WEBSITE PRIVACY POLICY FOR GRINDSTONE JERSEY LIMITED

At Grindstone Jersey Limited, we are committed to protecting the personal data we obtain about you.

At Grindstone Jersey Limited, we are committed to protecting the personal data we obtain about you.


This Website Privacy Policy explains how we will process the data relating to you that you provide to us (or that we may collect from others) when you visit the following websites: www.grindstone.global and www.grindstonexl.com (the 'Websites'). 


The Websites are operated by Grindstone Jersey Limited ("Grindstone Jersey Limited", "we", "us", "our"), a company incorporated in Jersey with company number 146953 and registered office at Gaspé House 66-72 Esplanade St. Helier Jersey, JE1 1GH. Where we decide the purpose or means for processing the personal data that you or others provide via our Websites, we are the "data controller". As data controllers, we will comply with all applicable data protection laws (including the General Data Protection Regulation 2016/679).


This Website Privacy Policy is part of our Website Terms of Use, which can be found here. We encourage all website visitors to read the Terms of Use and this policy in full. Additionally, if you are a client of Grindstone Jersey Limited or will be using our services, we encourage you to read this policy, as access to our services is provided via the Websites.


Our Websites may contain hyperlinks to third-party websites. These websites operate fully independently from us, and we cannot accept any responsibility or liability for the privacy practices of such third parties or the availability of these external sites or resources. The appearance of such links on our Websites is not an endorsement. Should you use any of these websites, such use is at your own risk, and we advise you to review their respective privacy policies.


If you have any questions or comments about this Website Privacy Policy, please let us know by emailing 

info@grindstonexl.com, note that we may update this policy from time to time.


WHAT PERSONAL INFORMATION ARE WE LIKELY TO COLLECT ABOUT YOU?

Not only do our Websites provide visitors with information about our services, but they also function as platforms providing our clients and other users access to our services [as a means to upload user content or to view impact performance dashboards].


To provide online services such as interactive meetings, webinars, and other related business activities, we need to collect and process information about our Websites' visitors and, in particular, the users of our online services.


INFORMATION PROVIDED BY YOU

When you use our Website, you may need to fill out forms to create your account. Providing information is necessary whether you're browsing, uploading your content, capturing and reporting impact, uploading evidence, reviewing case studies, following people or projects, downloading information from featured projects, or requesting to collaborate with others. We'll need you to provide us with some basic information to create your account.

  • your name
  • your organisation or company name
  • your phone number
  • your email address (work emails only)
  • your registration code 

If you decide to purchase any of our services, we will also need you to provide:

  • your billing address
  • other information

Additionally, in the course of using our services, we will collect certain information about your activities and preferences when using this service, including:

  • consumption of course content
  • any downloads you make of evidence information 

Our ["Contact Us"] contact function also allows our Website visitors to include a short message. 


Depending on your message, we may obtain additional personal data, which could include special categories of personal data (i.e., personal data of a more sensitive nature), when you voluntarily supply information through this function on our Websites.


ANALYTICS

We are always trying to improve our Websites and offer the best, most accessible service possible to all our clients.

 To evaluate and make improvements, we utilise third-party data analytics service providers (such as Google Analytics) to improve our visibility and to monitor website browser behaviour and navigation across the Websites. These third-party data analytics service providers collect this information on our behalf, following our instructions and in line with their privacy policies. We have contracts to protect your information's confidentiality with all of our third-party data analytics service providers.


When you visit our Websites, our service providers may collect the following data, which will almost always be anonymised and aggregated before reporting back to us:

  • number of visitors to our Websites
  • pages visited while at the Websites and time spent per page
  • page interaction information, such as scrolling, clicks and browsing methods
  • websites where visitors have come from and where they go afterwards
  • page response times and any download errors
  • other behavioural information about your visit to the Websites
  • other technical information relating to the end-user device, such as IP address or browser plug-in


To learn more about how this data is collected, please read below about using cookies, analytics and other tracking technology.


HOW DO WE USE YOUR PERSONAL DATA, AND ON WHAT BASIS?

When you visit our Websites, whether to browse our content, contact us about our services, purchase our services or upload or view content, we (or our third-party service providers acting on our behalf) may use the personal information that you provide for the following purposes:


PROVIDING OUR SERVICES

Entering into an agreement with you to provide our services to you or that grants you the use of our services;

Logging and processing your purchase order in our information systems;

Providing a platform via which users may upload content;

Providing online "delivery" of our services, such as access to project information, uploaded user content or dashboards.

If you are a client of Grindstone Jersey Limited, we collect and use this information to enable you to access online services in line with our Website Terms of Use and our standard Service Agreement Terms and Conditions.

If you are an end user of our Services, we will only collect and use this information where an End User Licence Agreement (EULA found here) is in place, and such processing shall be done to enable us to perform under that contract.


