Privacy Policy

GRANGRAN PRIVACY POLICY
  ___________________
Personal data collected by GranGran are processed following the principles of the EU GDPR.

For the purpose of the processing personal data, GranGran may engage data processors and/or, at its sole discretion, hire other persons to perform certain functions on behalf of GranGran. In such cases, GranGran shall take necessary measures to ensure that such data is processed by the personal data processors in accordance with instructions of GranGran and applicable legislation. GranGran shall also require personal data processors to implement appropriate measures for the security of personal data. In such cases, GranGran shall ensure that such persons will be subject to the non-disclosure obligation and will not be able to use this information for any other purpose, except to the extent necessary to perform the functions assigned to them.

The following is general Information on GranGran privacy practices. Please read our privacy statement and let us know if you have any questions.

Where capitalized terms are used, these are defined terms either defined within this privacy statement or within the Terms of Services.

1. Overview
2. Personal information we collect about you
3. Types of data collected
4. Sweepstakes and other promotion
5. Online surveys
6. How we collect your data
7. Cookies and other technologies
8. How we use your information.
9. Transfer of Information to and Other Countries
10. Where we store your information
11. How we secure information we collect
12. Additional EU Disclosures
13. Provision of Personal Data and failure to provide Personal Data
GranGran Privacy Policy

14. How is personal information disclosed? 15. How long we keep information
16. EU-US and Swiss-US Privacy Shield
17. Marketing information:
18. How to access and control your information
19. Consent to provide personal information
20. Transfer to third parties
21. Your rights as a data subject 22. Privacy shield
23. Legal bases for processing (for EEA users): 24. Our data policy towards children
25. How we protect your information
26. CCPA Consumer Rights
27. Opting out
28. Data Privacy Regulatory Frameworks and Requirements
29. Data portability
30. Security and personal information
31. Complaints to a data protection authority
32. Contact us
33. Privacy policy changes

1. Overview

Please read the following carefully to understand our views and practices regarding your data and how we will treat it. By using the Platform, you acknowledge you have read and understood this privacy policy.

2. Personal information we collect about you

"Personal information" means information about an identifiable individual. The information you provide to GranGran is considered personal data it is possible to relate it back to you or another individual. This could include your name, address, e-mail address, telephone number and any other information that can identify you.

If information cannot be related to an identifiable individual it is considered anonymous information. Information which can only be attributed to an individual with additional information is called “pseudonymous” information. Whenever possible, GranGran works with anonymous or pseudonymous information.

3. Types of data we collect from you

​

Personally Identifiable Information (PII). We collect information you provide directly to us. For example, we collect information when you create an account, participate in any interactive features of the Services, fill out a form, make a purchase, participate in a contest or promotion, communicate with us via third party social media sites, interact with a message board, request customer support, use our Platform or otherwise communicate with us. The types of information we may collect include:

a) Identifiers, such as your full name, phone number, email address, unique personal identifier, online identifier, internet protocol address,
b) any other information you choose to provide

Sensitive PII. In certain circumstances, such as when subscribing for our service, you may provide a credit, debit, or payment account number, or other payment information to our payment gateway provider which we recognize as more sensitive than other PII. Sensitive information provided by you (including information relating to the health of the Care Recipient) will be processed in order for the Services to be used.

Anonymous Data. Some of the Data that we acquire cannot identify, distinguish or trace you or your Device, even if combined with other identifying information, and some Data that could be considered PII when combined with other identifying information is not used in a way that identifies, distinguishes or traces you or your Device, but is instead used in an anonymous way, often aggregated with other anonymous Data about other users. As set out in our Terms of Services, we may combine data provided by you into anonymous datasets for the purpose of improving the Services and to develop new Services.

Cookies and other tracking technologies: GranGran and our third-party partners, such as our User or Corporate entity partners, advertising, data collection and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different services and devices. For more information, please see our cookies and tracking notice, which includes information on how to control or opt out of these cookies and tracking technologies.

