Empowering government to build better resident and employee experiences and get more value out of their civic engagement technology.

Learn More
Resources
Connect

Granicus Privacy Policy

We Are Committed to Maintaining Your Trust

Granicus, LLC (“Granicus”, “Company”, or “We”) is committed to maintaining your trust by protecting your personal data. The Granicus privacy policy was last updated on: March 30, 2021.

Granicus, LLC (“Granicus” or “We”) is committed to maintaining your trust by protecting your personal data. Personal data is any information relating to an identified or identifiable person. Your name, address, phone number, email address, and IP address are examples of personal data. This privacy policy applies to Granicus’ targeted marketing efforts. This does not apply to where we are delivering our products and services, please see the associated product privacy policies for those cases.

Granicus will process your personal data in a transparent way. Any personal data you provide when using this website will be used only in accordance with this privacy policy.

We may change this policy from time to time to reflect privacy or security updates. We encourage you to periodically review this page for the latest information on our privacy practices.

This privacy policy is provided in a layered format so you can click through to the specific sections set out below. Alternatively, you can download a pdf version of the privacy policy.

 

How Can You Contact Us?

If you have any questions about this policy or if you would like to exercise any rights you may have in relation to your personal data, please contact us at gdpr@granicus.com. If you have additional questions or need to escalate an issue, use the below details for our Data Protection Officer (DPO).

Full name of legal entity: Granicus, LLC
Name of DPO: Gerry Hansen
Email address: dpo@granicus.com
Postal address: 408 St. Peter Street, Suite 600, St.Paul, MN 55102, USA
Telephone number: 01 651 400 8730

Name of EU representative: DataRep
Email address: granicus@datarep.com
You can also contact DataRep using this online form: https://www.datarep.com/data-request
Postal address: The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

What Personal Data Does Granicus Collect?

As part of our marketing efforts, we collect your personal data such as your name, place of employment and address, job position, e-mail address, and phone number. This data is generally gathered directly from you through forms on our website, or over the phone and is used to communicate and personalize such communications with you, including offering products and services that we believe may be of interest to someone in your position. Information about your chosen subscriptions are used to better provide you with relevant e-mail content.

We gather business contact details about you from publicly accessible sources, such as your business or work website, or we may receive business-to-business (B2B) information from third party lists. Our employees may also search for your business contact details online and enter your information on to our marketing database. If you reside in EU/UK, we will ask for your opt-in consent to contact you. If you reside in the USA, we will provide you an option to opt-out on our first communication.

In certain situations, such as when you authorize to prefill a form on our website, we may receive data (such as first name, last name, e-mail address, job title, and company) from your past interaction with our website.

We gather certain data automatically upon your visit to our website, including, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site and e-mails (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site. If you interact with web forms on our site or emails from us, your IP address is captured and used to infer your location, which helps us to serve you relevant content.

Our website also collects cookies. However, we will give you an option to opt-in or out to cookie tracking technologies depending upon your local jurisdiction.

How Do We Justify Collecting Your Data?

We will use your personal data when the law allows us to. While national legislation differs (such as EU national law responses to the ePrivacy Directive), in general it will depend on where you are and whether you are acting in a business or personal capacity.

Most commonly, for marketing purposes, we will process your personal data in the following circumstances:

  • Where you positively consent (used more heavily where you are a private citizen), we will not collect your data unless we have your permission (a positive “opt-in” action), or you have reached out to contact us proactively;
  • Where it is necessary for our legitimate interests (used more commonly where you are acting in your business capacity). Such as we have a business or commercial reason for using your information) and your interests and fundamental rights do not override those interests. This is normally an “opt-out” scenario, contacting you until you tell us otherwise.

Where we are not certain of your business or personal capacity, we will apply the strictest possible justification (we will assume you are a private citizen, and therefore all services will be an “opt-in” data collection).

Our legitimate interests may include:

      • Providing high quality customer service.
      • Complying with laws or regulations that apply to us.
      • Developing our products and services, and what we charge for them.
      • Defining customers for our products and services.
      • Seeking your consent when we need it to contact you.
      • Providing our customers with relevant marketing, and other high-quality product and service features.
      • Keeping our marketing updated and relevant.

