GDPR - Privacy Policy

Back to website

1. Data Controller

TaskLogy s.r.o.

Ulica Farský briežok 858/41 029 56 Zákamenné

IČO 54728835

DIČ 2121770398

IČ DPH SK2121770398

Contact email: getqr@tasklogy.sk

Data Protection Officer (DPO): no separate DPO has been appointed currently; the controller is the contact point

2. Scope and Data Categories

We mainly process identification and contact data (name, email), account and subscription data, technical logs, QR operational data, and customer communication records.

3. Purposes and Legal Bases (Art. 6 GDPR)

  • Contract performance: registration, account management, and delivery of app features.
  • Legal obligation: accounting, tax, and regulatory compliance duties.
  • Legitimate interests: system security, abuse prevention, internal analytics, and legal claim defense.
  • Consent: marketing notifications/newsletter; consent can be withdrawn at any time.

3A. Roles for User-Generated Content

  • For data required to operate accounts and the service, we act as a controller.
  • For personal data uploaded by users into QR content, users may act as controllers and we may act as a processor under GDPR Article 28.
  • Users are responsible for the lawful basis, transparency obligations to data subjects, and the scope of data uploaded to the service.
  • QR links may be publicly accessible to anyone with the URL or QR code; we recommend password protection before uploading sensitive data.

4. Cookies and Consent

  • We use necessary cookies to operate the site (legal basis: legitimate interests).
  • Analytics/optional cookies are used only with consent, which can be withdrawn at any time.

5. Data Recipients and Processors

Data may be processed by our contracted providers (e.g., hosting, infrastructure, email services, analytics), always under a data processing agreement and only as necessary.

6. Transfers to Third Countries

If data is transferred outside the EEA, we apply appropriate GDPR safeguards (e.g., adequacy decisions or standard contractual clauses).

7. Retention Periods

  • Account/profile data: for the lifetime of the account and for a reasonable period after closure for legal claim defense.
  • Invoicing and tax data: according to mandatory legal retention periods.
  • Marketing data processed by consent: until consent is withdrawn.
  • User QR content and files: until deleted by the user or account termination; technical backups are removed within a reasonable period under backup policy.

8. Data Subject Rights

You have rights of access, rectification, erasure, restriction, portability, and objection. Where processing is based on consent, you may withdraw consent at any time. Rights can be exercised via the controller contact details.

9. Complaint to a Supervisory Authority

If you believe processing violates GDPR, you have the right to lodge a complaint with a competent supervisory authority.

10. Security and Automated Decision-Making

We apply appropriate technical and organisational safeguards (access control, audit logs, transport encryption). We do not carry out decisions based solely on automated processing that produce legal or similarly significant effects.

11. Updates to This Policy

This document may be reasonably updated as services or legal requirements change. The current version is always available on this page.