Privacy Policy

GIT - Grellner IT OÜ — © 2026

This policy explains what personal data we collect, why we collect it, how we process it, and your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data controller

The data controller responsible for your personal data is:
GIT - Grellner IT OÜ
Registry code: 17118036
Email: support@get-respond.com

What we collect

Through the Respond service:

• Phone numbers of callers and message senders
• Message content (SMS bodies sent and received)
• Timestamps of calls and messages
• Call metadata (missed, answered, busy)

Through booking (SimplyBook.me):

• Name and contact details you provide when scheduling
• Booking information (date, time, service selected)

Through the contact form:

• Name, phone number, business name, and message you submit

We do not collect location data, browsing behaviour, or use tracking cookies.

Legal basis for processing

We process your personal data under the following legal bases (GDPR Article 6):

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the service you requested (missed-call text-back, booking confirmation).
• Legitimate interests (Art. 6(1)(f)): Responding to enquiries, preventing fraud, and improving service reliability. Our legitimate interests do not override your fundamental rights.
• Legal obligation (Art. 6(1)(c)): Retaining opt-out records to comply with telecommunications regulations.

Data processors (sub-processors)

We use the following third-party processors to deliver the service. Each operates under a Data Processing Agreement (DPA) compliant with GDPR Article 28:

• Twilio Inc. (USA) — Processes calls and SMS. Twilio is certified under the EU-US Data Privacy Framework and operates under Standard Contractual Clauses. Twilio DPA
• SimplyBook.me Ltd. (Cyprus) — Processes booking data. SimplyBook.me is ISO/IEC 27001 certified and operates under Standard Contractual Clauses. SimplyBook.me DPA

We do not sell, rent, or share your data with any other third parties.

International data transfers

Some processors (Twilio) are located outside the European Economic Area. We ensure lawful transfers through:

• EU-US Data Privacy Framework certification
• Standard Contractual Clauses (SCCs) approved by the European Commission

Data retention

• Message logs and call metadata: Retained for up to 90 days, then automatically deleted.
• Booking data: Retained by SimplyBook.me per their retention policy; deleted within 60 days of account termination.
• Opt-out records: Retained indefinitely to ensure we never contact someone who opted out.
• Contact form submissions: Not stored on our servers (opens your email client directly).

Your rights under GDPR

You have the following rights regarding your personal data:

• Access (Art. 15): Request a copy of the personal data we hold about you.
• Rectification (Art. 16): Request correction of inaccurate data.
• Erasure (Art. 17): Request deletion of your data ("right to be forgotten").
• Restriction (Art. 18): Request limited processing in certain circumstances.
• Data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Objection (Art. 21): Object to processing based on legitimate interests.
• Withdraw consent (Art. 7(3)): Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email support@get-respond.com. We will respond within 30 days.

Opt-out from messaging

Reply STOP to any message from us and we will immediately stop messaging you. You can also text UNSUBSCRIBE, CANCEL, END, or QUIT. You will receive one confirmation and no further messages.

Security measures

We implement appropriate technical and organisational measures to protect your data:

• All data transmitted over encrypted connections (TLS 1.2+)
• Access limited to systems and personnel required to operate the service
• Sub-processors maintain industry-standard security certifications (ISO 27001, SOC 2)

Data breach notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by GDPR Articles 33 and 34.

Cookies

This website does not use tracking or analytics cookies. The SimplyBook.me booking widget may set strictly necessary session cookies to enable the booking functionality. These do not require consent under GDPR and the ePrivacy Directive.

Right to lodge a complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For Estonia, this is:
Andmekaitse Inspektsioon (Data Protection Inspectorate)
Website: www.aki.ee

Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via the service or by email. Continued use after changes constitutes acceptance.

Contact

GIT - Grellner IT OÜ
Registry code: 17118036
Email: support@get-respond.com