Granicus

Privacy Policy

Add Comment

Loading×Sorry to interruptCSS ErrorRefreshSkip to NavigationSkip to Main Content Subscriber Help Toggle SideBarSubscriber Support<ul> <li>Home</li> <li>Contact Support</li> <li>More<ul> </ul> </li> </ul>Search...Loading...CancelgovDelivery Subscriber/Participant Privacy Policy Dec 14, 2023•How ToInformationOwnerBrynn WarrinerArticle DetailsSolutionLast updated: December 12, 2023 <ol> <li>Overview</li> <li>Who is Responsible for the Processing of Your Data?</li> <li>How Can You Contact Us?</li> <li>What Personal Data Does Granicus Collect, and for What Purpose?</li> </ol> I. Through your interaction with govDelivery suite of products II. Through your interaction with Customer Support <ol> <li>Do We Collect Sensitive Data About You?</li> <li>How Do We Justify Collecting and Processing Your Data?</li> <li>What Happens If We Process Your Data for Other Purposes?</li> <li>What Happens If You Do Not Provide The Data?</li> <li>Do We Use Algorithms To Make Decisions About You?</li> <li>Do We Share Your Personal Data with Third Parties?</li> <li>Do We Sell Your Data To Others?</li> <li>Do We Participate in the Data Privacy Framework?</li> <li>Where Does Your Data Go?</li> <li>How Do We Protect Your Data?</li> <li>How Long Will We Keep Your Data?</li> <li>What Rights Do You Have?</li> <li>Will We Penalise You for Using Your Rights?</li> <li>Do We Track You Online?</li> </ol> 1. Overview The Granicus entities which adhere to this Privacy Notice and the DPF Principles are Granicus LLC. and Granicus-Firmstep, Ltd., including all U.S. entities and U.S. subsidiaries using the brand name Granicus ("Granicus" or "We").&nbsp. Granicus is committed to maintaining your trust by protecting your personal data. This policy explains how we collect, use, share, and protect such data. Personal data is any information relating to an identified or identifiable person. Your name, address, phone number, email address, and IP address are some examples of it. Unless otherwise specified, this policy applies to Granicus’ govDelivery suite of products (govDelivery Communications, Targeted Messaging Service (TMS) and Interactive Text). Granicus will process your personal data in a transparent and lawful way. Any personal data you provide when using our products and services will be used only in accordance with this privacy policy. Granicus complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.&nbsp. Granicus has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.   Additionally, Granicus has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.&nbsp. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.&nbsp. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. For further information regarding our participation in the Data Privacy Framework, please see Sections 12 and 13 below. We may change this policy from time to time to reflect privacy or security updates. We encourage you to periodically review this page for the latest information on our privacy practices. We have provided a table of contents so you can easily jump to the specific sections set out below. Alternately, you can download a PDF version of the policy. Back to Top 2. Who is Responsible for the Processing of Your Data? Unless otherwise noted, we deliver these services as a Data Processor. This means we are a service supplier to our customers, who as Data Controllers should supply you with their own privacy policy regarding how they collect and use your data. Back to Top &nbsp. 3. How Can You Contact Us? In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Granicus commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK and Swiss individuals with questions about this statement or if you would like to exercise any rights you may have in relation to your personal data, please contact us at support@granicus.com. If you have additional questions or need to escalate an issue, use the below details to contact our Data Protection Officer (DPO): Full name of legal entity: Granicus, LLC and Granicus-Firmstep, Ltd. Email address: dpo@granicus.com Postal address: 1152 15th Street NW, Suite 800, Washington, DC 20005, USA Telephone number: 01 651 400 8730 Name of EU representative: DataRep Email address: granicus@datarep.com You can also contact DataRep using this online form: https://www.datarep.com/data-request Postal address: The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland Back to Top 4. What Personal Data Does Granicus Collect, and for What Purpose? I. Through your interaction with govDelivery suite of products We collect the following categories of personal data through your interaction with govDelivery suite of products. &nbsp. Data Category Examples Collected? (Yes/No) Purpose of Processing Communications TMS Interactive TextAudio, Electronic, Visual, or Similar InfoPhotos, voicemailNoNoYesTo analyze poll responses within a larger campaign. Authentication servicesTokenNoNoYesFor customizing SMS, voice messages or polls.Browser InformationBrowser user agentYesYesYesFor internal diagnostic, support, troubleshooting purposes. May also be used for user analytics.IdentifiersEmail, phone #, zip code, question responses, IP address, private messagesYesYesYesTo deliver messages to you on behalf of our client and for internal auditing, diagnostic, support, and troubleshooting purposes. Your IP address may also be used to estimate your approximate location. Encrypted IP address is also used for captcha service. Private messages allow participants to provide any kind of response instead of having to fall into a conditional logic.Geolocation dataLocation (longitude/latitude)YesNoNoTo suggest subscription topics that are more relevant to you geographically.Internet/Network ActivitySubscriber / participant engagement data (url clicked/opened, event timestamp etc.)YesNoYesFor internal and client reporting purposes. For govDelivery Communications, we will request your consent to the collection and processing of such data via the consent checkbox during signup or on your subscriber preferences page. In this case, data will be collected only to provide you with targeted topical information. II. Through your interaction with Customer Support We collect the following categories of personal data through your interaction with our Customer Support team. &nbsp. Data Category Examples Collected? (Yes/No) Purpose of Processing Communications TMS Interactive TextAgent StringLocation, IP address, user agentYesYesYesTo communicate with you about your concerns. We may also use your email address to determine which of our clients you have subscribed to. Your agent string is collected for internal auditing and support purposes.IdentifiersEmail, phone #YesYesYes We obtain the personal data listed above from the following sources: <ul> <li>Our customers on whose behalf we provide these services. Our customers generally obtain this information directly from you.