CUSTOMER SERVICES & ENQUIRIES

Replying to your enquiries or responding to concerns or complaints;

Provide you with information about the services we offer, including our free e-newsletter and webinars; Important announcements about your account, and other updates (where you have opted to receive these);

Sending you marketing materials;

If you contact us to make an enquiry or to raise a concern about our Websites or any aspect of our online services, we aim to respond to you as promptly as possible, and we do so on the basis that we have a legitimate interest in replying to you.

If you have asked to be added to our mailing list, we will provide you with the option to opt in and opt out at any time, should you wish to do so. This option we provide helps us to produce and manage our newsletters and other updates. We provide these communications on the basis that you have asked to receive these. If you change your mind, you may opt out via the unsubscribe feature in our emails or by emailing info@ grindstonexl.com.


You may also be asked to opt in to receive updates or information about other similar services from our network of recommended suppliers or to receive promotional material from us or our trusted third-party suppliers.


TAX AND OTHER LEGAL OBLIGATIONS

Reporting VAT and other company tax reporting purposes (as required by law);

Complying with regulators, law enforcement agencies or in relation to any claims that may arise;

We process personal information for legitimate interests and under the legal obligation of ensuring that the use of the Website

  1. is lawful and non-fraudulent,
  2. does not disrupt the operation of our services,
  3. does not harass our staff or other individuals, and
  4. to enforce our legal rights and comply with our legal obligations.


In accordance with our legal obligations, we may disclose your information to the extent required by law, which may include for financial accounting and taxation purposes with our auditors, regulators or other government bodies such as HMRC. We may also disclose your information to third parties to enforce or apply our contractual terms, investigate potential breaches, and protect the rights and freedoms, property or safety of our business or those of our clients, end users and other individuals.


Where we reasonably believe that you are or may be in breach of any applicable laws, we may use your personal information to inform relevant third parties, such as your email/internet provider or law enforcement agencies, about the content.

Suppose we are involved in a merger, acquisition, or sale of all or a portion of our business or assets. In that case, the information we hold may be included as part of that sale, in which case you will be notified via email or a prominent notice on the relevant Website of any changes in ownership or use of your information, as any choices you may have regarding that information.


COOKIES, ANALYTICS & OTHER TRACKING TECHNOLOGY

Cookies: Our Websites use cookies and other mechanisms to collect log and analytical information, to help analyse how visitors use the site and to compile statistical reports on the activity of the Websites.


WHAT ARE COOKIES?

Cookies are files, often including unique identifiers, sent by web servers to web browsers and may then be sent back to the server each time the browser requests a page from the server. Web servers can use cookies to identify and track users as they navigate different pages on a website and identify users returning to a website.

Cookies may be either "persistent" cookies or "session" cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session when the web browser is closed.

Cookies may also be "first-party cookies" or "third-party cookies". First-party cookies are those that we set ourselves when you visit our Websites. Third-party cookies" are those set by another website (with a different domain from ours), such as by our trusted third-party service providers or selected advertisers.


HOW WE USE COOKIES

Cookies do not contain any information that personally identifies you, but personal information that we store about you may be linked, by us, to the information stored in and obtained from cookies. The cookies used on the Websites include those that are strictly necessary for access and navigation, cookies that track usage (performance cookies), remember your choices (functionality cookies), and cookies that provide you with targeted content or advertising.


We may use the information we obtain from your use of our cookies to recognise your computer when you visit the Websites, to improve the Websites' usability or to analyse the use of the Websites.


You may also be sent third-party cookies from our advertisers and third-party service providers when you use the Websites, and they may use the information they obtain from your use of their cookies to track your browser across multiple websites, to build a profile of your web surfing and to target advertisements which may be of particular interest to you.


ANALYTICS

Our Websites also use data analytics tools, such as Google Analytics. Google Analytics uses both session cookies and persistent cookies on the Website.


WHAT DOES ANALYTICS INVOLVE?

You can find out more here: How Google uses data when you use our partners' sites or apps. To learn how to opt out of Google Analytics, please visit https://tools.google.com/dlpage/gaoptout/ or your Google Ads Settings.


HOW WE USE DATA ANALYTICS

We process this information to understand how visitors use our Websites and to compile statistical reports regarding that activity (for example, your IP address is used to approximate the country from which you access our Websites, and we aggregate this information together so we know that, for example, most of the visitors to our Websites come from England).


This processing is crucial to running our online business, and we, therefore, undertake such monitoring in the pursuit of our legitimate interests in improving our Websites and providing a better service and source of information to visitors.

 This information is not used to develop a personal profile of you.


FINANCIAL TRANSACTIONS

All financial transactions relating to the purchase of our Services are handled directly by our payment service providers. We will not share any personal information with these third-party providers, nor will we receive any of the financial information you provide.

