Skip to main content
Join waitlist

Privacy Notice


Last updated August 5, 2024

Taito.hr (‘we’ / ‘us’) respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we collect, process and share your personal data and will tell you about your privacy rights.

We provide our customers with services such as the automated management of employee feedback, payroll data processing, and data synchronization from and with our customer's systems, such as their Human Resources Information System (HRIS). These collectively constitute the ‘Service’. This privacy notice pertains to our processing of your personal data in the context of the Service for our product development Purposes.

In the context of the Service, we act as the processor of personal data on behalf of our customers, who serve as the data controllers. However, for product development aspects of the Service (as described later), we operate as the data controller. Our roles and responsibilities in both capacities are performed in strict accordance with prevailing data protection legislation to ensure the privacy and security of your personal data.



Content of this privacy notice


  1. Who is data controller?
  2. Information we collect and how we collect it
  3. The purposes and the lawful basis
  4. Sharing of information collected
  5. Transfer to third countries
  6. Data retention
  7. How to exercise your data protection rights
  8. Changes to this privacy notice

1. Who is data controller?

The data controller for the processing described in this notice is Taito.hr Oy.

If you have questions regarding this privacy notice, please contact us by email at legal@taito.hr.

If you visit our pages, communicate, or otherwise interact with us on social medias such as Facebook and Instagram or other platforms, please make sure to consult the specific privacy notice presented on such platforms.

2. Information we collect and how we collect it

In the following we will tell you which types of personal data we may collect about you and how we collect it. In section 3, we have a table explaining the purposes for which we process your personal data and the lawful basis we rely on.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  1. Personal Identification Information includes your full name.
  2. Contact Data includes your email address
  3. Technical Data includes IP address, your login data, browser type and version, application version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Service
  4. Behaviour Data includes information about how you use and interact with the Service
  5. Communication Data includes information about your communication with the support team

Information is collected directly from you when you use the Service.


3. The purposes and the lawful basis

We will only use your personal data when the law allows us to. In particular, we process your personal data when

  • it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests cf. GDPR Article 6 (1) (f).

We have set out below, a description of all the ways we plan to use your personal data. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity

To use data analytics to improve the Service and related business procedures and practices, customer support, customer relationship and experiences, and marketing.

Type of data

(A) Personal Identification Information
(B) Contact
(C) Technical
(D) Behaviour
(E) Communication

Lawful basis for processing including basis of legitimate interest

Necessary for our legitimate interests to understand how the Service is used and to develop its functionalities and features, technical performance and security and to generally improve the Service, its provision, related business practices, and customer experience. We will only apply cookies – other than strictly necessary technical cookies - if you have provided your consent.


To the extent that we have referred to our legitimate interest as the legal basis for the processing of personal data specified above we have conducted a balancing test for those interests to ensure that our interest is not overridden by your interests or fundamental rights and freedoms. If you wish to receive more information on the balancing test, please contact us by email at the address specified above in Section 1.


4. Sharing of information collected

We may disclose personal data to third parties:

  • when it is necessary for the purposes listed in Section 3
  • when required by law, we may disclose your personal data to public authorities such as health authorities, tax authorities, and law enforcement authorities
  • We may assign your personal data, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge.
  • when we believe in good faith that disclosure is necessary to establish or exercise our legal rights or defend against legal claims, protect your safety or the safety of others, investigate fraud, or respond to a government request.

We share information, including personal data, with our trusted third-party service providers that we use to provide services to us and process your data on our behalf and under our instruction, e.g. hosting of data and maintenance IT-systems, administration of sales on our website, communication, customer support and service, analytics and other services for us. These third-party service providers may have access to or process your personal data for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for any other purpose than in connection with the services they provide to us. We have entered into data processing agreements with our data processors.


5. Transfer to third countries

We will not transfer your personal data to recipients outside EU or EEA unless we have ensured compliance with GDPR Chapter V.

Some of our third-party service providers are established outside the EEA, including in the US, so their processing of your personal data will involve a transfer of data outside the EEA. However, to ensure that your personal information receive an adequate level of protection we have ascertained that sufficient safety measures have been implemented to allow for the transfer, including where the European Commission have deemed the country to provide an adequate level of protection for personal data; or by use of specific contracts approved by the European Commission (Standard Contractual Clauses) which give personal data essentially equivalent protection as it has in Europe.

If you require further information about on our current data processors established outside the EEA and the safety measures in place to allow for the transfer of personal data, you can request it from us – please send your request to us by email at the address specified above in Section 1.


6. Data retention

We retain the personal data we collect for the purposes set out in Section 3. When we have no ongoing legitimate need to process your personal information, or if your use of the Service is terminated for any reason, we will either delete or anonymise any collected personal data.

Your personal data will be retained for a maximum time period as follows:

  1. Personal Identification Data will be retained for 12 months from its collection;
  2. Contact Data will be retained for 12 months from its collection;
  3. Technical and Behaviour Data will be retained for 12 months from the collection of data;
  4. Communication Data will be retained for 12 months from the collection of data.

If the purpose specified in Section 3 no longer exists, your data will be deleted or anonymised without delay.

Data may be only retained for a longer period than specified above if we are legally obliged to do so, or if retention is necessary to establish, exercise or defend legal claims.

Please note that, other than as described in this privacy notice, we provide the Service to our customers as a personal data processor and in this respect, the customer using our Service acts as a data controller and thus determines the retention periods for such personal data processing which is not described in this notice. In this regard, you can turn to the entity on whose behalf you are using our Service.


7. How to exercise your data protection rights

You have certain choices available to you when it comes to your personal information. Below is a summary of those choices, how to exercise them and any limitations.

Under certain circumstances, you have the right to:

  • Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. Please note that the law prohibits that we delete entries in medical records.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party (also known as data portability).
  • Where our processing is solely based on your specific consent you have the right to withdraw your consent at any time. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise any of the data protection rights that are available to you then please send your request to us by email at the address specified above in Section 1 and we will action your request in accordance with applicable data protection laws.

You have the right to complain to your local data protection authority if you are unhappy with our data protection practices. In Finland, you can lodge a complaint with the Office of the Data Protection Ombudsman at tietosuoja.fi/en/notification-to-the-data-protection-ombudsman


8. Google API Services Usage Disclosure


8.1 Limited use

Taito.hr uses Google APIs when connecting to Google Calendar to offer automatic calendar-based functionality, like meeting helpers.

Taito.hr's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.


8.2 User consent for AI apps

To provide certain functionalities, such as the meeting helper, Taito.hr requires access to your Google Calendar data.

Taito.hr utilizes OpenAI's generative models, alongside other data from the Taito.hr platform, to assist in managing meeting agendas on behalf of the participants and to automatically create meeting summaries.

We require users to grant explicit permission for Taito.hr to access their Google Calendar data.

We collaborate exclusively with vendors who adhere to our stringent security and privacy standards. Additionally, we minimize the information shared with third parties to the greatest extent possible.


9. Changes to this privacy notice

This privacy notice may be updated from time to time to reflect changing legal, regulatory, or operational requirements. We encourage you to periodically consult our website for the latest information on our privacy practices.