For What Purposes Do We Use Your Data?

Our data use depends on the purpose of collection. The main reasons include:

  • Analytics
    To monitor and analyze web traffic; can be used to keep track of your behavior on our website.
  • Contacting the user, managing contacts, and sending messages
    By registering on the mailing list or for the newsletter, your email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning our services. Your email address might also be added to this list as a result of signing up to our services or after making a purchase.

By filling in the contact form with your data, you authorize us to use these details to reply to requests for information, quotes, or any other kind of request as indicated by the form’s header.

We may also collect data concerning the date and time when the message was viewed by you, as well as when you interacted with it, such as by clicking on links included in the message.

  • Content performance and feature testing (A/B testing)
    To track and analyze your responses concerning web traffic or your behavior regarding changes to the structure, text, or any other component of this website.
  • Interaction with online survey platforms
    To allow you to interact with third party online survey platforms directly.
  • Remarketing and behavioral targeting
    To allow us and our partners to inform, optimize, and serve advertising when you visit our website based on your use of our services.
  • User database management
    To build a profile on you by starting from an email address, name, or other information that you provide to us, as well as to track your activities through analytics features. Your business contact details may also be matched with publicly available information about you (such as social networks’ profiles) and used to build up a picture of your business life that we can use for improving our services. Some of these services may also enable the sending of timed messages to you, such as emails based on specific actions performed by you.

What Happens If We Process Your Data for Other Purposes?

We will only use your personal data for the uses and purposes set out above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original uses and purposes. If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.

What Happens if You Do Not Provide the Data?

Nothing. As marketing is optional and only allowed with your permission, we cannot contact you further. If you reside in the US, we will collect your data and give you the ability to opt-out. If you are in EU/UK, we will contact you only if we have your consent or will contact you to let you know if we have collected your data.

Where we use cookies, we will only use cookies that are allowed based on your jurisdiction and give you an option to adjust the cookie preference anytime. Particularly for EU/UK, we will use “opt-in” consent for cookies that are not strictly essential.

Do We Use Algorithms to Make Decisions About You?

Yes. Our service providers that analyze our website traffic will use algorithms to make decisions about who you are and what your interests are, in order to serve you with targeted advertisements. We will only do this when you have positively consented to this collection and use, which will be presented to you when you enter our website.

Do We Share Your Personal Data With Third Parties?

Yes. We share your personal data with the following categories of recipient:

  • Agents and subcontractors. We disclose your personal data to our service providers. In these cases, the provider will use personal data in accordance with the terms of this privacy policy. Your data will be shared with:
    • B2B database provider (only for the US)
    • Chat platform service provider
    • Conversion optimization and lead generation service provider
    • Customer Relationship Management (CRM) service provider
    • Data deduplication and rerouting service provider
    • Marketing automation and analytics service provider
    • Online survey service provider
    • Sales engagement solution provider
    • Video-hosting service provider
    • Web analytics service provider
    • Webinar marketing service provider
    • Website optimization tool provider
  • Government authorities as permitted or required by law. This may include disclosing your personal data to regulators, or law enforcement authorities. We may transfer and disclose the data we collect about you for the following reasons:
    • To comply with a legal obligation, including, but not limited to responding to a court order;
    • To prevent fraud;
    • To comply with an inquiry by a government agency or other regulator;
    • To address security or technical issues; or
    • To assist government entities in responding to an emergency
  • As part of a business transaction. If the ownership of Granicus changes, or if we merge with or are acquired by another organization, or if we liquidate our assets; your personal data may be transferred to the new organization. If this occurs, the successor organization’s use of your data will also still be subject to this policy and the privacy preferences you have expressed to us.

Do We Sell Your Data to Others?

No. We do not sell marketing data. We do buy business contact details from third party B2B database providers within the US, but we never sell marketing data.

 

Do We Participate in Privacy Shield?

