Privacy Policy

1. Key Terms

2FA
Two Factor Authentication means you need a special code that only you have to log in
Data Controller
The company that decides how and why personal information is used
Data Processor
A company that handles personal information for another company
Data Protection Authority
A government office that makes sure companies follow privacy laws
Data Protection Officer
A person who knows privacy laws and helps make sure the company follows them
Data Subject
A person whose personal information is being used
Encryption
A way to scramble data so only the right people can read it
NDA
Non-Disclosure Agreement is a legal contract that stops people from sharing private information
Personal Data
Any information that can be used to identify a person
Processing
Doing anything with personal data, like collecting it, storing it, using it, or deleting it

2. How We Handle Personal Information

2.1. What is personal information?

Personal information is any data that can be used to identify you as a person.

2.2. Personal information used by TARBASE

Potential Customers:

TARBASE uses personal information to show potential customers information about our services, communicate with them, answer their questions, and send them updates through emails or messages. We collect this information from potential customers:

  • First name and last name
  • Job title and department
  • Company name
  • Company address
  • Work email address
  • Work phone number
  • Company website addresses

Current Customers:

To provide consulting services, send communications, and handle billing for our customers, TARBASE collects this personal information:

  • Email address
  • First name and last name
  • IP address
  • Country/city
  • Billing information (for individual customers)
  • Tax ID number (for individual customers)

We might use information about how customers use our services to create general statistics. This information is combined and made anonymous so no individual person can be identified.

Where we get information:

All personal information that TARBASE handles comes from prospects or customers themselves, or from web searches and market research (for prospects only).

Why we use it:

TARBASE only collects and uses personal information for the purposes listed above and related activities. We make sure the information is accurate and up-to-date. TARBASE does not sell personal information.

Legal reasons:

TARBASE handles personal information to fulfill contracts or prepare for contracts. We handle prospects' personal information either with their permission or because we have a legitimate business interest in communicating about our services (you can always opt out of marketing). We handle customer personal information to fulfill contracts and provide good customer service.

If you don't give us the personal information we need, we may not be able to work with you.

3. Sharing Personal Information

To provide our services, TARBASE works with other companies. Any company that might see or handle personal information is considered a Processor. TARBASE reviews the security and privacy practices of all Processors before working with them.

Here are our current Processors:

  • Amazon Web Services – Cloud service provider – Portugal/Ireland
  • Microsoft Azure – Cloud computing services – Portugal/Ireland
  • Google Cloud Platform – Cloud computing services – Portugal/Ireland
  • Cloudflare – Content distribution and security services – United States
  • HubSpot – Marketing and analytics services – United States
  • Intercom – Contact management – United States
  • Stripe – Payment services – United States
  • PayPal – Payment services – United States
  • Zendesk – Customer support services – United States
  • DocuSign – Contract management – United States

How we protect your data with these companies:

Every company that processes data for TARBASE is carefully checked for security and privacy practices. We require all Processors to sign legal agreements with us that require them to:

  • Only use personal data as we specify
  • Only let trusted, trained staff access the data
  • Train staff on data privacy and protection
  • Build privacy into all their data handling processes
  • Tell TARBASE about any data breaches
  • Work with authorities when required

TARBASE only shares personal information with other companies when absolutely necessary to provide the services our customers want. TARBASE will never sell personal information.

Legal requirements:

TARBASE may share personal information to comply with legal requests, court orders, or government requirements, including national security or law enforcement needs. We may also share personal information to address legal violations or protect our legal rights.

4. How Long We Keep Data

TARBASE follows the principle of data minimization, which means we only keep personal information as long as we need it for the purposes we collected it. For example, we keep personal information during your active relationship with us as a customer, or as long as prospects have given us permission to contact them. We may need to keep some data longer to comply with legal requirements.

5. Your Rights to Access, Correct, Object, and Restrict Data Use

TARBASE lets you access and correct your personal information and object to or restrict how we process it. If you want to make a request about personal information that TARBASE has about you, follow these steps:

Request access, correction, objection, or restriction:

Send us an email from the email address you used with TARBASE to [email protected] with the subject 'Data access/correction/objection/restriction request', and tell us what you want. Please note that if you object to or restrict processing of data we absolutely need to manage your account, we may have to suspend or block your account. Also note that your right to object or restrict processing has some legal limitations.