We collect the personal information that it we considers necessary for us to provide the Services they offer. The information we collect generally falls into two categories:

1. Information supplied by visitors to the website and Platform when they:

a. Create a user account

b. Login to their account
c. Enter a sweepstakes or other promotional contest

2. Information we collect as visitors use our website and Platform.

You need to sign up to use certain products, services, and tools on our website and platform that require you to provide information about yourself (and others), such as names, physical address, email address, and phone number. For example, you may provide such information if you sign up for a new account, newsletters, complete our "Feedback" form, or use a social media tool. We may use such information in order to provide you with the products, services, or tools you have requested.

In addition to the above, we may collect information, and/or use the information we collect, in the following specific ways:

4. Sweepstakes and Other Promotions

From time to time, we may offer sweepstakes or other promotions on our website and Platform. If you enter a sweepstakes or promotional contest, we will ask you to provide information about yourself (such as your name, phone number, address, date of birth, and email address). Among other things, we will use this information to contact you if you win, and we may also use this information for marketing purposes. We may share this information with any co-sponsor of the contest or sweepstakes; we will identify the co-sponsor in the contest rules. If you do not want us to collect the information requested in the contest or sweepstakes registration form or to provide it to co-sponsors, please do not enter the contest or sweepstakes.

5. Online Surveys

From time to time, we survey our users to measure their satisfaction with our website and Platform and other sites and to help us learn more about our audience and how they interact with our website and Platform. Third-party research firms often conduct these surveys on our behalf. We use the survey results to help us improve the services we offer to you. We will take the information you provide and aggregate it on an anonymous basis with data collected from other survey participants. We may use and disclose that pool of anonymous information as we see fit, without identifying you personally.

6. How we collect your data

When you access or use our Services, we automatically collect information about you, including:
 

• Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers and mobile network information.
• Information Collected by Cookies and Other Tracking Technologies: We and our service providers use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits and understand usage and campaign effectiveness. For more information about cookies, and how to disable them, please see or visit our "Cookie Policy"
• Clickstream Data: As you use the Internet, a trail of electronic information is left at each website and Platform you visit.

 

This information, sometimes referred to as "Clickstream Data," can be collected and stored by a website and Platform's server. For example, Clickstream Data can tell the type of computer and browsing software you use and the address of the website and Platform from which you linked to the website and Platform. The Website and Platform may collect and use Clickstream Data as a form of aggregate information to anonymously determine how much time visitors spend on each page of our website and Platform, how visitors navigate throughout the Website and Platform and how we may tailor our website and Platform to better meet the needs of visitors. This information often will be used to improve our Website and Platform and our Services. Any collection or use of clickstream data will be anonymous and aggregated and will not intentionally contain any Personal Information.

Be Careful Publicly Posting PII. Please be aware that Content and PII that you disclose in any publicly accessible portions of the Service may be available to other users, and may also be made available outside the Service by third parties, so you should be mindful of all PII, especially sensitive PII, that you may wish to post.

7. Cookies and other technologies

Our platforms use cookies and similar technologies to distinguish you from other users of our platforms. This helps us to provide you with a good experience when you browse our Platform and also allows us to improve our services.

Most browsers automatically accept cookies and similar technologies, but if you prefer, you can change your browser to prevent that and your help screen will tell you how to do this. We also give you information about disabling cookies. However, you may not be able to take full advantage of our web site if you do so.

A number of cookies and similar technologies we use last only for the duration of your web or app session and expire when you close your browser or exit the site. Others are used to remember you when you return to the Platform and will last for longer.

We use these cookies and other technologies on the basis that they are necessary for the performance of a contract with you, or because using them is in our legitimate interests (where we have considered that these are not overridden by your rights), and, in some cases, where required by law, where you have consented to their use.

8. How we use your information

We use the information we collect to provide, maintain and improve our Services, such as to administer your account and to provide you with insights to help you optimize your use of our Platform.

We may also use the information we collect to:

• Provide and deliver the services you request, process transactions and send you transaction-related information, including confirmations and invoices;
• Send you technical notices, updates, security alerts and support and administrative messages;
• Respond to your comments, questions and requests and provide customer service;
• Communicate with you about products, services, offers, promotions, rewards and events offered by GranGran and others, and provide news and information we think will be of interest to you;
• Monitor and analyze trends, usage and activities in connection with our Services;
• Audit related to a current interaction with the consumer and concurrent transactions, including but not limited to, counting ad impressions of unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity;
• Debug to identify and repair errors impairing existing intended functionality;
• Undertake internal research for technical development and demonstration;
• Undertake activities to verify or maintain the quality or safety of a service owned, manufactured, manufactured for, or controlled by GranGran, and to improve, upgrade, or enhance the service owned, manufactured, manufactured for, or controlled by GranGran;
• Detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of GranGran and others;
• Personalize and improve the Services and provide advertisements, content or features that match user profiles or interests; and
• Facilitate contests, sweepstakes and promotions and process and deliver entries and rewards; and Please keep in mind that GranGran does not trade or sell your personal information to third parties.

