GRANITE XS
Privacy Policy and Privacy Notice
Introduction:
We take the privacy of the data we hold about you very seriously. The information here describes what we do with the personal information you provide us, how we keep it secure,
and your rights in relation to that information.
To make things easier we have provided a summary here:
- Your personal information (personally identifiable data) is not shared outside the organisation without your consent in most circumstances however information may be shared under another legal basis- for example to prevent a crime or harm to another person.
- You have a number of rights over your personal information under the GDPR. These rights are set out in this statement.
Who We Are:
Granite XS is a company that provides access to secure data services. We have board members, employees and users. We are based in and governed by the legal framework in the United Kingdom although we provide a remote access data platform that can be accessed from anywhere in the world. Although we provide services for healthcare records to be held and for sensitive data to be used in communication, we as Granite XS do not directly hold that data or have easy access to it. We do have access to that data held by users in the event of legal demands from a government body for counter-terrorism activity. This policy can be accessed upon request and forms part of our Data Security Policy.
You can contact our Data Protection Officer by post at:
Or by email at: privacy@granitexs.co.uk
What information do we collect?
Users
We collect name, address and DOB of our users. We also collect information on payment methods for in-app purchases and for payments.
Employees
We collect the same information for our employees with additional information such as NI number, Next of Kin details, and financial details to allow payment, pension contributions etc.
Further information on the data we hold and your rights as an employee can be found in the staff data security policy.
How do we use personal information?
Granite XS uses your data to provide the service described to ensure we deliver these services efficiently and securely. We may also use anonymous user data about you for statistical purposes to improve our services.
What legal basis do we have for sharing your personal data?
Whenever we use or share your personal information we always do so using a legal basis. The different legal bases we rely on are:
- Consent: You have told us you are happy for us to process your personal information for a specific purpose;
- Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
- Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services;
- Vital interests: The processing of your personal information is necessary to protect you or someone else’s life;
- Public information: Where we process personal information which you have already made public;
- Legal obligation: We are required to process your personal information by law.
Where do we store and process personal data?
We store and house data we process within the EU at secure sites.
How do we secure personal data?
We take protecting your personal information seriously and are continuously reviewing our processes. Controls we have in place are:
- We limit physical access to our buildings and user access to our systems to only those that have a genuine need to be there;
- We use technology controls for our information systems, such as firewalls, user verification, data encryption and separation of roles, systems & data;
- We enforce a “need to know” policy, for access to any data or systems.
How long do we keep your personal data for?
2 years after you have left our platform or 6 years if you are an employee of Granite XS. We store your data for this period to enable us to provide you with a better service should you need to utilise our services again within that time period.
Your rights in relation to personal data
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.
These include:
- the right to access a copy of the personal information we hold about you;
- the right to correction of inaccurate personal information we hold about you;
- the right to restrict our use of your personal information;
- the right to be forgotten;
- the right of data portability; and
- the right to object to our use of your personal information.
- The right to withdraw from automated decision-making or profiling.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact the data protection officer by e-mail:
Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect your personal information.
If you would like to complain about how we have dealt with your request please contact the Information Commissioner’s Office. www.ico.org.uk