Privacy Policy
Background
This Privacy Policy is adopted by Gridcog International Limited and operating subsidiaries Metrolo Pty Ltd, Gridcog Ltd and Gridcog Gmbh (“Gridcog”, “we”, “our”, or “us”).
Gridcog is committed to protecting the privacy and security of personal data. This Privacy Policy describes: How we handle “personal information” and “personal data” as it is defined in Data Protection Laws, e.g. EU GDPR, UK DPA, Australia’s Privacy Act, and any other applicable law governing the processing of personal data (Personal Data).
1. Scope
This Privacy Policy applies to personal data we collect across our website and app, in connection with any services we provide. It also applies to personal data we collect from third party data sources, and through surveys, events, customer support, competitions, promotional programmes and training.
If, at any time, an individual provides personal data or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified
This notice does not apply to information we collect about businesses or companies, however it does apply to information about the people in those businesses or companies.
2. What Data is Processed/The information collected
a) User Information. For users of Gridcog software who are authorised to access the software by our business customers we collect name and work email address, which we use to manage software access and to send product-related communications to users. We also collect software usage information for the purposes of providing technical support and to inform plans to improve the software.
b) Gridcog Team Information. For our staff or contractors we collect information such as name, location, date of birth, right to work, email address, telephone number, emergency contact details, photographs and videos, financial details and other information that may be required by government agencies for us to ensure regulatory compliance. If you apply for a position at Gridcog, this information will also be collected and used solely for recruitment and employment purposes.
c) Customer Information. For individuals who engage with us for information about our products and services, or contract with us for the provision of our products and services, we may collect information such as name, location, employer or organisational affiliation, job title, email address, and telephone number.
d) Information an individual sends us. We may also collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities. This may include event registration information, contact information, dietary preferences, or other information provided for logistical purposes
We may collect other personal data about an individual, which we will maintain in accordance with this Privacy Policy.
We may also collect non-personal data about an individual such as information regarding their computer, network and browser. Where non-personal data is collected the DPA, GDPR, and Privacy Act do not apply.
3. How we Collect Data.
a) When you provide it to us directly. When an individual registers or subscribes for a service, account, connection or other process whereby they enter personal data details in order to receive or access something, including a transaction; when an individual supplies us with goods or services; or when an individual contacts us in any way.
b) Automatically. We collect some personal data about you automatically when you visit our websites or use our services. For example, we collect data about the pages you look at and the links you click on.
c) From third parties. Although we collect the majority of personal data about you directly or automatically, sometimes we might collect it from other sources. For example, from trusted third parties and service providers that help us deliver our services (such as providers of email, marketing, analytics, financial, credit and payment services) and from social media platforms.
As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their personal data is being collected.
Where we obtain personal data without an individual’s knowledge (such as by accidental acquisition from a user), we will either delete/destroy the information, or inform the individual that we hold such information, in accordance with the DPA, GDPR, and Privacy Act.
4. When Personal Data is Used.
In general, the primary principle is that we will not use any personal data other than for the purpose for which it was collected other than with the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
We will only process personal data when we can identify a lawful basis to do so. It is always our responsibility to ensure that we can demonstrate which lawful basis applies to the particular processing purpose. Outside of where we have a contract with you, the most common lawful bases relied upon are:
a) Consent. We will only rely upon express, clear and informed consent. Any consent provided may specify and/or restrict the purpose and can be withdrawn at any time without penalty. We will keep a record of when and how we got consent from an individual.
b) Legitimate interest. We will only rely upon an identifiable legitimate interest where we can demonstrate that the processing of personal data is necessary to achieve it by balancing it against the individual’s interests, rights and freedoms. We will keep a record of our legitimate interests’ assessments.
Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
Communicating with an individual about:
- their relationship with us;
- our goods and services
There are some circumstances in which we must disclose an individual’s information:
(a) Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
(b) As required by any law (including the DPA, GDPR and Privacy Act); and/or
(c) In order to sell our business (in that we may need to transfer personal data to a new owner).
5. Third Parties.
We may engage trusted third-party service providers to help us deliver our services, such as providers of hosting, communications, analytics, payment processing, recruitment, and customer support tools. These service providers act on our instructions, and we prioritise entering into Data Processing Agreements (DPAs) with each to ensure that personal data is processed securely and in line with our privacy obligations, including where those service providers are located outside the United Kingdom, European Union, or Australia..
We will not disclose or sell an individual’s personal data to unrelated third parties under any circumstances, unless the prior written consent of the individual is obtained.
6. Data Retention.
We will retain personal data for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
7. Cookies
See cookie notice
8. Security
Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens. For more information, please see our Trust Centre at https://security.gridcog.com/
9. International Transfers
Where personal data is transferred outside of the United Kingdom, European Union, or Australia, whether within the Gridcog group or to authorised third-party service providers, we take organisational, contractual, and legal measures to ensure that the data continues to be protected.
To safeguard international transfers, we use appropriate measures such as:
- Relying on countries recognised by the European Commission as providing an adequate level of protection;
- Incorporating SCCs or other approved transfer mechanisms into our agreements;
- Requiring service providers to enter into binding contractual commitments to process personal data securely and only on our instructions.
We ensure that personal data transferred internationally is processed exclusively for the purposes described in this Privacy Policy and in compliance with applicable data protection laws.
10. Your Rights/Data Subject Rights
An individual may opt to not have us collect and/or process their personal data. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when: (a) Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us (for clarity, consent must involve an unambiguous positive action to opt in); or (b) Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us using the details as set out below.
The individual shall have the right to object at any time to the processing of their personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. If we receive such a request, we will stop the processing of personal data for direct marketing purposes immediately without charge or penalty.
11. Updates
We may make changes to this Privacy Policy from time to time. Please refer to the effective date at the top of this page.
Contact
If you have any questions about this Privacy Policy, please contact us at privacy@gridcog.com