Last updated: February 22, 2019
How we protect your privacy on gridworkz.com and when you use our services
Gridworkz offers many services to help you run your business, including a platform to host your own Odoo database. As part of running those services we collect data about you and your business. This data is not only essential to run our services, but also critical for the safety of our services and all our users.
This policy explains what information is collected, why it is collected, and how we use it.
Information We Collect
Most of the personal data we collect is directly provided by our users when they register and use our services. Other data is collected by recording interactions with our services.
Account & Contact Data: When you register on our website to use or subscribe to one of our services (Gridworkz Odoo Cloud, Free Trial, Maintenance, etc.), or fill in one of our contact forms, you voluntarily give us certain information. This typically includes your name, company name, email address, website URL, and sometimes your phone number, postal address (when an invoice or delivery is required), business sector , as well as a personal password.
We never record or store credit card information from our customers, and always rely on trusted third-party PCI-DSS-compliant payment processors for credit card processing, including for recurring payment processing.
Browser Data: When you visit our website and access our online services, we detect and store your browser language and geolocation, in order to customize your experience according to your country and preferred language. Our servers also passively record a summary of the information sent by your browser, for statistical, security and legal purposes: your IP address, the time and date of your visit, your browser version and platform, and the web page that referred you to our website.
Customer Database: When you subscribe to a Gridworkz Odoo Cloud service and create your own Odoo database (for example by starting a Free Trial), any information or content you submit or upload into your database is your own, and you control it fully.
How We Use This Information
Account & Contact Data: We use your contact information in order to provide our services, to answer your requests, and for billing and account management reasons. We may also use this information for marketing and communication purposes (our marketing messages always come with a way for you to opt-out at any time).
If you have registered to participate in an event published on our website, we may transfer your name, email address, phone number and company name to our local organizer and to the sponsors of the event, for both direct marketing purposes and in order to facilitate the preparations and booking for the event.
Browser Data: This automatically recorded data is anonymously analyzed in order to maintain and improve our services. We will only correlate this data with your personal data when required by law or for security purposes, if you have violated our Acceptable Use Policy.
Customer Database: We only collect and process this data on your behalf, in order to perform the services you have subscribed to, and based on the instructions you explicitly gave when you registered or configured your service and your Odoo database.
Our Helpdesk staff and engineers may access this information in a limited and reasonable manner in order to solve any issue with our services, or at your explicit request for support reasons, or as required by law, or to ensure the security of our services in case of violation of our Acceptable Use Policy, in order to keep our services secure.
Accessing, Updating or Deleting Your Personal Information
Account & Contact Data: You have the right to access and update personal data you have previously provided to us. You can do so at any time by connecting to your personal account on Portal.saas.gridworkz.com. If you wish to permanently delete your account or personal information for a legitimate purpose, please contact our Helpdesk to request so. We will take all reasonable steps to permanently delete your personal information, except when we are required to keep it for legal reasons (typically, for administration, billing and tax reporting reasons).
Customer Database: You can manage any data collected in your databases hosted on Saas.gridworkz.com at any time, using your administration credentials, including modifying or deleting any personal data stored therein.
At any time you can export a complete backup of your database via our control panel, in order to transfer it, or to manage your own backups/archive. You are responsible for processing this data in compliance with all privacy regulations.
You may also request the deletion of your entire database via your control panel, at any time.
When you use the Gridworkz Odoo Database Upgrade service, your data is automatically deleted after your upgrade was successfully completed, and may also be deleted upon request from you.
Safety Retention Period: we retain a copy of your data in our backups for safety reasons, even after they are destroyed from our live systems. See Data Retention for more details.
We realize how important and sensitive your personal data is, and we take a great number of measures to ensure that this information is securely processed, stored and preserved from data loss and unauthorized access. Our technical, administrative and organizational security measures are described in details in our Security Policy.
Third Party Service Providers
In order to support our operations we rely on several Service Providers. They help us with various services such as payment processing, web audience analysis, cloud hosting, marketing and communication, etc.
