Granicus Trust Center
At Granicus, we take privacy and data protection seriously. We are committed to complying with all applicable laws and regulations regarding the collection, use, and protection of personal data.
At Granicus, we take privacy and data protection seriously. We are committed to complying with all applicable laws and regulations regarding the collection, use, and protection of personal data.
Granicus complies with all applicable data protection laws, including:
When Granicus transfers personal data outside the European Economic Area, we utilize legitimising mechanisms like Standard Contractual Clauses to lawfully conduct those transfers under the GDPR. We have intra-group agreements and processor contracts in place for transfers among Granicus entities and external vendors.
As described in our Data Privacy Framework certification, we comply with the EU–US Data Privacy Frameworks (DPF) and the UK Extension to the EU–US DPF as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from the EEA and the UK, respectively. Granicus has certified that it adheres to the DPF Principles. To learn more about the DPF, and to view Granicus’s certification, please visit the DPF website.
We conduct due diligence when engaging subprocessors and service providers that may process personal data on our behalf. We have contractual clauses in place to maintain GDPR compliant transfers and processing activities with vendors.
Granicus maintains data retention schedules and record keeping practices in compliance with the GDPR, CCPA, and other regulations. We keep records of data processing activities including: categories of data collected, purpose of processing, third-party disclosures, appropriate security measures, data retention schedules, and more.
We employ a privacy by design approach by implementing appropriate technical and organisational measures at the time we develop products or services that involve processing personal data. This helps uphold privacy and compliance requirements from the start of any project.
When new types of processing pose a high risk to individuals’ privacy rights, Granicus conducts Data Protection Impact Assessments to identify, assess, and mitigate those privacy risks.
We implement technical and organisational security measures to protect personal data and keep it secure. Granicus regularly evaluates and tests the effectiveness of these safeguards to ensure a level of security appropriate for the risk posed to data subjects.
Granicus engages in regular self-audits and compliance monitoring to maintain our privacy and data protection practices. We take steps to continually identify and address any gaps or areas of improvement in our compliance programs.