Privacy Policy

This Privacy Policy sets out how Grandite Processes and protects any Personal Data that we collect about you here or through any other interactions with you. Grandite respects your data privacy and adopts best practice in compliance with applicable privacy laws and regulations, including, but not limited to the EU's General Data Protection Regulation ("GDPR").

By using our website or interacting with Grandite in general you agree to this Privacy Policy.

Grandite may adjust this Privacy Policy from time to time by updating this page. You should visit this page on a regular basis to ensure that you are in sync with any changes.

Throughout this Privacy Policy we employ certain terms (some of them as they have been coined by the GDPR). These terms and their definitions are:

Personal Data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing (incl. conjugations of the verb Process) means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of personal data.

Processor means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller

Third Party means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to Process Personal Data.

Grandite, P.O. Box 47133, Quebec (Quebec), Canada  G1S 4X1

privacy@grandite.com

Your visit on our website grandite.com / grandite.ca / silverrun.com

This website grandite.com / grandite.ca / silverrun.com is hosted on a server located in the European Union ("EU") / European Economic Area ("EEA").

While you are browsing our website (including public access to our free tryouts) we only collect access log data about your visit that are necessary for the protection and smooth operation of the website (e.g. timestamp, your browser type, your operating system, your IP address). IP addresses in those log files are anonymized on a daily basis, not shared with any Third Party at any time and erased after 7 days. While you visit our website we do not collect any other Personal Data, in particular, we do not use any cookies related to the categories Performance, Functionality and Targeting/Advertizing on this website.

If you use our website to individually communicate with us (e.g. follow links to contact us) we may ask you to provide us certain information including Personal Data. To know how we treat such Personal Data, please read the section "General interactions with Grandite" further down in this Privacy Policy.

Any account names that we may have created to provide you access to reserved areas of our web site (or web servers) are pseudonymized.

This website contains links to our website grandite.com / grandite.ca / silverrun.com where you will find additional products and services. (See the details of the privacy policy related to our website grandite.com / grandite.ca / silverrun.com in the section "Your visit on our website grandite.com / grandite.ca / silverrun.com" of our page http://www.grandite.com/privacy_policy.html).

This website may contain links to Third Party websites of interest. We do not share your Personal Data with those websites. However, once you follow these links to leave our site, you should note that we do not have any control over those Third Party websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites, and such sites are not governed by this Privacy Policy. You should exercise caution and read the privacy statement applicable to the website in question.

This website contains links to the following Third Party websites:

If you want to know more how we care for your data privacy in general throughout your interactions with us (i.e. not limited to your visit on this website), you will find some additional information below.

General interactions with Grandite

We may collect the following Personal Data about you:

• First name, last name, job title and role
• Postal address at work
• Contact information at work including email address
• Other professional information (that is related to you) as it may be necessary to customize our offer of products and services for your organization
• Documents that are related to you through identifying Personal Data (e.g. emails sent from/to your email address, contracts that name you as the technical contact).
• Log data about your visit on our website (see the section Your visit on our website)
• Voice mails (e.g. you leave us a message via telephone)

We may consult publicly available sources such as your organization's website, business registries or social media sites to verify and complete the above Personal Data.

If you participate in our web sessions (e.g. webinars, software demos), we may Process your voice and/or your image.

You may voluntarily provide us additional Personal Data that is not necessary for the purpose of our business interactions with you (e.g. your work email contains your private cell phone number or your photo). We may store such additional Personal Data as well if they are integral part of a document or a file (e.g. an email) received in context with a business interaction from you. However, we will not otherwise Process such additional Personal Data without your consent.

If you believe that we might have any information from or about an individual under 16 years of age (hereinafter: "minor age") without their legal representative's consent, we will appreciate if you contact us. (Please note: We do not knowingly collect, store or otherwise Process Personal Data provided by or about anyone of minor age without their legal representative's consent.) If we learn that we have collected Personal Data from or about an individual of minor age without their legal representative's consent, we will delete those Personal Data without any undue delay.

