Legality of processing

As a personal data administrator, we are responsible for ensuring that all of our processing activities comply with legal requirements.

Legal processing of personal data is important to us and its protection is an absolute matter of course.

Therefore, we would like to assure you that we adhere to the following principles:

legality, correctness, transparency – we process personal data correctly, in a lawful and transparent manner;

purpose limitation – we process personal data for certain, explicit and legitimate purposes and do not process them in a way that is incompatible with these purposes;

data minimization – we only process relevant personal data to the extent necessary in relation to the purpose for which they are processed;

accuracy – we process accurate and up-to-date personal data; we take all reasonable steps to ensure that personal data that is inaccurate, taking into account the purposes for which they are processed, are deleted or corrected without delay;

storage restrictions – we process personal data for no longer than is necessary for the purposes for which they are processed;

integrity and confidence – we process personal data in a way that ensures their proper security, including protection by appropriate technical or organizational measures against unauthorized or unlawful processing and against accidental loss, destruction or damage.

Basic information

Identification and contact information: GRiT, s.r.o., Reg.No. 46963740, based in Kopečná 231/10, Staré Brno, 602 00 Brno, a company registered in the Commercial Register at the Regional Court in Brno, Section C, Insert 6560.

You may also contact the following contacts at any time with any questions regarding the protection of personal data in our company:

phone no.: +420 541 212 199

Data Protection Officer: We have not appointed a Data Protection Officer, as we are not a liable person under Article 37 of the GDPR.

Supervisory authority: The supervisory authority is an independent public authority responsible for the protection of personal data in a given state.

The supervisory authority at the place of establishment of GRiT, s.r.o. is:
Office for Personal Data Protection based in:
Pplk. Sochora 27, 170 00 Praha 7
phone: +420 234 665 125.

GRiT, s.r.o. as personal data administrator

We act as a personal data administrator in relation to the personal data of our clients and individuals who visit our website.

Purpose of processing:
In order to perform the contract (especially concluding the contract, communication with the customer / supplier), or to implement measures taken before concluding the contract (negotiations before concluding the contract) we process in particular: name, surname, registration number, business address, e-mail, customer's phone / supplier, customer / supplier representative, fax, written and electronic communication with the customer.

In order to fulfil legal obligations (especially bookkeeping, issuing and registration of tax documents), we process in particular: name, surname, registration number / VAT number, address of residence / place of business, bank account number.

Due to legitimate interest, we process: e-mail, telephone (sending business messages), IP address, or other online identifiers (especially the proper functioning of the website).

In the event that we intend to process personal data other than that specified in this article, or for other purposes, we may do so only on the basis of a validly granted consent to the processing of personal data. Consent to the processing of personal data is granted by the data subject on a separate document.

If you are under the age of 15 and would like to provide us with your personal information so that we may process it for any purpose, please ask your legal representative for consent before providing it to us. Without such approval, you are not entitled to provide us with your personal data.

We do not process any personal data that can be classified as a special category (so-called sensitive data) within the meaning of Article 9 of the GDPR. At the same time, we do not process personal data relating to criminal convictions and criminal offenses within the meaning of Article 10 of the GDPR.

Data processing time:
We process personal data processed for the fulfilment of obligations arising from special legal regulations for the period specified by these legal regulations. If we use personal data to protect our legitimate interests, we process this personal data for the time necessary to exercise these rights. If personal data is processed on the basis of consent, we process only for the period for which the consent is granted.

GRiT, s.r.o. as personal data processor

Within some products, we provide clients with data space for the purpose of storing data operated within the product we offer. The personal data of natural persons may also be part of the client's data.
In relation to personal data that the client stores on the servers of GRiT, s.r.o., GRiT, s.r.o. acts in the position of personal data processor. The administrator of this personal data is the client.

Warning for end users:
Some of our products are intended, among other things, for use in companies or natural persons doing business. The use of some of our products may be subject to the client's policies and rules, if any. If the client processes personal data of individuals with the help of our product, data subjects must contact the client with questions regarding the protection of personal data, as he is in the position of personal data controller. We are not responsible for the privacy policies or security practices used by the client that may differ from this Information.

Purpose of data processing and handling:
We do not perform any operations with the client's data, including personal data, except for their storage on our servers, in particular we do not interfere with them, modify them, make them available or pass them on to third parties (except for their disclosure to state authorities in accordance with the law), unless the parties agree otherwise. The only purpose of handling this personal data is to store it and be able to make it available to the client.

Type of personal data processed:
It is not possible to determine exactly, the customer uploads the data to the product. Most often it is a name, surname, registration number / VAT number, address of the place of business, fax, e-mail, telephone, bank connection, job classification, profile picture.

Categories of data subjects whose personal data will be processed:
Employees of the client and other natural persons with whom the client is in a contractual relationship.

Personal data processors

The processors of personal data are:

  • companies providing accounting and tax consultancy,
  • company providing payroll accounting,
  • collaborating programmers,
  • companies providing services in the field of data extraction,
  • server providers.

The processing of personal data may be performed for us by processors exclusively on the basis of a contract on the processing of personal data, i.e. with guarantees of organizational and technical security of this data with the definition of the purpose of processing, while the processors may not use the data for other purposes.

Under certain conditions, personal data may be made available to state authorities (courts, police, tax authorities, etc., in the exercise of their legal powers) or we may provide them directly to other entities to the extent provided by a special law.

