Effective date: 3 July 2026
These Data Processing Terms form part of the RINSlab Terms of Service. They apply whenever you use the service to process personal data as a controller under EU/UK GDPR — typically as a workspace owner collecting poll responses and managing members. In these terms, “we” and “us” refer to Lukáš Podhola, IČ: 72929863, Palackého tř. 77, Chrudim 53701, acting as your processor.
You are the controller of the Covered Data; we are your processor. We process Covered Data only to provide the service described in the Terms, for as long as your workspace exists.
Covered Data means:
We process Covered Data only on your documented instructions. These Data Processing Terms, the Terms of Service, the Privacy Policy, and your use of the product's controls (creating features, sharing poll links, inviting members, editing and deleting content) together constitute your complete documented instructions. If we believe an instruction infringes data-protection law, we'll tell you.
We ensure that anyone we authorise to process Covered Data is bound by an appropriate duty of confidentiality.
We implement appropriate technical and organisational measures under Article 32 GDPR, including encryption in transit, encryption at rest at the database layer, and role-based access controls, as described in the Privacy Policy.
You give general written authorisation for the subprocessors listed in section 5 of the Privacy Policy. We'll notify you — by email or via the service — at least 30 days before adding or replacing a subprocessor. If you reasonably object on data-protection grounds and we can't offer a workaround, you may delete the affected workspace and, if you've prepaid, receive a pro-rata refund for the unused period. We impose data-protection obligations on our subprocessors consistent with these terms and remain responsible for our subprocessors' compliance with the obligations applicable to them under these Data Processing Terms.
Poll responses are collected without direct identifiers. As a result, we are generally unable to identify an individual respondent or associate a stored response with a particular person. Taking into account the nature of the processing, we assist you through the measures built into the product: CSV export, content editing, and feature or workspace deletion. If a data subject contacts us directly about your workspace, we'll forward the request to you without undue delay and won't respond on your behalf beyond directing them to you.
Taking into account the nature of the processing and the information available to us, we'll reasonably assist you in meeting your obligations under Articles 32–36 GDPR (security, breach notification, and data-protection impact assessments) and related provisions of the GDPR where applicable.
If we become aware of a personal data breach affecting Covered Data, we'll notify you without undue delay and provide the information reasonably needed for your own notification obligations, as it becomes available.
Covered Data may be processed by subprocessors outside the EEA/UK as described in the Privacy Policy. Such transfers are safeguarded by the European Commission's Standard Contractual Clauses (and UK equivalents) concluded with those providers. You authorise these transfers.
You can export your insights as CSV at any time and delete content or entire workspaces directly in the product; deletion removes the underlying Covered Data. When your workspace or account is closed, we delete Covered Data within 30 days, unless the law requires longer retention. Residual copies in encrypted backups are overwritten in the ordinary backup cycle.
On request, we'll make available the information reasonably necessary to demonstrate compliance with Article 28 GDPR — these terms, our subprocessor list, and summaries of our providers' security documentation. Given the scale of the service, audit rights are satisfied by written responses to reasonable requests, no more than once per year, unless a supervisory authority requires otherwise. We will promptly inform you if we determine that we can no longer meet our obligations under these Data Processing Terms.
Liability under these Data Processing Terms is subject to the limitations in the Terms of Service. Where these terms conflict with the Terms or the Privacy Policy on data-protection matters, these terms prevail. They apply for as long as we process Covered Data.
See also our Terms of Service and Privacy Policy.