 The payment providers we use are PayPal and Stripe.


DO WE SHARE YOUR PERSONAL INFORMATION WITH ANYONE ELSE?

We will only ever share your information with third parties in the ways that are described in this Website Privacy Policy. If you would like to learn more about how those third parties listed in this policy use your information, this should be set out in their respective privacy policies accessible on their websites.


PERSONNEL, SUPPLIERS AND SUBCONTRACTORS

We keep your information confidential but may disclose it to our personnel (including personnel in our group companies), suppliers or subcontractors (including our cloud-based data processing, data analytics and payment service providers) as well as to our trusted third-party service providers insofar as it is reasonably necessary for the purposes set out in this policy, provided that they do not make independent use of the information and have agreed to adhere to the rules set out in this policy. In some instances, this data sharing may involve the transfer of information outside the EU. Please see our section on International Data Transfers below. 


[By group company, we mean our subsidiaries, our ultimate holding company and its subsidiaries, as defined regarding the definitions of "holding undertaking" and "subsidiary undertaking" in section 1162 of the UK Companies Act 2006.]


Unless you consent, we will not pass your information on to third parties for marketing purposes. In that event, the advertisements that appear when you visit our Websites will be targeted to provide you with more relevant advertising content, and you may receive communications from third parties offering similar or related services to us.


Such third parties may include, without limitation: Microsoft, Google, HubSpot, Amazon, DropBox, OneDrive, Monday.com, or Zoom.


Your choices and rights concerning personal data which we process relating to you

You have the following rights over how we process personal data relating to you. We aim to comply without undue delay and within one month at the latest:

  • to ask for a copy of data we are processing about you and have inaccuracies corrected;
  • to ask us to restrict, stop processing, or delete your personal data;
  • to request a machine-readable copy of your personal data, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer; and
  • to make a complaint to a data protection regulator. You may contact them at: https://ico.org.uk/concerns/to request in relation to any of the rights mentioned earlier; please email us at info@grindstonexl.com.


If you would like to change how we process your personal data, please let us know. The best way to bring this to our attention is by emailing us at info@grindstonexl.com. 


CHILDREN

We do not knowingly use the Websites to solicit data from or market to children under the age of 13.


If a parent or guardian becomes aware that his or her child has provided us with information or may be receiving communications from us without the consent of a parent or guardian, we ask that this be brought to our immediate attention. We will prioritise addressing this situation and deleting information relating to a child as soon as practicable. In such an event, don't hesitate to contact us at info@grindstonexl.com. 


SECURITY

We will take commercially reasonable, appropriate technical and organisational measures to ensure a level of security appropriate to the risk that could be encountered via the use of our Websites and services, taking into account the likelihood and severity those risks might pose to the rights and freedoms of our clients and other individuals who might be impacted.


In particular, we will take precautions to protect against the accidental or unlawful destruction, loss, or alteration, and unauthorised disclosure of or access to the personal data transmitted, stored or otherwise processed by us.


Please be aware that while we prioritise the security of our Website and your personal information and devote considerable time and resources to implementing and maintaining robust information technology security, no security system can prevent all security breaches. By choosing to share your personal information with us, you accept those as mentioned earlier and provide your information at your own risk.


RETENTION

In accordance with data protection laws and good commercial practice, we do not retain data in a form that permits identification of the person(s) to whom it relates for any longer than is necessary. Once the purpose for which information has been collected has been fulfilled, we will either permanently delete your personal information or remove all identifiers within it so that it is no longer personal data. We may use such anonymised data for research and business analysis purposes.


Where you have provided us with personal information to set up an account with us, we will retain those details as long as your account remains active.


Where we obtain your personal data in relation to the use or purchase of our services or products, including VAT or invoicing information, we are obligated by law to keep this for a minimum of 6 years.


Where you upload any user content, this content will be kept on our servers (or those of our third-party service providers) for six months from the date that you upload it on our Websites/the duration of the relevant Services Agreement] and deleted after that unless otherwise notified.


INTERNATIONAL DATA TRANSFERS

Our servers are located in the European Union, and the information we collect directly from you will be stored there. We may also transfer your personal data to our third-party service providers, many of whom may be located outside of the EU, operate from multiple locations, including non-EU-based operations or engage sub-processors located outside the EU.


We have agreements in place with all of our third-party service providers to ensure that those parties process personal data using appropriate safeguards that meet the requirements of data protection laws. 


Such appropriate safeguards may include standard data protection clauses adopted by a data protection regulator and approved by the European Commission, such as the European Commission's standard contractual clauses.


If you would like to learn more about these safeguards or have any other queries or comments about this policy, please let us know by emailing us at info@grindstonexl.com.