GRITGLOBAL PRIVACY POLICY
Last Revised: May 17th, 2024
Thank you for choosing to be part of our community at GRITGLOBAL (“Company”, “We”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. When you visit our website, and use our services, you trust us with your personal information. We take your privacy very seriously. In this privacy policy, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy policy that you do not agree with, please discontinue use of our Sites and our services. This privacy policy applies to all information collected through our website, and/or any related services, sales, marketing or events (we refer to them collectively in this privacy policy as the “Services”). Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at support@gritglobal.io.
WHAT INFORMATION DO WE COLLECT?
1. Personal information
As a visitor to our Website, you do not have to submit any personal information in order to use the Website. We only collect personal information that you provide to us. We collect personal information that you voluntarily provide to us when registering at the Services expressing an interest in obtaining information about us or our products and services when participating in activities on the Services, or otherwise contacting us. The personal information that we collect includes [your name, phone number, email address, country, company, and title].
2. Log File Information
Like the majority of website services delivered over the Internet, we gather log file information which is automatically reported by your browser or mobile application every time you interact with our website and Services. The data gathered is non-personal and may include information such as Internet Protocol (IP) address, browser type, referring/ exit pages and URLs, number of clicks, date/time stamp, pages viewed, and other such information. The data is used to help us analyze trends, track users’ movement on the site, and gather demographic information for aggregate use. We do not link this automatically-collected data to personally identifiable information and none of the log file information gathered enables us to personally identify you.
3. Cookie
We use cookies and other online identification technologies like web beacons or pixels to enhance your experience. For more information please read our website’s Cookie policy.
4. Payment Data
We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument. All payment data is stored by https://stripe.com. You may find their privacy policy link(s) here: https://stripe.com/en-gb-us/privacy. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
5. Information from Third-party service
We may also receive personal information from third parties such as social media, data enrichment, or authentication Services when, for example, you sign up for our Services, fill in forms on our website, or log onto your Account through such Services. Any access we may have to such information is governed by the authorization procedures of that Service. By authorizing us to connect with a third-party Services, you authorize us to access and store your name, email address(es), location, URL of profile picture, and other personal information that the third-party Services makes available to us, and to use and disclose it in accordance with this Privacy Policy.
6. Minors information collection
We do not knowingly collect data from or market to children under 16 years of age or under the age of majority under any applicable law. We do not knowingly solicit data from or market to children under 16 or under the age of majority under any applicable law. By using the Services, you represent that you are at least 16 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services.
7. Store Data
In order to use the service, you hereby grants to Gritglobal a license to access and use Store Data in BigCommerce and the data from the integrated applications , in order to provide the Service to you and fulfill its obligations under our Terms of Use or any other written agreement between you and us, including without limitation, accessing, storing, recording, transmitting, reproducing, maintaining, displaying and otherwise using, manipulating and/or modifying the Store Data as necessary to provide the Service. The store data may include information such as order details, product details, store and inventory details or customer data details name, phone, email, shipping address and billing address, order history, or other information which are granted by the user. These information might deprive from BigCommerce or other third parties.
If we learn that personal information from users less than 16 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under the age of 16, please contact us via email: support@gritglobal.io.
WHY DO WE COLLECT YOUR INFORMATION?
We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent. We use personal information collected via our Services for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below. We use the information we collect or receive:
- To provide our Services to you. For example, our Merchant Assistant app might collect and store your store data and user input/ prompts you provide to generate the output. This user input may include text, images, audio, or other content.
- To send you marketing and promotional communications: We and/or our third-party marketing partners may use the personal information you send to us for our marketing purposes if this is in accordance with your marketing preferences. You can opt-out of our marketing emails at any time (see below).
- Communication: We may use your contact information to communicate with you, respond to your inquiries, provide customer support, and send you important notices or updates regarding our Services.
- To respond to user inquiries/offer support to users: We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Services.
