Granicus EU Privacy Policy

Granicus Privacy Shield Policy

By using the Granicus website, you consent to our use of the information you provide to us as described in this Privacy Shield Policy.

By using the Granicus website, you consent to our use of the information you provide to us as described in this Privacy Shield Policy. As we implement new technology and introduce new services, we will update our online Privacy Shield Policy, so we encourage you to review it often.


The Federal Trade Commission (FTC) has jurisdiction over Granicus’ compliance with the Privacy Shield.

Accountability for Onward Transfers

To effectively process data on behalf of a Granicus client (Client) to serve the Client’s needs, Granicus may need to share that data with certain third parties or sub-processors. In such instances, Granicus will execute any needed contracts, clauses or addenda to ensure that any third-party agents that it engages to process personal data does so in a manner that is consistent with the Privacy Shield Principles.

Granicus will never share information gathered through Clients with any non-Governmental third parties for promotional purposes. The vendors that Granicus shares information with do not use it for any purpose other than to enhance our ability to deliver services to you and our Clients and are bound to keep the information confidential.

In the case of an onward transfer, Granicus retains responsibility for the processing of personal information it receives under the Privacy Shield. Granicus will remain liable for subsequent transfers to third parties acting as an agent on its behalf if its agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless Granicus proves that it is not responsible for the event giving rise to the damage.


Granicus is a SaaS company that operates secure data centres located in Eden Prairie, Minnesota and Ashburn, Virginia, in the United States.

Granicus uses reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorised access, disclosure, alteration, and destruction, taking into account any inherent risks and the nature of the personal data involved.

We use physical, electronic and administrative safeguards, including firewalls, encryption and password protection for our databases, designed to protect the security of the data collected and to prevent unauthorised access or disclosure to any of your information.

Where applicable, specified Granicus products, services and data centres are certified compliant with national and international information and data security programmes including:

  • Federal Risk and Authorisation Management Program (FedRAMP) Joint Authorisation Board (JAB)
  • Information Security Management ISO27001:2013

Data Integrity & Purpose Limitation

Granicus expressly disclaims ownership of personal data in favor of the Client. Furthermore, it is the Client, not Granicus, that determines the “purposes and means” of data processing, include data retention and termination. Under EU law, Granicus is the “data processor” that processes data on instruction from the Client or “data controller” (the entity that determines the “purposes and means” of the data processing in question).

Data Collection and Usage

Granicus collects personally identifiable information about you to the extent you specifically provide it to us. This includes, for example, the information you provide when you register to receive subscriptions or notices related to a document provided by one of our Clients.

The information Granicus collects can include some are all of the following: your email address, your phone number, password, subscriptions and subscription preferences. Granicus uses the information you share with us in the following ways:

  • to provide the services you request;
  • to improve the content of the website;
  • to make sure you are aware of other government communications and services that may be relevant; and
  • for announcements related to new content on the portion of the site you were using when you provided the information.

Granicus Clients (such as governmental and public bodies) can request additional data to be collected from you. In these circumstances, the Client will be responsible for ownership, privacy and usage of all data collected and hence be subject to the Client’s organisation’s separate privacy policy. For avoidance of doubt, in these circumstances the Client will be the “Data Controller” and Granicus the “Data Processor”.

In addition to information you provide, Granicus uses technology that lets us know what type of browser you are using, Internet Protocol (IP) address, approximate location (determined from IP address), the website from which you enter Granicus, and which Granicus pages you view. The precise list of information gathered may vary (as technologies advance), and an up-to-date list of data is available. This technology does not identify you personally – it simply helps us compile statistics about our visitors and their use of the Granicus applications. We use these statistics and share them with third parties only to improve our website design, content and in connection with marketing programs.

Granicus offers you the opportunity to choose (opt out) whether your personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorised by you. You will be provided with clear, conspicuous, and readily available mechanisms to exercise this choice. You may email for answers to specific questions regarding this opt-out opportunity.


Users browsing documents from Granicus Clients will receive a “session cookie” that is stored on the user’s computer only until they close the browser. The session cookie allows the server software to keep the user logged in as they browse Granicus. The cookie is not shared with other websites, does not track or store personal information, and expires as soon as the user closes the browser.


Granicus does not knowingly collect personally identifiable information from children under the age of 13. If a child has provided Granicus with personally identifiable information, we ask that a parent or guardian send an email to with the child’s name and we will do our best to delete the information from our files.

Data Access

You have the right to access and correct your personal information at any time. To review, update or make changes to your personal information or if you have provided your information to Granicus for whatever reason and would prefer that Granicus not store your information for any purpose, simply visit Granicus or the Client’s website to cancel your subscription and delete your profile.

You can also request removal from our database by sending an email to stating your request. We will act promptly to honor your request.

Recourse and Enforcement

For dispute resolution of any data complaints (including HR), Granicus works directly with the EU Data Protection Authorities.

In compliance with the Privacy Shield Principles, Granicus commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact Granicus at

In instances where other redress possibilities have been exhausted under EU law, or where the complaint has not been resolved by any other means, Granicus commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to data transferred from the EU. Granicus acknowledges that any final decision by the Panel is a legally binding decision, enforceable in US courts.

Disclosures to Law Enforcement

Granicus may disclose data in response to lawful requests by public authorities, and to meet national security or law enforcement requirements.

Third Party Sites

Our websites and digital communications may contain links to other websites for news and other information. Our Privacy Shield Policy only applies to the Granicus websites and we are not responsible for the privacy practices or the content of other websites. You should check the privacy policies of those websites before providing your personal information to them.

Additional Legal and Privacy Policy Information

Further details on the collection and usage of data can be found in our published Legal and Privacy Policy, above. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.