GDPR Compliant

GDPR Compliance & Data Protection

TARA Flow is fully compliant with the General Data Protection Regulation (GDPR). We prioritize your privacy rights and maintain the highest standards of data protection.

View Privacy PolicyContact DPO

Our GDPR Principles

We adhere to all seven principles of GDPR to ensure lawful, fair, and transparent data processing.

Lawfulness & Transparency

We process data lawfully and provide clear information about how we use your data.

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes only.

Data Minimization

We only collect data that is adequate, relevant, and necessary for our services.

Accuracy

We ensure personal data is accurate and provide ways to update or correct it.

Storage Limitation

Data is retained only as long as necessary and securely deleted afterward.

Security & Confidentiality

We implement appropriate technical and organizational security measures.

Your GDPR Rights

Under GDPR, you have specific rights regarding your personal data. We respect and facilitate the exercise of these rights.

Right to Access

You have the right to request copies of your personal data and information about how we process it.

Right to Rectification

You can request that we correct any personal data you believe is inaccurate or incomplete.

Right to Erasure

You have the right to request deletion of your personal data under certain conditions.

Right to Data Portability

You can request that we transfer your data to another organization or directly to you.

Right to Restrict Processing

You can request that we restrict the processing of your personal data in certain circumstances.

Right to Object

You have the right to object to processing of your personal data for certain purposes.

Data Protection Measures

We implement comprehensive technical and organizational measures to protect your personal data.

Technical Measures

  • End-to-end encryption for all data transmissions
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Multi-factor authentication (MFA) for all accounts
  • Zero-trust architecture implementation

Organizational Measures

  • Data Protection Officer (DPO) appointment
  • Regular GDPR training for all employees
  • Data protection impact assessments (DPIAs)
  • Vendor compliance verification processes
  • Incident response and breach notification procedures

Process Controls

  • Privacy by design and by default
  • Data minimization principles
  • Purpose limitation enforcement
  • Retention period management
  • Consent management platform

Data Processing Information

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you explicitly agree to data processing
  • Contract: To fulfill our contractual obligations to you
  • Legal Obligation: To comply with applicable laws
  • Legitimate Interests: For business operations that don't override your rights

International Data Transfers

When we transfer data outside the EEA, we ensure appropriate safeguards:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (BCRs) where applicable

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods vary based on data type:

  • Account data: Duration of account plus 30 days
  • Financial records: 7 years (legal requirement)
  • Marketing data: Until consent withdrawn
  • Technical logs: 90 days

Contact Our Data Protection Officer

For any GDPR-related questions, requests to exercise your rights, or data protection concerns, please contact our Data Protection Officer.

Data Protection Officer

Email: dpo@taraflow.io

Phone: +49 30 12345678

Address: TARA Flow GmbH
Friedrichstraße 123
10117 Berlin, Germany

Submit GDPR RequestPrivacy Policy