</li> <li>Some data are collected from you through your interaction with our system.</li> </ul> Back to Top   5. Do We Collect Sensitive Data About You? Yes and No. No. We do not actively collect special category of personal data, e.g., personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic data or biometric data in order to uniquely identify a person or data concerning health, sex life, or sexual orientation. However, our customers may add questions to the form in the system that ask for such information. In those cases, we may collect it as their agent. You should refer to the customer privacy policy for how they use that information. Back to Top 6. How Do We Justify Collecting and Processing Your Data? We will use your personal data when the law allows us to. Most commonly, as a subscriber in the system, we will process your personal data in the following circumstances: <ul> <li>Where we need to perform the contract we are about to enter into or have entered into with our customers on whose behalf we provide these services,</li> <li>Where you consent. or</li> <li>Where it is necessary for our legitimate interests (i.e., we have a business or commercial reason for using your information) and your interests and your fundamental rights do not override those interests.</li> </ul> When applicable, our legitimate interests may include the following: <ul> <li>Fulfilling our legal and contractual duties.</li> <li>Analyzing usage pattern to ensure we are providing best product for our end users.</li> <li>Seeking your consent when we need it to contact you.</li> <li>For suggesting/restricting content based on your interaction with our services.</li> <li>Developing and improving the network security, efficiency, and technical specification of our IT systems and infrastructure.</li> </ul> Back to Top 7. What Happens If We Process Your Data for Other Purposes? We will use your personal data only for the uses and purposes set out above unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original uses and purposes. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so. Back to Top 8. What Happens If You Do Not Provide The Data? Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform our obligations under the contract we have or are trying to enter with you (for example, to provide you with services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time. Furthermore, if you withdraw your consent, we will no longer be able to provide you with the govDelivery services. Back to Top 9. Do We Use Algorithms To Make Decisions About You? We will not use your personal data for decisions based solely on automated processing. Back to Top 10. Do We Share Your Personal Data with Third Parties? We share your personal data with the following categories of recipient: <ul> <li> Agents and sub-processors. We may disclose your personal data with our agents or sub-processors for the purposes identified above. In these cases, the agent or subcontractor will be obligated to use that personal data in accordance with the terms of this privacy policy. Your data may be shared with these types of agents and subcontractors: <ul> <li>Airbrake</li> <li>Amazon Web Services</li> <li>Dynamics</li> <li>Google</li> <li>Heroku</li> <li>Microsoft</li> <li>Papertrail</li> <li>OpenAir</li> <li>Salesforce</li> <li>Twilio</li> <li>MTCaptcha</li> </ul> </li> <li> Government authorities as permitted, necessary, or required by law. This may include disclosing your personal data to regulators, or law enforcement authorities. We may transfer and disclose the data we collect about you for the following reasons: <ul> <li>To comply with a legal obligation, including, but not limited to responding to a court order;</li> <li>To prevent fraud;</li> <li>To comply with an inquiry by a government agency or other regulator;</li> <li>To address security or technical issues. or</li> <li>To assist government entities in responding to an emergency</li> </ul> </li> <li> As part of a business transaction. If the ownership of Granicus changes, or if we merge with, or are acquired by another organization, or if we liquidate our assets, your personal data may be transferred to the new organization. If this occurs, the successor organization’s use of your data will also still be subject to this policy and the privacy preferences you have expressed to us.</li> </ul> Back to Top 11. Do We Sell Your Data To Others? No. We do not buy and sell personal data. Back to Top 12. Do We Participate in the Data Privacy Framework? Yes. Granicus complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. 