OUR PRIVACY POLICY

Firstly, who are we?

Welcome to the Grinsens family of companies.

If you are visiting this page, chances are that you are engaging with one of our companies or using one of our products and the intention of this page is to set your mind at ease when it comes to the what, why and how we use personal data.

Grinsens is a group of companies that provides products and services aimed at helping small to medium enterprises identify, develop, and implement winning business strategies.  For a complete list of the companies within the group and the Service that we provide, please visit www.grinsens.com.

We care

It is important for us that you:

  • have an as easy way to understand our policies,
  • experience effortless engagement when you reach out to us or use our products and services,
  • know that we will not rent or sell your personally identifiable information to third-parties.

Should you have any query around any of our policies, communications, products or services, please do not hesitate to contact us on wecare@grinsens.com or use the information provided on our Contact Us page to get in touch.  A member of our team will get back to you within 48 hours.

Some Definitions

Given that we are explaining how we handle data, its best to define some key terms to ensure a common understanding around core terms, as to make it easier to keep this as short and as understandable as possible.

“Client” means a present or past customer of the Company.

“Client Data“ means Personal Data, reports, addresses, files, folders or documents in electronic form that a Client provides to the Company when using our Service.

“Company” means Grinsens or any one of its subsidiaries.

“Personal Data” means any information relating to an identified or identifiable natural person.

“Portal” means any web site, mobile phone or tablet application, downloadable software, communication mechanism (email, telephone, verbal conversations) or other method used by a Client, User or Visitor to engage with the Company.

“Public Area” means those areas of our Portal that can be accessed both by Clients, Users and Visitors where access is not restricted through the use of passwords or other security access control mechanisms provided by the Company.

“Restricted Area” means those areas of our Portal that can only be accessed by Clients or Users who are authorised to access protected information through the use of passwords or other similar security technologies.

“Service” means the products and services that the Company provides to a Client, User or Visitor.

“User” means an employee, agent, or representative of a Client, who primarily uses the Restricted Areas of the Service or Portal for the purpose of accessing the Service.

“Visitor” means any person who is not a Client or User who uses the Public Area, but has no access to the restricted areas of the Portal or Service.

Why do we collect information?

The reason why the Company collects and processes Personal Data is because the collection and processing of this data is necessary for us to communicate with you and to provide the Service.  Without this Personal Data, we would not be able to:

  • sign a contractual agreement,
  • inform you of Service updates or issues via email, SMS, WhatsApp etc,
  • call you to provide assistance with the Service or discuss any concerns or issues that you might have.

In a nutshell, without this Personal Data we will not be able to provide you with our Service or do business with you.

There are times when we may need to process Personal Data for other reasons (see the “How do we use the information we collect?” section of the policy).  In all instances, we will ask for your consent before we collect any Personal Data.

What information do we collect when you use our Service?

We collect different types of information from or through our Portal or Service.

User-provided information

When you use the Portal or Service as a Client, User or a Visitor, we may collect Personal Data that you provide to the Company. Examples of Personal Data include:

  • name
  • email address
  • mailing address
  • phone numbers
  • credit card or
  • other billing information.

Personal Data also includes other information, such as geographic area or preferences, when any such information is linked to information that identifies a specific individual.

When using the Portal or Service, you may also provide us with Personal Data when you register for an account, post or provide Client Data, interact with other users of the Portal or Service or employees of the Company through communication or messaging mechanisms.

Information collected by Clients

A Client or User may use our Service to provide products and services to their own customers and, in doing so, store Client Data on our servers.

In this instance, the Company has no direct relationship with the individuals whose Personal Data it stores as Client Data.  Each Client is responsible for providing notice to their own customers and third parties regarding the purpose for which the Client collects their Personal Data and how this Personal Data is processed through the use of our Service.

“Automatically Collected” information

When a User or Visitor uses the Portal or Service, we may automatically record certain information from the User’s or Visitor’s device by using various types of technology, including cookies.  This “Automatically Collected” information may include:

  • IP address or other device address or identifier
  • web browser information
  • the type of device being used
  • the areas of the Portal used just before or just after using the Service
  • the web pages or other content viewed or interacted with while using the Portal or Service
  • the dates and times that the Portal or Service was accessed

We also may use these technologies to collect information about whether a User or Visitor opens, clicks on or forwards email messages.

“Automatically collected” information may be gathered from all Clients, Users and Visitors.

Integrated Services

A Visitor or User may be given the option to access or register for access to the Portal or Service through the use of a user name and password (or other security mechanism) that is used to access third party applications or services.  When using this option, a User or Visitor may authorise the integrated service to provide Personal Data or other information to the Company.   Examples include (but are not limited to):

  •  Google
  • Dropbox
  • Facebook
  • LinkedIn
  • Twitter
  • Xero
  • Zapier

By authorising the Company to connect with an integrated service, you authorise the Company to access and store your name, email address(es), date of birth, gender, current city, profile picture URL, and other information that the integrated service makes available to us.