9. Transfer of Information to and Other Countries

In order to provide you with the Services you purchased or that you request from us, information about you may be transferred to GranGran locations in London England as well as countries where our service providers may be based. In some cases, information about you may be transferred to or accessed from other countries, including when you consent and allow us to do so, where it is required in order for us to provide Services to you and when we need to do so to provide functions like product support, troubleshooting and gaining insights into the usage patterns of our Services. When information about you is transferred to countries other than your home country, you may not have the same rights and protections as you do under local law. Any international transfers of such information will be done in accordance with applicable law.

10. Where we store your information

GranGran has a data privacy lead who is responsible for ensuring that your personal information is collected, used, disclosed (shared) and retained in compliance with applicable privacy regulations.
However, the data that we collect from you may be transferred to, and stored at, a destination outside the European economic area ("EEA") that may not be subject to equivalent data protection law.
Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this privacy policy.
 

11. How we secure information we collect

Information storage and security

We use industry standard technical and organizational measures to secure the information we store.
While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the internet, we cannot guarantee that data, during transmission through the internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

12. Additional EU Disclosures

If you are situated in the EU and have any complaints regarding our privacy practices as data controller, you have the right to make a complaint at any time to your local Supervisory Authority. We would, however, appreciate the chance to address your concerns before you approach your Supervisory Authority so please contact us in the first instance. If you are situated in the EU and have a complaint, please contact our privacy team at contact@grangran.com

13. Provision of Personal Data and failure to provide Personal Data

Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we will not be able to provide services to you,

14. How is personal information disclosed?

Individuals and/or organizations to which we may disclose personal information include:
• the public if you advertise with GranGran or use publicly available Communications Services
• Individuals and organizations that advertise with GranGran if you submit an enquiry with GranGran. If you do not want GranGran to disclose your personal information to these individuals and organizations, please do not submit enquires relating to these individuals and organisations.

Depending on your enquiry these may include:
o private advertisers
GranGran Privacy Policy

o operators of Linked Sites
o outsourced service providers who assist GranGran to provide its services
including:
o information technology providers
o marketing and market research advisers
o professional advisers
o organizations involved in a sale/transfer of GranGran assets, business, or shares o government and regulatory authorities as required by law

Except as provided herein and as required by law, your Personal Information will not be made available to third parties without your consent.

15. How long we keep information

How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

16. EU-US and Swiss-US Privacy Shield

In connection with GranGran's processing of personal data (as defined by European law) it receives from the European Union ("EU") or Switzerland, we comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (together "Privacy Shield") with respect to personal data we process from the EU or Switzerland and transfer to the United States. For more information about the Privacy Shield, and to view our certification, please visit the Privacy Shield website. We remain responsible and liable under the Privacy Shield for any personal data that we share with third parties for external processing on our behalf, as described in the "Sharing of Information" section above, unless we prove we are not responsible for the event giving rise to the damage. If you have an inquiry regarding our adherence to the Privacy Shield, we encourage you to contact us at Contact@grangran.com. We are subject to the investigatory and enforcement authority of London England. You may also refer your complaint free-of-charge to our designated Privacy Shield dispute resolution provider. In certain circumstances, the Privacy Shield provides the right to invoke binding arbitration to resolve complaints.

17. Marketing information:
 

if you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our services, such as when you last opened an email from us or ceased using your GranGran materials. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

18. How to access and control your information

You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.

19. Consent to provide personal information

We inform you when we need to collect your personal information and why we are collecting it. GranGran collects information from you after you give us your consent or through your interaction with our website.

Providing us with personal information is entirely voluntary. By giving us your personal information, you consent to allow us to use and disclose your personal information as described to you. If you do not agree with the use and disclosure of your information, please do not provide us with your personal information.

