Graylark Privacy Policy

At Graylark, we are committed to protecting the privacy and security of your personal data. This Privacy Policy outlines how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.

Definitions

  • Data Controller: The client (organisation) that determines the purposes and means of processing personal data.

  • Data Processor: Graylark, which processes personal data on behalf of the Data Controller.

  • Personal Data: Any information relating to an identified or identifiable individual.

Data We Collect

The following types of personal data may be collected and processed when using Graylark:

  • Account Information: Names, email addresses, and other information provided during account creation.

  • Activity Data: Log-in timestamps, activity logs, and module usage information.

  • Support Information: Data provided when contacting support (e.g emails, chat logs).

Purpose of Data Processing

Graylark processes personal data only as instructed by the Data Controller (the client) for the following purposes:

  • Providing access to the platform and its modules.

  • Supporting ER processes, such as works council management and reporting.

  • Monitoring platform performance and troubleshooting issues.

  • Improving platform features and functionality.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and analyse certain information about your use of our Services. Cookies are small text files that are stored on your device by your web browser. They enable us to remember information about you, such as your preferred language, login information, and other settings. We may also use tracking technologies, such as pixels and web beacons, to collect information about your interactions with our website and emails, including the links you click on and pages you visit.

Legal Basis for Processing

Graylark processes personal data in accordance with GDPR Article 6. The legal bases include:

  • Performance of a Contract: To fulfil the contract between Graylark and the client.

  • Legitimate Interest: For purposes such as improving the platform or preventing unauthorised access.

Data Security

Graylark implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or destruction. These measures include:

  • Encrypted data transmission (e.g HTTPS).

  • Access controls and regular security audits.

  • Data backup and disaster recovery plans.

Data Retention

Personal data is retained only as long as necessary to fulfil the purposes outlined above or as required by law. Upon termination of the client agreement, Graylark will securely delete or return all personal data as instructed by the Data Controller.

Data Subject Rights

As the Data Controller, the client is responsible for addressing data subject rights requests. However, Graylark will assist the client as required under GDPR Article 28. Data subjects have the right to:

  • Access their personal data.

  • Request correction of inaccurate data.

  • Request deletion of their data (right to be forgotten).

  • Restrict or object to processing.

  • Data portability.

  • File a complaint with a data protection authority.

Sharing Data

Graylark does not sell personal data. Personal data may be shared with third parties only in the following cases:

  • Sub-processors: Authorized third-party providers that support the platform (e.g cloud hosting services).

  • Legal Obligations: When required by law or to comply with legal proceedings.

A list of sub-processors is available upon request.

Uptime and Maintenance

Graylark guarantees 99.9% uptime, excluding scheduled maintenance periods:

  • Weekly maintenance: Sunday, 15:00–17:00 CET.

  • Monthly extended maintenance: Sunday, 15:00–19:00 CET.

International Data Transfers

If personal data is transferred outside of the European Economic Area (EEA), Graylark ensures appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or similar mechanisms.

Updates to this Privacy Policy

Graylark reserves the right to update this Privacy Policy to reflect changes in laws, regulations, or our practices. Clients will be notified of significant updates.

Contact Information

For questions or concerns about this Privacy Policy, please contact:

Email: privacy@graylarktechnologies.com