By authorising the Company to connect with an integrated service, you are also authorising the Company to use and disclose the information in accordance with this Policy.

We strongly advise that you check your privacy settings on each integrated service to understand what information the integrated service makes available to the Company, and make any changes that you feel are appropriate to ensure that only the Client Data or Personal Data that you want to share with the Company is made available.

We also advise that you review each integrated service’s terms of use and privacy policies carefully before using their services and connect their services to our Service.

Information from Other Sources

We may obtain information, including Personal Data, from third parties and sources other than the Portal or Service, such as our partners, advertisers, credit rating agencies, and providers of integrated services. If we combine or associate information from other sources with Personal Data that we collect through the Portal or Service, we will treat the combined information as Personal Data in accordance with this Policy.

How do we use the information we collect?

We use the information that we collect in a number of ways, including:

Operations
Information that is collected or is provided to us through integrated services (excluding Client Data) is used to:

  • operate, maintain, enhance and provide the Service,
  • respond to requests, questions and comments to provide access or support to Clients, Visitors and Users.

We process Client Data solely in accordance with the directions provided by the applicable Client or User.

Service Improvements
We use the information to:

  • understand and analyse the usage trends and preferences of our Visitors and Users when they use our Portal or Service
  • prioritise the addition or enhancement of features and functionality based how Clients, Visitors and Users use the Portal or Service
  • improve the Portal or Service

Communications

We may use a Client’s, User’s or Visitor’s information (excluding Client Data) to contact the Client, User or Visitor:

  • for administrative purposes
  • to provide customer service
  • to address potential legal issues (for example, intellectual property infringement, right of privacy violations, the posting of comments that are inciteful Users or Visitor or are of a defamatory nature) when a User or Visitor uses the Portal or Service or
  • to provide Users or Visitors with updates on promotions and events relating to products and services offered by the Company or third parties we work with

You have the ability to opt-out of receiving any communications on updates or promotions (see the “What are your choices?” section of this policy)

Cookies and Tracking Technologies
We use automatically collected information and other information collected when a User or Visitor uses the Portal or Service.  We do this by using cookies and similar technologies and use the automatically collected information to:

  • personalise the Portal or Service – examples include remembering a User’s or Visitor’s preferences so that the User or Visitor will not have to re-enter this information each time that they use the Portal or Service,
  • provide customised advertisements, content and information
  • monitor and analyse the effectiveness of the Portal or Service
  • monitor and analyse the effectiveness of our marketing strategies and activities
  • monitor and analyse the Portal or Service usage metrics such as total number of Users and Visitors frequency of use of areas of the Portal or Service, preferences of Users and Visitors when they use Portal or Service
  • track a Visitor’s or User’s entries, submissions and status in any promotions or other activities provided through the Portal or Service

You can obtain more information about cookies by visiting our cookies page.

Analytics
For web sites, web applications and mobile applications (including tablets), we may use Google Analytics to measure and evaluate:

  • how a Public Area or Restricted Area is accessed
  • the volume and types of traffic generated when Users or Visitors access a Public Area or Restricted Area,
  • create user navigation reports for our Service development managers or employees.

Google operates independently from the Company and has its own privacy policy, which we strongly suggest you review. Google may use the information collected through Google Analytics to evaluate the activity of the Company’s Users and Visitors. For more information, see Google Analytics Privacy and Data Sharing.

We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need to know basis to resolve technical issues, administer the Portal or identify a Visitor’s or User’s preferences.  Wherever feasible, the data will be in non-identifiable form.

We do not use any of this information to identify Visitors or Users.

Who do we share information with?

Except as described in this Policy, we will not intentionally disclose Personal Data or Client Data, that we collect or store, to third parties without a User’s or Visitor’s consent.  If a User or Visitor provides consent, we may disclose information to third parties or, as specified below, without consent in specific circumstances.

Unrestricted Information
Any information that you voluntarily choose to include in a Public Area when using the Portal or Service, will be available to any Visitor or User who has access to that content.  In this instance, the data is not specifically shared by the Company – it is made publicly available for anyone to view and it is important that you carefully choose what information you make available in any Public Area as we have no control over who accesses this information.

Restricted Information
Any information that you voluntarily choose to include in Restricted Areas to which other Users have access will be available to any User who has access to that Restricted Area.  Please be aware that there are some Restricted Areas where access is controlled by Users, and the Company will direct any queries or concerns you may have regarding the sharing of data to the administrator of that Restricted Area.

