Privacy policy

This Privacy Policy applies to Grandaliro operating under Grandaliro s.r.o, Mlynské Nivy 16, Bratislava – mestská časť Ružinov 821 09, IČO: 46 335 064 (“Grandaliro” or “we”, “us” or “our”). We create, provide and execute marketing services including awareness campaigns, OTC campaigns and other communications aimed at health care professionals and the general public, for third parties (the “Survey Services”).

We process your data with due care, in accordance with all applicable laws and regulations, including the regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (the “GDPR”).

The Privacy Policy (the “Privacy Policy”) only covers data processing carried out by us. The Privacy Policy does not address, and we are not responsible for, the privacy practices of any other parties.

We do not knowingly collect or ask for information from people under the age of 18. If you are such a person, please do not use our service or send us your information. We delete information that we learn is collected from a person under the age of 18 without verified parental consent.

These Terms were last updated on 31/11/2021.

If you do not agree to these Terms or our Privacy Policy, please do not participate in our Survey Services.

1. What personal data is processed?

We may collect the following types of information about you:

  • 1.1. Personal Data. We may collect and process your name, contact information and payment information if you provide it, and any other data that identifies you, provided by you voluntarily when you use our Survey Services .

2. What are the purposes and legal basis for processing your personal data?

  • 2.1. We process your personal data in order to:
    • 2.1.1. carry out the agreement existing between us based on your decision to complete the Survey Services. This includes contacting you to provide further answers to the survey and providing answers to the third party indicated in the provision of the Survey Services. Legal basis for such processing: the performance of a contract in accordance with Article 6 (1) (b) of GDPR.
    • 2.1.2. market our Survey Services. We may market current or future Survey Services to you if you opt in to receive similar surveys from us. Legal basis for such processing: your consent in accordance with Article 6 (1) (a) of GDPR (granted during submitting your email address to our newsletter bar) or legitimate interest in accordance with Article 6(1) (f) of GDPR (if you have an existing relationship with Us). You can stop direct marketing communications from us by unsubscribing in any email you receive from us.
    • 2.1.3. request further information. We may contact you for further information following your participation in a survey if you opt in to receive similar surveys from us. Legal basis for such processing: your consent in accordance with Article 6 (1) (a) of GDPR (granted during submitting your email address to our newsletter bar) or legitimate interest in accordance with Article 6(1) (f) of GDPR (if you have an existing relationship with Us) . You can stop direct marketing communications from us by unsubscribing in any email you receive from us.

3. Who are recipients of your personal data?

  • 3.1. Your Personal Data and answers in the survey may be shared for research purposes with the third party indicated in the provision of the Survey Services.
  • 3.2. Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.

4. Do we transfer your data to countries outside the EU/EEA?

  • 4.1. The Controller may transfer your personal data to countries outside the European Union and the European Economic Area where we engage with external service providers. In such a case, we transfer your personal data only to a country that is considered to have an adequate level of protection in accordance with the EU Commission’s decision or there are appropriate safeguards in place to protect your personal data, such as standard contract clauses or binding internal company rules. Regardless of the country in which your personal data is processed, the Controller takes reasonable technical, legal and organisational measures to ensure that the level of protection is the same as in the European Union and the European Economic Area.
  • 4.2. If we are involved in a merger, acquisition or other reorganisation, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.

5. What is the storage period?

  • 5.1. The Controller stores your personal data only if it is legally permitted and necessary for the purposes for which the data were collected.

6. What are your rights?

  • 6.1. Right of access – The Controller offers you access to your personal data we process. This means you can contact us and request from us a confirmation whether or not your personal data are being processed and if so, you have the right to request access to your data, which we will provide to you in the form of a so-called “registry” (stating, in particular, purposes, categories of personal data, categories of recipients of personal data, storage periods or criteria for determining storage periods).
  • 6.2. Right to rectification – You have the right to have inaccurate personal data we have stored about you rectified.
  • 6.3. Right to erasure – You may also ask us to erase your personal data from our systems. We will comply with such requests unless we have a legitimate ground to not delete your personal data.
  • 6.4. Right to restriction of processing – You may request us to restrict certain processing of your personal data. If you restrict certain processing of your personal data, this may lead to fewer possibilities to use our Survey Services and website.
  • 6.5. Right to data portability – You have the right to receive your personal data from us in a structured, commonly used and machine-readable format in order to transmit the personal data to another controller.
  • 6.6. How to use your rights – You may exercise your rights above, free of charge, in writing by sending a letter or email at info@grandaliro.com. We may require confirmation of your identity depending on your request.

7. May you complain?

  • 7.1. In case you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection.

8. How is your personal data secured?

  • 8.1. We take all reasonable, appropriate security measures to protect the Controller and our customers from unauthorised access to or unauthorised alteration, disclosure or destruction of personal data we hold. Measures include, where appropriate, encryption, firewalls, secure facilities and access rights systems. Should, despite the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you about the breach as soon as reasonably possible. If you have any questions, feel free to contact us at info@grandaliro.com.