Privacy Policy

---

We’re committed to your data privacy and security. As such we give you these promises:  

• We will only collect data about you that is relevant and necessary
• Your data will only be held on systems that meet or exceed compliance standards
• Your data will only be accessed by those who need it and we will minimise the amount of your data that’s processed wherever possible
• We won’t share or sell your data to any third party unless either you have agreed, where we are required to by law or where we need to fulfil our service commitments to you through a third party that meets our own privacy standards
• We will always remember that it is your personal data, not ours. As such we will ensure complete transparency and openness with you
• We respect your rights as outlined below and will respond to all requests promptly

You have the following rights over the data we hold about you:  

• Right to object to processing at any time
• Right to opt out of marketing at any time
• Right to have inaccurate data corrected
• Right to erasure of personal data from our database
• Right to export of personal data

We collect information about you in two key ways –

• Passive – where you give us information on our website, email us, call us, meet one of us at events or meetings or approach us on social media
• Proactive – this is data about you that we may hold from referrals, resellers or proactive marketing activity

We use automated analytics and tracking systems for email, document management and marketing activities so that we can protect and optimise our service and deliver relevant marketing.  

Cookies are little files placed on your computer. They help our website to identify your device when you visit. This enables us to store preferences so we can customise your experience.  It also helps us track usage information – for example seeing how many people find the GDPR pages we plan to create. It also allows us to see how long people spend on our website before getting bored.  These cookies don’t give us access to your computer or any information about you other than what you choose to share.  We use Hubspot and Google Analytics for this.  You can set your browser not to accept cookies. Visit http://www.allaboutcookies.org/ to find out more  

We try and minimise the personal data held on you. Typically, this is restricted to:

• Your personal contact details – email address, phone numbers, business related social media page such as LinkedIn, source of your data and legal reason for the holding of your information.
• Your company details – as above but also address, website and other public held information including credit rating and invoicing details if relevant
• Transmitted information – such as emails, texts, messaging, phone call information and recordings, voice mails, email, meeting notes and document tracking information.

We make it policy not to connect any social media feeds or store any social media you may post to our systems with the exception of private messages.  

Your contact details are stored on encrypted systems on-premise and on hosted cloud services such as Microsoft Office 365, Salesforce, Microsoft Azure and Google GSuite in transit and at rest. As such, some data will either be in UK and EU data centres or on US based servers that are covered by Privacy Shield Agreements.  Your business data is never persisted by us - unless we are hosting your database. If we are hosting your database it will be hosted on Microsoft Azure SQL Server PaaS. These databases are encrypted at rest and secured.  We regularly review suppliers for data security compliance to ensure your data is safe and track where your data is held.  We have a policy not to print out or otherwise physically write any personal data because we hate paper.  

We use your contact data to market to you, fulfil contractual arrangements or agreed purposes.  Calls may be recorded for information holding, quality and training purposes.  Our email, document management and website analytics are used for information purposes and to track breaches of copyright.  All our processes are mapped and are subject to various internal policies to ensure that your data privacy and security  

Our data retention policy is as follows:

• 36 months for any prospect marketing data unless responded to by the data subject in which case 36 months from the last contact
• 36 months following the end of any Service Agreement with a client
• 36 months for all supplier, reseller or other contacts not covered above from point of last contact

All the above are carried out during the nearest data review which are typically carried out annually in December.  

You can send us an email to hello@grapple.cloud to request opt out, view, export or delete your data.  If you request for your data to be deleted your name and email address will be added to an exceptions list and all other data removed. This does require us to keep this data on file of course.  

We will only share information where agents, resellers or suppliers are involved in the delivery of your service. In such cases we will firstly try and anonymise the data or minimise it to the fullest extent possible.  

Our website and other materials sent to you may contain links to other websites. We’re not responsible for the content or your data privacy on these sites.