Privacy Policy of the Groufr Service

1. Data Controller

The controller of personal data within the meaning of Article 4(7) of the GDPR is Celdy technology, s.r.o., having its registered office at Korunní 108, 10100 Prague 10, Czech Republic, Company ID (IČ): 06526641 (the “Controller” or the “Operator”).

2. Scope of Processed Personal Data

The following categories of personal data are processed:

• identification data (email address, name or nickname);
• information about Group membership and user roles;
• content shared by Users (messages, photographs, files, links, polls);
• event-related data and shared expense records;
• technical data (IP addresses, access logs, API and WebSocket logs).

3. Purpose and Legal Basis of Processing

Personal data are processed for the purpose of providing the Service based on the performance of a contract, the Operator’s legitimate interests (security and operation of the Service), and, where applicable, the User’s consent.

4. Data Sharing

Personal data are shared exclusively within the relevant Group among its members. The Operator is not responsible for any further processing or disclosure of content by other Users.

5. Data Retention

Personal data are stored for the duration of the contractual relationship and thereafter for the period required by applicable laws. Technical logs are retained for a limited time and subsequently anonymized.

6. Data Subject Rights

Users have the right to access their personal data, request rectification or erasure, restriction of processing, data portability, and to lodge a complaint with the relevant supervisory authority.

7. Data Export

Personal data may be exported upon the User’s request.

8. Data Security

The Operator implements appropriate technical and organizational measures to protect personal data.

9. Language Versions

The primary version of this Privacy Policy is the Czech version. Other language versions may be provided for convenience only.