We collect Personal Data for one or several of the following purposes:

• To communicate with you (e.g. to ensure that we have accurate and complete Personal Data about you)
• To respond to your requests
• To get feedback
• To inform you about product releases
• To grant you access to our products
• To provide support and services
• To perform commercial transactions (e.g. sending quotes / invoices)
• To keep you informed and updated on relevant products you may be interested in

We Process your Personal Data on at least one of the following grounds:

• You have given us your consent to the Processing of your Personal Data for one or more specific purposes.
• The Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.
• The Processing is necessary for compliance with a legal obligation to which we are subject.
• The Processing is necessary to pursue our legitimate interest.

In general, we Process Personal Data in our offices in Canada or through Processors (e.g. web hosting, SMTP service) located in the EU/EEA.

Our employees and Processors are bound by contract to respect the provisions of this Privacy Policy when Processing Personal Data.

Where (other) suitable cloud-based services (e.g. for web meetings) may not be available in the EU/EEA, we choose providers who Process Personal Data based on an Adequacy Decision from the European Commission.

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure we have put in place suitable physical, electronic and organizational procedures to safeguard and secure the Personal Data that we have collected about you.

Access to Personal Data within our business operations is limited to employees, Processors and additional cloud-based services on a "need-to-know" basis.

If your organization has entered a contractual relationship with us regarding any of our products or services, we keep your Personal Data as long as your organization assigns a role to you within that contractual relationship.

After a period of 24 months without a contractual relationship between your organization and us regarding any of our products or services, we will remove all Personal Data, that we may have collected about you during this period, from our systems.

We may have statutory obligations to keep your Personal Data for an extended period of time (e.g. invoices for financial auditing purposes (usually 6 years)).

Log data of visits on our web servers are kept for 7 days (see the section Your visit on our website ...).

As laid out in preceding sections (particularly in Where we Process your Personal Data), Processors and additional cloud-based-service providers Process Personal Data under certain safeguards.

We will not share your Personal Data with and not sell and not otherwise disclose your Personal Data to any other Third Party without your prior consent unless we are required by law to do so.

We acknowledge you as the owner of your Personal Data. Accordingly, you have rights to control the Personal Data we hold about you. To execute your rights in context with this Privacy Policy, please write to privacy@grandite.com .

You have the right:

To have access to your Personal Data

You may request a copy of the Personal Data which we hold about you. We will contact you to verify your identity, and if we hold Personal Data about you, we will provide you a detailed copy and tell you why we are holding those Personal Data.

To rectify your Personal Data

You may want us to correct or complete the Personal Data we hold about you. We will take the necessary measures without any undue delay.

To have erased your Personal Data

If you want us to remove your Personal Data completely from our systems and if we do not have any statutory obligation to keep your Personal Data any longer, we will follow your request without any undue delay, but may keep a record about the related communication with you.

To restriction of Processing your Personal Data

Executing your rights to have rectified or erased your Personal Data or to object to the Processing of your Personal Data may require some clarification between you and us. For the time of clarification you can request that we restrict the Processing of the Personal Data in question.

To portability of your Personal Data

If you want us to produce a copy of the Personal Data that we sourced from you, we will follow your request without any undue delay and deliver those Personal Data in spreadsheet format, at your preference, to you or another Controller of your choice.

To withdraw your consent for the Processing of Personal Data

Where the purpose of Processing your Personal Data is based on consent, you may withdraw your consent to Process your Personal Data for that purpose at any time with future effect.

To object to the Processing of your Personal Data

If you want us to not use your personal information for direct marketing purposes in the future, you may opt-out at any time by clicking on the "unsubscribe" link at the bottom of a marketing email that you may have received from us.

You can object at any time to the Processing of your Personal Data if Processing is performed on the ground of our legitimate interest. We will cease the related Processing of your Personal Data, unless we can demonstrate compelling legitimate grounds for the Processing (incl. the establishment, exercise or defence of legal claims) which override you interests, rights and freedoms.

For all questions or concerns related to this Privacy Policy or to Personal Data that we may hold about you, please write to privacy@grandite.com.

If you believe that our Processing of Personal Data infringes the GDPR, you can file a complaint with the supervisory authority in an EU/EEA member state.