6 Department of Commerce. Granicus has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Granicus has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ and search for “Granicus”. We are responsible for the processing of personal data we receive or subsequently transfer to a third party acting as an agent on our behalf. We will comply with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, the UK and Swiss, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to Data Privacy Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In addition, Granicus commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO),the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. You may engage such authorities if you have concerns regarding our adherence to the Data Privacy Framework Principles or any applicable privacy law or regulations. We will respond directly to such authorities regarding investigations and resolution of complaints. Under certain conditions, more fully described on the Data Privacy Framework website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Back to Top 13. Where Does Your Data Go? Granicus is owned and operated within the United States. Therefore, the data that we collect from you will be transferred to, and stored at, a destination outside the European Economic Area (“EEA”)/UK. Granicus’ compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and the UK Extension to the EU-U.S. DPF deems the organization to provide adequate privacy protection, which is a requirement for the transfer of personal data outside of the European Union under the EU General Data Protection Regulation (GDPR), and outside of the United Kingdom under the UK Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR). Back to Top 14. How Do We Protect Your Data? We are committed to ensuring that your personal data is secure. In order to prevent unauthorized access, loss or disclosure, we have put in place security controls that reduce the risks of a security breach of your personal data. If a data breach does occur, we will do everything in our power to limit the damage. In case of a high-risk data breach, and depending on the circumstances, we will inform you about remedial actions to prevent any further damage. Employees and temporary workers are required to follow policies, procedures, and complete confidentiality training to understand the requirement of maintaining the confidentiality of customer information. If they fail to do so, they are subject to disciplinary action. All employees are required to complete privacy and security training. We also offer a wide variety of other training to all employees and temporary workers to help us achieve our goal of protecting your personal data. Back to Top 15. How Long Will We Keep Your Data? How long we retain your data depends on the type of data and the purpose for which we process your data. Your data will not be retained for a period longer than necessary for the purpose for which we have processed your data, plus any statutory period during which we need to retain the data to resolve any legal claims. Your data will be retained until you request the deletion of your subscriber profile plus any legal statutory period and we will fulfill your deletion request without undue delay and within the time periods required by law. Information retained during the legal statutory period will be minimized to only the data strictly necessary to resolve any legal claims that may arise. However, it may not always be possible to completely remove or delete all your personal data from our databases without some residual data because of backups and other reasons. To determine the appropriate retention period for the information we collect from you, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data, whether we can achieve those purposes through other means, and the applicable legal requirements.   Upon an unsubscribe request your details including delivery preferences and subscriber metadata will be removed from the appropriate account and any associated message distribution lists. You will no longer receive messages, but your email address, opt-in date and opt-out date, message history and bulletin details (reads, opens and clicks) will be retained for the appropriate statutory limitation period (currently 6 years) in order to resolve any legal claims. Your data will not be used for any other purposes. Back to Top 16. What Rights Do You Have? To exercise any of the following rights, please contact support@granicus.com. Under certain circumstances, by law you have the right to: <ul> <li> Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. </li> <li> Request correction or completion of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. </li> <li> Request the portability of your data to another provider (only where we are relying on consent or contractual necessity). </li> <li> Request erasure of your personal data. This enables you to ask us to delete or remove personal data only where we no longer have good reason for us continuing to process it. </li> <li> Request objection to processing of your personal data. This enables you to object to processing of your personal data where we are relying on a legitimate interest. </li> <li> Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it. </li> <li> Withdraw your consent to the processing of certain personal data (only where you have previously provided consent). You can revoke your consent by deleting your profile or contacting us at support@granicus.com. You may also opt-out of receiving text messages by replying “STOP” to such messages. </li> <li> Make a complaint. You have the right to make a complaint at any time to the relevant local, national or industry privacy regulator. </li> </ul> We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Back to Top 17. Will We Penalise You for Using Your Rights? We will not discriminate against you for exercising any of your rights under applicable law (such as GDPR, CCPA, etc.). Unless permitted by the applicable laws, we will not: <ul> <li> Deny you goods or services. </li> <li> Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. </li> <li> Provide you a different level or quality of goods or services. </li> <li> Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. </li> </ul> Back to Top 18. Do We Track You Online? Yes. Granicus and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service. You can review the govDelivery Subscriber Cookie Statement here. Currently, various browsers offer a “do not track” or “DNT” option and the global privacy control which sends a signal to websites visited by the user about the user's browser DNT preference setting. Granicus does not currently commit to responding to browsers' DNT signals with respect to our websites, in part, because no common industry standard for DNT has been adopted, including no consistent standard of interpreting user intent. Back to Top  Attachment (1)Privacy Policy.pdfLoading