T
Tago

Privacy Policy

[Project / TAGO] · Version: 5 October 2025

This Privacy Policy explains what personal data we process, for what purposes and legal bases, how long we keep it, to whom we disclose it, and what rights you have under the EU General Data Protection Regulation (GDPR).

In short: we provide a B2B NFCā€‘based service for collecting and publishing reviews. We process data of our clientsā€™ customers and of platform users under contract, consent and legitimate interests. You can object to processing or withdraw consent at any time.

On this page

1. Who we are and how to contact us

Data Controller: [Legal entity, e.g., ā€œSIA CARVESTERā€], Reg. No. 44103127693, Address: RÄ«ga, Vecā BiÄ·ernieku iela 37 - 33, LV-1079

Email for data requests: dmitrii@tagoapp.net Ā· Data Protection Officer (DPO): [Name or ā€œDmitrii Chabanā€], email: dmitrii@tagoapp.net

Jurisdiction: we operate in the EU and are subject to the GDPR. If you are located outside the EEA, this Policy still applies and appropriate safeguards are used for international transfers (see Section 9).

2. What data we collect

  • Account data: name, job title, organization name, email, phone, password/password hash, profile settings.
  • Review data: author name/nickname, text, rating, media (photos/videos), time/date, location/service point, related NFC tag/identifier.
  • Communications: support requests, correspondence, call/chat records (where applicable).
  • Transaction data: invoicing details, information about payments from business clients (we do not store card data if using external payment providers).
  • Technical data and cookies: IP address, device/browser type, language, referrer, log files, session IDs, usage data, cookies and similar technologies.
  • Marketing preferences: optā€‘ins/optā€‘outs for newsletters, topics of interest.
  • Public data: if you voluntarily publish a review with your name/photo, it may be displayed publicly based on the clientā€™s settings.

Special category data (Art. 9 GDPR) is not intentionally requested or processed. If you accidentally include such information in a review, please remove it; we can delete it upon request.

3. How we obtain data

  • Directly from you when registering, using an NFC tag, or filling in forms.
  • From our B2B clients (organizations) that deploy NFC tags and provide information about service points and publication settings.
  • Automatically through event logs, SDKs and cookies when you use our website/apps.
  • From public sources in a limited manner to verify company/representative details.

4. Purposes and legal bases

We process personal data on the following GDPR bases:

  • Providing services and performing a contract (Art. 6(1)(b) GDPR): account registration and administration, intake/display of reviews, operation of NFC tags, billing, support.
  • Legitimate interests (Art. 6(1)(f) GDPR):
    • protection against abuse and review fraud;
    • product analytics and service improvement;
    • limited B2B communications with representatives of client companies;
    • information and physical security.
    You may object to processing on this basis (see Section 8).
  • Compliance with legal obligations (Art. 6(1)(c) GDPR): accounting, tax requirements, responses to lawful requests of authorities.
  • Consent (Art. 6(1)(a) GDPR):
    • marketing emails and personalised offers;
    • use of certain cookies/pixels for advertising;
    • publishing reviews with name/photo where optional and not necessary for service delivery.
    Consent can be withdrawn at any time without retroactive effect.

We do not make decisions based solely on automated processing that produce legal effects concerning you. Automated antiā€‘fraud checks are used only as an assistive filter with human review in disputed cases.

5. Cookies and similar technologies

We use necessary cookies for the website to function and, with your consent, analytics and marketing cookies. The cookie banner allows you to manage categories. You can change settings in your browser and via the banner at any time. Details of specific cookies will be provided in a separate notice on our site.

6. Data retention

We keep data only as long as necessary for the stated purposes:

  • Accounts: for the duration of the contract + [e.g., 3 years] after termination to defend against claims.
  • Review data: while the review is published/used by the client, then archived/anonymised [e.g., 24 months after deactivation of the location].
  • Logs and technical data: [e.g., 12ā€“24 months].
  • Accounting/tax records: as required by law [e.g., 5ā€“10 years, specify per your jurisdiction].
  • Marketing contacts: until consent is withdrawn or an objection is made, after which we maintain a suppression list.

After the retention period we delete or anonymise the data.

7. Disclosures and recipients

We disclose data only to the extent necessary and with contractual safeguards:

  • Processors (service providers): hosting/cloud, CDN, analytics, antiā€‘fraud tools, email delivery, help desk, payment providers.
  • Client organizations: reviews of their customers may be displayed in their widgets/showcases in line with their publication settings.
  • Professional advisers: auditors, lawyers, accountants.
  • Public authorities: where required by law.

We do not sell personal data.

8. Your rights

Under the GDPR you have the right to:

  • access your data and obtain a copy;
  • rectify inaccuracies;
  • erase data (ā€œright to be forgottenā€) where grounds apply;
  • restrict processing;
  • data portability;
  • object to processing based on legitimate interests and to direct marketing;
  • withdraw consent at any time.

To exercise your rights, contact: Dmitrii@tagoapp.net. We will respond without undue delay, typically within one month.

If you believe we infringe the GDPR, you may lodge a complaint with a supervisory authority: Datu valsts inspekcija (Latvia) or your local authority in the EEA. Contact details are available on official regulator websites.

9. International transfers

If we transfer data outside the EEA, we use Standard Contractual Clauses (SCCs), adequacy decisions, or other mechanisms under Art. 46 GDPR and conduct transfer impact assessments where appropriate.

10. Security

We implement organisational and technical measures such as access control and MFA, encryption in transit and at rest, infrastructure segmentation, logging and monitoring, backups, vulnerability management, and staff training. No system is perfectly secure; if an incident occurs, we follow our notification procedures as required by law.

11. Children

The service is not intended for individuals under [set minimum age, e.g., 16]. We do not knowingly process childrenā€™s data without parental/guardian consent. If discovered, we will delete such data upon notice.

12. Changes to this Policy

We may update this Policy from time to time. The current version is always available in our app/on our website with the date indicated. We will provide advance notice of material changes.

13. Contact details

Short notice for review collection (example)

Controller: SIA CARVESTER

Purpose: to record and display your review of [location/service] and improve service quality.

Data: name/nickname (optional), rating, text, photos/videos (optional), date/time, service point, device technical data.

Legal basis: performance of contract with our B2B client; consent for publishing with name/photo and for marketing cookies.

Recipients: us and the organisation that deployed the NFC tag; public display depends on its settings.

Retention: while published and as required by law.

Rights: access, rectification, erasure, restriction, portability, objection, withdrawal of consent.

Contact: Dmitrii@tagoapp.net

Your cart

Cart is empty
Subtotal ā‚¬
Checkout