We are obliged to comply with Data Privacy in general and GDPR in particular. Hence, the terms of service includes a data processing agreement that stipulates how and in which ways we may handle and govern your data, which third party companies that may be used to process your data, etc. Maybe the most important aspect of GDPR and Data Privacy is however to design for privacy. This means we should not hold data longer than necessary, we should have sufficient ways of removing data upon request or provide information of the data we hold upon request, and we should properly protect the data at all times.