Service Providers
We work with third party service providers who provide website, application development, hosting, application and web site maintenance and other services to the Company. These third parties may have access to, or process Personal Data or Client Data as part of providing these services.

We limit the information provided to the Company’s service providers and only provide information that is reasonably necessary for them to provide their services.  We have contracts with our service providers that require them to maintain the confidentiality of such information.

Statistical and Compliance Information
We may make certain automatically-collected, aggregated, or statistical information available to third parties for various purposes.  This information cannot be used to identify a specific individual or device and is used:

  • when reporting on any compliance obligations of the Company
  • for business or marketing purposes
  • to assist such parties in understanding our Client’s, User’s and Visitor’s interests and usage patterns when they use the Portal or Service

Law Enforcement, Legal Process and Compliance (this information may need to be provided without consent if we are legally obliged to do so)

We may disclose Personal Data or other information if we are required to do so by law or if we reasonably believe that by not doing so, we would break the law.  Instances where this may be necessary include (but are not limited to):

  • if the Company is subject to a legal proceeding,
  • in response to a facially valid court order, judicial or other government subpoena or warrant, or
  • where the Company is required to cooperate with law enforcement or other governmental agencies.

We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to:

  • take precautions against liability
  • protect ourselves or others from fraudulent, abusive, or unlawful use or activity
  • investigate and defend ourselves against any third-party claims or allegations
  • protect the security or integrity of the Portal, Service or Company and any facilities or equipment used to provide the Service
  • protect our property
  • protect our legal rights
  • enforce our contracts
  • protect the rights, property, or safety of others

Change of Ownership and Liquidation

We may sell, divest or transfer the Company (including any shares in the Company), or any combination of its products, services or assets to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction.

Personal Data and other User information related to the Service may be among the items sold or otherwise transferred in these types of transactions and will only be disclosed if the recipient of the Client Data, Personal Data, User information or Visitor information commits to a privacy policy that has terms that are substantially consistent with this privacy policy.

In the event of an insolvency, bankruptcy, or receivership, Personal Data, Client Data and information about Users and Visitors may be is transferred to one or more third parties as one of our business assets.

You will be notified via the Portal of any change in ownership or uses of your Personal Data.  As part of this notification, you will also be notified of any choices that are available regarding the transfer of your Personal Data.

What are your choices?

Access, Correction, Deletion
We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Portal or Services.

If you wish to access or amend any Personal Data we hold about you, or to request that we delete or transfer any information about you that we have obtained from an integrated service, you may contact us as set forth in the “How to Contact Us” section. At your request, grant access to or delete any information that we store.

If you have a user account that allows access to a Restricted Access you may update, correct, or delete your account information and preferences at any time by accessing your account settings page provided within the Portal or Service.

Please note that while any changes you make will be reflected in the active information storage facility within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Portal or Service.

At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise required or permitted by applicable law.

If you believe your right to privacy granted by applicable data protection laws has been infringed, please contact the Company’s Data Protection Officer at dpo@grinsens.com. You also have a right to lodge a complaint with data protection authorities.

This provision does not apply to Personal Data that is part of Client Data. In this case, the management of the Client Data is subject to the Client’s own privacy policy, and any request for access, correction or deletion should be made to the Client responsible for the uploading and storage of such data into the Service.

Navigation Information
You may opt out from the collection of navigation information about your visit to the Portal by Google Analytics by using the Google Analytics Opt-out feature.

Opting out from Commercial Communications
If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the “How to Contact Us” section.

Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten business days for us to process your request.

What else should you be aware of?

Links

The Portal or Service may contain features or links to web sites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of these sites or services.  The use of these sites or services is subject to those operators’ policies, even these sites or services are accessed through the Portal or Service.

We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Portal or Service.

We encourage you to learn about third parties’ privacy and security policies before providing them with information.

Settings

Although we allow you to adjust your privacy settings and control access to certain Personal Data, please be aware that no security measures are perfect or impenetrable.

We are not responsible for circumvention of any privacy settings or security measures on the Portal or Service and we cannot control the actions of other users with whom you may choose to share your information.

Please also be aware that, even after information posted on the Portal or Service is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available when you used the Portal or Service. We have implemented measures to protect your Personal Data but cannot and do not guarantee that information you post on or transmit using the Portal or Service will not be viewed by unauthorised persons.

What is our policy regarding the privacy of minors or children?

Protecting the privacy of young children is very important to us.

The focus of the provision of our Portal and Service is aimed at Users or Visitors that are over the age of 18.  We do not knowingly collect Personal Data from children under the age of 18 without obtaining parental consent.

If you are under 18 years of age, please do not use or access the Portal or Service at any time or in any manner without providing us with parental consent. If we learn that Personal Data has been collected on the Portal or Service from persons under 18 years of age and without verifiable parental consent, we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an account for access to the Portal or Service, please contact our Data Protection Officer at dpo@grinsens.com and request that we delete that child’s Personal Data from our systems.

