Privacy Policy
for GRAN Software Solutions GmbH
Effective from: 10.10.2024
This Privacy Policy applies to you when you use our services and products (including our websites and blogs).
Data Controller
The controller responsible for processing your data is GRAN Software Solutions GmbH, Am Hamburger Bahnhof 3 c/o Glazewski, 10557 Berlin, Germany.
How to contact GRAN
You can contact us by email at hello@gransoftware.de.
Children
Our services and products, including websites and blogs, are not intended for persons under the age of 18. Should we become aware that we have unintentionally collected personal data from such persons, we will take immediate measures to delete this information. If you believe that we may be in possession of personal data from persons under the age of 18, please notify us immediately at hello@gransoftware.de.
What data we collect
Personal data we receive directly from you
User Information – When you create an account in one of our products or services, we collect certain personal data, including, but not limited to, your email address, first and last name, time zone. (collectively referred to as “User Information”)
User-Generated Content – Whenever you use one of our products or services, you can create content such as notes, calendar entries, time entries, contract documents, customer and project information, and more. We collect all of this information (collectively referred to as “User-Generated Content”).
Communication Information – When you communicate with us via email, phone, through one of our websites, products, or services, or through other channels such as social media or Discord, we collect, among other things, your contact information, your name, and the content of your messages (collectively referred to as “Communication Information”).
Personal data we receive indirectly through your use of our products and services
This includes, but is not limited to, visiting our websites and blogs.
Cookies and similar technologies – We use cookies and other technologies (e.g., local storage). We store information on your device, such as your authentication token, which is required to use private areas of our websites, products, and services (collectively referred to as “Cookies”). We use this technology for tracking and marketing purposes, provided you have given us your consent. For more information, please see our Cookie Policy.
Device Information – This includes the IP address, device name, operating system, unique device identifiers, and the browser you use (collectively referred to as “Device Information”).
Usage Data – We may automatically collect information about your use of our websites, products, and services, such as the features you use and the actions you take (collectively referred to as “Usage Data”).
Log Data – Information that is automatically sent by your browser or device when you access our websites, products, and services. This includes, but is not limited to, your IP address and the date and time of your request (collectively referred to as “Log Data”).
How we use your data
- To provide, maintain, develop, and improve our services, products, and websites.
- To conduct research.
- To communicate with you and send you information (including marketing) about our services, products, and websites.
- To protect GRAN, our users, and the public by improving the security and reliability of our services, including detecting, preventing, and responding to fraud, abuse, security risks, and technical issues.
- To comply with legal obligations, including applicable laws, regulations, legal processes, or enforceable governmental requests, and to protect the rights, privacy, safety, or property of our users, affiliates, or third parties.
With whom we share your data
We may share your personal data as needed or when appropriate with the following parties:
- Suppliers and service providers. We work with third-party providers and service providers to provide our products and services, and we may share your personal data with them for this purpose. This includes, but is not limited to, hosting or cloud providers, payment providers, email, and tracking services.
- Business transfers. In the event of a merger, acquisition, or other business transition, your personal data may be transferred as part of that transaction.
- Government authorities or other third parties. We may disclose your personal data if required by law or if we believe that such action is necessary to comply with legal obligations or to protect our rights and those of our users.
- Other users of our products and services. Some features of our services allow you to share information with other users. In such cases, your personal data may be visible to these users, for example, when you invite others to your organization.
- Third parties with whom you share your information. If you voluntarily share your data with third parties (e.g., via integrations, external apps, or exporting documents), we may also share your personal data with them at your direction.
Retention
We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including to provide our services, comply with legal obligations, resolve disputes, enforce agreements, and protect our legitimate business interests.
The duration of retention depends on various factors, such as the nature of the data, the purpose of its collection, legal or regulatory requirements, and your consent where applicable. Once personal data is no longer required for these purposes, we will securely delete or anonymize it in accordance with applicable laws.
Legal bases for processing
The data we collect and the reasons for processing have the following legal bases:
- Contractual necessity. We process your data to fulfill the contract you have with us and to provide the services you have requested, e.g., when you purchase access to our products and services (“Contractual Necessity”).
- Legal obligations. We process your data when we are legally required to do so, e.g., we must retain the invoices sent to you for accounting purposes (“Legal Obligations”).
- Legitimate interests. We process your data for our legitimate interests and those of third parties, e.g., to improve services, maintain relationships, or for internal administrative purposes (“Legitimate Interests”).
- Vital interests. We process your data to protect your vital interests and those of others, e.g., when health or life is at stake (“Vital Interests”).
- Consent. We process your data for the purposes for which you have given us your consent, e.g., to send you emails (“Consent”).
Below is a summary of what, how, and why we collect and process data:
| Purpose of processing | What data is processed | On what legal basis |
|---|---|---|
| To provide and maintain our services, products, and features. | User Information, User-Generated Content, Communication Information, Cookies, Log Data, Device Information, Usage Data | Contractual necessity |
| To improve and develop our services, products, and features. To conduct research. | User Information, User-Generated Content, Communication Information, Cookies, Log Data, Device Information, Usage Data | Legitimate interests |
| To communicate with you and send you information (including marketing) about our services, products, and features. | User Information, User-Generated Content, Communication Information, Cookies, Log Data, Device Information, Usage Data | Contractual necessity, Legitimate interests, Legal obligations |
| To protect GRAN, our users, and the public by improving the security and reliability of our services, including detecting, preventing, and responding to fraud, abuse, security risks, and technical issues. | User Information, User-Generated Content, Communication Information, Cookies, Log Data, Device Information, Usage Data | Legal obligations, Legitimate interests |
| To comply with legal obligations, including applicable laws, regulations, legal processes, or enforceable governmental requests, and to protect the rights, privacy, safety, or property of our users, affiliates, or third parties. | User Information, User-Generated Content, Communication Information, Cookies, Log Data, Device Information, Usage Data | Legal obligations, Contractual necessity, Legitimate interests, Vital interests |
Your rights
- Right to information about your personal data collected and processed by us.
- Right to rectification of your personal data if it is outdated or incorrect.
- Right to be forgotten, i.e., erasure of your personal data from our records.
- Right to restriction of processing of your personal data.
- Right to object to the processing of your personal data (e.g., for direct marketing) at any time.
- Right to take your personal data with you or transfer it to other providers.
- Right not to be subject to automated decision-making.
- Right to withdraw your consent at any time if it is our legal basis for processing.
You can exercise your rights through the interfaces of our services and products or by contacting us at hello@gransoftware.de.
Data transfers
We may occasionally transfer your personal data to third parties outside the EEA for the reasons stated in this Privacy Policy (for example, when you send us an email).
We ensure that we work with partners and providers who use Standard Contractual Clauses (SCCs), rely on adequacy decisions of the European Commission, or ensure that the recipient country has adequate data protection laws.
By using our services, you agree that your personal data will be processed and stored on servers in the USA and may also be shared with our service providers and affiliates in other countries.
Changes to the Privacy Policy
We may update this Privacy Policy from time to time. When this happens, we will post the updated version on this page, unless the law requires a different type of notification.