GDPR Compliance - Takawala

← Back to Home

TakaWala is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page explains how we uphold your rights under GDPR and outlines the measures we take to protect your personal data.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that gives individuals control over their personal data. Even if you're not in the EU, we extend these rights to all our users.

1. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to obtain confirmation as to whether your personal data is being processed and access to your data.

Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances.

Right to Restriction

You can request that we restrict the processing of your personal data under certain conditions.

Right to Data Portability

You can receive your data in a structured, commonly used format and transfer it to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

Right to Complain

You have the right to lodge a complaint with a supervisory authority if you believe we've violated GDPR.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

2.1 Contract Performance

Processing necessary to fulfill our contract with you (providing the TakaWala service):

Account creation and management
Providing financial management features
Processing payments
Customer support

2.2 Legitimate Interests

Processing necessary for our legitimate business interests:

Improving our service
Fraud detection and prevention
Network and information security
Analytics and usage insights

2.3 Legal Obligations

Processing required to comply with legal obligations:

Tax and accounting requirements
Financial regulations
Response to legal requests

2.4 Consent

Processing based on your explicit consent:

Marketing communications (if opted in)
Non-essential cookies

3. How to Exercise Your Rights

3.1 Through Your Account Dashboard

Log in to your TakaWala account
Navigate to Settings > Privacy & Data
Select the action you want to perform:
- Export Data: Download all your personal data
- Update Information: Correct your profile details
- Delete Account: Request account and data deletion

3.2 By Email Request

Send an email to arif.hossain@alienaffairs.com with:

Your request (access, rectification, deletion, etc.)
Your account email address
Verification of your identity (for security purposes)

3.3 Response Time

We will respond to your request within 30 days. For complex requests, we may extend this by an additional 60 days and will inform you of the extension.

4. Data Protection Measures

4.1 Technical Safeguards

Encryption: All data in transit is encrypted using TLS/SSL
Secure Storage: Data at rest is stored on encrypted servers
Access Controls: Role-based access with multi-factor authentication
Regular Backups: Automated daily backups stored securely
Security Monitoring: 24/7 monitoring for threats and vulnerabilities

4.2 Organizational Safeguards

Staff Training: Regular data protection training for our team
Data Minimization: We collect only necessary data
Privacy by Design: Privacy considerations in all product development
Vendor Management: Strict agreements with third-party processors

5. Data Retention

We retain your personal data for different periods based on data type and legal requirements:

Data Type	Retention Period
Account information	While account is active + 90 days
Financial records	Up to 7 years (tax compliance)
Payment data	As required by financial regulations
Usage logs	90 days
Marketing data (if consented)	Until consent withdrawn

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure:

Adequate level of data protection in the destination country
Use of Standard Contractual Clauses approved by the EU Commission
Implementation of appropriate technical and organizational measures

7. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the Supervisory Authority: Within 72 hours of becoming aware
Notify Affected Users: Without undue delay if high risk to your rights
Provide Information About:
- Nature of the breach
- Likely consequences
- Measures taken or proposed to address the breach
- Steps you can take to protect yourself

8. Third-Party Data Processors

We use the following third-party processors who are GDPR-compliant:

Stripe: Payment processing (USA, adequate protection mechanisms in place)
Google: OAuth authentication (GDPR-compliant)

All our processors sign Data Processing Agreements (DPAs) that ensure GDPR compliance.

9. Children's Data

We do not knowingly process data of individuals under 16 years of age (or the applicable age in your jurisdiction). If you believe we have inadvertently collected such data, please contact us immediately.

10. Automated Decision-Making

We may use limited automated processing for:

Fraud Detection: Automated checks to prevent fraudulent activities
AI Receipt Scanning: Automatic data extraction from receipts

You have the right to request human review of automated decisions that significantly affect you.

11. Supervisory Authority

As TakaWala is operated by a Polish company, our lead supervisory authority is:

President of the Personal Data Protection Office (UODO)
ul. Stawki 2
00-193 Warsaw, Poland
Website: https://uodo.gov.pl

However, you have the right to lodge a complaint with the supervisory authority in your country of residence if you are in the EU/EEA.

12. Updates to GDPR Compliance

This GDPR compliance page is regularly reviewed and updated to reflect changes in regulations and our practices. Significant changes will be communicated to users via email.

13. Contact Us

For GDPR-related inquiries or to exercise your rights, please contact:

Data Protection Officer: arif.hossain@alienaffairs.com
Company: Alien Affairs Sp. z o.o.
Website: https://takawala.com
Location: Poland

We are committed to transparency and respect for your privacy rights. If you have any questions about how we handle your data under GDPR, please don't hesitate to contact us.