Yes. We have certified to adhere to the Privacy Principles set forth in the US-EU Privacy Shield Framework regarding the collection, use, and retention of personal data transferred from the European Union (“EU”) and the United Kingdom (“UK”) to the United States. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

We are responsible for the processing of personal data we receive or subsequently transfer to a third party acting as an agent on our behalf. We will comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and the UK, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to Privacy Shield, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In addition, we will cooperate with the European Data Protection Authorities for any unresolved complaints regarding personal data. You may engage your local Data Protection and/or Labor Authority if you have concern regarding our adherence to the Privacy Shield Principles or any applicable privacy law or regulations. We will respond directly to such authorities regarding investigations and resolution of complaints.  Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Where Does Your Data Go?

Granicus is owned and operated within the United States. Therefore, the data that we collect from you will be transferred to, and stored at, a destination outside the European Economic Area (“EEA”)/UK.

In light of the July 16, 2020 “Schrems II” decisions, the European Court of Justice has decided that the EU-US Privacy Shield is no longer a valid international data transfer option. We plan to maintain our Privacy Shield certification as good practice; however, we will no longer rely upon it as a basis for data transfer. We will discuss with any partner relying on it for EU-US transfers their proposed alternative solutions.

The remaining option open to us for data transfers from EU to the US are Standard Contract Clauses (SCCs) and we are therefore engaging with our partners to:

  1. Review all our data transfers globally to identify areas that require change;
  2. Switch Privacy Shield transfers to EU approved Standard Contract Clauses as a default, and
  3. Introduce additional contractual, organizational, and technical safeguards to further protect your information.

Likewise, we are aware of the UK’s exit from the European Union and the end of the current transition period on December 31st, 2020.  We will follow the new UK Information Commissioner’s Office (ICO) and the European Data Protection Board (EDPB) guidance on data transfer when it becomes available.

We will continue to rely on legal derogations for case-by-case transfers where appropriate and will identify where this is the case.

 

How Do We Protect Your Data?

We are committed to ensuring that your personal data is secure. In order to prevent unauthorized access, loss or disclosure, we have put in place security controls that reduce the risk of a security breach of your personal data.

If a data breach does occur, we will do everything in our power to limit the damage. In case of a high risk data breach, and depending on the circumstances, we will inform you about remedial actions to prevent any further damage. We will also inform the relevant supervisory authority or authorities of the breach.

Employees and temporary workers are required to follow policies, procedures, and complete confidentiality training to understand the requirement of maintaining the confidentiality of customer information. If they fail to do so, they are subject to disciplinary action. All employees are required to complete privacy and security training. We also offer a wide variety of other training to all employees and temporary workers to help us achieve our goal of protecting your personal data.

How Long Will We Keep Your Data?

Your data will not be retained for a period longer than necessary for the purpose it was collected for. We may also keep data for the relevant statutory period where there is a risk of a legal claim. Particularly, if you are a customer or part of the customer account, we will keep your data for as long as you remain a customer plus legal statutory period (6 years).

What Rights Do You have?

To exercise any of the following rights, please contact gdpr@granicus.com. Under certain circumstances, by law you have the right to:

  • Add your data to a “Do not market” suppression list. This is not erasure of your data, as we need to retain your contact details to know not to use them! We will supply “unsubscribe” links or similar, on all marketing communications.
  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction or completion of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data only where we no longer have good reason for us continuing to process it. You can also exercise this right by visiting our subscription management center.
  • Request objection to processing of your personal data. This enables you to object to processing of your personal data where we are relying on a legitimate interest.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Withdraw your consent to the processing of certain personal data (only where you have previously provided consent).
  • Make a complaint to the relevant local, national, or industry privacy regulator.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Will We Penalize You for Using Your Rights?

We will not discriminate against you for exercising any of your rights under applicable law (such as GDPR, CCPA etc.). Unless permitted by the applicable laws, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services, or a different level or quality of goods or services.

Do We Track You Online?

Yes. We do use online tracking technologies, such as cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base. Depending upon your local jurisdiction you will be provided with a cookie notice when you visit the site. The cookie notice will provide you an option to update your preference.

Currently, various browsers offer a “do not track” or “DNT” option and global privacy control which sends a signal to websites visited by the user about the user’s browser DNT preference setting. We will do our best to respect such signals we receive, and as required where placing tracking technologies on your device, notify you what and why.

Looking for product privacy policies?