In general, Granite Digital does not collect, store, use or disclose personally identifying information except in very specific instances, such as, for example, when you subscribe to our newsletter updates, use our contact form, or have had multiple previous communications with an Granite Digital representative. Whenever we collect such information, You may request access to, rectification, erasure or restriction of your Data, or object to the processing of your Data or Data portability at any time. The retention period for your data depends on the relationship with us, we need to retain customer and client data for a period of 7 years, for none customer / client data we retain this information for a period of 60 months. We will respond to your request in writing as soon as practicable and in any event within one month of receipt of your request. We may request proof of identification to verify your request. All requests should be addressed to firstname.lastname@example.org
You may also use the above contact information if you think any information about you is inaccurate, incomplete, or if you want to change the sort of information about you that Granite Digital may have collected.
You have the right to lodge a complaint with the Data Protection Commissioner if you are unhappy with how we are processing your Data.
Information we may collect from you
We may collect and process the following data about you:
Contact information (business name, business address, contact telephone number and email address) and your IP address, your browser type, and your referring URL
LAWFULNESS OF PROCESSING
There are six alternative ways in which the lawfulness of a specific case of processing of personal data may be established under the GDPR.
It is Granite Digital’s policy to identify the appropriate basis for processing and to document it, in accordance with the regulation. The options are described in brief in the following sections.
Unless it is necessary for a reason allowable in the GDPR, Granite Digital will always obtain explicit consent from a data subject to collect and process their data. Transparent information about our usage of their personal data will be provided to data subjects at the time that consent is obtained and their rights with regard to their data explained, such as the right to withdraw consent.
- Performance of a Contract
Where the personal data collected and processed are required to fulfil a contract with the data subject, explicit consent is not required. This will often be the case where the contract cannot be completed without the personal data in question e.g. a delivery cannot be made without an address to deliver to.
- Legal Obligation
If the personal data is required to be collected and processed in order to comply with the law, then explicit consent is not required. This may be the case for some data related to employment and taxation for example, and for many areas addressed by the public sector.
- Vital Interests of the Data Subject
In a case where the personal data are required to protect the vital interests of the data subject or of another natural person, then this may be used as the lawful basis of the processing. Granite Digital will retain reasonable, documented evidence that this is the case, whenever this reason is used as the lawful basis of the processing of personal data.
- Task Carried Out in the Public Interest
Where Granite Digital needs to perform a task that it believes is in the public interest or as part of an official duty then the data subject’s consent will not be requested. The assessment of the public interest or official duty will be documented and made available as evidence where required.
- Legitimate Interests
If the processing of specific personal data is in the legitimate interests of Granite Digital and is judged not to affect the rights and freedoms of the data subject in a significant way, then this may be defined as the lawful reason for the processing. Again, the reasoning behind this view will be documented.
Use of of your data
We may use your Data where necessary for our legitimate business interests, including:
- improve the content of our Site and the services we offer
- ensure the Site is presented in the most effective manner for you and for your computer
- compile statistical data on the use of our Site
- notify you about changes to our service
We make no attempt to identify individual visitors, or to associate the technical details we collect with any individual, unless required to disclose such information by law. We may use your Data to comply with any legal obligations.
We will store your personal Data only for as long as necessary for the purposes of providing access to our Site and related services to you; as required by law.
Disclosure of your information
We will not disclose your Data to third parties unless you have consented to this disclosure or unless the third party is required to fulfil a request you have made or contract that you have entered into. Where appropriate, Data may also be processed by our service providers in which case we will take steps to ensure that the processing complies with applicable data protection and confidentiality laws. We will also disclose your Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order or other statutory or legal requirement.
Links to other sites
Our Site may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Data to those websites.
Security and where we store your personal data
We are committed to protecting the security of your Data. We use a variety of security technologies and procedures to help protect your Data from unauthorised access and use.
For enquiries specifically through our enquiry form we store this data on a CRM system, the specific security measures in place to protect your data are detailed in https://www.zoho.com/gdpr.html .
We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to update policies and implement additional security features as new technologies become available.
Although we will do our best to protect your Data, we cannot guarantee the security of your Data transmitted to our Site. Any transmission of Data is at your own risk. Once we receive your Data, we will use appropriate security measures to seek to prevent unauthorised access or disclosure.
Changes to this Privacy Statement
We reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. Your continued use of this Site after we make changes is deemed to be acceptance of those changes, so please check this Statement periodically for updates.