GDPR & Data Protection
TTerminal complies with the EU General Data Protection Regulation (GDPR), the UK GDPR, and applicable national data protection laws including Czech Act No. 110/2019 Coll. This page summarises our approach and gives you a direct route to exercise your rights.
1. Our principles
- Lawfulness, fairness, transparency. We process data on clearly stated legal bases and tell you what we do.
- Purpose limitation. Data is collected for specified purposes and not further processed inconsistently.
- Data minimisation. We collect only what we need.
- Accuracy. Inaccurate data is corrected or erased on request.
- Storage limitation. Data is retained no longer than necessary - see retention schedule in our Privacy Policy.
- Integrity and confidentiality. We apply technical and organisational safeguards including encryption, access controls, and audit logs.
- Accountability. We document our processing activities and assess risk where required.
2. Your rights under GDPR
Articles 15-22 of the GDPR grant data subjects specific rights. To exercise any of them, use our contact form with proof of identity (a redacted ID or a verification token sent to your account email is sufficient).
- Right of access (Art. 15) - obtain a copy of your data and supplementary information.
- Right to rectification (Art. 16) - correct inaccurate or incomplete data.
- Right to erasure (Art. 17) - "right to be forgotten", subject to retention obligations.
- Right to restriction (Art. 18) - limit processing in certain circumstances.
- Right to portability (Art. 20) - receive your data in JSON or CSV format.
- Right to object (Art. 21) - including objection to direct marketing and to processing based on legitimate interests.
- Rights related to automated decision-making (Art. 22) - we do not make decisions producing legal effects based solely on automated processing. Anti-abuse flags are reviewed by a human before account suspension.
3. Data Protection Impact Assessments (DPIA)
Where a processing activity is likely to result in high risk to data subjects, we conduct a DPIA in advance, document mitigations, and consult our DPO. DPIAs have been performed for our payment processing and our anti-abuse pipeline.
4. International transfers
Where data leaves the EEA, we rely on Standard Contractual Clauses or adequacy decisions and supplement them with technical safeguards (encryption in transit and at rest, pseudonymisation, access controls).
5. Data breaches
In the event of a personal data breach likely to result in risk to your rights, we notify the relevant supervisory authority within 72 hours and notify affected users without undue delay where the risk is high. We maintain an internal incident response procedure with on-call engineers, defined escalation paths, and post-incident reviews.
6. Data Protection Officer
The data controller responsible for your personal data is:
| Company: | Signal Core s.r.o. |
| Registered office: | Rybná 716/24, Staré Město, 110 00 Praha 1, Czech Republic |
| Company ID (IČO): | 24460354 |
| Commercial register: | C 441474, Městský soud v Praze |
You can contact our Data Protection Officer for any GDPR-related matter through our contact form.
7. Supervisory authority
If you are unhappy with our response, you have the right to complain to your national supervisory authority. In the Czech Republic this is the Úřad pro ochranu osobních údajů (www.uoou.cz). In other EU member states, contact details for your authority are listed on the EDPB website.
8. Children's data
The Service is restricted to users aged 18 and over. We do not knowingly collect data from minors.
9. Records of processing activities
We maintain Article 30 records of processing activities and make them available to supervisory authorities on request.