1. Data controller
The data controller for personal data is the entity indicated in the fiscal data section at the end of this policy, in connection with the operation of the SunnyTaz Platform.
2. Data we process
We may process identifying and contact data (name, email, phone if provided), billing data, Platform usage data (technical logs, IP address, device type) and content you upload or generate in the service (for example, documents, messages and metadata associated with your professional activity).
3. Purposes and legal bases
We process your data to perform the SaaS service agreement, manage the commercial relationship, comply with legal obligations (accounting, tax or cooperation with authorities where applicable), improve service security and, where applicable, send product communications based on legitimate interest or your consent when required.
4. AI providers as processors or sub-processors
Certain Platform features may send content fragments or instructions to language model providers or other AI services (for example, Anthropic and OpenAI) strictly to process the user request. Such providers act as data processors or sub-processors, under documented instructions and contractual measures aimed at confidentiality and security, without using user data to train their models to the extent permitted by the provider's terms and the service is configured accordingly.
5. Retention
We retain data for as long as necessary for the stated purposes and to comply with legal obligations. Upon service cancellation, we apply deletion or anonymisation procedures unless we are required to retain information by law or for the defence of claims.
6. Security
We apply appropriate technical and organisational measures (access controls, encryption in transit where applicable, environment segregation) to protect data against unauthorised access, loss or alteration. No system is invulnerable; if you detect an incident, please notify us immediately.
7. Your rights (GDPR)
You may exercise the rights of access, rectification, erasure (right to be forgotten where applicable), restriction of processing, portability and objection, as well as withdraw consent at any time, by contacting us through the means indicated on the site or at the bottom of this policy. You may also lodge a complaint with the competent data protection authority.
8. International transfers
If your data is processed outside the European Economic Area, we will adopt adequate safeguards (for example, standard contractual clauses approved by the European Commission or other recognised mechanisms) in accordance with applicable regulations.
Controller details
Sunnyface
Chamber of Commerce (KVK): 675007367B01
VAT number (BTW): NL005273831B22
Address: Kamperstraat 11, 8011LJ Zwolle, PaÃses Bajos