Some of our Services can only be offered if you provide personal information so, if you choose not to provide your information, we may not be able to provide you with those Services.

You may withdraw consent at any time. You will be informed of the effect that withdrawing your consent will have.
Your withdrawal of consent will only apply from the point that you withdrew consent. Your withdrawal of consent is not retroactive.

This means we will not remove information that has already been disclosed as this will be required for insurance reasons and will be necessary for the establishment, exercise or defence of legal claims.

20. Transfer to third parties

To facilitate the purposes of Web related Service, personal data may be shared in the normal course and scope of business with third parties to whom GranGran has chosen to outsource work. In the event that personal data is transferred to a third party, GranGran requires in its agreements with third parties that adequate privacy precautions are taken that provide the same level of privacy protection as is required by the principles of the privacy shield. In certain circumstances, GranGran may remain responsible and liable under privacy shield principles if such third parties process the personal data in a manner inconsistent with the privacy shield principles

21. Your rights as a data subject

In some jurisdictions (for example, the member states of the European Union) you may be entitled to certain rights in and to your personal data, subject to certain conditions and exceptions contained in applicable law. These rights may include the following:

• Request us to confirm whether your personal data is processed by us, and if we do, to obtain access to your personal data and certain information about it.
• Require the correction of your personal data if it is inaccurate or incomplete.
• Direct us to stop processing your personal data under certain circumstances.
• Erase or delete your personal data, for example, where the data is no longer needed to
achieve the purpose for which it was collected.
• Restrict the further processing of personal data
• Request us not to be subject to a decision based solely on automated processing,
including profiling, which produces legal effects concerning you or similarly significantly affects you (we currently do not engage in such processing and will notify you prior to doing so).
• Request to receive your personal data for transmission to, or to directly transmit to, another data controller in a structured, commonly-used and machine-readable format.

To protect your privacy and the security of your personal data, we will take reasonable steps to verify your identity before complying with such rights requests.

22. Privacy shield

GranGran adheres to the seven privacy shield principles of notice, choice, and accountability for onward transfer, security, data integrity, access, and recourse, enforcement and liability as they relate to personal data. GranGran verifies compliance to the principles through self-assessment. The privacy policy covering human resources data can be accessed on our intranet web site by all employees.

23. Legal bases for processing (for EEA users):
 

If you are an individual in the European economic area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:

• We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
• It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
• You give us consent to do so for a specific purpose; or
• We need to process your data to comply with a legal obligation.
• For the establishment, exercise or defence of legal claims.

Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, and this may mean no longer using the Services

24. Our data policy towards children

The services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. Children under the age of (18) may use the site only with the consent of his or her parent or legal guardian, please be advised that this site is not directed or otherwise promoted for use by children under the age of (18).

25. How we protect your information

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using TLS 1.3 (a strong protocol), x25519 (a strong key exchange), and aes_128_gcm (a strong cipher). Where we have given you (or where you have chosen) a password which enables you to access certain parts of our platforms, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our platforms; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

 

Our site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.

26. CCPA Consumer Rights

The CCPA requires us to communicate information about rights California consumers have with respect to their personal information (as defined within the CCPA). These rights include the right to request: access to their personal information; deletion of their personal information; additional details about our information practices; the categories of personal information sold in the preceding 12 months and the categories of third parties to whom the personal information was sold; the categories of personal information shared within in the preceding 12 months; to opt out of the "sale" of their personal information, and to not be discriminated against.

For details about how to exercise these rights, please see "Your Choices" below to exercise your rights by sending us an email with your request, or you may contact us through our email below. California consumers may also designate an authorized agent to exercise these options on their behalf. If you would like to use an authorized agent registered with the California Secretary of State to exercise these rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests on your behalf. We will not discriminate against you if you choose to exercise your rights related to your personal information.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following CCPA-defined categories of personal information:

• Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, and account name;
• Characteristics of protected classifications under state or federal law, such as age or gender;
• Commercial information, including records of Services purchased and credit card or other payment information;
• Internet or electronic network activity information, information, including, but not limited to, browsing history, search history, and information regarding your interaction with the Services including an internet website, application, or advertisement;
• Audio, electronic, visual, thermal, olfactory, or similar information such as profile pictures;
• Professional or employment related information;
• Education Information; and

• Inferences drawn to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Business or Commercial Purpose for Collecting Personal Information

We collect personal information for the business and commercial purposes described in the "Use
of Information".

