This Privacy Policy describes how Techsocio Projects LLP (operating under the brand Tageze), as a Data Controller, processes the personal data of individuals in the European Union and European Economic Area (EEA), in compliance with the General Data Protection Regulation (GDPR).
This Privacy Policy (“Privacy Policy”) applies to anyone visiting myTageze.com, as well as to anyone using our services, products, or interacting with us (such as customer or rescue organization representatives). We also process personal data to comply with legal obligations under applicable laws and governmental decisions.
| Role | Details |
|---|---|
| Data Controller (The Company) | Techsocio Projects LLP (Brand: Tageze) |
| Address | R.H. No.15 Saikrupa, Kunal Icon Road, Pimple Saudagar, Pune, Maharashtra, India 411027 |
| Primary Contact (Privacy Inquiries) | Email: support@myTageze.com | Phone: +91 8180966739 |
| Data Protection Officer (DPO) | Mr. Abhijit Lad |
| EU Representative (Article 27) | Mark, Netherlands |
We process different categories of data for specific purposes, each supported by a mandatory legal basis under the GDPR.
| Data Category | Purpose of Processing | Lawful Basis (GDPR Article 9) |
|---|---|---|
| Direct Health Data (Allergies, Medication, Vital Medical Conditions, Blood Group, Organ Donor Status) | To be instantly available to first responders and medical personnel in an emergency to ensure life-saving, appropriate treatment. | Explicit Consent (Article 9(2)(a)) |
| Identifying Physical Data (Date of birth, Gender, Hair Color, Eye Color, Height, Weight, Identification Mark) | To assist first responders in quickly and accurately identifying the incapacitated individual linked to the Tageze ID. | Explicit Consent (Article 9(2)(a)) |
| Emergency Contact Data (Name(s) and Phone Number(s) of designated contact) | To enable first responders to immediately notify the user's family or emergency contacts. | Explicit Consent (Article 9(2)(a)) |
| Data Category | Purpose of Processing | Lawful Basis (GDPR Article 6) |
|---|---|---|
| Account Data (Name, Email, Password Hash, User ID, Tag ID, PIN) | To create and manage the user profile, allow login, and link the physical tag to the digital profile. | Performance of a Contract |
| Emergency Scan Data (IP address of scanner, approximate location (city/state), date/time of scan) | To alert the user via email/notification that their tag has been scanned, providing visibility and security. | Legitimate Interest (Preventing misuse/abuse of the service and user notification) |
The Tageze Medical ID Service website does not contain any marketing elements and we do not collect personal data for direct marketing purposes through this platform.
We adhere strictly to the principle of Storage Limitation (Article 5(1)(e)), retaining data no longer than necessary for its specified purpose.
| Data Category | Retention Period | Justification |
|---|---|---|
| Special Category (Health) Data | Immediately Deleted upon user request for account deletion. | Data is essential for the service; once the service contract is terminated, the data is erased, as required by Explicit Consent withdrawal. |
| Account Data(Excluding health details) | Retained until the user's account is formally closed and deleted. | Necessary for the performance of the service contract (login, profile management). |
| Emergency Scan Data | Retained for 6 months (rolling basis). | Necessary for security auditing and providing the user with timely scan alerts. |
| Purchase Data | This website does not collect purchase data, as e-commerce is handled on a separate platform. | N/A |
As Techsocio Projects LLP is located in India and uses a server in Singapore, personal data, including sensitive health data, is transferred outside the EEA. Neither India nor Singapore currently benefits from an Adequacy Decision by the European Commission.
We have implemented the following appropriate technical and organisational measures (TOMs) to protect all personal data, especially sensitive health data, against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access:
| Security Measure | Description |
|---|---|
| Encryption at Rest | All stored data, including user medical profiles, is protected using AES-256 encryption. |
| Encryption in Transit | The entire website communication is secured using TLS 1.3 cryptographic protocols (HTTPS). |
| Access Control | Internal administrative access is strictly limited by the "need-to-know" principle and secured with Multi-Factor Authentication (MFA). |
| Pseudonymization | Health data is linked to the user's public ID/PIN via an internal pseudonym, ensuring that the public-facing identifier is not directly linked to their core identity (name, email) in a single database field. |
| Data Protection by Design | The system design ensures no health data is visible on the QR code itself—only a secure link requiring a positive scan/PIN entry is provided. |
Under the GDPR, you have the following rights regarding the personal data we hold about you. We commit to responding to all valid requests within one month.
| Your Right | Description | How to Exercise the Right |
|---|---|---|
| Right to be Informed (Art. 13/14) | To receive this transparent Policy. | This document fulfills this right. |
| Right of Access (Art. 15) | To obtain confirmation that your data is being processed and receive a copy of that data. | Via the account dashboard or by sending an email to our DPO. |
| Right to Rectification (Art. 16) | To have inaccurate or incomplete data corrected. | Directly through your account dashboard settings. |
| Right to Erasure / 'Right to be Forgotten' (Art. 17) | To request the deletion of your personal data, particularly the highly sensitive health data (which is based on your consent). | Via the account dashboard or by sending an email to our DPO. |
| Right to Withdraw Consent (Art. 7) | To withdraw your Explicit Consent for the processing of your health data at any time. | By deleting your medical profile in the account dashboard. |
| Right to Restriction of Processing (Art. 18) | To request that we limit the processing of your data under certain circumstances (e.g., while a rectification request is being reviewed). | By sending a request to the DPO. |
| Right to Data Portability (Art. 20) | To receive the data you provided in a structured, commonly used electronic format. | Via the account dashboard or by sending an email to our DPO. |
| Right to Object (Art. 21) | To object to processing based on legitimate interest (e.g., scanner IP logging). | By sending a request to the DPO. |
Please note that Tageze may ask you for additional information to help us verify who you are before completing any of the above requests.
Links to third party sites - Our websites may include links to other websites (“Third Party Sites”) which are outside of our control and not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their Privacy Policy, which may differ from our Privacy Policy. If you decide to access any of the Third Party Sites linked to from Tageze Sites, you should understand that you do so at your own risk.
We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations. All updates will be posted on this page with a revised effective date. Users are encouraged to review this policy regularly.
If you have a concern about our compliance, you have the right to lodge a complaint with a data protection supervisory authority, particularly in the Data Protection Board of India.
Please note that this Privacy Policy does not apply to:
Tageze employees, interns or employee or intern candidates.
Medical Data (such as medical conditions, allergies, current medications, medical history, identifiable physical traits (e.g., eye colour, height, weight), religion, insurance details, or other health-related data) that is uploaded by you to the Tageze website.
