.2 User Consent for AI Apps

Meeting helper functionality requires Google Calendar access. Taito.hr uses OpenAI’s generative models alongside platform data to manage agendas and create meeting summaries.

Users must grant explicit permission for Calendar access. The organization partners exclusively with vendors meeting strict security/privacy standards and minimizes third-party information sharing.

9. Policy Updates

This notice updates periodically to reflect legal, regulatory, or operational changes. Users are encouraged to check the website regularly for updates.