Neither the Portal nor the Service are intended to be used by minors, and neither the Portal nor the Service are intended to be used to post or share content publicly or with friends. To the extent that a minor has added content on the Portal or Service, the minor has the right to have this content deleted or removed using the deletion or removal options detailed in this privacy policy.

If you have any question regarding this topic, please contact us as indicated in the “How to Contact Us” section. Please be aware that, although we offer this deletion capability, the removal of content may not ensure complete or comprehensive removal of that content or information.

How do we ensure that your data is secure?

We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it.

We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorised alteration, unauthorised disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes (but is not limited to) the use of:

  • firewalls,
  • password protection and other access and authentication controls,
  • SSL technology to encrypt data during transmission,
  • application-layer security features to anonymise Personal Data.

No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store through the use of the Service, and you do so at your own risk.   We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

If you believe your Personal Data has been compromised, please see the “How to Contact Us” section.

If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.

How long do we keep data for?

We only retain the Personal Data collected from a User for as long as the User’s account is active or  for the limited period of time required for us to fulfil the purposes for which initially collected the information, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:

  • the contents of closed accounts are deleted within 3 months of the date of deactivation,
  • backups are kept for 3 months;
  • billing information is retained for the period required by the accounting and taxation laws in which the Company operates (generally between five and seven years),
  • information on legal transactions between the Client and the Company is retained for a period of ten years in order to allow the Company to comply with the laws of the jurisdictions in which the Company operates

What about the transferring of data between countries?

We may transfer, process and store Personal Data we collect through the Portal or Service in centralised data storage facilities or technologies and with service providers located in various countries around the world.  These countries may not have the same data protection framework as the country from which you may be using the Portal or Services. When we transfer Personal Data to other countries., we will protect it as described in this privacy policy.

The Portal and Service are provided through infrastructure located in the United States, the United Kingdom, Germany and South Africa and data may be transferred and stored in any one of these countries.

If you choose to use the Portal or Service from the European Union or other regions of the world with laws governing data collection and data use that differs from the laws of these countries, please note that you may be transferring your Client Data and Personal Data outside of European Union to those countries for storage and processing by our service providers or employees.  We will comply with GDPR requirements providing adequate protection for the transfer of personal information from Europe to these countries.

Please also be aware that we may transfer your data to the U.S., the EEA, or other countries or regions deemed by the European Commission to provide adequate protection of personal data in connection with storage and processing of data, fulfilling your requests, and operating the Portal or Service.

Are we a data controller or data processor?

Data that we store on behalf of our Clients

The Company does not own, control or direct the use of any of the Client Data stored or processed by a Client or User when they make use of the Service.  Only the Client or authorised Users are entitled to access, retrieve and direct the use of Client Data.

The Company is largely unaware of what Client Data is stored or made available by a Client or User when they use the Service. The Company does not directly access Client Data except:

  • when authorised to do so by the Client, or
  • as is necessary to provide the Service to the Client and the Client’s Users.

The Company does not collect, control the means of collection, determine the use or purpose of, or use any Personal Data contained in the Client Data.  The Company is therefore not acting in the capacity of data controller in terms of the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”) and the associated responsibilities under the GDPR do not apply to the Company.

The Company should be considered only as a data processor that processes data on behalf of its Clients and Users.

Except as outlined in this privacy policy, the Company does not independently transfer or otherwise make availably any Client Data containing Personal Data stored in connection with the Services to third parties.

The Client or the User is the data controller under GDPR for any Client Data containing Personal Data, meaning that these parties control the manner in which Personal Data is collected and used and these parties determine the purposes and means of the processing of this Personal Data.

The Company is not responsible for the content of the Personal Data contained in the Client Data or other information stored on any server used to provide the Service.  This information is stored at the discretion of the Client or User and the Client or the User is responsible for the manner in which the Client or User collects, handles disclosure, distributes or otherwise processes such information.

Data that we collect

In terms of the data that we collect as outlined in the “What information do we collect when you use our service?” section of this privacy policy, we are the data controller.  All data collection, control, determination of the use or purpose is controlled by the Company and subject to the conditions and terms and conditions of this privacy policy.

Changes and updates to this policy?

Please revisit this page periodically to for updates or changes to this Policy.  If we modify the policy, we will make it available through the Service, indicate the date of the latest revision and will comply with applicable law. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the policy.

How to contact us

If you have any questions, comments, concerns or complaints about this policy, your Personal Data, our use and disclosure practices, or your consent choices, you can contact us by:

  • sending an email to dpo@grinsens.com or
  • calling us on any one of the numbers listed on our Contact Us page or
  • completing the form on our Contact Us page