Privacy Policy
This privacy policy explains how Expanse UG (haftungsbeschraenkt) & Co. KG ("we", "us") processes personal data when you use The Taurus platform (thetaurus.com) and the TTAD public register (ttad.eu). Last updated: March 2026.
1. Controller
The controller within the meaning of Art. 4(7) GDPR is Expanse UG (haftungsbeschraenkt) & Co. KG, Bavariastr. 15, 80336 Muenchen, Germany. Contact: hello@thetaurus.com.
2. Data we process
Account data: email address, name, and password hash when you register. Transparency notice data: all information you enter in the wizard (sponsor identity, funding, costs, placement details, targeting parameters), which may include personal data of third parties (e.g., sponsor names, controller identities). Contact form submissions: email, name, and message content. Advertiser invitation data: email addresses of invited advertisers. Usage data: see section 8 (Analytics).
3. Legal basis
Account and notice data: performance of a contract (Art. 6(1)(b) GDPR) — providing the transparency notice creation service. Published notice data: compliance with a legal obligation (Art. 6(1)(c) GDPR) — Regulation (EU) 2024/900 requires publication and retention of transparency notices. Analytics data: legitimate interest (Art. 6(1)(f) GDPR) — understanding platform usage to improve the service. Contact form data: legitimate interest (Art. 6(1)(f) GDPR) — responding to your inquiry. Email notifications: performance of a contract (Art. 6(1)(b) GDPR) — transactional emails related to your account and notices.
4. Recipients
Published transparency notices are publicly accessible by design — this is a legal requirement of Regulation (EU) 2024/900. We use infrastructure providers (hosting, database, email delivery) who process data on our behalf under data processing agreements. Google Ireland Limited processes analytics data (see section 8). We do not sell personal data to third parties.
5. Retention
Published notices: at least 5 years after the end of the publication period, as required by Art. 12(1) of Regulation (EU) 2024/900. Underlying documentation is retained for 7 years. Account data: until account deletion, plus any legally required retention period. Contact form submissions: 3 years after the last interaction. Analytics data: 14 months (Google Analytics default retention).
6. Your rights
You have the right to access, rectification, erasure, restriction of processing, data portability, and objection under the GDPR (Articles 15-21). Note that published transparency notices cannot be deleted during the legally mandated retention period under Regulation (EU) 2024/900 — this constitutes a legal obligation that overrides the right to erasure. To exercise your rights, contact us at hello@thetaurus.com. You also have the right to lodge a complaint with your local data protection supervisory authority.
7. International transfers
Analytics data may be transferred to Google servers outside the EEA. This transfer is governed by Google's data processing terms and the EU Standard Contractual Clauses. All other data is processed within the European Economic Area.
8. Analytics (Google Analytics 4)
We use Google Analytics 4 (provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to understand how our platform is used. Google Analytics uses cookies and similar technologies to collect anonymized usage data including: pages visited, session duration, referral source, browser type, and device information. We have enabled IP anonymization, so your full IP address is never stored by Google. We track custom events related to the platform funnel (e.g., sign-up, notice creation, wizard progress, publication) to improve the user experience. Data is retained for 14 months. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout) or by using your browser's cookie settings. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding and improving our service).
9. Cookies
We use the following cookies: Session cookie (next-auth.session-token): essential for authentication, expires when you close the browser or after 30 days. Google Analytics cookies (_ga, _ga_*): used for analytics purposes, expire after 14 months. No advertising or tracking cookies from third parties are used. Essential cookies do not require consent under Art. 5(3) of the ePrivacy Directive. Analytics cookies are set based on our legitimate interest (Art. 6(1)(f) GDPR); you can opt out as described in section 8.
10. Changes
We may update this policy. Material changes will be communicated via email or on-platform notice. The current version is always available at thetaurus.com/privacy.