The EU General Data Protection Regulation (“GDPR”) is designed to protect and strengthen the privacy rights of individuals within the European Union and provides a harmonized framework for lawful collection, processing, storage, and usage of Personal Data.
Groniva Corporation Private Limited (“Groniva”, “we”, “our”, or “us”) is committed to upholding the standards prescribed under GDPR and ensuring that Personal Data of EU data subjects is collected and processed in a transparent, secure, and lawful manner. Our systems, policies, safeguards and operating procedures are continually reviewed to align with evolving regulatory expectations and industry best practices.
1. Scope & Applicability
This GDPR Policy applies to:
- Visitors from the EU/EEA who access our website/platform
- Customers, subscribers, and enterprise users from the EU/EEA
- Any EU-based data subjects whose Personal Data is processed as part of our HRMS, CLMS or SaaS product usage
We follow a
uniform global privacy framework, meaning your privacy rights are respected irrespective of geography.
2. Lawful Basis for Processing
We process Personal Data when:
- You have given consent, or
- It is necessary for performance of a contract, or
- We have a legitimate interest in operating/improving our platform or services, or
- We must comply with applicable legal obligations, or
- You are associated with a company / organisation being onboarded or evaluated by our platform
(e.g., a key managerial person, authorized signatory or public representative of such company).
Where information is obtained from
publicly available sources, it is processed strictly in accordance with GDPR and only to the extent relevant to business or compliance purposes.
3. Types of Personal Data We May Process
Depending on interaction and context, we may process:
- Name, designation and organizational role
- Professional contact information (email/phone if publicly available or lawfully provided)
- Company/institutional affiliation
- ID or business-verification related data (KYC/AML, where applicable for HRMS/CLMS compliance)
- Platform usage and activity logs (for security and compliance purposes only)
We do not sell Personal Data or use it for advertising/marketing monetization.
4. Your GDPR Rights
As an EU data subject, you have the following rights under GDPR:
| Right |
What It Means |
| Right of Access |
Request a copy of Personal Data we hold about you |
| Right to Rectification |
Ask us to update, correct, or complete inaccurate data |
| Right to Erasure (“Right to be Forgotten”) |
Request deletion of your Personal Data |
| Right to Restrict Processing |
Limit how your Personal Data is used |
| Right to Data Portability |
Receive a machine-readable copy of your data |
| Right to Object |
Object to processing based on legitimate interest |
| Notification of Breach |
You will be notified within 72 hours if a breach potentially impacts your data |
We will assess each request in good faith and action it unless doing so conflicts with legal or regulatory obligations.
5. Data Retention
We retain Personal Data only for as long as:
- It is relevant to the purpose for which it was collected, or
- The user/company relationship remains active, or
- Legal/contractual retention requirements apply
Once no longer necessary, data is securely deleted or anonymized.
6. Cross-Border Transfers
Where Personal Data is transferred outside the EU/EEA, we implement appropriate safeguards such as:
- Standard Contractual Clauses (SCCs)
- Industry-standard encryption
- Access controls and data minimization
7. Security & Breach Notification
We implement administrative, technical, and organizational measures to protect Personal Data. If a data breach that may pose risk to your rights occurs, we will notify you and the competent supervisory authority within 72 hours, in compliance with GDPR Article 33.
8. Contact & Data Requests
If you have any queries or would like to exercise your GDPR rights, please contact us at:
📧 gdpr@groniva.com
(placeholder — please confirm final email address)
We do not respond to GDPR requests submitted on behalf of another person unless legally authorised.
9. Updates to This Policy
We may periodically update this GDPR Policy to reflect legal developments or product changes. The latest version will always be available on our website.
View More Industry