- For other Business Purposes: We may use your information for other Business Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and evaluating and improving our Services, products, marketing, and your experience. We may use and store this information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information.
TRANSFER OF PERSONAL INFORMATION
We transfer Personal Information to other jurisdictions as necessary for the purposes described above, including to jurisdictions that may not provide the same level of data protection as your home country. If you are a non-resident of the United States, submitting your personal information constitutes a cross-border transfer of your data.
We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations. We may process or share data based on the following legal basis:
- Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
- Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
- Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
- Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
More specifically, we may need to process your data or share your personal information in the following situations:
- Affiliates & corporate partners. GritGlobal discloses the categories of personal data described above between and among its affiliates and related entities.
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Third-Party Advertisers. We may use third-party advertising companies to serve ads when you visit the Services. These companies may use information about your visits to our Website(s) and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you.
- Business Partners. We may share your information with our business partners to offer you certain products, services or promotions.
- We may share your personal information with our trusted business partners, service providers, authorized third-party agents, or contractors situated worldwide for data processing, storage, or to fulfill specific service requests or transactions. Rest assured, these entities are contractually obligated to adhere to strict data privacy standards for instance the Standard Contract Clause approved by the European Commission.
PERSONAL INFORMATION RETENTION
We keep your information for as long as necessary to fulfill the purposes outlined in this privacy policy unless otherwise required by law. We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
PERSONAL INFORMATION SECURITY
We have implemented reasonable security policies and procedures to safeguard personal information from unauthorized loss, misuse, alteration, or destruction. While we take extensive precautions, it’s essential to acknowledge that no security measures can provide an absolute guarantee against all potential threats. To the best of our ability, access to your personal information is restricted to individuals with a legitimate need-to-know basis. Those who have access are obligated to uphold the confidentiality of such data.
We may store personal information in locations outside our direct control (for instance, on servers or databases co-located with hosting providers).
CONTROL AND ACCESS TO YOUR PERSONAL INFORMATION
At any time, while we are in possession of or processing your personal information, you as the data subject, have the right to submit Data Subject Access requests (DSARs) to perform the following rights:
Right of access: You have the right to request a copy of the information that we hold about you.
Right of rectification: If the data we hold about you is inaccurate or incomplete, you have the right to correct it.
Right to be forgotten: Under certain circumstances, you can ask us to erase the data we hold about you from our records.
Right to restriction of processing: Where certain conditions apply to have a right to restrict the processing.
Right of portability: You have the right to have the data we hold about you transferred to another organization.
Right to object: You have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling: You also have the right to be subject to the legal effects of automated processing or profiling.
Right to withdraw consent: If the processing of personal information is based on consent, data subjects have the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
All the above requests will be forwarded should there be a third party involved in the processing of your personal information.
If you have any DSARs please contact us at support@gritglobal.io and we will respond to your DSARs within 30 days. Please note that we may need some additional information to certify your identity before carrying out any DRARs.
DATA BREACH
A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. You will be notified about data breaches when GRITGLOBAL believes you are likely to be at risk or serious harm. For example, a data breach may be likely to result in serious financial harm or harm to your mental or physical well-being. In the event that GRITGLOBAL becomes aware of a security breach which has resulted or may result in unauthorized access, use or disclosure of personal information GRITGLOBAL will promptly investigate the matter and notify the applicable Supervisory Authority not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy policy.
DO WE MAKE UPDATES TO THIS POLICY?
Yes, we may update this policy as necessary to stay compliant with relevant laws. We may update this privacy policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.
LINK TO OTHER WEBSITES
Our Services may contain links to other sites. We have no control over and take no responsibility for the privacy practices or content on other sites. You are responsible for checking the privacy policy of any such sites so that you can be informed of how they handle personal information.
HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this policy, you may contact GritGlobal, by email at support@gritglobal.io, or by post to: GRITGLOBAL, 18 Handico Tower, Pham Hung, Hanoi 10000 Vietnam