Verify your identity:

We will send you an email with steps to verify your identity.

Complete your request:

Once we confirm your identity, we will process your request for access, correction, objection, or restriction of your personal information.

Opt-out:

If you no longer want to receive our newsletter or promotional emails, you can opt-out by following the instructions in each email or contacting us directly.

6. Data Deletion

To maintain and improve our service quality, data is deleted when you close your account or by request, as long as this deletion doesn't prevent TARBASE or you from meeting legal or contractual obligations. If you want us to delete your data, follow these steps:

Request data deletion:

Send us an email from the email address you shared with us to [email protected] with the subject 'Data deletion request'.

Verify your identity:

We will send you an email with steps to verify your identity.

Data deletion:

Once we confirm your identity and confirm that the requested deletion doesn't violate any legal or contractual requirements, we will delete your personal information.

7. Data Export and Portability

Following privacy laws, TARBASE lets you export your data. If you want to export all the personal information that TARBASE has about you, follow these steps:

Request data export:

Send us an email from the email address you used with TARBASE to [email protected] with the subject 'Data export request'.

Verify your identity:

We will send you an email with steps to verify your identity.

Data export:

Once we confirm your identity, we will export all the personal information we have about you and send it by email in a structured, commonly used format that machines can read.

8. Other Rights

Following privacy laws, you always have the right to withdraw any permission you gave us at any time, without affecting the legality of processing that happened before you withdrew permission.

You also have the right to file a complaint with a Data Protection Authority about any processing done by TARBASE.

9. Data Security

Here's how we keep data secure at TARBASE:

Access control:

All access to TARBASE's services is encrypted and protected by firewalls. Access credentials are separated by work groups, given to staff only when needed, and regularly audited for security.

Two-factor authentication:

Access to administration applications requires 2FA on top of regular login.

Audits and external validation:

TARBASE has internal security policies and regularly gets security audits from outside companies to make sure we follow best practices.

Encryption:

Data is encrypted when being sent and when stored. More details available on request.

Legal agreements and security training:

All our employees sign NDAs and receive ongoing security awareness training.

10. Personal Data Breaches

A data breach means TARBASE's security was compromised, leading to accidental or unlawful destruction, loss, change, unauthorized disclosure of, or access to personal information. We don't consider unsuccessful attempts like failed login attempts, pings, port scans, or denial of service attacks as personal data breaches.

If a personal data breach happens that could seriously harm people's rights and freedoms, TARBASE will notify all affected people without delay after discovering the incident. TARBASE will also notify the data protection authority without delay and, when possible, within 72 hours of becoming aware of any breach that may harm people's rights and freedoms.

11. International Transfers

When your personal data is transferred outside the European Economic Area (EEA), we make sure it gets similar protection by using at least one of these safeguards:

  • We only transfer your personal data to countries that the European Commission has determined provide adequate protection for personal data.
  • When we use certain service providers, we use specific contracts approved by the European Commission that give personal data the same protection it has in Europe.

12. GDPR Compliance

TARBASE aims to comply with the General Data Protection Regulation (EU Regulation 2016/679 or "GDPR").

13. Data Protection Officer

TARBASE has a Data Protection Officer (DPO), who (i) monitors compliance of data processing with applicable standards, (ii) is a contact point for people to ask questions about how TARBASE processes their data, (iii) works with data protection authorities, (iv) provides advice about TARBASE's privacy and data protection obligations.

If you have any questions or complaints about how we handle your personal data or our privacy practices in general, please contact us at: [email protected]

14. Changes to This Policy

TARBASE reserves the right to modify this Privacy Policy from time to time, so please review it regularly. The date of its last update will always be visible at the top.

15. Contact Us

For any questions or requests, please use the following emails:

Data Protection: [email protected]
Security: [email protected]
General: [email protected]

© 2025 TARBASE. All rights reserved.

      Terms of Service   Privacy Policy   ESG Report