Granicus, LLC (“Granicus”, “Company”, or “We”) is committed to maintaining your trust by protecting your personal data. The Granicus Privacy Policy was last updated on 30 March, 2021.
Granicus, LLC (“Granicus” or “We”) is committed to maintaining your trust by protecting your personal data. Personal data is any information relating to an identified or identifiable person. Your name, address, phone number, email address, and IP address are examples of personal data. This privacy policy applies to Granicus’ targeted marketing efforts. This does not apply to where we are delivering our products and services, please see the associated product privacy policies for those cases.
Granicus will process your personal data in a transparent way. Any personal data you provide when using this website will be used only in accordance with this privacy policy.
We may change this policy from time to time to reflect privacy or security updates. We encourage you to periodically review this page for the latest information on our privacy practices.
This privacy policy is provided in a layered format so you can click through to the specific sections set out below. Alternatively, you can download a pdf version of the privacy policy.
If you have any questions about this policy or if you would like to exercise any rights you may have in relation to your personal data, please contact us at gdpr@granicus.com. If you have additional questions or need to escalate an issue, use the below details for our Data Protection Officer (DPO).
Full name of legal entity: Granicus, LLC
Name of DPO: Gerry Hansen
Email address: dpo@granicus.com
Postal address: 408 St. Peter Street, Suite 600, St.Paul, MN 55102
Telephone number: 01 651 400 8730
Name of EU representative: DataRep
Email address: granicus@datarep.com
You can also contact DataRep using this online form: https://www.datarep.com/data-request
Postal address: The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
As part of our marketing efforts, we collect your personal data such as your name, place of employment and address, job position, e-mail address, and phone number. This data is generally gathered directly from you through forms on our website, or over the phone and is used to communicate and personalize such communications with you, including offering products and services that we believe may be of interest to someone in your position. Information about your chosen subscriptions are used to better provide you with relevant e-mail content.
We gather business contact details about you from publicly accessible sources, such as your business or work website, or we may receive business-to-business (B2B) information from third party lists. Our employees may also search for your business contact details online and enter your information on to our marketing database. If you reside in EU/UK, we will ask for your opt-in consent to contact you. If you reside in the USA, we will provide you an option to opt-out on our first communication.
In certain situations, such as when you authorize to prefill a form on our website, we may receive data (such as first name, last name, e-mail address, job title, and company) from your past interaction with our website.
We gather certain data automatically upon your visit to our website, including, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site and e-mails (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyse trends in the aggregate and administer the site. If you interact with web forms on our site or emails from us, your IP address is captured and used to infer your location, which helps us to serve you relevant content.
Our website also collects cookies. However, we will give you an option to opt-in or out to cookie tracking technologies depending upon your local jurisdiction.
We will use your personal data when the law allows us to. While national legislation differs (such as EU national law responses to the ePrivacy Directive), in general it will depend on where you are and whether you are acting in a business or personal capacity.
Most commonly, for marketing purposes, we will process your personal data in the following circumstances:
Where we are not certain of your business or personal capacity, we will apply the strictest possible justification (we will assume you are a private citizen, and therefore all services will be an “opt-in” data collection).
Our legitimate interests may include:
Our data use depends on the purpose of collection. The main reasons include:
We will only use your personal data for the uses and purposes set out above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original uses and purposes. If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
Nothing. As marketing is optional and only allowed with your permission, we cannot contact you further. If you reside in the US, we will collect your data and give you the ability to opt-out. If you are in EU/UK, we will contact you only if we have your consent or will contact you to let you know if we have collected your data.
Where we use cookies, we will only use cookies that are allowed based on your jurisdiction and give you an option to adjust the cookie preference anytime. Particularly for EU/UK, we will use “opt-in” consent for cookies that are not strictly essential.
Yes. Our service providers that analyse our website traffic will use algorithms to make decisions about who you are and what your interests are, in order to serve you with targeted advertisements. We will only do this when you have positively consented to this collection and use, which will be presented to you when you enter our website.
No. We do not sell marketing data. We do buy business contact details from third party B2B database providers within the US, but we never sell marketing data.
Yes. We have certified to adhere to the Privacy Principles set forth in the US-EU Privacy Shield Framework regarding the collection, use, and retention of personal data transferred from the European Union (“EU”) and the United Kingdom (“UK”) to the United States. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
We are responsible for the processing of personal data we receive or subsequently transfer to a third party acting as an agent on our behalf. We will comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and the UK, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to Privacy Shield, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In addition, we will cooperate with the European Data Protection Authorities for any unresolved complaints regarding personal data. You may engage your local Data Protection and/or Labor Authority if you have concern regarding our adherence to the Privacy Shield Principles or any applicable privacy law or regulations. We will respond directly to such authorities regarding investigations and resolution of complaints. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Granicus is owned and operated within the United States. Therefore, the data that we collect from you will be transferred to, and stored at, a destination outside the European Economic Area (“EEA”)/UK.
In light of the July 16, 2020 “Schrems II” decisions, the European Court of Justice has decided that the EU-US Privacy Shield is no longer a valid international data transfer option. We plan to maintain our Privacy Shield certification as good practice; however, we will no longer rely upon it as a basis for data transfer. We will discuss with any partner relying on it for EU-US transfers their proposed alternative solutions.
The remaining option open to us for data transfers are Standard Contract Clauses (SCCs) and we are therefore engaging with our partners to:
Likewise, we are aware of the UK’s exit from the EU and the end of the current transition period on December 31st, 2020. We will follow the new UK Information Commissioner’s Office (ICO) and the European Data Protection Board (EDPB) guidance on data transfer when it becomes available.
We will continue to rely on legal derogations for case-by-case transfers where appropriate and will identify where this is the case.
We are committed to ensuring that your personal data is secure. In order to prevent unauthorized access, loss or disclosure, we have put in place security controls that reduce the risk of a security breach of your personal data.
If a data breach does occur, we will do everything in our power to limit the damage. In case of a high-risk data breach, and depending on the circumstances, we will inform you about remedial actions to prevent any further damage. We will also inform the relevant supervisory authority or authorities of the breach.
Employees and temporary workers are required to follow policies, procedures, and complete confidentiality training to understand the requirement of maintaining the confidentiality of customer information. If they fail to do so, they are subject to disciplinary action. All employees are required to complete privacy and security training. We also offer a wide variety of other training to all employees and temporary workers to help us achieve our goal of protecting your personal data.
Your data will not be retained for a period longer than necessary for the purpose it was collected for. We may also keep data for the relevant statutory period where there is a risk of a legal claim. Particularly, if you are a customer or part of the customer account, we will keep your data for as long as you remain a customer plus legal statutory period (6 years).
To exercise any of the following rights, please contact gdpr@granicus.com. Under certain circumstances, by law you have the right to:
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We will not discriminate against you for exercising any of your rights under applicable law (such as GDPR, CCPA etc.). Unless permitted by the applicable laws, we will not:
Yes. We do use online tracking technologies, such as cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base. Depending upon your local jurisdiction you will be provided with a cookie notice when you visit the site. The cookie notice will provide you an option to update your preference.
Currently, various browsers offer a “do not track” or “DNT” option and global privacy control which sends a signal to websites visited by the user about the user’s browser DNT preference setting. We will do our best to respect such signals we receive, and as required where placing tracking technologies on your device, notify you what and why.