Last updated: 21 May 2026
Your rights matter to us. As a company based in Romania (EU), Info Data SRL (TachoCard) is fully subject to the General Data Protection Regulation (GDPR). This page explains all rights you have regarding your personal data and how to exercise them — quickly and without unnecessary barriers.
The data controller — the entity legally responsible for how your personal data is processed — is:
Info Data SRL
Trading as: TachoCard
Incorporated in Romania, European Union
Email: privacy@tacho-card.com
Subject line: "GDPR Request — [Your Name]"
TachoCard's data processing is governed by:
Under GDPR Articles 12–22, you have the following rights. All requests are processed free of charge within 30 calendar days, extendable to 90 days for complex requests (we will notify you within the initial 30 days if an extension is needed).
You have the right to obtain confirmation of whether we process personal data about you, and if so, to receive a copy of that data along with information about:
How to request: Log in to your TachoCard account → Account Settings → "Download my data", or email us at privacy@tacho-card.com.
You have the right to have inaccurate personal data corrected without undue delay. You may update your name, email address, and other profile information directly in your Account Settings at any time.
If any data cannot be corrected via the application, contact us at privacy@tacho-card.com.
You have the right to request deletion of your personal data when:
How to request: Account Settings → "Delete my account", or email us. We will erase all personal data within 30 days, except data we are legally required to retain (e.g., invoices must be kept for 10 years under Romanian tax law — Legea nr. 227/2015 privind Codul Fiscal).
You may request that we restrict processing of your data (i.e., we store it but do not further process it) in the following circumstances:
How to request: Email privacy@tacho-card.com with subject "Restriction Request".
Where processing is based on your consent or on a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV), and to transmit it to another controller.
How to request: Account Settings → "Export my data" (available for account data and tachograph activity records), or email us.
You have the right to object at any time to processing of your personal data based on legitimate interests (Art. 6(1)(f)). We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, or for the establishment, exercise, or defence of legal claims.
You may also object at any time to processing for direct marketing purposes (we do not currently send marketing emails, but this right is available).
How to request: Email privacy@tacho-card.com with subject "Objection to Processing".
TachoCard uses automated algorithms to calculate AI-based driver risk scores. These scores are informational tools for decision support only — no decisions with legal or similarly significant effects on you are made solely on the basis of automated processing without human review.
You have the right to request human review of any automated assessment and to express your point of view. Contact us at privacy@tacho-card.com for any concerns regarding automated scoring.
Option 1 — Via the Application
Log in to TachoCard → Account Settings → Privacy section. You can download, export, or delete your data directly from here.
Option 2 — By Email
Send an email to privacy@tacho-card.com with the subject line: "GDPR Request — [Your Name] — [Right]"
Include: your full name, the email address registered with TachoCard, and a clear description of your request. We may ask you to verify your identity before responding.
| Request Type | Timeframe |
|---|---|
| Acknowledgement of receipt | Within 5 business days |
| Response to standard request | Within 30 calendar days |
| Complex or multiple requests | Within 90 calendar days (extension notice within first 30) |
| Account deletion | Data erased within 30 days of confirmation |
All responses are provided free of charge. If requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act, in accordance with GDPR Art. 12(5).
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, as required by GDPR Art. 33–34. Notification will be sent to your registered email address and will include:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of alleged infringement, if you consider that processing of your personal data infringes the GDPR.
The competent supervisory authority for Romania is:
ANSPDCP
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Address: Bd. G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București, Romania
Phone: +40.318.059.211 / +40.318.059.212
Email:anspdcp@dataprotection.ro
Website:www.dataprotection.ro
EU citizens residing in another member state may also contact their local data protection authority. The full list is available at edpb.europa.eu.
The European Commission provides an Online Dispute Resolution (ODR) platform for resolving disputes out of court: ec.europa.eu/consumers/odr.
For a detailed description of what data we collect, how long we keep it, and the legal bases for processing, please read our full Privacy Policy. For information about cookies specifically, see our Cookie Policy.
Info Data SRL (trading as TachoCard)
Email:privacy@tacho-card.com
Subject line: "GDPR Request — [Your Name]"