Privacy Policy

Effective from: January 1, 2025

Who processes your data

The controller of personal data is FBLS Tech s.r.o., company ID 19433166, with its registered office at Moravská 854/2, 312 00 Plzeň, registered in the relevant commercial register, e-mail hello@gtdn.online, website www.gtdn.online (the “Controller” or “we”).

These principles explain how we process personal data of natural persons when using our website, application, workspace environment, contact forms, support, commercial communications, and related services.

These principles apply mainly where we act as controller of personal data. In some situations, we may also act as processor; these situations are described below.

What personal data we process

We may process in particular these categories of personal data:

  • identification data, such as first and last name,
  • contact data, such as e-mail, phone number, or contact address,
  • account data, such as login credentials, user ID, language, role, account status, and settings,
  • workspace data, such as workspace name, membership, roles, invitations, and related metadata,
  • payment and billing data, such as billing address, company ID, VAT ID, plan information, orders, and payments,
  • technical data, such as IP address, information about device, browser, operating system, logs, and security records,
  • service usage data, such as feature interactions, navigation within the app, settings, preferences, and activity history,
  • communication data, such as the content of messages sent to support, sales, or through forms,
  • data related to cookies and similar technologies, where used,
  • other data that you provide to us yourself or that arise when using the Service.

The scope of data processed depends on which parts of the Service you use, which plan is active, and how you communicate with us.

Where we obtain personal data

We obtain personal data in particular:

  • directly from you during registration, ordering, form submission, or communication,
  • automatically through technical means when using the website and application,
  • from other workspace users, for example if they invite you to a workspace or assign you a role,
  • from providers of payment, technical, analytics, or communication services,
  • from public sources or registers where reasonable and lawful.

Purposes of processing

We process personal data in particular for the following purposes:

  • account creation and management,
  • provision and operation of the Service,
  • management of workspaces, members, roles, and access,
  • conclusion and performance of a contract,
  • billing, payment records, and accounting,
  • ensuring technical operation, security, and misuse prevention,
  • handling user requests, support, complaints, and claims,
  • sending operational and service notifications,
  • development, testing, measuring, and improving the Service,
  • marketing communications where permitted,
  • compliance with legal obligations,
  • protection of our legal claims and legitimate interests,
  • working with cookies and related preferences.

Legal bases of processing

We process personal data on the basis of the following legal grounds:

  • performance of a contract or steps taken before entering into a contract,
  • compliance with a legal obligation,
  • our legitimate interest,
  • your consent where required.

Performance of a contract typically applies to:

  • account registration and management,
  • provision of app functionality,
  • management of workspaces and membership,
  • processing orders and activating plans,
  • communications related to provision of the Service.

Legal obligation typically applies to:

  • accounting,
  • tax records,
  • regulatory and statutory obligations,
  • cooperation with public authorities.

Legitimate interest typically applies to:

  • ensuring security and protection of systems,
  • prevention of fraud and misuse,
  • maintaining internal logs and audit records,
  • defending and asserting legal claims,
  • basic analytics and product development,
  • reasonable communication with customers,
  • sending commercial communications where permitted by law.

Consent typically applies to:

  • use of optional cookies,
  • certain marketing activities,
  • other cases where required by law.

When we are controller and when we are processor

We act as controller mainly when processing personal data of our users and customers, website visitors, persons who contact us, persons subscribed to newsletters or commercial communications, and persons listed in billing and order details.

We may act as processor when users store personal data of third parties in a workspace and we process those data on their behalf while providing the Service.

Typically, this may concern data stored in the workspace within:

  • tasks,
  • internal notes,
  • files,
  • contacts,
  • team members,
  • other records created by the user.

In these cases, the relevant user or their organization as controller is responsible for the lawfulness of the processing and the legal basis.

Where Article 28 GDPR applies to such processing, we conclude or offer a separate data processing agreement (DPA).

Who we share personal data with

We may make personal data available in particular to the following categories of recipients:

  • providers of hosting and cloud infrastructure,
  • providers of analytics, communication, and technical tools,
  • providers of e-mail, support, and ticketing services,
  • providers of payment and accounting services,
  • providers of security, monitoring, and administration services,
  • legal, tax, or other professional advisors,
  • public authorities where required by law,
  • other recipients where necessary for provision of the Service or protection of our rights.

An up-to-date list of processors or categories of processors may be stated in a separate list or another part of our legal documentation.

Transfers to third countries

If we use suppliers or infrastructure outside the European Economic Area when providing the Service, personal data may be transferred to third countries.

In such a case, we ensure that the transfer takes place in compliance with GDPR, in particular on the basis of:

  • an adequacy decision,
  • standard contractual clauses,
  • or another appropriate mechanism under GDPR.

How long we keep data

We retain personal data only for as long as necessary to fulfill the purpose of processing, unless law requires a longer period.

Typically, we retain data:

  • for the duration of the account and contractual relationship,
  • for the duration of the workspace and related use of the Service,
  • for the period necessary to comply with legal obligations,
  • for the time needed to protect legal claims,
  • for the duration of granted consent where processing is based on consent.

After account termination or the end of the contractual relationship, we may retain some data for a reasonable period, in particular for the purpose of:

  • complying with legal obligations,
  • protecting legitimate interests,
  • resolving disputes, complaints, and incidents,
  • keeping logs, backups, and security records,
  • other operational and security needs.

Specific retention periods may vary depending on the type of data and type of service.

Your rights

In connection with the processing of personal data, you have in particular the right:

  • to access personal data,
  • to rectification of inaccurate or incomplete data,
  • to erasure,
  • to restriction of processing,
  • to object to processing,
  • to data portability,
  • to withdraw consent where processing is based on consent,
  • to lodge a complaint with a supervisory authority.

If you believe that we process your data in breach of legal regulations, you may contact the Czech Data Protection Authority.

You may exercise your rights using the contact details stated in these principles.

Cookies and similar technologies

We may use cookies and similar technologies on our website and related services.

Details on which cookies we use, for what purposes, and how you can manage your preferences are stated in a separate document titled “Cookie Policy”.

Security

We have adopted appropriate technical and organizational measures to protect personal data.

These measures may include in particular:

  • access control management,
  • authentication and security mechanisms,
  • logging and monitoring,
  • infrastructure protection,
  • encryption or pseudonymization where appropriate,
  • backups,
  • internal processes for incident prevention and response.

Nevertheless, absolute security of any transfer or storage of data cannot be guaranteed.

Minors

The Service may be used by persons older than 15.

If the user is a minor, we expect that they use the Service with the consent of their legal guardian where required by law.

If we learn that personal data were obtained in breach of these conditions or legal regulations, we may take appropriate measures, including account restriction or deletion of data.

Contact

If you have questions about the processing of personal data, you can contact us at:

e-mail: hello@gtdn.online

address: Moravská 854/2, 312 00 Plzeň

Changes to these principles

We may amend or update these principles from time to time.

We will inform you of material changes in an appropriate way, for example through the website, application, or e-mail.

These principles are effective from January 1, 2025.