Your privacy is critically important to us.
Like most website operators, theGrindLab.com collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. theGrindLab.com’s purpose in collecting non-personally identifying information is to better understand how theGrindLab.com’s visitors use its website. From time to time, theGrindLab.com may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
theGrindLab.com also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on http://www.theGrindLab.com blog posts. theGrindLab.com only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below.
Gathering of Personally-Identifying Information
Certain visitors to theGrindLab.com’s websites choose to interact with theGrindLab.com in ways that require theGrindLab.com to gather personally-identifying information. The amount and type of information that theGrindLab.com gathers depends on the nature of the interaction. For example, we ask visitors who sign up for a blog at http://www.theGrindLab.com to provide a username and email address.
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
Links To External Sites
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites, products or services.
Protection of Certain Personally-Identifying Information
theGrindLab.com discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on theGrindLab.com’s behalf or to provide services available at theGrindLab.com’s website, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using theGrindLab.com’s website, you consent to the transfer of such information to them. theGrindLab.com will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, theGrindLab.com discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when theGrindLab.com believes in good faith that disclosure is reasonably necessary to protect the property or rights of theGrindLab.com, third parties or the public at large.
If you are a registered user of http://www.theGrindLab.com and have supplied your email address, theGrindLab.com may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with theGrindLab.com and our products. We primarily use our blog to communicate this type of information, so we expect to keep this type of email to a minimum. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. theGrindLab.com takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
theGrindLab.com may collect statistics about the behavior of visitors to its website. theGrindLab.com may display this information publicly or provide it to others. However, theGrindLab.com does not disclose your personally-identifying information.
To enrich and perfect your online experience, theGrindLab.com uses "Cookies", similar technologies and services provided by others to display personalized content, appropriate advertising and store your preferences on your computer.
Those who engage in transactions with theGrindLab.com – by purchasing theGrindLab.com's services or products, are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, theGrindLab.com collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with theGrindLab.com. theGrindLab.com does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.
You may want to provide the user with relevant definitions in relation to personal data and sensitive personal data.
How do we use personal information?
Describe in detail all the service- and business-related purposes for which you will process data. For example, this may include things like: personalisation of content, business information or user experience account set up and administration delivering marketing and events communication carrying out polls and surveys internal research and development purposes providing goods and services legal obligations (eg prevention of fraud) meeting internal audit requirements
Please note this list is not exhaustive. You will need to record all purposes for which you process personal data.
What legal basis do we have for processing your personal data?
Describe the relevant processing conditions contained within the GDPR. There are six possible legal grounds: consent contract legitimate interests vital interests public task legal obligation
Provide detailed information on all grounds that apply to your processing, and why. If you rely on consent, explain how individuals can withdraw and manage their consent. If you rely on legitimate interests, explain clearly what these are.
If you’re processing special category personal data, you will have to satisfy at least one of the six processing conditions, as well as additional requirements for processing under the GDPR. Provide information on all additional grounds that apply.
When do we share personal data?
Explain that you will treat personal data confidentially and describe the circumstances when you might disclose or share it. Eg, when necessary to provide your services or conduct your business operations, as outlined in your purposes for processing. You should provide information on: how you will share the data what safeguards you will have in place what parties you may share the data with and why
Where do we store and process personal data?
How do we secure personal data?
Describe your approach to data security and the technologies and procedures you use to protect personal information. For example, these may be measures: to protect data against accidental loss to prevent unauthorised access, use, destruction or disclosure to ensure business continuity and disaster recovery to restrict access to personal information to conduct privacy impact assessments in accordance with the law and your business policies to train staff and contractors on data security to manage third party risks, through use of contracts and security reviews
Please note this list is not exhaustive. You should record all mechanisms you rely on to protect personal data. You should also state if your organisation adheres to certain accepted standards or regulatory requirements.
How long do we keep your personal data for?
Provide specific information on the length of time you will keep the information for in relation to each processing purpose. The GDPR requires you to retain data for no longer than reasonably necessary. Include details of your data or records retention schedules, or link to additional resources where these are published.
If you cannot state a specific period, you need to set out the criteria you will apply to determine how long to keep the data for (eg local laws, contractual obligations, etc)
You should also outline how you securely dispose of data after you no longer need it.
Your rights in relation to personal data
Under the GDPR, you must respect the right of data subjects to access and control their personal data. In your privacy notice, you must outline their rights in respect of: access to personal information correction and deletion withdrawal of consent (if processing data on condition of consent) data portability restriction of processing and objection lodging a complaint with the Information Commissioner’s Office You should explain how individuals can exercise their rights, and how you plan to respond to subject data requests. State if any relevant exemptions may apply and set out any identity verifications procedures you may rely on. Include details of the circumstances where data subject rights may be limited, eg if fulfilling the data subject request may expose personal data about another person, or if you’re asked to delete data which you are required to keep by law.
Use of automated decision-making and profiling
How to contact us?
Explain how data subject can get in touch if they have questions or concerns about your privacy practices, their personal information, or if they wish to file a complaint. Describe all ways in which they can contact you – eg online, by email or postal mail.
If applicable, you may also include information on:
Linking to other websites / third party content If you link to external sites and resources from your website, be specific on whether this constitutes endorsement, and if you take any responsibility for the content (or information contained within) any linked website.