Technical data security

In order to secure the client's data, we apply reasonable and appropriate technical and organizational measures against their unauthorized or accidental disclosure, which are continuously updated. The technical measures consist in the deployment of technologies that prevent unauthorized access of third parties to client data. Organizational arrangements are a set of rules for the conduct of our employees and are part of our internal regulations, which are considered confidential for security reasons. If the servers are located in a data center operated by a third party, we make sure that technical and organizational measures are also implemented at this provider.

We store all data only on servers located in the European Union or in countries that ensure the protection of personal data in a manner equivalent to the protection provided by the laws of the Czech Republic.

Data subjects' rights

You have the following rights in relation to the protection of personal data. If you wish to exercise any of these rights, please contact us via contact e-mail.

The exercise of these rights is subject to certain exceptions in some cases and therefore may not be applicable in all situations.

If your request is found to be justified, we will take the required measures without undue delay, within one month at the latest. In justified cases, we can extend this period by up to another two months.

Right to access personal data (article 15 of the GDPR): You have the right to obtain from GRiT, s.r.o. confirmation of whether your personal data is or is not processed. If your personal data is provided by GRiT, s.r.o. you have the right to access this personal data and the information referred to in Article 15 of the GDPR. At the same time, you have the right to obtain a copy of the processed personal data. For further copies, GRiT, s.r.o. may charge a reasonable fee taking into account administrative costs.

Right to correct personal data (article 16 of the GDPR): You have the right to GRiT, s.r.o. correcting your inaccurate personal data without undue delay, or adding incomplete personal data.

Right to delete personal data (article 17 of the GDPR): You have the right to GRiT, s.r.o. deleting your personal data without undue delay in the cases provided for in Article 17 of the GDPR. The right of cancellation shall not apply where the processing is necessary for the fulfilment of legal obligations, for the determination, exercise or defence of legal claims and in other cases provided for in the GDPR.

Right to restrict processing (article 18 of the GDPR): You have the right to GRiT, s.r.o. limiting the processing in any of the following cases: a) you deny the accuracy of the personal data, for the time necessary for GRiT, s.r.o. to verify the accuracy of personal data; (b) the processing is unlawful and you refuse deletion of the personal data and request that their use be restricted instead; c) GRiT, s.r.o. no longer needs personal data for processing purposes, but you request them to determine, enforce or defend legal claims; d) you have objected to the processing until it is verified that the legitimate reasons of GRiT, s.r.o. outweigh your legitimate reasons.

Right to information regarding correction or deletion of personal data or restrictions on processing (article 19 of the GDPR): GRiT, s.r.o. is obliged to notify the individual recipients to whom the personal data have been disclosed of any corrections or deletions of personal data or restrictions on processing, except in cases where this proves impossible or requires a disproportionate effort. If you request it, GRiT, s.r.o. Informs you about these recipients.

Right to data portability (article 20 of the GDPR): If technically feasible, you have the right to obtain your personal data and pass this data on to another administrator.

Right to be informed in case of breach of personal data security (article 33 of the GDPR): If it is probable that a certain breach of personal data security will result in a high risk to your rights and freedoms, GRiT, s.r.o. will notify you of this breach without undue delay.

Right to file a complaint with the supervisory authority: If you believe that GRiT, s.r.o. does not process your personal data in a lawful manner, you have the right to file a complaint with the supervisory authority whose contact details are listed above.

We will be very happy if you contact us first. We will do everything in our power to correct the defective condition and process your personal data in a lawful manner.

In the event that GRiT, s.r.o. processes any of the personal data on the basis of consent, you have the right to withdraw your consent to the processing of personal data at any time in writing, by sending disagreement with the processing of personal data to the contact e-mail address. Withdrawal of consent does not affect the processing of personal data in cases where consent is not required.

Further information about your rights can be found on the website of the Office for personal data protection.

Automated individual decision making and profiling

There is no automated individual decision-making during the processing of personal data, not even on the basis of profiling.

Automated individual decision-making incl. profiling generally means any form of decision based on the automated processing of personal data, i.e. without human intervention, which consists, inter alia, in the evaluation of certain personal aspects relating to the data subject, in particular for analysis or estimation of work performance, personal preferences, economic situation, health status, interests, behaviour, reliability, location, or movement.

Legitimate interests

We also process personal data for the purposes of our internal and legitimate needs. In connection with this, we inform you that such processing takes place primarily for:

  • protection of our rights and legally protected interests, beneficiaries or other relevant persons, e.g. for debt collection;
  • direct electronic marketing – sending business messages;
  • security, website traffic analysis.


We would like to assure you that the processors of personal data with which we cooperate and our employees are obliged to maintain the confidentiality of personal data and security measures, the disclosure of which would jeopardize the security of your personal data.

Sending business messages, information about direct marketing

When sending business messages, we proceed in accordance with Act No. 480/2004 Coll., on certain information society services, as amended. You can unsubscribe from commercial communications by using the unsubscribe link in each email you send.

Right to object to processing (article 21 paragraph 1 of the GDPR): You have the right at any time to object to the processing of your personal data that GRiT, s.r.o. processes for reasons of legitimate interest. In such a case, GRiT, s.r.o. does not further process personal data unless it demonstrates serious legitimate reasons for the processing which prevail over your interests or rights and freedoms, or for the determination, exercise or defence of legal claims.

Right to object to processing for direct marketing purposes (article 21 paragraph 2 of the GDPR): If GRiT, s.r.o. processes your personal data for direct marketing purposes, you have the right to object to such processing at any time. GRiT, s.r.o., in that case, shall not further process the personal data.

Are you interested in the news in process digitization?

How to digitize and automate invoices, warehouses and the whole business? Enter your address below and we'll send you an email full of tips and news once in a while.