Introduction
ITDEVTECH is committed to protecting the privacy and personal data of its customers, partners, and end users. This GDPR & Data Protection Policy explains how TIKTING, ITDEVTECH’s Enterprise Service Management platform, complies with the General Data Protection Regulation (EU) 2016/679 (GDPR).
This policy applies to:
• TIKTING Cloud, hosted on Microsoft Azure
• TIKTING On-Premises, hosted on customer-controlled infrastructure
Roles & Responsibilities under GDPR
Depending on the deployment model, ITDEVTECH acts as:
• Data Processor for customer data processed within TIKTING
• Data Controller only for limited business data related to sales, support, and contractual relationships
Customers using TIKTING are the Data Controllers for all end-user and organizational data stored in the platform.
Lawful Basis for Processing
TIKTING processes personal data only when at least one of the following applies:
• Performance of a contract
• Legal obligation
• Legitimate interest
• Explicit consent (where applicable)
No data is processed beyond the scope defined by the customer.
Data Hosting & Infrastructure
• Hosted on Microsoft Azure, a GDPR-compliant cloud platform
• Data is stored in secure Azure data centers
• Microsoft acts as a sub-processor under GDPR
• Azure complies with:
◦ ISO/IEC 27001
◦ ISO/IEC 27018
◦ SOC 1 / SOC 2
◦ GDPR and EU data protection standards
ITDEVTECH ensures that appropriate Data Processing Agreements (DPAs) are in place with Microsoft.
• Fully hosted on customer-owned infrastructure
• ITDEVTECH does not access, store, or transfer customer data
• Customers retain full control and responsibility for:
◦ Data security
◦ Backups
◦ Retention
◦ Compliance obligations
TIKTING does not process sensitive personal data unless explicitly configured by the customer.
Data Security Measures
ITDEVTECH implements strict technical and organizational safeguards, including:
• Encryption at rest and in transit
• Role-based access control (RBAC)
• Audit logging and activity tracking
• Secure authentication mechanisms
• Regular security updates and vulnerability monitoring
Data Retention & Deletion
• Data retention is customer-controlled
• Customers may define retention policies within TIKTING
• Upon contract termination:
◦ Data is deleted or returned upon request
◦ Backups are securely purged according to defined timelines
Data Subject Rights
TIKTING fully supports GDPR data subject rights, including:
• Right of access
• Right to rectification
• Right to erasure (“Right to be Forgotten”)
• Right to data portability
• Right to restriction of processing
• Right to object
Requests are handled by the customer (Data Controller). ITDEVTECH provides technical support to facilitate compliance.
Sub-Processors
For TIKTING Cloud, approved sub-processors may include:
• Microsoft Azure (cloud infrastructure)
• Email and notification services (if enabled)
A current list of sub-processors is available upon request.
Compliance & Audits
ITDEVTECH:
• Regularly reviews its GDPR compliance
• Supports customer audits and compliance assessments
• Provides documentation required for regulatory reviews