Categories of Sources of Personal Information

We collect personal information directly from you, automatically from your use of our Services, by using or combining personal information to derive additional personal information about you, and from others as described in "Collection of Information".

Categories of Third Parties with Whom We Share Personal Information

We may share your personal information with third parties as described in the "Sharing of Information" section above.

Categories of Personal Information Disclosed

In the preceding 12 months, we have disclosed the following CCPA-defined categories of personal information for business or commercial purposes:

• Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, and account name;
• Characteristics of protected classifications under state or federal law, such as age or gender;
• Commercial information, including records of Services purchased and credit card or other payment information;
• Internet or electronic network activity information, information, including, but not limited to, browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement;
• Audio, electronic, visual, thermal, olfactory, or similar information such as profile pictures;
• Professional or employment related information;
• Education Information; and
• Inferences drawn to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

27. Opting out of messages from us

To opt-out of any future promotional messages from us, you should unsubscribe in the body of the promotional message that was sent to you (found at the bottom of the email) or send an unsubscribe request to us at Contact@grangran.com. We will process your request within a reasonable time after receipt.

28. Data Privacy Regulatory Frameworks and Requirements

GDPR Data Privacy User Rights

GranGran is processing, and/or transmitting your personal data, then you benefit from the following rights and privileges under the General Data Protection Regulation (GDPR):

• Right of Access: you have the right to obtain from us, as controllers, confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the following personal data and information:

1. the purposes of the processing;
2. the categories of personal data concerned; i.e name, email, phone number etc
3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or internationalorganizations’;
4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
5. the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; (f) the right to lodge a complaint with a supervisory authority (for a list of supervisory authorities, see https://edpb.europa.eu/about-edpb/board/members_en);
6. where the personal data are not collected from you, any available information as to their source;
7. The existence of automated decision-making, including profiling, along the lines indicated by Article 22(1) and (4) GDPR, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

• Right to Rectification: you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerned, provided during registration by him or her. Taking into account the purposes of the processing, the user have the right to have request his incomplete personal data be completed, including by means of providing a supplementary statement.
• Right to Erasure (“Right to be Forgotten): you have the right to obtain from us the erasure of your personal data without undue delay, and we have the obligation to erase personal data without undue delay when: a) your data are no longer necessary for the purposes for which they were collected; b) you had consented to the processing; c) you have objected to the processing, as per below; d) your persona data had been unlawfully collected; e) your personal data need to be erased as a matter of compliance with a legal obligation.
• Right to Restriction of Processing: you have the right to obtain from us the restriction of processing if you: a) contest the accuracy of the personal data, until this is verified; b) the processing is unlawful but you don’t want erasure; c) we no longer need the personal data, but you require them to establish, exercise to defend a legal claim; d) you have objected to processing but there is a need to verify whether our legitimate grounds override your rights to object.
• Right to Data Portability: where your personal data have been provided on the basis of your consent or for the performance of a contract, and their processing occurs in an automated way, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data– or have directly transmitted - to another controller.

Right to Object: you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on a legitimate ground point (e) or (f) of Article 6(1), including profiling based on those provisions. In this case, we can no longer process your personal data unless we show that there is a compelling legitimate ground for the processing which override your interests, rights and freedoms or for our establishment, exercise or defence of legal claims.

29. Data portability

Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your information. Should you request it, we will provide you with an electronic file of your basic account information and the information you create on the spaces under your sole control, like your personal bitbucket repository

30. Security and personal information

The site uses its best endeavors to store all Personal Information on servers with restricted access, and all electronic storage and transmission of Personal Information are secured with appropriate security technologies.

31. Complaints to a data protection authority

You have the right to submit a complaint concerning our data processing activities to our data protection lead

32. Contact us

If you have any queries regarding our data collection and protection practices or your rights, please do not hesitate to contact our data protection lead, at Contact@grangran.com

33. Privacy policy changes

We may revise this privacy policy from time to time, and will post the most current version on our web site.