Logo

GDPR Compliance

Last updated: May 14, 2025

This GDPR Compliance Statement explains how OyeSense Private Limited ("Company", "we", "us", or "our") complies with the European Union's General Data Protection Regulation (GDPR) in relation to our Tickboard application ("App") and website ("Site"), collectively referred to as the "Service". This statement should be read together with our Privacy Policy, Cookie Policy, and Terms and Conditions.

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that applies to all individuals within the European Union and the European Economic Area. It also addresses the transfer of personal data outside these areas.

At Tickboard, we respect your privacy and are committed to protecting your personal data. This GDPR Compliance Statement will inform you about how we look after your personal data when you visit our website or use our app (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

2. Data Controller Information

For the purpose of the GDPR, OyeSense Private Limited is the data controller and responsible for your personal data. Our contact details are:

OyeSense Private Limited
[Your Company Address]
Email: support@Tickboard.app
Phone: [Your Phone Number]

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Compliance Statement. If you have any questions about this statement, including any requests to exercise your legal rights, please contact the DPO using the details set out below:

Data Protection Officer
Email: dpo@Tickboard.app

3. Personal Data We Collect

As part of providing our Service, we collect and process various types of personal data. Personal data refers to any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

3.1 Categories of Personal Data

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped as follows:

  • Identity Data: Includes name, username or similar identifier, profile picture.
  • Contact Data: Includes phone number and email address.
  • Account Data: Includes your account settings and preferences.
  • Technical Data: Includes internet protocol (IP) address, device identifiers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Service.
  • Usage Data: Includes information about how you use our Service, such as tasks created, boards visited, features used, and time spent on the platform.
  • Communication Data: Includes messages sent through our chat feature, comments on tasks, and other forms of communication within the Service.
  • Collaboration Data: Includes information about your interactions with other users, shared tasks, and collaborative activities.

3.2 Special Categories of Personal Data

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.

4. Legal Basis for Processing Personal Data

Under the GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases for processing your data:

4.1 Consent

Where you have given explicit consent to process your personal data for a specific purpose. You can withdraw your consent at any time by contacting us or using the provided account settings.

4.2 Contractual Necessity

Where we need to process your data to perform our contract with you (i.e., to provide you with our Service according to our Terms and Conditions).

4.3 Legitimate Interests

Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include:

  • Providing, improving, and securing our Service
  • Understanding how users interact with our Service
  • Detecting and preventing fraud and abuse
  • Marketing and promoting our Service

4.4 Legal Obligation

Where we need to process your data to comply with a legal or regulatory obligation.

5. Your Rights Under GDPR

Under the GDPR, you have several rights in relation to your personal data. These include:

5.1 Right to Access

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

5.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

5.3 Right to Erasure (Right to be Forgotten)

You have the right to request that we delete or remove your personal data where there is no good reason for us continuing to process it. This right may be limited in certain circumstances, such as where we need to retain data for legal compliance.

5.4 Right to Restrict Processing

You have the right to request that we suspend the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

5.5 Right to Data Portability

You have the right to request that we transfer your personal data to you or to a third party in a structured, commonly used, machine-readable format.

5.6 Right to Object

You have the right to object to the processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.

5.7 Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

6. How to Exercise Your Rights

To exercise any of the rights described above, please contact us using the following methods:

  • Email: dpo@Tickboard.app with the subject line "GDPR Request"
  • In-App: Use the "Privacy Settings" section in your account settings
  • Mail: Data Protection Officer, OyeSense Private Limited, [Your Company Address]

We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

7. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. These measures include:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Regular backup procedures
  • Staff training on data protection and security

We also have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure of your personal data
  • The purposes for which we process your personal data
  • Whether we can achieve those purposes through other means
  • The applicable legal requirements

In general, we retain your personal data for the following periods:

  • Account Information: For the duration of your account plus 180 days after deletion
  • Task and Collaboration Data: For the duration of your account unless specifically deleted by you
  • Communication Data: For the duration of your account unless specifically deleted by you
  • Technical and Usage Data: Up to 26 months for analytics purposes

9. International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA) in the course of providing our Service. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe (Standard Contractual Clauses).
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US.
  • Where countries have been deemed to provide an adequate level of protection for personal data by the European Commission.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

10. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when implementing new technologies or where processing is likely to result in a high risk to the rights and freedoms of individuals. These assessments help us identify and minimize data protection risks.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. For detailed information about the cookies we use and the purposes for which we use them, see our Cookie Policy.

Under the GDPR, we obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences through our cookie consent banner or through your browser settings.

12. Children's Data

Our Service is not intended for children under 13 years of age, and we do not knowingly collect personal data from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

13. Data Processing Agreements

Where we act as a data processor for our business customers (who are the data controllers), we enter into Data Processing Agreements (DPAs) that comply with Article 28 of the GDPR. These agreements outline our obligations and responsibilities in processing personal data on behalf of our customers.

If you are a business customer and require a DPA, please contact us at dpo@Tickboard.app.

14. Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. In case of a breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, where feasible.

We will also notify affected individuals without undue delay when a personal data breach is likely to result in a high risk to their rights and freedoms.

15. Updates to this GDPR Compliance Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or to comply with legal requirements. We will notify you of any significant changes by posting the new statement on our website or app, or by sending you a notification directly.

We encourage you to periodically review this statement for the latest information on our privacy practices.

16. Complaints

If you have a complaint about how we handle your personal data, please contact our Data Protection Officer at dpo@Tickboard.app. We would appreciate the chance to deal with your concerns before you approach a data protection authority.

You also have the right to lodge a complaint with a supervisory authority. The supervisory authority in India is the Data Protection Authority of India. If you are based in the European Union, you can find your national data protection authority at https://edpb.europa.eu/about-edpb/board/members_en.

This document was last updated on May 14, 2025