Granicus Privacy Policy

Your Rights In Relation To Your Personal Data

We explain here the rights that you may have in relation to personal data if you live in the UK or European Union:

How Can I Find Out What Personal Data Granicus’ Holds About Me?

You may contact us using the contact information above if you would like more detailed information about what personal data we have collected from you, including the categories of personal data processed, the purposes of the processing and the third parties to whom that data is transferred. You may also request a copy of your data. Note that we do have to take into account the interests of others, and certain other legal obligations or restrictions, so this is not an absolute right.

Can I Ask Granicus To Delete or Correct My Personal Data?

You may contact us using the contact information above if you would like us to delete your personal data or to have your personal data corrected and, if required to do so, we will comply with your request.

Can I Ask Granicus To Stop Using My Personal Data?

You may contact us using the contact information above if you would like us to stop using your personal data (either entirely or for some of our Processing Activities) and, if required to do so, we will comply with your request.

Can I Ask Granicus To Transfer My Personal Data to a Third Party?

You may contact us using the contact information above if you would like us to transfer your personal data to a third party in a structured, commonly used and machine readable format and, if required to do so, we will comply with your request.

Does Granicus Securely Store My Personal Data?

We apply strict security standards, controls and processes to protect your personal information from unauthorised access, loss or accidental deletion. These include restricting who can have access to your personal data and protecting your data with security tools appropriate to the type of information e.g. encryption software and secure file transfer tools. We also require that our third party processors who handle your personal data do the same.

Does Granicus Use Cookies?

Cookies are text files containing small amounts of information which are downloaded to your computer or mobile device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are useful because they allow a website to recognize a user’s device. Cookies allow you to navigate between pages efficiently, remembering your preferences and generally improving the user experience.

Our Cookie Policy provides you with more information about our use of cookies.

Does Granicus Share My Personal Data With Third Parties?

To help us carry out our Processing Activities, we may need to share your personal data with entities within and outside of Granicus as follows:

Granicus Entities – we may transfer your data to other Granicus entities who may collect, transfer and/or use the personal data we have collected from you for some or all of our Processing Activities. Where we share your personal information with other Granicus entities, they will use your information in a manner consistent with the purposes for which it was originally collected and consistent with this Privacy Statement and applicable data protection and privacy laws.

Our Data Processors – from time to time, we may share your personal data with our third party service providers or with other Granicus entities who provide us with investor relationship, company secretarial, legal, regulatory, corporate advisory, event management, talent management, recruitment, marketing, communication and/or IT support services (“Data Processors”). In order to provide such services, our Data Processors process your personal data on our behalf. Our Data Processors have met our criteria as trusted guardians of personal data and are subject to contractual obligations to implement appropriate security measures to safeguard your personal data and to process personal data only as instructed by us.

Other Third Parties – your personal data may also be transferred to regulators, courts, and other authorities (e.g. tax and law enforcement authorities) and independent external advisors (e.g. lawyers, auditors). We may also share certain personal data with business partners, customers and suppliers to carry out our business activities.

For the full list of the Granicus entities, Data Processors and other third parties that we may share your data with, please contact us as set out above. Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal information. You should check the privacy policies of third party websites before you submit any personal information to them.

Granicus may share personal data with its service providers for the purpose of helping Granicus execute certain tasks outsourced to them, or providing capabilities Granicus requires. The service providers to which Granicus provides personal data in connection with the personal data collected through the Website are: (1) email service providers for email campaigns management and to send you emails on our behalf, with the express provision that their use of such information must comply with our instructions; (2) recruiting service providers, in relation to activities on the Website related to submission and processing of CV and job applications through the Website; (3) registration management of users to events through the website; (4) billing, processing payments, marketing automation, Granicus advertisements on social media, CRM platform, analytics tools providers, web page building tools, cloud services, support and maintenance operation tools. Our service providers do not have any right to use your personal data collected from the Website beyond what is necessary for the purpose of facilitating their services for us and are subject to data protection agreements to the extent required under applicable law.

Granicus is also entitled to transfer or share anonymous, statistic or aggregative information with companies or organizations connected to Granicus, and with suppliers, business partners, advertisers, and every third party, according to Granicus’s absolute discretion.

Social media features – the Website includes social media plugins, including links to Facebook, LinkedIn and Twitter. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the plugin to function properly. Social media features are governed by the privacy policy of the company providing it.

Do We Participate in the Data Privacy Framework?

Yes. Granicus complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF)and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ and search for “Granicus”.We are responsible for the processing of personal data we receive or subsequently transfer to a third party acting as an agent on our behalf. We will comply with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, and the UK, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to Data Privacy Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In addition, Granicus commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO),the Gibraltar Regulatory Authority (GRA) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF. You may engage such authorities if you have concerns regarding our adherence to the Data Privacy Framework Principles or any applicable privacy law or regulations. We will respond directly to such authorities regarding investigations and resolution of complaints. Under certain conditions, more fully described on the Data Privacy Framework website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Does Granicus Transfer My Personal Data Overseas?

Some of the Granicus entities, Data Processors and other third parties that we share your personal data with are located outside of the UK or European Economic Area (EEA).

If we transfer your personal data to entities outside of the EEA (which include our IT service providers, recruitment partners and other Granicus entities in the US and India), we will make sure that your data is being protected as required by applicable data protection law, as described in more detail below.

Granicus’ compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF deems the organization to provide adequate privacy protection, which is a requirement for the transfer of personal data outside of the European Union under the EU General Data Protection Regulation (GDPR), and outside of the United Kingdom under the UK Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR).You can ask for a copy of the appropriate safeguards by contacting us as set out above.