Whenever we share data with these Service Providers, we make sure that they use it in compliance with Data Protection legislation, and that the processing they carry out for us is limited to our specific purpose and covered by a specific data processing contract.
Here is a list of the Service Providers we are currently using, why we use them, and what kind of data we share with them:
Purpose: Payment processing on Saas.gridworkz.com
Shared with Stripe: Order details (amount, description, reference), Customer name and email
Only stored by Stripe: credit card info
Google LLC - Privacy & Security
Purpose: Infrastructure and hosting, DDOS Protection, Load balancing and CDN
Hosted by Google: Production data from Saas.gridworkz.com, including Customer Databases.
Amazon Web Services, Inc. - Privacy & Security
Purpose: Infrastructure and hosting
Hosted by AWS: The Database Upgrade services, including Customer Databases currently being upgraded.
Google Analytics - Privacy & Security
Purpose: Anonymous website audience analysis
Shared with Google Analytics: Non-personal browser data, anonymized IP, geolocation info, language (no identifiable information)
Thinkific - Privacy & Security
Purpose: Hosting of online training
Shared with Thinkific: name, email, company, and training progress for participants
Account & Contact Data: we will only retain such data as long as necessary for the purpose for which it was collected, as laid out in this policy, including any legal retention period, or as long as necessary to carry out a legitimate and reasonable promotion of our products and services.
Browser Data: we will only retain this data for a short period of time, generally 2 months, unless we need to keep it in relation with a legitimate concern related to the security or performance of our services, or as required by law.
Customer Database: we will only retain this data as long as necessary for providing the services you subscribed to. For databases hosted on the Gridworkz Odoo Cloud, if you cancel the service your database is kept deactivated for 3 weeks (the grace period during which you can change your mind), and then destroyed. For databases uploaded to the Gridworkz Odoo Database Upgrade website, your database is kept for up to 4 months after the last successful upgrade, and may be deleted earlier upon request.
Safety Retention Period: As part of our Security Policy, we always try to preserve your data from accidental or malicious deletion. As a result, after we delete any of your personal information (Account & Contact Data) from our database upon request from you, or after you delete any personal information from your database (Customer Database), or if you delete your entire database, it is not immediately deleted from our backup systems, which are secured and inalterable. The personal data could remain stored for up to 12 months in those backups, until they are automatically destroyed.
We commit not to use those backup copies of your deleted data for any purpose except for maintaining the integrity of our backups, unless you or the law require us to do so.
Transfer of Data
Hosting Locations: Customer databases are hosted in the Google data center closest to where they are based. Customers can request that their data be moved to one of the other data centers.
Backup Locations: backups are replicated on multiple continents in order to meet our Disaster Recovery objectives, and are located in the following countries, regardless of the hosting location: *Canada and *London.
For more details regarding our hosting services, see our Cloud Hosting SLA.
- For Customers concerned about EU data protection regulation, countries with a * sign in the above lists are in EU or currently subject to an adequacy decision from EU authorities.
We use EU Standard Contractual Clauses to bind our remote staff in a way that offers sufficient safeguards on data protection for the limited and temporary data transfers that occur for such access.
Third Party Disclosure
Except as explicitly mentioned above, we do not sell, trade, or otherwise transfer your personal data to third parties. We may share or disclose aggregated or de-identified information, for research purposes, or to discuss trends or statistics with third-parties.
Cookies are small bits of information sent by our servers to your computer or device when you access our services, and unique to you. They are stored in your browser and later sent back to our servers so that we can provide contextual content. We use them to support your activities on our website, for example your session (so you don't have to login again) or your shopping cart.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies, or look at the links below.
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Explorer: https://support.microsoft.com/en-us/products/windows?os=windows-10
- Safari: https://support.apple.com/kb/PH21411
- Firefox: https://support.mozilla.org/products/firefox/cookies
- Opera: http://www.opera.com/help/tutorials/security/cookies/
We do not currently support Do Not Track signals, as there is no industry standard for compliance.
Gridworkz - Data Protection
1931 Norris Ave., Fort Erie Ontario, Canada L2A 5M4